+## Week of February 26, 2024

+| 2/29/2024 | [Get started with Microsoft Copilot for Microsoft 365](/microsoft-365-copilot/microsoft-365-copilot-setup) | modified |

+## Week of February 12, 2024

+| 2/13/2024 | [Microsoft Copilot for Microsoft 365 documentation # < 60 chars](/microsoft-365-copilot/index) | modified |

+## Week of January 29, 2024

+| 2/2/2024 | [Microsoft Copilot for Microsoft 365 requirements](/microsoft-365-copilot/microsoft-365-copilot-requirements) | modified |

+As your organizationΓÇÖs Microsoft 365 admin, you can turn off CopilotΓÇÖs ability to access and include web content when it responds to your usersΓÇÖ prompts. For more information on how this control impacts data, privacy, and security within Microsoft Copilot for Microsoft 365, see [Data, Privacy, and Security for Microsoft Copilot for Microsoft 365](microsoft-365-copilot-privacy.md#microsoft-copilot-for-microsoft-365-and-the-web-content-plugin).

+- [Can Microsoft Copilot for Microsoft 365 use web content in its responses?](#microsoft-copilot-for-microsoft-365-and-the-web-content-plugin)

+> - When youΓÇÖre using the web content plugin to enhance chat answers, Copilot for Microsoft 365 will generate a search query that is sent to Bing for the latest information from the web. For more information, [Microsoft Copilot for Microsoft 365 and the web content plugin](#microsoft-copilot-for-microsoft-365-and-the-web-content-plugin).

+Copilot for Microsoft 365 is upholding data residency commitments as outlined in the Microsoft Product Terms and Data Protection Addendum. Copilot for Microsoft 365 was added as a covered workload in the data residency commitments in Microsoft Product Terms on March 1, 2024.

+Microsoft [Advanced Data Residency (ADR)](/microsoft-365/enterprise/advanced-data-residency) and [Multi-Geo Capabilities](/microsoft-365/enterprise/microsoft-365-multi-geo) offerings include data residency commitments for Copilot for Microsoft 365 customers as of March 1, 2024. For EU customers, Copilot for Microsoft 365 is an EU Data Boundary service. Customers outside the EU may have their queries processed in the US, EU, or other regions.

+## Microsoft Copilot for Microsoft 365 and the web content plugin

+Copilot for Microsoft 365 has the option to enhance chat answers with the latest information from the web. When the web content plugin is enabled, Copilot may fetch information from the Bing search index when Copilot determines that information from the web will help provide a better, more grounded response.

+Admin controls and user-level toggle are available to [manage whether the web content plugin is enabled](#controls-available-to-manage-the-use-of-web-content) in your environment.

+### How the web content plugin works

+When the web content plugin is enabled in chat, Copilot for Microsoft 365 parses the userΓÇÖs prompt and identifies terms where web grounding could improve the quality of the response. Based on these terms, Copilot generates a search query that is sent to the [Bing Search API](/bing/search-apis/bing-web-search/overview) asking for more information. This search query is different from the userΓÇÖs promptΓÇöit usually consists of a few words informed by the userΓÇÖs prompt and/or Microsoft 365 data. It doesn't automatically include the entirety of Microsoft 365 documents associated with the prompt.

+The following table provides an example of a user's prompt, the search queries sent, and Copilot's response.

+|Entity |Text |

+|||

+|Prompt (as written by the user) |We're considering a possible acquisition of Fabrikam. Help me put together a 200-word summary report of publicly available financial information on the company, including their business strategy. |

+|Search queries (generated by Copilot and sent to the Bing search API) |Fabrikam strategy <br/> Fabrikam financials |

