Updates from: 03/07/2024 07:02:23
Category Microsoft Docs article Related commit history on GitHub Change details
admin Microsoft 365 Copilot Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-365-copilot-usage.md
search.appverid:
- MST160 - MET150 - MOE150
-description: "Learn how to get the Microsoft 365 Copilot usage report and gain insights into the Microsoft 365 Copilot activity in your organization."
+description: "Learn how to get the Microsoft 365 Copilot usage report and gain insights into the Copilot for Microsoft 365 activity in your organization."
# Microsoft 365 reports in the Admin Center – Copilot for Microsoft 365 readiness and usage The Microsoft 365 Usage dashboard shows you the activity overview across the Microsoft 365 apps in your organization. It enables you to drill into individual product-level reports to give you more granular insight about the activities within each app. To view all reports, check out the [Reports overview article](activity-reports.md).
-The Copilot for Microsoft 365 report, which is in continuous enhancement, includes a Readiness section and Usage section. In the Readiness section, you can view which users are technically eligible for Copilot, assign licenses, and monitor usage of Microsoft 365 apps that Copilot integrates best with. Within the Usage section, you can view a summary of how usersΓÇÖ adoption, retention, and engagement are with Copilot for Microsoft 365, and the activity of every Copilot user in your organization. The report becomes available within 72 hours, and we will update the documentation once there is improved latency.
+The Copilot for Microsoft 365 report, which is in continuous enhancement, includes a Readiness section and Usage section. In the Readiness section, you can view which users are technically eligible for Copilot, assign licenses, and monitor usage of Microsoft 365 apps that Copilot integrates best with. Within the Usage section, you can view a summary of how usersΓÇÖ adoption, retention, and engagement are with Copilot for Microsoft 365, and the activity of every Copilot user in your organization. The report becomes available within 72 hours, and once available, the usage data shown on the report can have up to a maximum of 72 hours latency.
## How do I get to the Copilot for Microsoft 365 report?
admin Health Dashboard Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/health-dashboard-overview.md
The Health dashboard is designed to give you a snapshot of the overall health of
## Steps: Health dashboard in the Microsoft 365 admin center
-Sign in to the admin center, and then from the view menu, select the dropdown and choose **Health**.
+1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) and from the view menu, select the dropdown, and choose **Health**.
:::image type="content" source="../../media/new-health-dashboard-location.jpg" alt-text="Screenshot: Choose Health from Microsoft 365 admin center View menu":::
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
f1.keywords: - NOCSH Previously updated : 09/20/2023 Last updated : 02/01/2024 - it-pro - admindeeplinkMAC - admindeeplinkEXCHANGE - has-azure-ad-ps-ref
+ - azure-ad-ref-level-one-done
ms.localizationpriority: high - scotvorg - M365-subscription-management
+ - must-keep
# Cross-tenant mailbox migration
When a mailbox is migrated cross-tenant with this feature, only user-visible con
## Licensing > [!IMPORTANT]
-> As of Nov. 2022, **Cross Tenant User Data Migration** is available as an add-on to the following Microsoft 365 subscription plans for Enterprise Agreement customers, and is required for cross-tenant migrations. User licenses are per migration (one-time fee) and can be assigned either on the source or target user object. This license also covers [OneDrive for Business migration](/microsoft-365/enterprise/cross-tenant-onedrive-migration). Contact your Microsoft account team for details.
+> As of Nov. 2022, **Cross Tenant User Data Migration** is available as an add-on to the following Microsoft 365 subscription plans for Enterprise Agreement customers, and is required for cross-tenant migrations. User licenses are per migration (one-time fee) and can be assigned either on the source or target user object. This license also covers [OneDrive for Business migration](cross-tenant-onedrive-migration.md). Contact your Microsoft account team for details.
> > The Cross Tenant User Data Migration add-on is available as a separate purchase for Microsoft 365 Business Basic, Standard, and Premium; Microsoft 365 F1/F3/E3/E5/; Office 365 F3/E1/E3/E5; Exchange Online; SharePoint Online; and OneDrive for Business.
When a mailbox is migrated cross-tenant with this feature, only user-visible con
If you do not have the proper license assigned to the user being migrated, the migration fails, and you receive an error that is similar to the following:
-> Error: CrossTenantMigrationWithoutLicensePermanentException: No license was found for the source recipient, '65c3c3ea-2b9a-44d0-a685-9bfe300f8c87', or the target recipient, '65c3c3ea-2b9a-44d0-a685-9bfe300f8c87'. A Cross-tenant User Data Migration license is required to move a mailbox between tenants.
+``` code
+Error: CrossTenantMigrationWithoutLicensePermanentException: No license was found for the source recipient, '65c3c3ea-2b9a-44d0-a685-9bfe300f8c87', or the target recipient, '65c3c3ea-2b9a-44d0-a685-9bfe300f8c87'. A Cross-tenant User Data Migration license is required to move a mailbox between tenants.
