Updates from: 03/07/2023 03:28:39
Category Microsoft Docs article Related commit history on GitHub Change details
compliance Apply Retention Labels Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md
f1.keywords:
Previously updated : 02/28/2023 Last updated : 03/06/2023 audience: Admin
Some settings can't be changed after the label or policy is created and saved, w
### Deleting retention labels
-You can delete retention labels that aren't currently included in any retention label policies, that aren't configured for event-based retention, or mark items as regulatory records.
+To delete a retention label, all three conditions must apply:
-For retention labels that you can delete, if they've been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items.
+- The label isn't included in any retention label policy
+- The label isn't configured for event-based retention
+- The label isn't configured to mark items as regulatory records
-However, it can take up to two days for content explorer to show the items that are labeled. In this scenario, the retention label might be deleted without showing you the link to content explorer.
+When all these conditions are met:
+
+- You can always delete a retention label that doesn't mark items as records (sometimes referred to as a "standard retention label"). The deletion succeeds even if the label is applied to items, and the retention label is then removed from these items.
+
+- You can delete a retention label that marks items as records only if the label isn't applied to items. If the label has been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items. It can take up to two days for content explorer to show the items that are labeled. In this scenario, the retention label might be deleted without showing you the link to content explorer.
## Locking the policy to prevent changes
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
audience: Admin Previously updated : 02/27/2023 Last updated : 03/06/2023 ms.localizationpriority: high - purview-compliance
However, the behavior is a little different for client-side auto-labeling (auto-
For more information about label priority, see [Label priority (order matters)](sensitivity-labels.md#label-priority-order-matters).
-## Don't configure a parent label to be applied automatically or recommended
+## Considerations for label configurations
+
+The following considerations apply to both client-side labeling and service-side labeling.
+
+### Don't configure a parent label to be applied automatically or recommended
Remember, you can't apply a parent label (a label with sublabels) to content. Make sure that you don't configure a parent label to be auto-applied or recommended in Office apps, and don't select a parent label for an auto-labeling policy. If you do, the parent label won't be applied to content.
To use automatic labeling with sublabels, make sure you publish both the parent
For more information on parent labels and sublabels, see [Sublabels (grouping labels)](sensitivity-labels.md#sublabels-grouping-labels).
+### Label scoping that excludes files or emails
+
+To automatically apply a sensitivity label to content, the [label's scope](sensitivity-labels.md#label-scopes) must include **Items**. If you refine this selection further, you must include **Files** if you want to automatically apply a label to documents, and **Emails** to automatically apply a label to emails.
+
+For more information about refining the **Items** label scope, see [Scope labels to just files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails).
+ ## Will an existing label be overridden? > [!NOTE]
For built-in labeling in Office apps, check the [minimum versions required](sens
The Azure Information Protection unified labeling client supports automatic labeling only for built-in and custom sensitive info types, and doesn't support trainable classifiers or sensitive info types that use Exact Data Match (EDM) or named entities.
-The auto-labeling settings for Office apps are available when you [create or edit a sensitivity label](create-sensitivity-labels.md). Make sure **Items** is selected for the label's scope:
+The auto-labeling settings for Office apps are available when you [create or edit a sensitivity label](create-sensitivity-labels.md). Make sure **Items** is selected for the label's scope. Then make sure **Files** are also selected to auto-label documents, and **Emails** are selected to auto-label emails. For example:
-![Sensitivity label scope options for files and emails.](../media/filesandemails-scope-options-sensitivity-label.png)
As you move through the configuration, you see the **Auto-labeling for files and emails** page where you can choose from a list of sensitive info types or trainable classifiers:
compliance Create Apply Retention Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-apply-retention-labels.md
f1.keywords:
Previously updated : 02/18/2023 Last updated : 03/06/2023 audience: Admin
Some settings can't be changed after the label or policy is created and saved, w
### Deleting retention labels
-You can delete retention labels that aren't currently included in any retention label policies, that aren't configured for event-based retention, or that mark items as regulatory records.
+To delete a retention label, all three conditions must apply:
-For retention labels that you can delete, if they have been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items.
+- The label isn't included in any retention label policy
+- The label isn't configured for event-based retention
+- The label isn't configured to mark items as regulatory records
-However, it can take up to two days for content explorer to show the items that are labeled. In this scenario, the retention label might be deleted without showing you the link to content explorer.
+When all these conditions are met:
+
+- You can always delete a retention label that doesn't mark items as records (sometimes referred to as a "standard retention label"). The deletion succeeds even if the label is applied to items, and the retention label is then removed from these items.
+
+- You can delete a retention label that marks items as records only if the label isn't applied to items. If the label has been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items. It can take up to two days for content explorer to show the items that are labeled. In this scenario, the retention label might be deleted without showing you the link to content explorer.
## Locking the policy to prevent changes
compliance Dlp Chrome Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-chrome-get-started.md
Use this setup method for organization-wide deployments.
#### Microsoft Intune Force Install Steps
-Before adding the extension to the list of force-installed extensions, it is important to ingest the Chrome ADMX. Steps for this process in Microsoft Intune are documented by Google: [Manage Chrome Browser with Microsoft Intune - Google Chrome Enterprise Help](https://support.google.com/chrome/a/answer/9102677?hl=en#zippy=%2Cstep-ingest-the-chrome-admx-file-into-intune).
-
- After ingesting the ADMX, the steps below can be followed to create a configuration profile for this extension.
+Using the settings catalog, follow these steps to manage Chrome extensions:
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
Before adding the extension to the list of force-installed extensions, it is imp
4. Select **Windows 10 and later** as the platform.
-5. Select **Templates** as the profile type.
+5. Select **Settings catalog** as the profile type.
6. Select **Custom** as the template name.
Before adding the extension to the list of force-installed extensions, it is imp
8. Enter a name and optional description on the **Basics** tab and select **Next**.
-9. Select **Add** on the **Configuration settings** tab.
-
-10. Enter the following policy information.
+9. Select **Add settings** on the **Configuration settings** tab.
+10. Select **Administrative Templates** > **Google** > **Google Chrome** > **Extensions**.
+11. Select **Configure the list of force-installed apps and extensions**.
+12. Change the toggle to **Enabled**.
+13. Enter the following value for the extensions and app IDs and update URL:
+ `echcggldkblhodogklpincgchnpgcdco;https://clients2.google.com/service/update2/crx`.
- OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallForcelist`<br/>
- Data type: `String`<br/>
- Value: `<enabled/><data id="ExtensionInstallForcelistDesc" value="1&#xF000; echcggldkblhodogklpincgchnpgcdco;https://clients2.google.com/service/update2/crx"/>`
-11. Select **Save** and then select **Next**.
+11. Select **Next**.
12. Add or edit scope tags on the **Scope tags** tab as needed and select **Next**.
compliance Ediscovery Premium Limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-premium-limits.md
f1.keywords:
Previously updated : 01/01/2023 Last updated : 03/06/2023 audience: Admin
The limits described in this section are related to exporting documents out of a
|Description of limit|Limit| |:|:|
-|Maximum number of items displayed per page in a review set.|10,000|
+|Maximum number of items displayed per page in a review set.|1,000|
> [!NOTE] > Use default or custom filters to [adjust the displayed items](/microsoft-365/compliance/review-set-search) in a review set as needed.
compliance Encryption Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-sensitivity-labels.md
f1.keywords:
Previously updated : 02/17/2023 Last updated : 03/06/2023 audience: Admin
Before you can use encryption, you might need to do some configuration tasks. Wh
## How to configure a label for encryption
-1. Follow the general instructions to [create or edit a sensitivity label](create-sensitivity-labels.md#create-and-configure-sensitivity-labels) and make sure **Items** is selected for the label's scope:
+1. Follow the general instructions to [create or edit a sensitivity label](create-sensitivity-labels.md#create-and-configure-sensitivity-labels) and make sure **Items** is selected for the [label's scope](sensitivity-labels.md#label-scopes):
- ![Sensitivity label scope options for files and emails.](../media/filesandemails-scope-options-sensitivity-label.png)
+ :::image type="content" source="../media/filesandemails-scope-options-sensitivity-label.png" alt-text="Sensitivity label scope option Items for encryption.":::
-2. Then, on the **Choose protection settings for labeled items** page, make sure you select **Encrypt items**. Additionally, select **Include meetings** if the settings should extend to [meeting invites and replies](sensitivity-labels-meetings.md).
+2. Then, on the **Choose protection settings for labeled items** page, make sure you select **Apply or remove encryption**.
:::image type="content" source="../media/protection-options-sensitivity-label.png" alt-text="Sensitivity label protection options for items." Lightbox="../media/protection-options-sensitivity-label.png":::
You can use the following options to let users assign permissions when they manu
To check which apps that use built-in labeling support this option, use the [capabilities table for Word, Excel, and PowerPoint](sensitivity-labels-versions.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) and the rows for **Let users assign permissions**.
+> [!NOTE]
+> You won't be able to use these configurations if the label scope excludes email (for Do Not Forward and Encrypt-Only) or excludes files (for prompting users in Word, PowerPoint, and Excel). For more information, see [Scope labels to just files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails).
+ When the options are supported, use the following table to identify when users see the sensitivity label: |Setting |Label visible in Outlook|Label visible in Word, Excel, PowerPoint|
compliance Retention Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-settings.md
When a policy for retention (static policy scope or adaptive) is applied to a Mi
Unlike Exchange email, you can't toggle the status of the Skype location on to automatically include all users, but when you turn on that location, you must then manually choose the users whose conversations you want to retain:
-![Choose Skype location for retention policies.](../media/skype-location-retention-policies.png)
After you select this **Edit** option, in the **Skype for Business** pane you can quickly include all users by selecting the hidden box before the **Name** column. However, it's important to understand that each user counts as a specific inclusion in the policy. So if you include 1,000 users by selecting this box, it's the same as if you manually selected 1,000 users to include, which is the maximum supported for Skype for Business.
compliance Sensitivity Labels Aip https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-aip.md
f1.keywords:
Previously updated : 02/21/2023 Last updated : 03/06/2023 audience: Admin
Use the following information to help you identify if the features you use with
|**Category: General**|| |Central reporting and auditing|![Supported.](../medi#auditing-labeling-activities)| |Government Cloud|![Supported.](../media/yes-icon.png)|
-|Admin can disable labeling for all apps|![Supported.](../medi#if-you-need-to-turn-off-built-in-labeling-in-office-apps-on-windows)|
+|Admin can disable labeling for all apps| ![Supported.](../medi#if-you-need-to-turn-off-built-in-labeling-in-office-apps-on-windows)|
+|Admin can display labels for just files or just emails| [Rolling out](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails)|
|**Category: User Experience**|| |Labeling button on the ribbon|![Supported.](../media/yes-icon.png)| |Multilanguage support for label names and tooltips|![Supported.](../medi#example-configuration-to-configure-a-sensitivity-label-for-different-languages)|
compliance Sensitivity Labels Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-meetings.md
audience: Admin Previously updated : 03/01/2023 Last updated : 03/06/2023 ms.localizationpriority: high
To apply a sensitivity label to meeting invites using Teams, enforce meeting opt
## How to configure a sensitivity label to protect calendar items, Teams meetings, and chat
-1. Follow the general instructions to [create or edit a sensitivity label](create-sensitivity-labels.md#create-and-configure-sensitivity-labels) and make sure you select **Items** for the label's scope, and also select **Include meetings**:
+1. Follow the general instructions to [create or edit a sensitivity label](create-sensitivity-labels.md#create-and-configure-sensitivity-labels) and make sure **Items** is selected for the [label's scope](sensitivity-labels.md#label-scopes), and also the options for **Files**, **Emails**, and **Meetings**:
- ![Sensitivity label scope options for files and emails.](../media/itemswithmeetings-scope-options-sensitivity-label.png)
+ :::image type="content" source="../media/itemswithmeetings-scope-options-sensitivity-label.png" alt-text="Sensitivity label scope options for Items that include Files, Emails, and Meetings.":::
2. On the **Choose protection settings for labeled items** page:
- - Select **Encrypt items** if you want to encrypt meeting invites and responses, and any Office attachment in that calendar item
- - Select **Mark items** if you want to add headers or footers to meeting invites and responses
+ - Select **Apply or remove encryption** if you want to encrypt meeting invites and responses, and any Office attachment in that calendar item
+ - Select **Apply content marking** if you want to add headers or footers to meeting invites and responses
- Select **Protect Teams meetings and chat** to display the label in Teams meetings and enforce Teams-specific settings for the Teams meeting itself and chat messages 3. On the subsequent pages, configure settings for the options you've selected.