+|Response (generated by Copilot) | Fabrikam is a CPG startup that offers healthier food alternatives but with the same familiar taste as traditional brands. The company gathered $4.5 million in seed funding in 2019 and raised $31.5 million in a series B funding round in 2022. As of January 2023, Fabrikam raised a total of $83.4 million in funding and is on target to more than double its sales this year. <br/><br/> As the pandemic hit, Fabrikam faced the challenge of pivoting from brick-and-mortar stores to online sales, and thatΓÇÖs where their influencer marketing strategy came into play. Instead of relying on in-store events and promotions, Fabrikam turned to social media and influencer partnerships to build brand awareness and reach a wider audience. The company also approached innovation from a genuine angle, balancing traditional consumption drivers with better-for-you offerings and having a holistic, robust distribution strategy.<br/><br/>In summary, Fabrikam has raised over $55 million in funding and has a strong influencer marketing strategy that has helped them pivot to online sales during the pandemic. |

+In this example, only the two search queries are sent to the Bing Search API. After the user enters their prompt, the chat experience will display any queries being generated and sent to Bing. The user's prompts and Copilot's responses are stored within Microsoft 365. Search queries sent to the Bing Search API by Copilot for Microsoft 365 are disassociated from the user ID and tenant ID.

+The Bing Search API is provided by Bing.com, which operates separately from Microsoft 365 and has different data-handling practices. The use of Bing is covered by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) between each user and Microsoft, together with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). The [Microsoft Products and Services Data Protection Addendum (DPA)](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) doesnΓÇÖt apply to the use of web content plugin or the Bing Search API.

+Admins can block access to web content in Copilot for Microsoft 365. For more information, see [Manage access to web content in Microsoft Copilot for Microsoft 365 responses](/microsoft-365-copilot/manage-public-web-access). Even when allowed by the admin, users still have the option whether or not they want to use the web plugin. For more information, see [Use additional data sources with Microsoft 365 Copilot](https://support.microsoft.com/topic/b41e679a-ee19-4a8d-ab5c-ebd00ff46d71).

+## Week of February 26, 2024

+| 3/1/2024 | [Microsoft Security Copilot and Microsoft Defender Threat Intelligence](/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence) | modified |

+**In this article**:

+Emails sent out to users as they interact with each other and across various products within Microsoft 365 are designed to provide insights and information about their organization. These emails are typically sent out between users based on those interactions, which means that they're often sent from the userΓÇÖs email address. Those emails remain unchanged and continue to work as they do today.

+There are several scenarios where emails are sent from a ΓÇ£no-replyΓÇ¥ system-based product account. For example, batched comments, news, digests, and system notification emails are currently sent from a no-reply product address. These include addresses such _no-reply@sharepointonline.com_, _no-reply@planner.com_, _no-reply@project.com_.

+The default option is that users receive no-reply emails sent by Microsoft on behalf of your organization. Your users receive these emails as [EXTERNAL] notifications. You can now use a custom domain as the sender of these notifications. Using this feature means that emails are sent from your own Exchange Online instance and they become internal communication. For example, **no-reply@sharepointonline.com [External]** could become **no-reply@contoso.com**, if **Contoso.com** is the selected domain.

+> Only domains registered within your tenant can be used and ownership must be verified through the existing add domains process within Microsoft 365. Please use the following steps and note the Domain Name System (DNS) records required when configuring a domain for sending email.

+<a name="configsetting"></a>

+## Configure the "Send email notifications from your domain" setting

+The setting is available via the Microsoft 365 Admin Center **Settings** menu item. Select **Settings**, select **Org settings**, and then select the **Organization profile** tab as illustrated.

+> - This setting is an opt-in setting that allows the Microsoft 365 system administrators to select a verified domain within the tenant. This means that the domain has been validated for ownership.

+> - The recommendation is to use a domain that has the appropriate DNS records to facilitate email validation, like SPF, DKIM, DMARC, and MX as this then complies with the [RFC compliance](https://www.ietf.org/rfc/rfc2142.txt) for sending and receiving email. For more information, see [Learn more about Exchange Online Email Routing](/exchange/mail-flow-best-practices/mail-flow-best-practices).

+> - Please ensure you comply with all privacy, compliance, and security requirements and policies within your organization.

+8. Select **Save**. Changes will take a few minutes to complete.

+> If you make a mistake or would like to roll-back the change, deselect the **Use a custom send-from domain address** checkbox and then select **Save**. The setting will revert to the original configuration.