+```
## Preparing source and target tenants
Now that you've successfully created the migration application and secret, the n
2. Create a new migration endpoint for Cross-tenant mailbox moves. > [!NOTE]
- > You'll need the application ID of the mailbox migration app you just created and the password (secret) you configured in [Prepare the target (destination) tenant by creating the migration application and secret](#prepare-the-target-destination-tenant-by-creating-the-migration-application-and-secret). Depending on the Microsoft 365 cloud instance you use, your endpoint may be different. See the [Microsoft 365 endpoints](/microsoft-365/enterprise/microsoft-365-endpoints) page; select the correct instance for your tenant; then review the Exchange Online _Optimize/Required_ address, and replace as appropriate.
+ > You'll need the application ID of the mailbox migration app you just created and the password (secret) you configured in [Prepare the target (destination) tenant by creating the migration application and secret](#prepare-the-target-destination-tenant-by-creating-the-migration-application-and-secret). Depending on the Microsoft 365 cloud instance you use, your endpoint may be different. See the [Microsoft 365 endpoints](microsoft-365-endpoints.md) page; select the correct instance for your tenant; then review the Exchange Online _Optimize/Required_ address, and replace as appropriate.
```PowerShell # Enable customization if tenant is dehydrated
x500:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn
> In addition to this X500 proxy, you will need to copy all X500 proxies from the mailbox in the source to the mailbox in the target. > While rare, you could also run across an X400 proxy address on a mailbox, while not a requirement for the move to complete, it is recommended that you also stamp this address on the target mail user object. - ### Can the source and target tenants utilize the same domain name? No, the source tenant and target tenant domain names must be unique, for example, a source domain of contoso.com and the target domain of northwindtraders.com. ### Will shared mailboxes move and still work?
-Yes. However, we only keep the store permissions as described in these articles:
+Yes. However, we only keep the store permissions as described in this article:
- [Manage permissions for recipients in Exchange Online](/exchange/recipients-in-exchange-online/manage-permissions-for-recipients)-- [How to grant Exchange and Outlook mailbox permissions in Office 365 dedicated](https://support.microsoft.com/topic/how-to-grant-exchange-and-outlook-mailbox-permissions-in-office-365-dedicated-bac01b2c-08ff-2eac-e1c8-6dd01cf77287) ### Do you have any recommendations for batches?
-To ensure a smooth migration process, we recommend limiting the number of mailboxes per batch to 2,000 and submitting batches at least two weeks prior to the cut-over date. This will not impact end users during synchronization. For guidance on migrating quantities exceeding 50,000 mailboxes, please contact your account team for assistance.
+Don't exceed 2,000 mailboxes per batch. We strongly recommend submitting batches two weeks prior to the cut-over date as there's no impact on the end users during synchronization. If you need guidance for mailboxes quantities over 50,000, you can reach out to the Engineering Feedback Distribution List at crosstenantmigrationpreview@service.microsoft.com.
### What if I use Service encryption with Microsoft Purview Customer Key?
-The mailbox is decrypted prior to moving. Ensure Customer Key is configured in the target tenant if it's still required. For more information, see [here](/microsoft-365/compliance/customer-key-overview).
+The mailbox is decrypted prior to moving. Ensure Customer Key is configured in the target tenant if it's still required. For more information, see [here](/purview/customer-key-overview).
### What is the estimated migration time?
Mailbox signatures are not migrated cross tenant and must be recreated.
- When any Exchange service plan is applied to a MailUser, the Microsoft Entra ID process starts to enforce proxy scrubbing to ensure that the local organization isn't able to send out mail, spoof, or mail from another tenant. Any SMTP address on a recipient object with these service plans will be removed if the address isn't verified by the local organization. As is the case in the example, the northwindtraders.com domain isn't verified by the contoso.onmicrosoft.com tenant; therefore, the scrubbing removes that northwindtraders.com domain. If you wish to persist these external domains on MailUser, either before or after the migration, you need to alter your migration processes to strip licenses after the move completes or before the move to ensure that the users have the expected external branding applied. You'll need to ensure that the mailbox object is properly licensed to not affect mail service. An example script to remove the service plans on a MailUser in the contoso.onmicrosoft.com tenant is shown here.