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
f1.keywords:
Previously updated : 03/01/2023 Last updated : 03/06/2023 audience: Admin
Deploy this setting by using Group Policy, or by using the [Cloud Policy service
Because this setting is specific to Windows Office apps, it has no impact on other apps on Windows that support sensitivity labels (such as Power BI) or other platforms (such as macOS, mobile devices, and Office for the web). If you don't want some or all users to see and use sensitivity labels across all apps and all platforms, don't assign a sensitivity label policy to those users.
+> [!TIP]
+> If you want to stop displaying built-in labels for Word, Excel, and PowerPoint, and display them just for Outlook, or the other way around, you can achieve this outcome with a per-label setting. For more information, see [Scope labels to just files or emails](#scope-labels-to-just-files-or-emails).
+ ## Office file types supported Generally, Office apps that have built-in labeling for Word, Excel, and PowerPoint files support the Open XML format (such as .docx and .xlsx) but not the Microsoft Office 97-2003 format (such as .doc and .xls), Open Document Format (such as .odt and .ods), or other formats. When a file type is not supported for built-in labeling, the **Sensitivity** button is not available in the Office app.
When the Outlook app doesn't support turning off mandatory labeling: If you sele
> > Your chosen values for these PowerShell settings are reflected in the label policy configuration in the Microsoft Purview compliance portal, and they automatically work for Outlook apps that support these settings. The other PowerShell advanced settings remain supported for the Azure Information Protection unified labeling client only.
+## Scope labels to just files or emails
+
+> [!NOTE]
+> This capability is currently rolling out for built-in labeling, and in various stages of release across the platforms. Identify the minimum versions that support this feature by using the [capabilities tables](sensitivity-labels-versions.md), and the row **Scope labels to files or emails**.
+>
+> Until this capability is supported on all the platforms used by your users, they will have an inconsistent labeling experience. For example, Word on one platform doesn't display a label that they see on a different platform.
+
+This configuration is an extension to the **Items** scope, when you [create or edit a sensitivity label](create-sensitivity-labels.md#create-and-configure-sensitivity-labels) in the Microsoft Purview compliance center. When you define the scope for the label for items, you can further refine the scope to just files or emails, and to [meetings](sensitivity-labels-meetings.md):
+
+- To scope labels to just Word, Excel, and PowerPoint: Make sure the option for **Files** is selected, and not the option for **Emails**.
+- To scope labels to just Outlook, make sure the option for **Emails** is selected, and not the option for **Files**.
+
+Make sure both options are selected if you don't want to scope the labels to just Word, Excel, and PowerPoint, or to just Outlook.
+
+> [!NOTE]
+> The **Files** option can include other items that support this scoping option, such as Power BI files. Check the application's documentation to verify, and remember to test all labeling apps and services used by your organization.
+
+Be aware that this configuration affects both client apps and services, manual labeling and automatic labeling. For example:
+
+- Default labels:
+ - If the scope doesn't include email, a configured default label for email won't be applied.
+ - If the scope doesn't include files, a configured default label for files won't be applied and can't be selected as a default sensitivity label for a SharePoint document library.
+
+- Auto-labeling policies:
+ - If the scope doesn't include email, you can't select the label for an auto-labeling policy that includes the Exchange location.
+ - If the scope doesn't include files, you can't select the label for an auto-labeling policy that includes the SharePoint and OneDrive locations.
+
+- [Encryption that lets users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions):
+ - If the scope doesn't include email, you won't be able to select the encryption options of **Do Not Forward** or **Encrypt-Only**.
+ - If the scope doesn't include files, you won't be able to select the encryption option **In Word, PowerPoint, and Excel, prompt users to specify permissions**.
+
+In addition, if a label has been previously applied but then removed from one of the scopes, users will no longer see that label applied for the scope in the apps that support this feature.
+
+Because of the impact of scoping labels to just files or emails, some existing labeling configurations will prevent you from removing the scope options for **Files** and **Emails**:
+- Default label in label policies
+- Default label to apply in channel meetings
+- Label selected for auto-labeling policies
+
+Before you can scope a label to just files or emails, you must first remove it if it's configured as one of these default labels, and remove it from any auto-labeling policies.
+
+**Limitation for this preview:**
+
+- If the label is configured as the default label, and Outlook isn't configured with its own default label, you can't remove the scope for **Email**.
+ ## Configure a label to apply S/MIME protection in Outlook > [!NOTE]
compliance Sensitivity Labels Teams Groups Sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-teams-groups-sites.md
After sensitivity labels are enabled for containers as described in the previous
1. Follow the general instructions to [create or edit a sensitivity label](create-sensitivity-labels.md#create-and-configure-sensitivity-labels) and make sure you select **Groups & sites** for the label's scope:
- ![Sensitivity label scope options for files and emails.](../media/groupsandsites-scope-options-sensitivity-label.png)
+ :::image type="content" source="../media/groupsandsites-scope-options-sensitivity-label.png" alt-text="Sensitivity label scope option for Groups & sites.":::
When only this scope is selected for the label, the label won't be displayed in Office apps that support sensitivity labels and can't be applied to files and emails. Having this separation of labels can be helpful for both users and administrators, but can also add to the complexity of your label deployment.
compliance Sensitivity Labels Versions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-versions.md
Previously updated : 03/01/2023 Last updated : 03/06/2023 audience: Admin
The numbers listed are the minimum Office application versions required for each
|[Let users assign permissions: <br /> - Prompt users for custom permissions (users, groups, and organizations)](encryption-sensitivity-labels.md#support-for-organization-wide-custom-permissions) |Rolling out: 2212+ | Under review | Under review | Under review | Under review | |[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities): <br /> - Excludes encryption details | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.43+ | 2.46+ | 16.0.13628+ | Yes | |[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities): <br /> - Includes encryption details | Preview: [Beta Channel](https://office.com/insider)| Preview: [Beta Channel](https://office.com/insider) | Preview: [Beta Channel](https://insider.office.com/join/ios) |Preview: [Beta Channel](https://insider.office.com/join/android) | Under review |
-|[Require users to apply a label to their email and documents](sensitivity-labels-office-apps.md#require-users-to-apply-a-label-to-their-email-and-documents) | Current Channel: 2101+ <br /><br> Monthly Enterprise Channel: 2101+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.45+ | 2.47+ | 16.0.13628+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md)
+|[Require users to apply a label to their email and documents](sensitivity-labels-office-apps.md#require-users-to-apply-a-label-to-their-email-and-documents) | Current Channel: 2101+ <br /><br> Monthly Enterprise Channel: 2101+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.45+ | 2.47+ | 16.0.13628+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
|[Apply a sensitivity label to files automatically](apply-sensitivity-label-automatically.md) <br /> - Using sensitive info types | Current Channel: 2009+ <br /><br> Monthly Enterprise Channel: 2009+ <br /><br> Semi-Annual Enterprise Channel: 2102+ | 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Apply a sensitivity label to files automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.49+ | Under review | Under review | Under review | |[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | Current Channel: 2107+ <br /><br> Monthly Enterprise Channel: 2107+ <br /><br> Semi-Annual Enterprise Channel: 2202+ | 16.51+ | 2.58+ | 16.0.14931+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[PDF support](sensitivity-labels-office-apps.md#pdf-support)| Current Channel: 2208+ <br /><br> Monthly Enterprise Channel: 2209+ <br /><br> Semi-Annual Enterprise Channel: 2302+ | Under review | Under review | Under review | Under review | |[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [display label color](sensitivity-labels-office-apps.md#label-colors) | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | |[Default sublabel for parent label](sensitivity-labels-office-apps.md#specify-a-default-sublabel-for-a-parent-label)| Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | Under review |
+|[Scope labels to files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails) | Current Channel: 2301+ | 16.69+ | Preview: Rolling out to [Beta Channel](https://insider.office.com/join/ios) | Preview: Rolling out to [Beta Channel](https://insider.office.com/join/android)| [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
## Sensitivity label capabilities in Outlook
The numbers listed are the minimum Office application versions required for each
|[Apply S/MIME protection](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) | Current Channel: 2211+ <br /><br> Monthly Enterprise Channel: 2211+ <br /><br> Semi-Annual Enterprise Channel: 2302+ | 16.61+ <sup>\*</sup> | 4.2226+ | 4.2203+ | Under review | |[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [display label color](sensitivity-labels-office-apps.md#label-colors) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | Under review | |[Default sublabel for parent label](sensitivity-labels-office-apps.md#specify-a-default-sublabel-for-a-parent-label)| Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | Under review |
+|[Scope labels to files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails) | Current Channel: 2301+ | Rolling out: 16.70+ <sup>\*</sup> | Rolling out 4.2309+| Rolling out 4.2309+ | Yes |
**Footnotes:**
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
f1.keywords:
Previously updated : 02/28/2023 Last updated : 03/06/2023 audience: Admin
For more label configurations, see [Manage sensitivity labels for Office apps](s
When you create a sensitivity label, you're asked to configure the label's scope, which determines two things: - Which label settings you can configure for that label-- Where the label will be visible to users
+- The availability of the label to apps and services, which includes whether users can see and select the label
-This scope configuration lets you have sensitivity labels that are just for items such as documents and emails, and can't be selected for containers. And similarly, sensitivity labels that are just for containers and can't be selected for documents and emails. You can also select the scope for schematized data assets for Microsoft Purview Data Map:
+This scope configuration lets you have sensitivity labels that are just for items such as documents and emails, and can't be selected for containers. Similarly, sensitivity labels that are just for containers and can't be selected for documents and emails. You can also select the scope for schematized data assets for Microsoft Purview Data Map:
-![Scope options for sensitivity labels.](../media/sensitivity-labels-scopes.png)
-By default, the **Items** scope (previously named **Files & emails**) is always selected. Optionally, include meetings with this scope for calendar events, Teams meetings options, and Team chat. The other scopes are selected by default when the features are enabled for your tenant:
+The **Items** scope can further be refined to [files and emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails), and to [meetings](sensitivity-labels-meetings.md) that includes calendar events, Teams meetings options, and Team chat. For example, use this refinement when you want a sensitivity label to be available for emails only.
+
+By default, the **Items** scope is always selected for a new label. The other scopes are selected by default when the features are enabled for your tenant:
- **Groups & sites**: See [Enable sensitivity labels for containers and synchronize labels](sensitivity-labels-teams-groups-sites.md#how-to-enable-sensitivity-labels-for-containers-and-synchronize-labels)
compliance Sit Get Started Exact Data Match Export Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-export-data.md
To learn how to use sample file templates, go to [How to use the sample file tem
The data file can include a maximum of: - Up to 100 million rows of sensitive data - Up to 32 columns (fields) per data source
- - Up to five columns (fields) marked as searchable
+ - Up to ten columns (fields) marked as searchable
2. Structure the sensitive data in the .csv or .tsv file such that the first row includes the names of the fields used for EDM-based classification. In your file you might have field names such as "ssn", "birthdate", "firstname", "lastname". The column header names can't include spaces or underscores. For example, the sample .csv file that we use in this article is named *PatientRecords.csv*, and its columns include *PatientID*, *MRN*, *LastName*, *FirstName*, *SSN*, and more.