+<a name="supportedproducts"></a>

+## Supported products

+- Teams

+<a name="excludedscenarios"></a>

+## Excluded Scenarios

+One Time Passcodes (OTP) generated from sharing within OneDrive and SharePoint Online will continue to use _no-reply@notify.microsoft.com_. These are secure emails generated by Microsoft and utilize this trusted sender address to ensure delivery of these emails.

+

+- .cloud

+- essentials-get-started

+You use the [**Update-MgPolicyAuthorizationPolicy**](/powershell/module/microsoft.graph.identity.signins/update-mgpolicyauthorizationpolicy?view=graph-powershell-1.0&preserve-view=true) cmdlet with the **AllowedToSignUpEmailBasedSubscriptions** parameter to control whether users can sign up for self-service sign-up subscriptions. For more information, see [How do I control self-service settings?](/azure/active-directory/users-groups-roles/directory-self-service-signup#how-do-i-control-self-service-settings)

+ - azure-ad-ref-level-one-done

+## Configure Microsoft 365 user account properties with Microsoft Graph PowerShell

+>[!NOTE]

+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).

+First, use a **Microsoft Entra DC admin**, **Cloud Application Admin**, or **Global admin** account to [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md). The cmdlets in this article require the permission scope **User.ReadWrite.All** or one of the other permissions listed in the ['List subscribedSkus' Graph API reference page](/graph/api/subscribedsku-list). Some commands in this article may require different permission scopes, in which case this will be noted in the relevant section.

+```powershell

+Connect-MgGraph -Scopes "User.ReadWrite.All"

+```

+Get-MgUser -All | Sort-Object UserPrincipalName | Select-Object UserPrincipalName | More

+1. Get all the information on the user accounts (**Get-MgUser**) and send it to the next command (**|**).

+Write-Host (Get-MgUser -All | where {$_.DisplayName -eq $userName}).UserPrincipalName

+Write-Host (Get-MgUser -All | where {$_.DisplayName -eq $userName}).UserPrincipalName

+$upn=(Get-MgUser | where {$_.DisplayName -eq $userName}).UserPrincipalName

+Update-MgUser -UserId $upn -UsageLocation "FR"

+To change properties for all users, you can use a combination of the **Get-MgUser** and **Update-MgUser** cmdlets. The following example changes the usage location for all users to *France*:

+Get-MgUser | ForEach-Object { Update-MgUser -UserId $_.Id -UsageLocation "FR" }

+1. Get all of the information on the user accounts (**Get-MgUser**) and send it to the next command (**|**).

+1. Set the user location to France (**Update-MgUser -UsageLocation FR**).

+To change properties for a specific set of user accounts, you can use a combination of the **Get-MgUser**, **Where**, and **Update-MgUser** cmdlets. The following example changes the usage location for all the users in the Accounting department to *France*:

+Get-MgUser -All | Where-Object {$_.Department -eq "Accounting"} | ForEach-Object {Update-MgUser -UserId $_.Id -UsageLocation "FR"}

+1. Get all the information on the user accounts (**Get-MgUser**), and send it to the next command (**|**).

+1. Set the user location to France (**Update-MgUser -UsageLocation FR**).

+ - azure-ad-ref-level-one-done

+You can use Microsoft Graph PowerShell to efficiently create user accounts, including multiple accounts.

+## Create Microsoft 365 user accounts with Microsoft Graph PowerShell

+>[!NOTE]

+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).

+First, use a **Microsoft Entra DC admin**, **Cloud Application Admin**, or **Global admin** account to [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md). The cmdlets in this article require the permission scope **User.ReadWrite.All** or one of the other permissions listed in the ['List subscribedSkus' Graph API reference page](/graph/api/subscribedsku-list). Some commands in this article may require different permission scopes, in which case this will be noted in the relevant section.

+Connect-MgGraph -Scopes "User.ReadWrite.All"

+$PasswordProfile = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphPasswordProfile

+$PasswordProfile.Password = "<user account password>"

+New-MgUser -DisplayName "<display name>" -GivenName "<first name>" -Surname "<last name>" -UserPrincipalName <sign-in name> -UsageLocation <ISO 3166-1 alpha-2 country code> -MailNickname <mailbox name> -PasswordProfile $PasswordProfile -AccountEnabled $true

+This example creates an account for the US user *John Doe*.

+$PasswordProfile = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphPasswordProfile

+$PasswordProfile.Password = "3Rv0y1q39/chsy"

+New-MgUser -DisplayName "John Doe" -GivenName "John" -Surname "Doe" -UserPrincipalName johnd@contoso.onmicrosoft.com -UsageLocation "US" -MailNickname "johnd" -PasswordProfile $PasswordProfile -AccountEnabled $true

+ UserPrincipalName,FirstName,LastName,DisplayName,UsageLocation,MailNickname

+ ClaudeL@contoso.onmicrosoft.com,Claude,Loiselle,Claude Loiselle,US,claudel

+ LynneB@contoso.onmicrosoft.com,Lynne,Baxter,Lynne Baxter,US,lynneb

+ ShawnM@contoso.onmicrosoft.com,Shawn,Melendez,Shawn Melendez,US,shawnm

+2. This example creates user accounts from the file *C:\temp\NewAccounts.csv* and logs the results in a file named *C:\temp\NewAccountResults.csv*.

+ # Import the CSV file

+ $users = Import-Csv -Path "C:\temp\NewAccounts.csv"

+ # Create a password profile

+ $PasswordProfile = @{

+ Password = 'Password123'

+ }

+ # Loop through each user in the CSV file

+ foreach ($user in $users) {

+ # Create a new user

+ $newUser = New-MgUser -DisplayName $user.DisplayName -GivenName $user.FirstName -Surname $user.LastName -UserPrincipalName $user.UserPrincipalName -UsageLocation $user.UsageLocation -MailNickname $user.MailNickname -PasswordProfile $passwordProfile -AccountEnabled

+ # Assign a license to the new user

+ $e5Sku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'SPE_E5'

+ Set-MgUserLicense -UserId $newUser.Id -AddLicenses @{SkuId = $e5Sku.SkuId} -RemoveLicenses @()

+ }

+ # Export the results to a CSV file

+ $users | Export-Csv -Path "C:\temp\NewAccountResults.csv" -NoTypeInformation

+3. Review the output file to see the results.

+## Week of February 26, 2024

+| Published On |Topic title | Change |

+|||--|

+| 2/26/2024 | [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout?view=o365-worldwide) | modified |

+| 2/26/2024 | [Understand app protection access requirements using Microsoft Intune](/microsoft-365/solutions/apps-protect-access-requirements?view=o365-worldwide) | added |

+| 2/26/2024 | [Understand app protection conditional launch using Microsoft Intune](/microsoft-365/solutions/apps-protect-conditional-launch?view=o365-worldwide) | added |

+| 2/26/2024 | [Understand app data protection using Microsoft Intune](/microsoft-365/solutions/apps-protect-data-protection?view=o365-worldwide) | added |

+| 2/26/2024 | [Use the app protection framework with Microsoft Intune](/microsoft-365/solutions/apps-protect-framework?view=o365-worldwide) | added |

+| 2/26/2024 | [Understand app protection health checks using Microsoft Intune](/microsoft-365/solutions/apps-protect-health-checks?view=o365-worldwide) | added |

+| 2/26/2024 | [Secure and protect apps using Microsoft Intune](/microsoft-365/solutions/apps-protect-overview?view=o365-worldwide) | added |

+| 2/26/2024 | [Step 1. Apply minimum data protection](/microsoft-365/solutions/apps-protect-step-1?view=o365-worldwide) | added |

+| 2/26/2024 | [Step 2. Apply enhanced data protection](/microsoft-365/solutions/apps-protect-step-2?view=o365-worldwide) | added |

+| 2/26/2024 | [Step 3. Apply high data protection](/microsoft-365/solutions/apps-protect-step-3?view=o365-worldwide) | added |

+| 2/26/2024 | [Step 4. Understand app protection delivery](/microsoft-365/solutions/apps-protect-step-4?view=o365-worldwide) | added |

+| 2/26/2024 | [Step 5. Verify and monitor app protection](/microsoft-365/solutions/apps-protect-step-5?view=o365-worldwide) | added |