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Whether it be adding new solutions to the [Microsoft Purview compliance portal](
### Sensitivity labels - **General availability (GA)**: Outlook for Mac is now rolling out in general availability for [protected meetings](sensitivity-labels-meetings.md).
+ - **Rolling out**: The ability to [scope labels to files and emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails), so that for example, a sensitivity label is visible to users in Outlook but not in Word, Excel, or PowerPoint. This configuration can be used as a parity feature for the AIP add-in, which could be disabled per app.
## February 2023
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of February 27, 2023
++
+| Published On |Topic title | Change |
+|||--|
+| 2/28/2023 | [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) | modified |
+| 2/28/2023 | [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) | modified |
+| 2/28/2023 | [Advanced deployment guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) | modified |
+| 2/28/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified |
+| 2/28/2023 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified |
+| 2/28/2023 | [Manage your Microsoft Defender for Endpoint subscription settings across client devices](/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?view=o365-worldwide) | added |
+| 2/28/2023 | [Create and manage device tags](/microsoft-365/security/defender-endpoint/machine-tags?view=o365-worldwide) | modified |
+| 2/28/2023 | [Zero Trust with Microsoft 365 Defender](/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender?view=o365-worldwide) | added |
+| 2/28/2023 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) | modified |
+| 2/28/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified |
+| 2/27/2023 | [Information protection configuration tasks that you used to do in the Azure portal](/microsoft-365/compliance/azure-portal-migration?view=o365-worldwide) | added |
+| 2/27/2023 | [Get started with data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-get-started?view=o365-worldwide) | modified |
+| 2/27/2023 | [Learn about data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-learn?view=o365-worldwide) | modified |
+| 2/27/2023 | [Use data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-use?view=o365-worldwide) | modified |
+| 2/27/2023 | [Remove blocked connectors from the Restricted entities portal in Microsoft 365](/microsoft-365/security/office-365-security/connectors-remove-blocked?view=o365-worldwide) | modified |
+| 2/27/2023 | [Remove blocked users from the Restricted users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-worldwide) | modified |
+| 2/27/2023 | [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) | modified |
+| 2/27/2023 | [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) | modified |
+| 2/27/2023 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) | modified |
+| 2/27/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified |
+| 2/28/2023 | [Get started with DLP for Power BI](/microsoft-365/compliance/dlp-powerbi-get-started?view=o365-worldwide) | modified |
+| 2/28/2023 | [Troubleshoot error messages and problems in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-troubleshoot?view=o365-worldwide) | modified |
+| 2/28/2023 | [Overview of the Users page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-users-page-overview?view=o365-worldwide) | modified |
+| 2/28/2023 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) | modified |
+| 2/28/2023 | Manage your Microsoft Defender for Endpoint subscription settings across client devices | removed |
+| 3/1/2023 | [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) | modified |
+| 3/1/2023 | [Investigate insider risk management activities](/microsoft-365/compliance/insider-risk-management-activities?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use the Microsoft 365 admin center to manage your Shifts connection to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-blue-yonder-admin-center-manage?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use PowerShell to connect Shifts to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-blue-yonder-powershell-setup?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use PowerShell to manage your Shifts connection to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-powershell-manage?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use the Microsoft 365 admin center to manage your Shifts connection to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-ukg-admin-center-manage?view=o365-worldwide) | modified |
+| 3/1/2023 | [Team Shifts connector for UKG Dimensions known issues](/microsoft-365/frontline/shifts-connector-ukg-known-issues?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use PowerShell to manage your Shifts connection to UKG Dimensions](/microsoft-365/frontline/shifts-connector-ukg-powershell-manage?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use PowerShell to connect Shifts to UKG Dimensions](/microsoft-365/frontline/shifts-connector-ukg-powershell-setup?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use the Shifts connector wizard to connect Shifts to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-wizard-ukg?view=o365-worldwide) | modified |
+| 3/1/2023 | [Use the Shifts connector wizard to connect Shifts to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-wizard?view=o365-worldwide) | modified |
+| 2/28/2023 | [Use multi-segment support in information barriers](/microsoft-365/compliance/information-barriers-multi-segment?view=o365-worldwide) | added |
+| 2/28/2023 | [Manage information barriers policies](/microsoft-365/compliance/information-barriers-edit-segments-policies?view=o365-worldwide) | modified |
+| 2/28/2023 | [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies?view=o365-worldwide) | modified |
+| 2/28/2023 | [Information barriers](/microsoft-365/compliance/information-barriers-solution-overview?view=o365-worldwide) | modified |
+| 2/28/2023 | [Learn about information barriers](/microsoft-365/compliance/information-barriers?view=o365-worldwide) | modified |
+| 2/28/2023 | [Learn about the DLP alerts dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-learn?view=o365-worldwide) | modified |
+| 2/28/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |
+| 2/28/2023 | [Manage tamper protection for your organization using Microsoft Intune](/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-endpoint-manager?view=o365-worldwide) | modified |
+| 2/28/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified |
+| 2/28/2023 | [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-about?view=o365-worldwide) | modified |
+| 2/28/2023 | [Anti-spoofing protection FAQ](/microsoft-365/security/office-365-security/anti-phishing-protection-spoofing-faq?view=o365-worldwide) | modified |
+| 2/28/2023 | [Anti-spam protection FAQ](/microsoft-365/security/office-365-security/anti-spam-protection-faq?view=o365-worldwide) | modified |
+| 2/28/2023 | [Payloads in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-worldwide) | modified |
+| 2/28/2023 | [Respond to a compromised connector in Microsoft 365](/microsoft-365/security/office-365-security/connectors-detect-respond-to-compromise?view=o365-worldwide) | modified |
+| 2/28/2023 | [EOP general FAQ](/microsoft-365/security/office-365-security/eop-faq?view=o365-worldwide) | modified |
+| 2/28/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified |
+| 2/28/2023 | [Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-worldwide) | modified |
+| 2/28/2023 | [Zero Trust identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-worldwide) | modified |
+| 2/28/2023 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/priority-accounts-security-recommendations?view=o365-worldwide) | modified |
+| 2/28/2023 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-worldwide) | modified |
+| 2/28/2023 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-worldwide) | modified |
+| 2/28/2023 | [Connect Microsoft Defender for Office 365 to Microsoft Sentinel](/microsoft-365/security/office-365-security/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel?view=o365-worldwide) | modified |
+| 2/28/2023 | [Getting started with defense in-depth configuration for email security](/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide?view=o365-worldwide) | modified |
+| 2/28/2023 | [How-to deploy and configure the report message add-in](/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in?view=o365-worldwide) | modified |
+| 2/28/2023 | [Steps to quickly set up the Standard or Strict preset security policies for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies?view=o365-worldwide) | modified |
+| 2/28/2023 | [How to configure quarantine permissions and policies](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies?view=o365-worldwide) | modified |
+| 2/28/2023 | [How to prioritize, Manage, Investigate & Respond to Incidents in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender?view=o365-worldwide) | modified |
+| 2/28/2023 | [Protect your c-suite with Priority account protection in Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection?view=o365-worldwide) | modified |
+| 2/28/2023 | [Review and remove unnecessary allow list entries with Advanced Hunting in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/review-allow-entries?view=o365-worldwide) | modified |
+| 2/28/2023 | [Search for emails and remediate threats using Threat Explorer in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/search-for-emails-and-remediate-threats?view=o365-worldwide) | modified |
+| 2/28/2023 | [Steps to set up a weekly digest email of message center changes for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/stay-informed-with-message-center?view=o365-worldwide) | modified |
+| 2/28/2023 | [Microsoft Defender for Office 365 step-by-step guides and how to use them](/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview?view=o365-worldwide) | modified |
+| 2/28/2023 | [Assess and tune your filtering for bulk mail in Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/tune-bulk-mail-filtering-walkthrough?view=o365-worldwide) | modified |
+| 2/28/2023 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) | modified |
+| 2/28/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified |
+| 2/28/2023 | [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-explorer-threat-hunting?view=o365-worldwide) | modified |
+| 2/28/2023 | [Use Trusted ARC senders for legitimate devices and services between the sender and receiver](/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders?view=o365-worldwide) | modified |
+| 2/28/2023 | [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified |
+| 2/28/2023 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide) | modified |
+| 2/28/2023 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) | modified |
+| 3/1/2023 | [Learn about and configure insider risk management browser signal detection](/microsoft-365/compliance/insider-risk-management-browser-support?view=o365-worldwide) | modified |
+| 3/1/2023 | [Get started with insider risk management forensic evidence (preview)](/microsoft-365/compliance/insider-risk-management-forensic-evidence-configure?view=o365-worldwide) | modified |
+| 3/1/2023 | [Compare Microsoft Defender Vulnerability Management plans and capabilities](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide) | modified |
+| 3/1/2023 | [Microsoft Defender Vulnerability Management frequently asked questions](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-faq?view=o365-worldwide) | modified |
+| 3/1/2023 | [About the Microsoft Defender Vulnerability Management public preview trial](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-trial?view=o365-worldwide) | modified |
+| 3/1/2023 | [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide) | modified |
+| 3/1/2023 | [Sign up for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management?view=o365-worldwide) | modified |
+| 3/1/2023 | [Trial user guide - Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management?view=o365-worldwide) | modified |
+| 3/1/2023 | [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) | modified |
+| 3/1/2023 | [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-worldwide) | modified |
+| 3/1/2023 | [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-worldwide) | modified |
+| 3/1/2023 | [Create and view exceptions for security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-exception?view=o365-worldwide) | modified |
+| 3/1/2023 | [Firmware and hardware assessment](/microsoft-365/security/defender-vulnerability-management/tvm-hardware-and-firmware?view=o365-worldwide) | modified |
+| 3/1/2023 | [Hunt for exposed devices](/microsoft-365/security/defender-vulnerability-management/tvm-hunt-exposed-devices?view=o365-worldwide) | modified |
+| 3/1/2023 | [Network share configuration assessment](/microsoft-365/security/defender-vulnerability-management/tvm-network-share-assessment?view=o365-worldwide) | modified |
+| 3/1/2023 | [Prerequisites & permissions for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites?view=o365-worldwide) | modified |
+| 3/1/2023 | [Security baselines assessment](/microsoft-365/security/defender-vulnerability-management/tvm-security-baselines?view=o365-worldwide) | modified |
+| 3/1/2023 | [Software inventory](/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide) | modified |
+| 3/1/2023 | [Supported operating systems platforms and capabilities](/microsoft-365/security/defender-vulnerability-management/tvm-supported-os?view=o365-worldwide) | modified |
+| 3/1/2023 | [Mitigate zero-day vulnerabilities](/microsoft-365/security/defender-vulnerability-management/tvm-zero-day-vulnerabilities?view=o365-worldwide) | modified |
+| 3/1/2023 | [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | modified |
+| 3/1/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified |
+| 3/1/2023 | [Get started with insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence-configure?view=o365-worldwide) | modified |
+| 3/1/2023 | [Manage insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence-manage?view=o365-worldwide) | modified |
+| 3/1/2023 | [Learn about insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence?view=o365-worldwide) | modified |
+| 3/2/2023 | [Business subscriptions and billing documentation # < 60 chars](/microsoft-365/commerce/index?view=o365-worldwide) | modified |
+| 3/2/2023 | [Microsoft business subscriptions and billing documentation # < 60 chars](/microsoft-365/commerce/index2?view=o365-worldwide) | added |
+| 3/2/2023 | [Best practices for managing your alerts queue](/microsoft-365/compliance/communication-compliance-alerts-best-practices?view=o365-worldwide) | added |