+| 2/26/2024 | [Step 6. Use app protection actions](/microsoft-365/solutions/apps-protect-step-6?view=o365-worldwide) | added |

+| 2/26/2024 | [Evaluate and pilot Microsoft Defender XDR security, an XDR solution that unifies threat data so you can take action.](/microsoft-365/security/defender/eval-overview?view=o365-worldwide) | modified |

+| 2/26/2024 | [Automatic user notifications for user reported phishing results in AIR](/microsoft-365/security/office-365-security/air-user-automatic-feedback-response?view=o365-worldwide) | modified |

+| 2/27/2024 | [Configuring external data integrations for Loop experiences](/microsoft-365/loop/loop-data-integrations-configuration?view=o365-worldwide) | added |

+| 2/27/2024 | [Early Launch Antimalware (ELAM) and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/elam-on-mdav?view=o365-worldwide) | added |

+| 2/27/2024 | [Manage Loop components in OneDrive and SharePoint](/microsoft-365/loop/loop-components-configuration?view=o365-worldwide) | modified |

+| 2/27/2024 | [Cloud protection and sample submission at Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission?view=o365-worldwide) | modified |

+| 2/27/2024 | [Manage Microsoft Defender Antivirus in your business](/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 2/27/2024 | [Configure Microsoft Defender Antivirus features](/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features?view=o365-worldwide) | modified |

+| 2/27/2024 | [Vulnerability support in Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/fixed-reported-inaccuracies?view=o365-worldwide) | modified |

+| 2/27/2024 | [Block vulnerable applications.](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) | modified |

+| 2/27/2024 | [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-about?view=o365-worldwide) | modified |

+| 2/27/2024 | [Migrate from a third-party protection service to Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365?view=o365-worldwide) | modified |

+| 2/27/2024 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) | modified |

+| 2/27/2024 | [Data collection for advanced troubleshooting on Windows](/microsoft-365/security/defender-endpoint/data-collection-analyzer?view=o365-worldwide) | modified |

+| 2/27/2024 | [Why you should use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 2/27/2024 | [Anti-malware Scan Interface (AMSI) integration with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/amsi-on-mdav?view=o365-worldwide) | added |

+| 2/27/2024 | [Run and customize scheduled and on-demand scans](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 2/27/2024 | [Antivirus solution compatibility with Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-compatibility?view=o365-worldwide) | modified |

+| 2/27/2024 | [Apply Microsoft Defender Antivirus updates after certain events](/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 2/27/2024 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified |

+| 2/27/2024 | [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) | modified |

+| 2/27/2024 | [Microsoft Defender for Cloud in the Microsoft Defender portal](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud?view=o365-worldwide) | modified |

+| 2/27/2024 | [Microsoft Defender for Endpoint in the Microsoft Defender portal](/microsoft-365/security/defender/microsoft-365-security-center-mde?view=o365-worldwide) | modified |

+| 2/27/2024 | [Microsoft Defender for Identity in the Microsoft Defender portal](/microsoft-365/security/defender/microsoft-365-security-center-mdi?view=o365-worldwide) | modified |

+| 2/27/2024 | [Microsoft Defender for Office 365 in the Microsoft Defender portal](/microsoft-365/security/defender/microsoft-365-security-center-mdo?view=o365-worldwide) | modified |

+| 2/27/2024 | [Redirecting from the Microsoft Defender Security Center to the Microsoft Defender portal](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide) | modified |

+| 2/27/2024 | [Compliance features in Microsoft 365 Archive (Preview)](/microsoft-365/syntex/archive/archive-compliance) | modified |

+| 2/28/2024 | [Coin miners](/microsoft-365/security/defender-endpoint/malware/coinminer-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Exploits and exploit kits](/microsoft-365/security/defender-endpoint/malware/exploits-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Fileless threats](/microsoft-365/security/defender-endpoint/malware/fileless-threats?view=o365-worldwide) | added |

+| 2/28/2024 | [Macro malware](/microsoft-365/security/defender-endpoint/malware/macro-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Phishing trends and techniques](/microsoft-365/security/defender-endpoint/malware/phishing-trends?view=o365-worldwide) | added |

+| 2/28/2024 | [How to protect against phishing attacks](/microsoft-365/security/defender-endpoint/malware/phishing?view=o365-worldwide) | added |

+| 2/28/2024 | [Prevent malware infection](/microsoft-365/security/defender-endpoint/malware/prevent-malware-infection?view=o365-worldwide) | added |

+| 2/28/2024 | [Rootkits](/microsoft-365/security/defender-endpoint/malware/rootkits-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Supply chain attacks](/microsoft-365/security/defender-endpoint/malware/supply-chain-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Tech Support Scams](/microsoft-365/security/defender-endpoint/malware/support-scams?view=o365-worldwide) | added |

+| 2/28/2024 | [Trojan malware](/microsoft-365/security/defender-endpoint/malware/trojans-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Understanding malware & other threats](/microsoft-365/security/defender-endpoint/malware/understanding-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Unwanted software](/microsoft-365/security/defender-endpoint/malware/unwanted-software?view=o365-worldwide) | added |

+| 2/28/2024 | [Worms](/microsoft-365/security/defender-endpoint/malware/worms-malware?view=o365-worldwide) | added |

+| 2/28/2024 | [Configure junk email settings on Exchange Online mailboxes](/microsoft-365/security/office-365-security/configure-junk-email-settings-on-exo-mailboxes?view=o365-worldwide) | modified |

+| 2/28/2024 | [Manage Shifts permissions for frontline managers](/microsoft-365/frontline/manage-shifts-permissions-frontline-managers?view=o365-worldwide) | added |

+| 2/28/2024 | [Behavior monitoring in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/behavior-monitor?view=o365-worldwide) | added |

+| 2/28/2024 | [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-worldwide) | modified |

+| 2/28/2024 | [Deploy frontline dynamic teams at scale](/microsoft-365/frontline/deploy-dynamic-teams-at-scale?view=o365-worldwide) | modified |

+| 2/28/2024 | [Overview of next-generation protection in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/next-generation-protection?view=o365-worldwide) | modified |

+| 2/28/2024 | [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 2/28/2024 | Configure Directory Services account in Microsoft Defender for Identity | removed |

+| 2/28/2024 | Microsoft Defender for Identity entity tags in Microsoft Defender XDR | removed |

+| 2/28/2024 | Microsoft Defender for Identity detection exclusions in Microsoft Defender XDR | removed |

+| 2/28/2024 | Microsoft Defender for Identity security alerts in Microsoft Defender XDR | removed |

+| 2/28/2024 | Microsoft Defender for Identity notifications in Microsoft Defender XDR | removed |

+| 2/28/2024 | Microsoft Defender for Identity sensor health and settings in Microsoft Defender XDR | removed |

+| 2/28/2024 | Microsoft Defender for Identity VPN integration in Microsoft Defender XDR | removed |

+| 2/28/2024 | [Advanced technologies at the core of Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/adv-tech-of-mdav?view=o365-worldwide) | added |

+| 2/28/2024 | [Run Microsoft Defender Antivirus in a sandbox environment](/microsoft-365/security/defender-endpoint/sandbox-mdav?view=o365-worldwide) | added |

+| 2/28/2024 | [Configure the Microsoft Defender Antivirus cloud block timeout period](/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 2/28/2024 | [Create and manage device tags](/microsoft-365/security/defender-endpoint/machine-tags?view=o365-worldwide) | modified |

+| 2/29/2024 | [Configure and manage Microsoft Defender Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-worldwide) | modified |

+| 2/29/2024 | [Preview limitations in Microsoft 365 Backup (Preview)](/microsoft-365/syntex/backup/backup-limitations) | modified |

+| 2/29/2024 | [Disable access to Microsoft 365 services with PowerShell](/microsoft-365/enterprise/disable-access-to-services-with-microsoft-365-powershell?view=o365-worldwide) | modified |

+| 2/29/2024 | [What's new in Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | modified |

+| 2/29/2024 | [Manage Loop app preview](/microsoft-365/loop/loop-preview-configuration?view=o365-worldwide) | added |