+| 3/2/2023 | [Create custom sensitive information types](/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-worldwide) | modified |
+| 3/2/2023 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-worldwide) | modified |
+| 3/2/2023 | [Customize a built-in sensitive information type](/microsoft-365/compliance/customize-a-built-in-sensitive-information-type?view=o365-worldwide) | modified |
+| 3/2/2023 | [About Document Fingerprinting](/microsoft-365/compliance/document-fingerprinting?view=o365-worldwide) | modified |
+| 3/2/2023 | [Common usage scenarios for sensitive information types](/microsoft-365/compliance/sit-common-scenarios?view=o365-worldwide) | modified |
+| 3/2/2023 | [Create EDM SIT using the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-schema-rule-package?view=o365-worldwide) | modified |
+| 3/2/2023 | [Custom sensitive information type filters reference](/microsoft-365/compliance/sit-custom-sit-filters?view=o365-worldwide) | modified |
+| 3/2/2023 | [Create notifications for exact data match activities](/microsoft-365/compliance/sit-edm-notifications-activities?view=o365-worldwide) | modified |
+| 3/2/2023 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) | modified |
+| 3/2/2023 | [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) | modified |
+| 3/2/2023 | [Use the Shifts connector wizard to connect Shifts to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-wizard-ukg?view=o365-worldwide) | modified |
+| 3/2/2023 | [Use the Shifts connector wizard to connect Shifts to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-wizard?view=o365-worldwide) | modified |
+| 3/1/2023 | [Sensitive information type REGEX validators and additional checks](/microsoft-365/compliance/sit-regex-validators-additional-checks?view=o365-worldwide) | modified |
+| 3/1/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |
+| 3/1/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified |
+| 3/1/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |
+| 3/3/2023 | [Automatic Service Health Incident Creation](/microsoft-365/admin/manage/servicenow-incidents?view=o365-worldwide) | modified |
+| 3/3/2023 | [France national ID card (CNI) entity definition](/microsoft-365/compliance/sit-defn-france-national-id-card?view=o365-worldwide) | modified |
+| 3/3/2023 | [U.S. individual taxpayer identification number (ITIN) entity definition](/microsoft-365/compliance/sit-defn-us-individual-taxpayer-identification-number?view=o365-worldwide) | modified |
+| 3/3/2023 | [Test an exact data match sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-test?view=o365-worldwide) | modified |
+| 3/3/2023 | [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-worldwide) | modified |
+| 3/3/2023 | [Sensitive information type limits](/microsoft-365/compliance/sit-limits?view=o365-worldwide) | modified |
+| 3/3/2023 | [Manage custom sensitive information types in compliance portal](/microsoft-365/compliance/sit-manage-custom-sits-compliance-center?view=o365-worldwide) | modified |
+| 3/3/2023 | [Modify Exact Data Match schema to use configurable match](/microsoft-365/compliance/sit-modify-edm-schema-configurable-match?view=o365-worldwide) | modified |
+| 3/3/2023 | [How to schedule scans with Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-schedule-scan-mde?view=o365-worldwide) | modified |
+| 3/3/2023 | [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](/microsoft-365/security/defender/defender-experts-report?view=o365-worldwide) | modified |
+| 3/3/2023 | [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) | modified |
+| 3/2/2023 | [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) | modified |
+| 3/3/2023 | [Get started with Activity explorer](/microsoft-365/compliance/data-classification-activity-explorer?view=o365-worldwide) | modified |
+| 3/3/2023 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/quarantine-end-user?view=o365-worldwide) | modified |
+| 3/3/2023 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) | modified |
+| 3/3/2023 | [Configure a default sensitivity label for a SharePoint document library](/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label?view=o365-worldwide) | modified |
+| 3/3/2023 | [Increase Classifier Accuracy](/microsoft-365/compliance/data-classification-increase-accuracy?view=o365-worldwide) | modified |
+| 3/3/2023 | [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) | modified |
+| 3/3/2023 | [Quarantine notifications (end-user spam notifications) in Microsoft 365](/microsoft-365/security/office-365-security/quarantine-quarantine-notifications?view=o365-worldwide) | modified |
+| 3/3/2023 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) | modified |
++ ## Week of February 20, 2023
| 2/3/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified | | 2/3/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | | 2/3/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified |--
-## Week of January 23, 2023
--
-| Published On |Topic title | Change |
-|||--|
-| 1/23/2023 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) | modified |
-| 1/23/2023 | [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) | modified |
-| 1/23/2023 | [How to secure your business data with Microsoft 365 for business](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) | modified |
-| 1/23/2023 | [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) | modified |
-| 1/23/2023 | [What DLP policy templates include](/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide) | modified |
-| 1/23/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified |
-| 1/23/2023 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified |
-| 1/24/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | modified |
-| 1/24/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified |
-| 1/24/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified |
-| 1/25/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified |
-| 1/25/2023 | [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) | modified |
-| 1/25/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified |
-| 1/25/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified |
-| 1/25/2023 | [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) | modified |
-| 1/25/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified |
-| 1/25/2023 | [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide) | modified |
-| 1/26/2023 | [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) | modified |
-| 1/26/2023 | [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) | modified |
-| 1/26/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified |
-| 1/26/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified |
-| 1/26/2023 | Employee quick-setup guide | removed |
-| 1/27/2023 | [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) | added |
-| 1/27/2023 | [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) | modified |
-| 1/27/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified |
-| 1/27/2023 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) | modified |
-| 1/27/2023 | [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) | modified |
-| 1/27/2023 | [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) | modified |
-| 1/27/2023 | [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) | modified |
-| 1/27/2023 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) | modified |
-| 1/27/2023 | [Manage Microsoft Defender for Endpoint using PowerShell, WMI, and MPCmdRun.exe](/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools?view=o365-worldwide) | modified |
-| 1/27/2023 | [Manage Microsoft Defender for Endpoint after initial setup or migration](/microsoft-365/security/defender-endpoint/manage-mde-post-migration?view=o365-worldwide) | modified |
-| 1/27/2023 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) | modified |
security Common Exclusion Mistakes Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus.md
Previously updated : 06/16/2022 Last updated : 03/06/2023 - m365-security - tier2
In general, don't define exclusions for the following processes:
- `bitsadmin.exe` - `cdb.exe` - `csi.exe`
+- `cmd.exe`
+- `cscript.exe`
- `dbghost.exe` - `dbgsvc.exe` - `dnx.exe`
In general, don't define exclusions for the following processes:
- `windbg.exe` - `winword.exe` - `wmic.exe`
+- `wscript.exe`
- `wuauclt.exe` > [!NOTE]
See [Use wildcards in the file name and folder path or extension exclusion lists
## See also -- [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md)
+- [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md)
security Deployment Vdi Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus.md
keywords: vdi, hyper-v, vm, virtual machine, windows defender, antivirus, av, vi
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Previously updated : 12/05/2022 Last updated : 03/06/2023
New-Item -ItemType Directory -Force -Path $vdmpath | Out-Null
Invoke-WebRequest -Uri 'https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64' -OutFile $vdmpackage
-cmd /c "cd /d $vdmpath & mpam-fe.exe /x"
+Start-Process -FilePath $vdmpackage -WorkingDirectory $vdmpath -ArgumentList "/x"
``` You can set a scheduled task to run once a day so that whenever the package is downloaded and unpacked then the VMs will receive the new update.
security Enable Troubleshooting Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode.md
- tier2 Previously updated : 10/14/2021 Last updated : 03/06/2023 # Get started with troubleshooting mode in Microsoft Defender for Endpoint
Last updated 10/14/2021
Microsoft Defender for Endpoint troubleshooting mode allows you to troubleshoot various Microsoft Defender antivirus features by enabling them from the device and testing different scenarios, even if they're controlled by the organization policy. The troubleshooting mode is disabled by default and requires you to turn it on for a device (and/or group of devices) for a limited time. Note that this is exclusively an Enterprise-only feature, and requires Microsoft 365 Defender access. ## What do you need to know before you begin?
+During troubleshooting mode, you can use the PowerShell command `Set-MPPreference -DisableTamperProtection $true` or, on client operating systems, the Security Center app to temporarily disable tamper protection on your device and make your necessary configuration changes.
- Use troubleshooting mode to disable/change the tamper protection setting to perform:
Microsoft Defender for Endpoint troubleshooting mode allows you to troubleshoot
Windows Server 2022|>=20348.617|[KB5011558: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011558) Windows Server 2019 (RS5)|>=17763.2746|[KB5011551: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011551) -- Troubleshooting mode is also available for machines running the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. During troubleshooting mode, use `Set-MPPreference -DisableTamperProtection $true` to temporarily disable tamper protection on your device and make your necessary configuration changes. Before you use troubleshooting mode, make sure all of the following components are up to date:
+- Troubleshooting mode is also available for machines running the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. Before you use troubleshooting mode, make sure all of the following components are up to date:
- Sense version 10.8049.22439.1084 or later ([KB5005292: Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005292))
security Onboard Windows Multi Session Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device.md
- tier3 search.appverid: met150 Previously updated : 10/04/2021 Last updated : 03/06/2023 # Onboard Windows devices in Azure Virtual Desktop
Last updated 10/04/2021
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Windows multi-session running on Azure Virtual Desktop (AVD)-- [Windows 10 Enterprise Multi-Session](/microsoft-365/security/defender-endpoint/azure-server-integration)
+- [Windows 10 Enterprise Multi-Session](/azure/virtual-desktop/windows-10-multisession-faq)
Microsoft Defender for Endpoint supports monitoring both VDI and Azure Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Azure Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
security Schedule Antivirus Scans Group Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/schedule-antivirus-scans-group-policy.md
ms.localizationpriority: medium
Previously updated : 02/24/2023 Last updated : 03/06/2023
For more information, see the [Manage when protection updates should be download
| Scan | Specify the scan type to use for a scheduled scan | Quick scan | | Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never | | Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.). | 2 a.m. |
-| Root | Randomize scheduled task times |In Microsoft Defender Antivirus, randomize the start time of the scan to any interval from 0 to 23 hours. By default, scheduled tasks will begin at a random time within four hours of the time specified in Task Scheduler. <br/><br/>In [SCEP](/mem/intune/protect/certificates-scep-configure), randomize scans to any interval plus or minus 30 minutes. This can be useful in virtual machines or VDI deployments. | Enabled |
+| Root | Randomize scheduled task times |In Microsoft Defender Antivirus, randomize the start time of the scan to any interval from 0 to 23 hours. By default, scheduled tasks will begin at a random time within four hours of the time specified in Task Scheduler. | Enabled |
## Group Policy settings for scheduling scans for when an endpoint is not in use
security Defender Vulnerability Management Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities.md
This article helps clarify the Defender Vulnerability Management capabilities in
> This article provides a summary of vulnerability management capabilities available across different Microsoft Defender product plans; however, it's not intended to be a service description or licensing contract document. For more detailed information, see the following resources: > > - [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)
-> - [Microsoft 365 Education](/office365/servicedescriptions/office-365-platform-service-description/microsoft-365-education)
+> - [Microsoft 365 Education](/office365/servicedescriptions/office-365-platform-service-description/microsoft-365-education)
+
+## Start a trial
+
+- The Defender Vulnerability Management add-on for Defender for Endpoint Plan 2 is now generally available. To try the additional add-on capabilities, go to [Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers).
+- Defender Vulnerability Management Standalone is in public preview trial. To try it, go to [Try Defender Vulnerability Management Standalone](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-standalone).