+| 2/29/2024 | [Deploy Shifts to your frontline teams at scale](/microsoft-365/frontline/deploy-shifts-at-scale?view=o365-worldwide) | modified |

+| 2/29/2024 | [Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc?view=o365-worldwide) | modified |

+| 2/29/2024 | [Manage Loop workspaces in SharePoint Embedded](/microsoft-365/loop/loop-workspaces-configuration?view=o365-worldwide) | modified |

+| 2/29/2024 | [Onboard Windows devices using a local script](/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide) | modified |

+| 2/29/2024 | [Set preferences for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide) | modified |

+| 2/29/2024 | [Microsoft Defender Antivirus in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency for Microsoft Copilot for Microsoft 365](/microsoft-365/enterprise/m365-dr-workload-copilot?view=o365-worldwide) | added |

+| 3/1/2024 | [Advanced data residency in Microsoft 365](/microsoft-365/enterprise/advanced-data-residency?view=o365-worldwide) | modified |

+| 3/1/2024 | [Advanced Data Residency Commitments](/microsoft-365/enterprise/m365-dr-commitments?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency Legacy Move Program](/microsoft-365/enterprise/m365-dr-legacy-move-program?view=o365-worldwide) | modified |

+| 3/1/2024 | [Overview and Definitions](/microsoft-365/enterprise/m365-dr-overview?view=o365-worldwide) | modified |

+| 3/1/2024 | [Overview of Product Terms Data Residency](/microsoft-365/enterprise/m365-dr-product-terms-dr?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency for Exchange Online](/microsoft-365/enterprise/m365-dr-workload-exo?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency for Microsoft Defender for Office P1](/microsoft-365/enterprise/m365-dr-workload-mdo-p1?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency for Other Microsoft 365 Services](/microsoft-365/enterprise/m365-dr-workload-other?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency for Microsoft Purview](/microsoft-365/enterprise/m365-dr-workload-purview?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency for SharePoint and OneDrive](/microsoft-365/enterprise/m365-dr-workload-spo?view=o365-worldwide) | modified |

+| 3/1/2024 | [Data Residency for Microsoft Teams](/microsoft-365/enterprise/m365-dr-workload-teams?view=o365-worldwide) | modified |

+| 3/1/2024 | [Advanced technologies at the core of Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/adv-tech-of-mdav?view=o365-worldwide) | modified |

+| 3/1/2024 | [Evaluate network protection](/microsoft-365/security/defender-endpoint/evaluate-network-protection?view=o365-worldwide) | modified |

+| 3/1/2024 | [Create custom Microsoft Defender XDR reports using Microsoft Graph security API and Power BI](/microsoft-365/security/defender/defender-xdr-custom-reports?view=o365-worldwide) | modified |

+| 3/1/2024 | [Memory regression analysis](/microsoft-365/test-base/memory?view=o365-worldwide) | modified |

+| 3/1/2024 | [Hardware acceleration and Microsoft Defender Antivirus.](/microsoft-365/security/defender-endpoint/hardware-acceleration-and-mdav?view=o365-worldwide) | added |

+| 3/1/2024 | [Evaluate Microsoft Defender Antivirus using PowerShell.](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-using-powershell?view=o365-worldwide) | added |

+| 3/1/2024 | [Microsoft 365 admin center SharePoint activity reports](/microsoft-365/admin/activity-reports/sharepoint-activity-ww?view=o365-worldwide) | modified |

+| 3/1/2024 | [Microsoft 365 admin center Viva Engage activity reports](/microsoft-365/admin/activity-reports/viva-engage-activity-report-ww?view=o365-worldwide) | modified |

+| 3/1/2024 | [Microsoft 365 admin center Viva Learning activity reports](/microsoft-365/admin/activity-reports/viva-learning-activity?view=o365-worldwide) | modified |

+| 3/1/2024 | [Transfer data manually between two accounts](/microsoft-365/admin/get-help-with-domains/transfer-data-manually?view=o365-worldwide) | modified |

+| 3/1/2024 | [Domains Frequently Asked Questions](/microsoft-365/admin/setup/domains-faq?view=o365-worldwide) | modified |

+> ## Network Protection ΓÇô Update

+> Network protection feature will soon be enabled by default for all users. The update will be rolled out in a phased manner. As a result, users will be able to see Network Protection Card in the Defender app along with App Protection and Web Protection. Users are also required to provide Location permission to complete the set up. For more information, see [Network Protection](/microsoft-365/security/defender-endpoint/android-configure#network-protection).