## Vulnerability Management capabilities for endpoints The table below shows the availability of Defender Vulnerability Management capabilities for endpoints:
-|Capability| Defender for Endpoint Plan 2| Defender Vulnerability Management Add-on </br> for Defender for Endpoint Plan 2 and E5 |Defender Vulnerability Management Standalone </br> (Public Preview) |
+|Capability| Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities| Defender Vulnerability Management Add-on provides the following premium Vulnerability Management capabilities for Defender for Endpoint Plan 2 | Defender Vulnerability Management Standalone (Public Preview) provides full Defender Vulnerability Management capabilities for any EDR solution |
|:-|:-:|:-:|:-:| |[Device discovery](../defender-endpoint/device-discovery.md)|Γ£ö|-|Γ£ö| |[Device inventory](../defender-endpoint/machines-view-overview.md)|Γ£ö|-|Γ£ö|
The table below shows the availability of Defender Vulnerability Management capa
> [!NOTE] > Microsoft 365 Business Premium and the standalone version of Microsoft Defender for Business include the capabilities that are listed under **Defender for Endpoint Plan 2** in the preceding table.
-## Start a trial
--- The Defender Vulnerability Management add-on for Defender for Endpoint Plan 2 is now generally available. To try it, go to [Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers).-- Defender Vulnerability Management Standalone is in public preview trial. To try it, go to [Try Defender Vulnerability Management Standalone](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-standalone).- ## Vulnerability Management capabilities for servers For Microsoft Defender for Cloud customers, Defender Vulnerability Management is natively integrated within Defender for Cloud to perform vulnerability assessments for cloud based virtual machines and recommendations will automatically populate in the Defender for Cloud portal.
security Incidents Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incidents-overview.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ ms.localizationpriority: medium audience: ITPro
search.appverid: - MOE150 - MET150 Previously updated : 02/16/2021 Last updated : 03/06/2023 # Incident response with Microsoft 365 Defender
The additional tabs for an incident are:
All the alerts related to the incident and their information. -- Devices
+- Assets
- All the devices that have been identified to be part of or related to the incident.
--- Users-
- All the users that have been identified to be part of or related to the incident.
--- Mailboxes-
- All the mailboxes that have been identified to be part of or related to the incident.
+ All the assets (devices, users, mailboxes, and apps) that have been identified to be part of or related to the incident.
- Investigations
security Investigate Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-incidents.md
Here's an example.
Learn how to use the alert queue and alert pages in [investigate alerts](investigate-alerts.md).
-## Devices
+## Assets
-The **Devices** tab lists all the devices related to the incident. Here's an example.
+Easily view and manage all your assets in one place with the new **Assets** tab. This unified view includes Devices, Users, Mailboxes and Apps.
+The Assets tab displays the total number of assets beside its name. A list of different categories with the number of assets within that category is presented when selecting the Assets tab.
++
+### Devices
+
+The **Devices** view lists all the devices related to the incident. Here's an example.
++
+Selecting a device from the list opens a bar that allows you to manage the selected device. You can quickly export, manage tags, initiate automated investigation, and more.
You can select the check mark for a device to see details of the device, directory data, active alerts, and logged on users. Select the name of the device to see device details in the Defender for Endpoint device inventory. Here's an example.
-From the device page, you can gather additional information about the device, such as all of its alerts, a timeline, and security recommendations. For example, from the **Timeline** tab, you can scroll through the machine timeline and view all events and behaviors observed on the machine in chronological order, interspersed with the alerts raised.
+From the device page, you can gather additional information about the device, such as all of its alerts, a timeline, and security recommendations. For example, from the **Timeline** tab, you can scroll through the device timeline and view all events and behaviors observed on the machine in chronological order, interspersed with the alerts raised. Here's an example
+ > [!TIP] > You can do on-demand scans on a device page. In the Microsoft 365 Defender portal, choose **Endpoints > Device inventory**. Select a device that has alerts, and then run an antivirus scan. Actions, such as antivirus scans, are tracked and are visible on the **Device inventory** page. To learn more, see [Run Microsoft Defender Antivirus scan on devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#run-microsoft-defender-antivirus-scan-on-devices).
-## Users
+### Users
-The **Users** tab lists all the users that have been identified to be part of or related to the incident. Here's an example.
+The **Users** view lists all the users that have been identified to be part of or related to the incident. Here's an example.
You can select the check mark for a user to see details of the user account threat, exposure, and contact information. Select the user name to see additional user account details. Learn how to view additional user information and manage the users of an incident in [investigate users](investigate-users.md).
-## Mailboxes
+### Mailboxes
-The **Mailboxes** tab lists all the mailboxes that have been identified to be part of or related to the incident. Here's an example.
+The **Mailboxes** view lists all the mailboxes that have been identified to be part of or related to the incident. Here's an example.
You can select the check mark for a mailbox to see a list of active alerts. Select the mailbox name to see additional mailbox details on the Explorer page for Defender for Office 365.
+### Apps
+
+The **Apps** view lists all the apps identified to be part of or related to the incident. Here's an example.
++
+You can select the check mark for an app to see a list of active alerts. Select the app name to see additional details on the Explorer page for Defender for Cloud Apps.
+ ## Investigations The **Investigations** tab lists all the [automated investigations](m365d-autoir.md) triggered by alerts in this incident. Automated investigations will perform remediation actions or wait for analyst approval of actions, depending on how you configured your automated investigations to run in Defender for Endpoint and Defender for Office 365.
security Message Headers Eop Mdo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-headers-eop-mdo.md
The individual fields and values are described in the following table.
|`SFV:SFE`|Filtering was skipped and the message was allowed because it was sent from an address in a user's Safe Senders list. <p> For more information about how admins can manage a user's Safe Senders list, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md).| |`SFV:SKA`|The message skipped spam filtering and was delivered to the Inbox because the sender was in the allowed senders list or allowed domains list in an anti-spam policy. For more information, see [Configure anti-spam policies](anti-spam-policies-configure.md).| |`SFV:SKB`|The message was marked as spam because it matched a sender in the blocked senders list or blocked domains list in an anti-spam policy. For more information, see [Configure anti-spam policies](anti-spam-policies-configure.md).|
-|`SFV:SKI`|Similar to SFV:SKN, the message skipped spam filtering for another reason (for example, an intra-organizational email within a tenant).|
+|`SFV:SKI`|The message was marked based on content of the intra-organizational message. For example, the message was marked as SCL 1 for non-spam or SCL 5 to 9 for spam.|
|`SFV:SKN`|The message was marked as non-spam prior to being processed by spam filtering. For example, the message was marked as SCL -1 or **Bypass spam filtering** by a mail flow rule.| |`SFV:SKQ`|The message was released from the quarantine and was sent to the intended recipients.| |`SFV:SKS`|The message was marked as spam prior to being processed by spam filtering. For example, the message was marked as SCL 5 to 9 by a mail flow rule.|
security Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md
The default quarantine policies, their associated permission groups, and whether
|AdminOnlyAccessPolicy|No access|No| |DefaultFullAccessPolicy|Full access|No| |NotificationEnabledPolicy<sup>\*</sup>|Full access|Yes|
+|DefaultFullAccessWithNotificationPolicy<sup>\*\*</sup>|Full access|Yes|
<sup>\*</sup>See [the next section](#full-access-permissions-and-quarantine-notifications) for more information about this policy.
+<sup>\*\*</sup>This policy is used in [preset security policies](preset-security-policies.md).
+ If you don't like the default permissions in the preset permission groups, or if you want to enable quarantine notifications, create and use custom quarantine policies. For more information about what each permission does, see the [Quarantine policy permission details](#quarantine-policy-permission-details) section later in this article. You create and assign quarantine policies in the Microsoft 365 Defender portal or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with Exchange Online mailboxes; standalone EOP PowerShell in EOP organizations without Exchange Online mailboxes).
As described earlier, quarantine notifications in quarantine policies replace en
To provide the permissions of DefaultFullAccessPolicy but with quarantine notifications turned on, we created the policy named NotificationEnabledPolicy to use in place of DefaultFullAccessPolicy for those organizations that needed it (organizations where end-user spam notifications were turned on).
-New organizations or older organization where end-user spam notifications where never turned on in anti-spam polices don't have the quarantine policy named NotificationEnabledPolicy. To turn on quarantine notifications for quarantine polices that use **Full access** permissions in organizations that don't have the NotificationEnabledPolicy, you can create and use custom quarantine policies with **Full access** permissions where quarantine notifications are turned on.
+New organizations or older organization where end-user spam notifications where never turned on in anti-spam polices don't have the quarantine policy named NotificationEnabledPolicy. To turn on quarantine notifications for quarantine polices that use **Full access** permissions in organizations that don't have the NotificationEnabledPolicy, you can use either of the following methods:
+
+- Create and use custom quarantine policies with **Full access** permissions where quarantine notifications are turned on.
+- Use the DefaultFullAccessWithNotificationPolicy.
## What do you need to know before you begin?
For detailed syntax and parameter information, see [New-QuarantinePolicy](/power
## Step 2: Assign a quarantine policy to supported features
-In _supported_ protection features that quarantine email messages, you can assign a quarantine policy to the available quarantine actions. Features that quarantine messages and the availability of quarantine policies are described in the following table:
- In _supported_ protection features that quarantine email messages, you can assign a quarantine policy that defines what users can do to quarantine messages and whether notifications for quarantined messages are turned on. Features that quarantine messages and the availability of quarantine policies are described in the following table: |Feature|Quarantine policies supported?|
For detailed syntax and parameter information, see [Get-HostedContentFilterPolic
## Modify quarantine policies in the Microsoft 365 Defender portal
-You can't modify the built-in quarantine policies named AdminOnlyAccessPolicy or DefaultFullAccessPolicy. You can modify the built-in policy named NotificationEnabledPolicy ([if you have it](#full-access-permissions-and-quarantine-notifications)) and custom quarantine policies.
+You can't modify the built-in quarantine policies named AdminOnlyAccessPolicy, DefaultFullAccessPolicy, or DefaultFullAccessWithNotificationPolicy. You can modify the built-in policy named NotificationEnabledPolicy ([if you have it](#full-access-permissions-and-quarantine-notifications)) and custom quarantine policies.
1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Quarantine policies** in the **Rules** section. Or, to go directly to the **Quarantine policies** page, use <https://security.microsoft.com/quarantinePolicies>.
For detailed syntax and parameter information, see [Set-QuarantinePolicy](/power
**Notes**: -- You can't remove the built-in quarantine policies named AdminOnlyAccessPolicy or DefaultFullAccessPolicy. You can remove the built-in policy named NotificationEnabledPolicy ([if you have it](#full-access-permissions-and-quarantine-notifications)) and custom quarantine policies.
+- You can't remove the built-in quarantine policies named AdminOnlyAccessPolicy, DefaultFullAccessPolicy, or DefaultFullAccessWithNotificationPolicy. You can remove the built-in policy named NotificationEnabledPolicy ([if you have it](#full-access-permissions-and-quarantine-notifications)) and custom quarantine policies.
- Before you remove a quarantine policy, verify that it's not being used. For example, run the following command in PowerShell: ```powershell
security Quarantine Quarantine Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-quarantine-notifications.md
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
_Quarantine policies_ define what users are allowed to do or not do to quarantined messages based on why the message was quarantined for [supported features](quarantine-policies.md#step-2-assign-a-quarantine-policy-to-supported-features). Default quarantine policies enforce the historical capabilities for the security feature that quarantined the message as described in the table [here](quarantine-end-user.md). Admins can create and apply custom quarantine policies that define less restrictive or more restrictive capabilities for users. For more information, see [Quarantine policies](quarantine-policies.md).
-Quarantine notifications are not turned on in the built-in quarantine notifications named AdminOnlyAccessPolicy or DefaultFullAccessPolicy. Quarantine notifications are turned on in the built-in quarantine policy named NotificationEnabledPolicy [if your organization has it](quarantine-policies.md#full-access-permissions-and-quarantine-notifications). Otherwise, to turn on quarantine notifications in quarantine policies, you need to [create and configure a new quarantine policy](quarantine-policies.md#step-1-create-quarantine-policies-in-the-microsoft-365-defender-portal).
+Quarantine notifications are not turned on in the built-in quarantine notifications named AdminOnlyAccessPolicy or DefaultFullAccessPolicy. Quarantine notifications are turned on in the following built-in quarantine policies:
-In addition, to allow the 'Block sender' option in quarantine notifications to work correctly, users need to be enabled for remote Powershell. For instructions, see [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell).
+- **NotificationEnabledPolicy** [if your organization has it](quarantine-policies.md#full-access-permissions-and-quarantine-notifications).
+- **DefaultFullAccessWithNotificationPolicy** that's used in [preset security policies](preset-security-policies.md).
+
+Otherwise, to turn on quarantine notifications in quarantine policies, you need to [create and configure a new quarantine policy](quarantine-policies.md#step-1-create-quarantine-policies-in-the-microsoft-365-defender-portal).
Admins can also use the global settings in quarantine policies to customize the sender's display name, disclaimer text in different languages, and the company logo that's used in quarantine notifications. For instructions, see [Configure global quarantine notification settings](quarantine-policies.md#configure-global-quarantine-notification-settings-in-the-microsoft-365-defender-portal).
security Recommended Settings For Eop And Office365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md
To create and configure anti-spam policies, see [Configure anti-spam policies in
|**Test mode** (_TestModeAction_)|**None**|**None**|**None**|This setting is part of ASF. For more information, see the [ASF settings in anti-spam policies](#asf-settings-in-anti-spam-policies) section in this article.| |**Actions**||||Wherever you select **Quarantine message** as the action for a spam filter verdict, a **Select quarantine policy** box is available. Quarantine policies define what users are allowed to do to quarantined messages and whether they receive notifications for quarantined messages. <br><br> The **Select quarantine policy** value is blank when you create a new anti-spam policy in the Defender portal. This blank value means the default quarantine policy for that particular spam filter verdict is used. These default quarantine policies enforce the historical capabilities for the spam filter verdict that quarantined the message as described in the table [here](quarantine-end-user.md). <br><br> The default quarantine policies that are used for each spam filter verdict are described in this table. The capabilities of the quarantine policy are meaningful only if the action for the spam filter verdict is to quarantine messages. <br><br> Admins can create custom quarantine policies or select other built-in quarantine policies with more restrictive or less restrictive capabilities in the default anti-spam policy or in custom anti-spam policies. For more information, see [Quarantine policies](quarantine-policies.md).| |**Spam** detection action <br><br> _SpamAction_|**Move message to Junk Email folder** <br><br> `MoveToJmf`|**Move message to Junk Email folder** <br><br> `MoveToJmf`|**Quarantine message** <br><br> `Quarantine`||
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Spam** <br><br> _SpamQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy|The quarantine policy is meaningful only when the detection action quarantines the message.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Spam** <br><br> _SpamQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessWithNotificationPolicy|The quarantine policy is meaningful only when the detection action quarantines the message.|
|**High confidence spam** detection action <br><br> _HighConfidenceSpamAction_|**Move message to Junk Email folder** <br><br> `MoveToJmf`|**Quarantine message** <br><br> `Quarantine`|**Quarantine message** <br><br> `Quarantine`||
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Hight confidence spam** <br><br> _HighConfidenceSpamQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy|The quarantine policy is meaningful only when the action quarantines the message.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Hight confidence spam** <br><br> _HighConfidenceSpamQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessWithNotificationPolicy|DefaultFullAccessWithNotificationPolicy|The quarantine policy is meaningful only when the action quarantines the message.|
|**Phishing** detection action <br><br> _PhishSpamAction_|**Move message to Junk Email folder**<sup>\*</sup> <br><br> `MoveToJmf`|**Quarantine message** <br><br> `Quarantine`|**Quarantine message** <br><br> `Quarantine`|<sup>\*</sup> The default value is **Move message to Junk Email folder** in the default anti-spam policy and in new anti-spam policies that you create in PowerShell. The default value is **Quarantine message** in new anti-spam policies that you create in the Microsoft 365 Defender portal.|
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Phishing** <br><br> _PhishQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy|The quarantine policy is meaningful only when the detection action quarantines the message.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Phishing** <br><br> _PhishQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessWithNotificationPolicy|DefaultFullAccessWithNotificationPolicy|The quarantine policy is meaningful only when the detection action quarantines the message.|
|**High confidence phishing** detection action <br><br> _HighConfidencePhishAction_|**Quarantine message** <br><br> `Quarantine`|**Quarantine message** <br><br> `Quarantine`|**Quarantine message** <br><br> `Quarantine`|Users can't release their own messages that were quarantined as high confidence phishing. At best, admins can configure the quarantine policy so users can request the release of their quarantined high confidence phishing messages.| |**Quarantine policy** for **High confidence phishing** <br><br> _HighConfidencePhishQuarantineTag_|AdminOnlyAccessPolicy|AdminOnlyAccessPolicy|AdminOnlyAccessPolicy|| |**Bulk** detection action <br><br> _BulkSpamAction_|**Move message to Junk Email folder** <br><br> `MoveToJmf`|**Move message to Junk Email folder** <br><br> `MoveToJmf`|**Quarantine message** <br><br> `Quarantine`||
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Bulk** <br><br> _BulkQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy|The quarantine policy is meaningful only when the detection action quarantines the message.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Bulk** <br><br> _BulkQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessWithNotificationPolicy|The quarantine policy is meaningful only when the detection action quarantines the message.|
|**Retain spam in quarantine for this many days** <br><br> _QuarantineRetentionPeriod_|15 days|30 days|30 days|This value also affects messages that are quarantined by anti-phishing policies. For more information, see [Quarantined email messages in EOP](quarantine-about.md).| |**Enable spam safety tips** <br><br> _InlineSafetyTipsEnabled_|Selected <br><br> `$true`|Selected <br><br> `$true`|Selected <br><br> `$true`|| |Enable zero-hour auto purge (ZAP) for phishing messages <br><br> _PhishZapEnabled_|Selected <br><br> `$true`|Selected <br><br> `$true`|Selected <br><br> `$true`||
The spoof settings are inter-related, but the **Show first contact safety tip**
|**Enable spoof intelligence** <br><br> _EnableSpoofIntelligence_|Selected <br><br> `$true`|Selected <br><br> `$true`|Selected <br><br> `$true`|| |**Actions**||||| |**If message is detected as spoof** <br><br> _AuthenticationFailAction_|**Move message to the recipients' Junk Email folders** <br><br> `MoveToJmf`|**Move message to the recipients' Junk Email folders** <br><br> `MoveToJmf`|**Quarantine the message** <br><br> `Quarantine`|This setting applies to spoofed senders that were automatically blocked as shown in the [spoof intelligence insight](anti-spoofing-spoof-intelligence.md) or manually blocked in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). <br><br> If you select **Quarantine the message** as the action for the spoof verdict, an **Apply quarantine policy** box is available. Quarantine policies define what users are allowed to do to quarantined messages and whether they receive notifications for quarantined messages. For more information, see [Quarantine policies](quarantine-policies.md).|
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Spoof** <br><br> _SpoofQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy| <br><br> The **Apply quarantine policy** value is blank when you create a new anti-phishing policy in the Defender portal. This blank value means the default quarantine policy for the spoof is used. This default quarantine policy enforces the historical capabilities for messages that were quarantined as spoof as described in the table [here](quarantine-end-user.md). <br><br> The capabilities of the quarantine policy are meaningful only if the action for the spoof verdict is to quarantine messages. <br><br> Admins can create custom quarantine policies or select other built-in quarantine policies with more restrictive or less restrictive capabilities in the default anti-phishing policy or in custom anti-phishing policies.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **Spoof** <br><br> _SpoofQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessWithNotificationPolicy| <br><br> The **Apply quarantine policy** value is blank when you create a new anti-phishing policy in the Defender portal. This blank value means the default quarantine policy for the spoof is used. This default quarantine policy enforces the historical capabilities for messages that were quarantined as spoof as described in the table [here](quarantine-end-user.md). <br><br> The capabilities of the quarantine policy are meaningful only if the action for the spoof verdict is to quarantine messages. <br><br> Admins can create custom quarantine policies or select other built-in quarantine policies with more restrictive or less restrictive capabilities in the default anti-phishing policy or in custom anti-phishing policies.|
|**Show first contact safety tip** <br><br> _EnableFirstContactSafetyTips_|Not selected <br><br> `$false`|Not selected <br><br> `$false`|Not selected <br><br> `$false`|For more information, see [First contact safety tip](anti-phishing-policies-about.md#first-contact-safety-tip).| |**Show (?) for unauthenticated senders for spoof** <br><br> _EnableUnauthenticatedSender_|Selected <br><br> `$true`|Selected <br><br> `$true`|Selected <br><br> `$true`|Adds a question mark (?) to the sender's photo in Outlook for unidentified spoofed senders. For more information, see [Unauthenticated sender indicators](anti-phishing-policies-about.md#unauthenticated-sender-indicators).| |**Show "via" tag** <br><br> _EnableViaTag_|Selected <br><br> `$true`|Selected <br><br> `$true`|Selected <br><br> `$true`|Adds a via tag (chris@contoso.com via fabrikam.com) to the From address if it's different from the domain in the DKIM signature or the **MAIL FROM** address. <br><br> For more information, see [Unauthenticated sender indicators](anti-phishing-policies-about.md#unauthenticated-sender-indicators).|
For more information about these settings, see [Impersonation settings in anti-p
|**Enable intelligence for impersonation protection** <br><br> _EnableMailboxIntelligenceProtection_|Off <br><br> `$false`|Selected <br><br> `$true`|Selected <br><br> `$true`|This setting allows the specified action for impersonation detections by mailbox intelligence.| |**Actions**||||Wherever you select **Quarantine the message** as the action for an impersonation verdict, an **Apply quarantine policy** box is available. Quarantine policies define what users are allowed to do to quarantined messages and whether they receive notifications for quarantined messages. <br><br> The **Apply quarantine policy** value is blank when you create a new anti-phishing policy in the Defender portal. This blank value means the default quarantine policy for that particular impersonation verdict is used. These default quarantine policies enforce the historical capabilities for messages that were quarantined as impersonation as described in the table [here](quarantine-end-user.md). <br><br> The default quarantine policies that are used for each impersonation verdict are described in this table. The capabilities of the quarantine policy are meaningful only if the action for the impersonation verdict is to quarantine messages. <br><br> Admins can create custom quarantine policies or select other built-in quarantine policies with more restrictive or less restrictive capabilities in the default anti-phishing policy or in custom anti-phishing policies. For more information, see [Quarantine policies](quarantine-policies.md).| |**If message is detected as an impersonated user** <br><br> _TargetedUserProtectionAction_|**Don't apply any action** <br><br> `NoAction`|**Quarantine the message** <br><br> `Quarantine`|**Quarantine the message** <br><br> `Quarantine`||
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **user impersonation** <br><br> _TargetedUserQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy|The capabilities of the quarantine policy are meaningful only if the action for the user impersonation verdict is to quarantine messages.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **user impersonation** <br><br> _TargetedUserQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessWithNotificationPolicy|DefaultFullAccessWithNotificationPolicy|The capabilities of the quarantine policy are meaningful only if the action for the user impersonation verdict is to quarantine messages.|
|**If message is detected as an impersonated domain** <br><br> _TargetedDomainProtectionAction_|**Don't apply any action** <br><br> `NoAction`|**Quarantine the message** <br><br> `Quarantine`|**Quarantine the message** <br><br> `Quarantine`||
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **domain impersonation** <br><br> _TargetedDomainQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy|The capabilities of the quarantine policy are meaningful only if the action for the domain impersonation verdict is to quarantine messages.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **domain impersonation** <br><br> _TargetedDomainQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessWithNotificationPolicy|DefaultFullAccessWithNotificationPolicy|The capabilities of the quarantine policy are meaningful only if the action for the domain impersonation verdict is to quarantine messages.|
|**If mailbox intelligence detects an impersonated user** <br><br> _MailboxIntelligenceProtectionAction_|**Don't apply any action** <br><br> `NoAction`|**Move message to the recipients' Junk Email folders** <br><br> `MoveToJmf`|**Quarantine the message** <br><br> `Quarantine`||
-|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **mailbox intelligence impersonation** <br><br> _MailboxIntelligenceQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessPolicy|The capabilities of the quarantine policy are meaningful only if the action for the mailbox intelligence impersonation verdict is to quarantine messages.|
+|&nbsp;&nbsp;&nbsp;**Quarantine policy** for **mailbox intelligence impersonation** <br><br> _MailboxIntelligenceQuarantineTag_|DefaultFullAccessPolicy<sup>1</sup>|DefaultFullAccessPolicy|DefaultFullAccessWithNotificationPolicy|The capabilities of the quarantine policy are meaningful only if the action for the mailbox intelligence impersonation verdict is to quarantine messages.|
|**Show user impersonation safety tip** <br><br> _EnableSimilarUsersSafetyTips_|Off <br><br> `$false`|Selected <br><br> `$true`|Selected <br><br> `$true`|| |**Show domain impersonation safety tip** <br><br> _EnableSimilarDomainsSafetyTips_|Off <br><br> `$false`|Selected <br><br> `$true`|Selected <br><br> `$true`|| |**Show user impersonation unusual characters safety tip** <br><br> _EnableUnusualCharactersSafetyTips_|Off <br><br> `$false`|Selected <br><br> `$true`|Selected <br><br> `$true`||
syntex Set Up Content Understanding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/set-up-content-understanding.md
Title: Set up Microsoft Syntex
+ Title: Set up Microsoft Syntex per-user licensing
- admindeeplinkMAC search.appverid: MET150
-description: Set up Microsoft Syntex.