+### Attack surface reduction rules list by category

+## ASR rules and Defender for Endpoint Indicators of Compromise (IOC)

+The following ASR rules DO NOT honor Microsoft Defender for Endpoint Indicators of Compromise (IOC):

+| ASR rule name | Description |

+|||

+| Block credential stealing from the Windows local security authority subsystem (lsass.exe) | Doesn't honor indicators of compromise for files or certificates. |

+| Block Office applications from injecting code into other processes |Doesn't honor indicators of compromise for files or certificates. |

+| Block Win32 API calls from Office mac |Doesn't honor indicators of compromise for certificates. |

+> [!NOTE]

+> The Block credential stealing from the Windows local security authority subsystem ASR rule does not support WARN mode.

+> [!NOTE]

+> The Block applications from injecting code into other processes ASR rule does not support WARN mode.

+> [!IMPORTANT]

+> ## Network Protection ΓÇô Update

+> Network protection feature will soon be enabled by default for all users. The update will be rolled out in a phased manner. As a result, users will be able to see Network Protection Card in the Defender app along with App Protection and Web Protection. Users are also required to provide Location permission to complete the set up. For more information, see [Network Protection](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-network-protection).

+|::|::|::|

+|::|::|::|::|

+|Salmon Typhoon|SODIUM|China|APT4, Maverick Panda|

+|Storm-0062||China|DarkShadow, Oro0lxy|

+|Storm-0133||Iran|LYCEUM, HEXANE|

+|Storm-0216||Financially motivated|Twisted Spider, UNC2198|

+|Storm-0257||Group in development|UNC1151|

+|Storm-0324||Financially motivated|TA543, Sagrid|

+|Storm-0381||Financially motivated||

+|Storm-0530||North Korea|H0lyGh0st|

+|Storm-0569||Financially motivated||

+|Storm-0587||Russia|SaintBot, Saint Bear, TA471|

+|Storm-0744||Financially motivated||

+|Storm-0784||Iran||

+|Storm-0829||Group in development|Nwgen Team|

+|Storm-0842||Iran||

+|Storm-0861||Iran||

+|Storm-0867||Egypt|Caffeine|

+|Storm-0971||Financially motivated|(Merged into Octo Tempest)|

+|Storm-0978||Group in development|RomCom, Underground Team|

+|Storm-1044||Financially motivated|Danabot|

+|Storm-1084||Iran|DarkBit|

+|Storm-1101||Group in development|NakedPages|

+|Storm-1113||Financially motivated||

+|Storm-1167||Indonesia||

+|Storm-1295||Group in development|Greatness|

+|Storm-1364||Iran||

+|Strawberry Tempest||Financially motivated|LAPSUS$|

+|Sunglow Blizzard||Russia||

+- [downloadable Excel](https://download.microsoft.com/download/4/5/2/45208247-c1e9-432d-a9a2-1554d81074d9/microsoft-threat-actor-list.xls)

+> [!NOTE]

+> When you apply OCR to an image file, the text is stored in the **Extracted text** metadata column. When you apply OCR to a PDF or TIFF file, the extracted text is indexed in search but not available in the metadata column.

+- Images must be less than 50 MB.

+- Images uploaded after OCR has been enabled are the only images that are scanned.

+- Images that are embedded in Office documents aren't supported.

+ It can take several minutes for the translated file to be created. When the process is completed, the translated file will appear in the document library.

+> [!IMPORTANT]

+> **Test Base for Microsoft 365 will transition to end-of-life (EOL) on May 31, 2024.** We're committed to working closely with each customer to provide support and guidance to make the transition as smooth as possible. If you have any questions, concerns, or need assistance, [submit a support request](https://aka.ms/TestBaseSupport).