+ms.localizationpriority: medium
+description: Set up Microsoft Syntex per-user licensing.
-# Set up Microsoft Syntex
+# Set up Microsoft Syntex per-user licensing
-Admins can use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to set up Microsoft Syntex.
+If you plan to use Microsoft Syntex with per-user licensing, follow the steps in this article to set up your licenses, and then read [Set up Microsoft Syntex](set-up-microsoft-syntex.md) to set up Microsoft Syntex features.
+
+For an overview of licensing options for Microsoft Syntex, see [Licensing for Microsoft Syntex](syntex-licensing.md).
+
+## Plan for per-user licenses
+
+To use Microsoft Syntex per-user licensing, your organization must have a subscription to Syntex, and each user must have a license assigned. Licenses include the following apps, which must all be assigned:
+
+- Syntex
+- Syntex - SPO type
+- Common Data Service for Syntex
+
+To use structured document processing or freeform document processing models, you also need AI Builder credits. For each licensed user of Syntex, an allocation of AI Builder credits is provided each month.
Consider the following before you start:
When using a custom environment, model creators must be assigned the Environment
Users creating models in a [content center site](/microsoft-365/contentunderstanding/create-a-content-center) must be site members. Users creating models locally outside the content center must be site owners of those sites.
-### Licensing
-
-To use Syntex, your organization must have a subscription to Syntex, and each user must have a license assigned. Syntex licenses include the following apps, which must all be assigned:
--- Syntex-- Syntex - SPO type-- Common Data Service for Syntex-
-To use structured document processing or freeform document processing models, you also need AI Builder credits. For each licensed user of Syntex, an allocation of AI Builder credits is provided each month.
-
-For details about Syntex licensing, see [Microsoft Syntex licensing](syntex-licensing.md)
-
-### Pay-as-you-go preview
-
-Microsoft Syntex is offering a limited-time free preview for pay-as-you-go document processing charged through an Azure subscription. The preview allows you to track Microsoft Syntex processing events at no cost to assess usage and estimate costs for a future pay-as-you-go license. For details about the preview, see [Microsoft Syntex pay-as-you-go preview](/legal/microsoft-365/microsoft-syntex-azure-billing-trial). To set up the preview, see [Configure Microsoft Syntex for Azure pay-as-you-go billing](syntex-azure-billing.md).
-
-## To set up Syntex
-
-1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>, and then view the **Files and content** section.
-
-1. In the **Files and content** section, select **Use content AI with Microsoft Syntex**.
-
-1. On the **Use content AI with Microsoft Syntex** page, select **Set up Microsoft Syntex** to walk through the setup process. <br/>
-
-1. On the **Configure AI Builder model creation** page, you can choose if you want to let end users create and train models that use AI Builder and apply them to document libraries. A menu option will be available in the document library ribbon in SharePoint document libraries in which it is enabled.
-
- For **Which SharePoint sites should show the option to create structured and freeform document processing models**, you can select:</br>
- - **All SharePoint sites** to make it available to all SharePoint libraries in your organization.</br>
- - **Libraries in selected SharePoint sites**, and then select the sites in which you want to make it available or upload a list of up to 50 sites.</br>
- - **No SharePoint libraries** if you don't want to make it available to any sites (you can change this after setup).
-
- > [!Note]
- > Removing a site after it has been included does not affect existing models applied to the libraries in that site or the ability to apply unstructured document processing models to a library.
-
- If you want to enable model creation in all content center sites, select the **Enable AI Builder model creation in all content center sites** check box under **Libraries in selected SharePoint sites**.
-
- If you have multiple Power Platform environments configured, you can choose which one you want to use with for document processing. (This option will not appear if you only have one environment.)
-
- For **Power Platform environment**, you can select:
- - **Use the default environment** to use your default Power Platform environment.
- - **Use a custom environment** to use a custom environment. Choose the environment that you want to use from the list. ([See the requirements for a custom environment](/microsoft-365/contentunderstanding/set-up-content-understanding#requirements).)
-
- Select **Next**.
-
-1. On the **Create a content center** page, you can create a SharePoint content center site where your users can create and manage unstructured document processing models. If you previously created a content center from the SharePoint admin center, that information will display here and you can just select **Next**.
-
- 1. For **Content center name**, type the name you want to give your content center site.
-
- 1. The **Site address** will show the URL for your site, based on what you selected for the site name. If you want to change it, select **Edit**.
-
- Select **Next**.
-
-1. On the **Review and finish** page, you can look at your selected setting and choose to make changes. If you are satisfied with your selections, select **Activate**.
-
-1. On the confirmation page, select **Done**.
-
-1. You'll be returned to your **Use content AI with Microsoft Syntex** page. From this page, you can select **Manage Microsoft Syntex** to make any changes to your configuration settings.
-
-If you plan to use the pay-as-you-go preview, see [Configure Microsoft Syntex for Azure pay-as-you-go billing](syntex-azure-billing.md).
- ## Assign licenses
-Once you have configured Syntex, you must assign licenses for the users who will be using any Syntex features.
+You must assign licenses for the users who will be using per-user Microsoft Syntex features.
To assign licenses:
syntex Set Up Microsoft Syntex https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/set-up-microsoft-syntex.md
+
+ Title: Set up Microsoft Syntex
++++
+audience: admin
+++
+- enabler-strategic
+- m365initiative-syntex
+
+- admindeeplinkMAC
+search.appverid: MET150
+ms.localizationpriority: high
+description: Set up Microsoft Syntex.
++
+# Set up Microsoft Syntex
+
+This article covers the initial setup experience for Microsoft Syntex. Before following the steps in this article, configure your [billing and licensing options](syntex-licensing.md) as follows:
+
+- If you are using Microsoft Syntex pay-as-you-go, follow the steps in [Configure Microsoft Syntex for pay-as-you-go billing in Azure](syntex-azure-billing.md).
+- If you are using per-user licensing, follow the steps in [Set up Microsoft Syntex per-user licensing](set-up-content-understanding.md).
+
+## Requirements
+
+You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up Microsoft Syntex.
+
+As an admin, you can also make changes to your selected settings anytime after setup, and throughout the content understanding management settings in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
+
+## To set up Microsoft Syntex
+
+1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>, and then view the **Files and content** section.
+
+1. In the **Files and content** section, select **Use content AI with Microsoft Syntex**.
+
+1. On the **Use content AI with Microsoft Syntex** page, select **Set up Microsoft Syntex** to walk through the setup process. <br/>
+
+1. On the **Configure AI Builder model creation** page, you can choose if you want to let end users create and train models that use AI Builder and apply them to document libraries. A menu option will be available in the document library ribbon in SharePoint document libraries in which it is enabled.
+
+ For **Which SharePoint sites should show the option to create structured and freeform document processing models**, you can select:</br>
+ - **All SharePoint sites** to make it available to all SharePoint libraries in your organization.</br>
+ - **Libraries in selected SharePoint sites**, and then select the sites in which you want to make it available or upload a list of up to 50 sites.</br>
+ - **No SharePoint libraries** if you don't want to make it available to any sites (you can change this after setup).
+
+ > [!Note]
+ > Removing a site after it has been included does not affect existing models applied to the libraries in that site or the ability to apply unstructured document processing models to a library.
+
+ If you want to enable model creation in all content center sites, select the **Enable AI Builder model creation in all content center sites** check box under **Libraries in selected SharePoint sites**.
+
+ If you have multiple Power Platform environments configured, you can choose which one you want to use with for document processing. (This option will not appear if you only have one environment.)
+
+ For **Power Platform environment**, you can select:
+ - **Use the default environment** to use your default Power Platform environment.
+ - **Use a custom environment** to use a custom environment. Choose the environment that you want to use from the list. ([See the requirements for a custom environment](/microsoft-365/contentunderstanding/set-up-content-understanding#requirements).)
+
+ Select **Next**.
+
+1. On the **Create a content center** page, you can create a SharePoint content center site where your users can create and manage unstructured document processing models. If you previously created a content center from the SharePoint admin center, that information will display here and you can just select **Next**.
+
+ 1. For **Content center name**, type the name you want to give your content center site.
+
+ 1. The **Site address** will show the URL for your site, based on what you selected for the site name. If you want to change it, select **Edit**.
+
+ Select **Next**.
+
+1. On the **Review and finish** page, you can look at your selected setting and choose to make changes. If you are satisfied with your selections, select **Activate**.
+
+1. On the confirmation page, select **Done**.
+
+1. You'll be returned to your **Use content AI with Microsoft Syntex** page. From this page, you can select **Manage Microsoft Syntex** to make any changes to your configuration settings.
+
syntex Syntex Azure Billing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-azure-billing.md
Title: Configure Microsoft Syntex for pay-as-you-go billing in Azure (Preview)
+ Title: Configure Microsoft Syntex for pay-as-you-go billing in Azure
ms.localizationpriority: medium
description: Learn about how to set up pay-as-you-go Azure billing for Microsoft Syntex and how to monitor your usage.
-# Configure Microsoft Syntex for pay-as-you-go billing in Azure (Preview)
+# Configure Microsoft Syntex for pay-as-you-go billing in Azure
-Some Microsoft Syntex features are billed through an Azure subscription. In this limited-time preview, you can use prebuilt and unstructured document processing (formerly document understanding) at no cost and see activity reports in Azure.
+Some Microsoft Syntex features are billed on a pay-as-you-go basis. These features use an Azure subscription for billing and track usage and cost with Azure meters. Read the [Microsoft Syntex pay-as-you-go terms of service](/legal/microsoft-365/microsoft-syntex-pay-as-you-go-terms) before you configure pay-as-you-go.
-After the preview ends, document processing will be charged on a pay-as-you-go basis. You will have the option to opt in at that time. For details about the preview, see [Microsoft Syntex pay-as-you-go preview](/legal/microsoft-365/microsoft-syntex-azure-billing-trial).
+For a list of Microsoft Syntex features that use pay-as-you-go, see [Licensing for Microsoft Syntex](syntex-licensing.md)
-This preview does not include structured or freeform document processing which use AI Builder credits.
+Note that if you use [Microsoft Syntex per-user licensing](set-up-content-understanding.md) you can't sign up for pay-as-you-go.
## Prerequisites
To use Microsoft Syntex pay-as-you go, you need:
- An Azure subscription in the same tenant as Microsoft Syntex - An Azure resource group in that subscription-- An Azure storage account in that subscription if you want to create usage reports. (See [Azure Blob Storage pricing](https://azure.microsoft.com/pricing/details/storage) for pricing.) If you already have these resources for other purposes, you can also use them with Microsoft Syntex.
For information about how to create an Azure subscription, see [Create your init
For information about how to create an Azure resource group, see [Manage Azure resource groups by using the Azure portal](/azure/azure-resource-manager/management/manage-resource-groups-portal).
-For information about how to create an Azure storage account, see [Create a storage account](/azure/storage/common/storage-account-create). The storage account does not need to be public or connected to the internet.
- ## Set up Microsoft Syntex billing in Azure When you set up Microsoft Syntex billing in Azure, events will be sent to the Azure meter in your account and you will be able to view the pages processed for unstructured and prebuilt document processing models.
To configure Microsoft Syntex billing
1. On the **Microsoft Syntex** page, select **Configure billing** to walk through the setup process. 1. On the **Enter your Azure subscription** panel, choose an Azure subscription from the **Azure subscription** dropdown. 1. Choose a resource group and region. (The region determines where your tenant ID and usage information such as site names will be stored.)
+1. Read and accept the [Microsoft Syntex pay-as-you-go terms of service](/legal/microsoft-365/microsoft-syntex-pay-as-you-go-terms).
1. Select **Save**. If you need to change or disconnect your Azure subscription, you can select **Manage billing** on the **Use content AI with Microsoft Syntex**.
If you have not previously configured Microsoft Syntex, read [Set up Microsoft S
## Monitor your Microsoft Syntex pay-as-you-go usage
-You can monitor your Microsoft Syntex pay-as-you-go usage in Azure Cost Management. (There's no charge for this usage during the preview and the cost analysis dashboard won't show any information.)
+You can monitor your Microsoft Syntex pay-as-you-go usage in Azure Cost Management. You must have at least *read* access to the resource group that you specified for Microsoft Syntex.
-To run the report, the customer must have at least *read* access to the resource group and *contributor* access to the storage container.
+To see the charges applied to the Syntex meters
+1. Sign in to [Azure Cost Management](https://portal.azure.com/#view/Microsoft_Azure_CostManagement/Menu/~/overview).
+1. Under **Cost Management**, select **Cost analysis**.
+1. Select **Add filter**, choose **Product** from the list, and then choose the product (listed below) that you want to filter on.
+1. Select **Add filter**, choose **Tag** from the list, and then choose the tag (listed below) that you want to filter on.
-Pages processed are counted for every time the model runs against the document for all pages processed in the document regardless of whether there was a positive classification. This includes when a document is processed after being updated.
+The following Microsoft Syntex products are available:
+- Syntex Unstructured Document Processing
+- Syntex Prebuilt Document Processing
-Model training does not count toward pages processed.
+The following tags are available:
+- Site
-To create a report
-1. Sign in to [Azure Cost Management](https://portal.azure.com/#view/Microsoft_Azure_CostManagement/Menu/~/overview).
-1. Under **Settings**, select **Exports**.
-1. Select **Add**.
-1. Type a name for the export.
-1. Select the **Metric** that you want to report on.
-1. Choose an **Export type** and the dates for the export.
-1. In the **Storage** section, choose the subscription that you're using for Microsoft Syntex billing.
-1. In the **Storage account** dropdown, choose a storage account to which you have contributor access.
-1. Type a name for the container where the report will be stored.
-1. Type the path within the container where you want to export the report.
-1. Select **Create**.
-
-Once the report has been created, it will run on the date you specified. You can also run it manually.
-
-To run a report
-1. In the Azure Cost Management Exports list, select the report that you want to run.
-1. Select **Run now**.
-
-The report may take up to an hour to run.
-
-To access the report
-1. In the Azure Cost Management Exports list, select the report.
-1. Select the storage account.
-1. Under **Data storage**, select **Containers**.
-1. Select the container where you stored the report.
-1. Navigate to the csv file for the report that you want to view.
-1. Select the csv, and then select **Download**.
-
-Filter the csv on **consumedService** = *Microsoft.Syntex*. The following columns include Microsoft Syntex transaction information:
--- meterName-- meterCategory-- meterSubCategory-- ProductName-- quantity-- tags (site and library information)
+For more information about filter options in Cost Management, see [Group and filter options in Cost analysis](/azure/cost-management-billing/costs/group-filter).
## Related topics
syntex Syntex Licensing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-licensing.md
Title: Licensing for Microsoft Syntex
Previously updated : 08/02/2021 Last updated : 03/06/2023 audience: admin
- enabler-strategic - m365initiative-syntex search.appverid: MET150
+ms.localizationpriority: medium
description: Learn about licensing for Microsoft Syntex. # Licensing for Microsoft Syntex
-To use Microsoft Syntex, you must have a license for each Syntex user. If you remove all Syntex licenses from your tenant at a future date (or your trial expires), users will no longer be able to create, publish, or run custom models. Additionally, term store reports, SKOS taxonomy import, and content type push will no longer be available. No models, content, or metadata will be deleted, and site permissions won't be changed.
-
+Microsoft Syntex has two types of product offerings to choose from:
+
+- SharePoint Syntex per-user licensing
+- Microsoft Syntex pay-as-you-go
+
+The features available for each license type are described below. <!-- You can use both licenses if you need to.-->
+
+In the future, most new Microsoft Syntex features will be added to pay-as-you-go.
+ > [!NOTE]
-> Syntex is an add-on license and requires users also to have a license for Microsoft 365.
-
-## Tasks requiring a license
+> Microsoft Syntex is an add-on and requires users also to have a license for Microsoft 365.
+
+## Microsoft Syntex pay-as-you-go
+
+Pay-as-you-go is a way to pay for Microsoft Syntex using an Azure subscription. You can use Microsoft Syntex without any license commitment or upfront purchasing. Pay-as-you-go supports the following Microsoft Syntex
+
+- Prebuilt document processing
+- Unstructured document processing (formerly document understanding)
+
+All users in your organization will be able to create and apply unstructured and prebuilt document processing models and can upload documents to a primed library. This is charged on a pay-per-use basis.
+
+## SharePoint Syntex per-user licensing
+
+To use Microsoft Syntex, you must have a license for each Syntex user. If you remove all Syntex per-user licenses from your tenant at a future date (or your trial expires), users will no longer be able to create, publish, or run custom models. Additionally, term store reports, SKOS taxonomy import, and content type push will no longer be available. No models, content, or metadata will be deleted, and site permissions won't be changed.
+
+#### Tasks requiring a per-user license
-The following tasks require a [Syntex license](https://www.microsoft.com/microsoft-365/enterprise/sharepoint-syntex) for the user performing them:
+The following tasks require a [Syntex per-user license](https://www.microsoft.com/microsoft-365/enterprise/sharepoint-syntex) for the user performing them:
- Apply an unstructured document processing model to a library. (Unlicensed users can be granted access to a content center and can create models there, but can't apply them to a document library.) - Create a structured document processing model or a freeform document processing model via the entry point in a library
The following tasks require a [Syntex license](https://www.microsoft.com/microso
- Use of content query to search for metadata - Use of annotations to add notes and comments - Use of premium taxonomy services. (Premium taxonomy services comprise SKOS-based term set import, pushing enterprise content types to hub-associated sites, and term store reports.)
+- Use the document library rules to move or copy content
Unlicensed users can be granted access to a content center and can create models there, but can't apply them to a document library.
-## Cost of training and running models
+#### Cost of training and running models
-The cost of training and running unstructured document processing models is included in the cost of a Syntex license. However, the structured document processing and freeform document processing models use AI Builder capacity, for both training and runtime processing. Capacity must be allocated to the Power Apps environment where you will use AI Builder.
+The cost of training and running unstructured document processing models is included in the cost of a Syntex per-user license. However, the structured document processing and freeform document processing models use AI Builder capacity, for both training and runtime processing. Capacity must be allocated to the Power Apps environment where you will use AI Builder.
-For each Syntex license, you are allocated 3,500 AI Builder credits per license, per month pooled at the tenant level, with a maximum allocation of 1 million credits per month. This allocation is renewed each month for each active Syntex license. (Unused credits don't roll over from month to month.)
+For each Syntex per-user license, you are allocated 3,500 AI Builder credits per license, per month pooled at the tenant level, with a maximum allocation of 1 million credits per month. This allocation is renewed each month for each active Syntex per-user license. (Unused credits don't roll over from month to month.)
You can estimate the AI Builder capacity thatΓÇÖs right for you with the [AI Builder calculator](https://powerapps.microsoft.com/ai-builder-calculator).
If you plan to use a custom Power Platform environment, you must [allocate credi
Go to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/resources/capacity) to check your credits and usage.
-## Additional term store features
+#### Additional term store features
-Having one or more Syntex licenses in your organization enables the following additional term store features for SharePoint admins:
+Having one or more Syntex per-user licenses in your organization enables the following additional term store features for SharePoint admins:
- SKOS-based term set import - Pushing enterprise content types to a hub site, which also adds them to the associated sites and any newly created lists or libraries - Term store reports providing insights into published term sets and their use across your tenant
-## See also
+## Related topics
+
+[Microsoft Syntex - SharePoint Advanced Management overview](/sharepoint/advanced-management)
[Licensing overview for Microsoft Power Platform](/power-platform/admin/pricing-billing-skus)
syntex Syntex Pay As You Go Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-pay-as-you-go-services.md
+
+ Title: Pay-as-you-go services and pricing for Microsoft Syntex
++++
+audience: admin
+++
+ - enabler-strategic
+ - m365initiative-syntex
+search.appverid: MET150
+ms.localizationpriority: medium
+description: Learn about pay-as-you-go services and pricing for Microsoft Syntex.
++
+# Pay-as-you-go services and pricing for Microsoft Syntex
+
+When you use Microsoft Syntex, services are billed using Syntex meters in the Azure subscription that you specified when you set up Microsoft Syntex. The table below describes each meter, its pricing, and how it measures usage. When you connect your Azure subscription to Microsoft Syntex, users in your organization will be able to take advantage of Syntex features right away. Your tenant will be billed according to the details shown in this article.
+
+|Feature|What's counted?|What's billed?|
+|:-|:--|:-|
+|Unstructured document processing|The number of pages processed for Word, PDF, or TIFF files; the number of sheets for Excel files; the number of slides for PowerPoint files; or the number of files for other file types. You won't be charged for model training. You will be charged for processing whether or not there's a positive classification, or any entities extracted.<br><br>Processing occurs on document upload and on subsequent updates. Processing is counted for each model applied. For example, if you have two models applied to a library and you upload or update a five-page document in that library, the total pages processed is 10.|$0.10/page|
+|Prebuilt document processing|The number of pages processed for PDF or image files. You won't be charged for model training. You will be charged for processing whether or not there's a positive classification, or any entities extracted.<br><br>Processing occurs on document upload and on subsequent updates. Processing is counted for each model applied. For example, if you have two models applied to a library and you upload or update a five-page document in that library, the total pages processed is 10.|$0.01/page|
+
+## Related topics
+
+[Microsoft Syntex - SharePoint Advanced Management overview](/sharepoint/advanced-management)