- ```PowerShell
- $LO = New-MsolLicenseOptions -AccountSkuId "contoso:ENTERPRISEPREMIUM" DisabledPlans "LOCKBOX_ENTERPRISE","EXCHANGE_S_ENTERPRISE","INFORMATION_BARRIERS","MIP_S_CLP2","MIP_S_CLP1","MYANALYTICS_P2","EXCHANGE_ANALYTICS","EQUIVIO_ANALYTICS","THREAT_INTELLIGENCE","PAM_ENTERPRISE","PREMIUM_ENCRYPTION"
- Set-MsolUserLicense -UserPrincipalName ProxyTest@contoso.com LicenseOptions $lo
- ```
+> [!NOTE]
+> The following script uses Microsoft Graph Powershell. For more information, see [Microsoft Graph PowerShell overview](/powershell/microsoftgraph/overview).
+>
+> For information about how to use different methods to authenticate ```Connect-Graph``` in an unattended script, see the article [Authentication module cmdlets in Microsoft Graph PowerShell](/powershell/microsoftgraph/authentication-commands).
+
+```powershell
+# Connect to Microsoft Graph
+Connect-Graph -Scopes User.ReadWrite.All, Organization.Read.All
+
+# Get licensing plans and include disabled plans
+$EmsSku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'ENTERPRISEPREMIUM'
+$User = Get-MgUser -UserId LaraN@contoso.onmicrosoft.com
+$userLicense = Get-MgUserLicenseDetail -UserId $User.Id
+
+$userDisabledPlans = $userLicense.ServicePlans |
+ Where ProvisioningStatus -eq "Disabled" |
+ Select -ExpandProperty ServicePlanId
+
+$newDisabledPlans = $EmsSku.ServicePlans |
+ Where ServicePlanName -in ("LOCKBOX_ENTERPRISE","EXCHANGE_S_ENTERPRISE","INFORMATION_BARRIERS","MIP_S_CLP2","MIP_S_CLP1","MYANALYTICS_P2","EXCHANGE_ANALYTICS","EQUIVIO_ANALYTICS","THREAT_INTELLIGENCE","PAM_ENTERPRISE","PREMIUM_ENCRYPTION") |
+ Select -ExpandProperty ServicePlanId
+
+$disabledPlans = $userDisabledPlans + $newDisabledPlans | Select -Unique
+
+$addLicenses = @(
+ @{SkuId = $EmsSku.SkuId
+ DisabledPlans = $disabledPlans
+ }
+ )
+
+Set-MgUserLicense -UserId '38955658-c844-4f59-9430-6519430ac89b' -AddLicenses $addLicenses -RemoveLicenses @()
+
+Id DisplayName Mail UserPrincipalName UserType
+-- -- - -- --
+38955658-c844-4f59-9430-6519430ac89b Bianca Pisani BiancaP@contoso.onmicrosoft.com Member
+```
Results in the set of ServicePlans assigned are shown here: ```PowerShell
- (Get-MsolUser -UserPrincipalName ProxyTest@contoso.com).licenses | Select-Object -ExpandProperty ServiceStatus |sort ProvisioningStatus -Descending
-
- ServicePlan ProvisioningStatus
- --
- ATP_ENTERPRISE PendingProvisioning
- MICROSOFT_SEARCH PendingProvisioning
- INTUNE_O365 PendingActivation
- PAM_ENTERPRISE Disabled
- EXCHANGE_ANALYTICS Disabled
- EQUIVIO_ANALYTICS Disabled
- THREAT_INTELLIGENCE Disabled
- LOCKBOX_ENTERPRISE Disabled
- PREMIUM_ENCRYPTION Disabled
- EXCHANGE_S_ENTERPRISE Disabled
- INFORMATION_BARRIERS Disabled
- MYANALYTICS_P2 Disabled
- MIP_S_CLP1 Disabled
- MIP_S_CLP2 Disabled
- ADALLOM_S_O365 PendingInput
- RMS_S_ENTERPRISE Success
- YAMMER_ENTERPRISE Success
- PROJECTWORKMANAGEMENT Success
- BI_AZURE_P2 Success
- WHITEBOARD_PLAN3 Success
- SHAREPOINTENTERPRISE Success
- SHAREPOINTWAC Success
- KAIZALA_STANDALONE Success
- OFFICESUBSCRIPTION Success
- MCOSTANDARD Success
- Deskless Success
- STREAM_O365_E5 Success
- FLOW_O365_P3 Success
- POWERAPPS_O365_P3 Success
- TEAMS1 Success
- MCOEV Success
- MCOMEETADV Success
- BPOS_S_TODO_3 Success
- FORMS_PLAN_E5 Success
- SWAY Success
+ $order = @(
+ @{ Expression = 'ProvisioningStatus'; Ascending = $true }
+ )
+ Get-MgUserLicenseDetail -UserId '38955658-c844-4f59-9430-6519430ac89b' | Select-Object -ExpandProperty ServicePlans | sort ProvisioningStatus $order
+
+ AppliesTo ProvisioningStatus ServicePlanId ServicePlanName
+ -
+User Success 2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2 ADALLOM_S_STANDALONE
+User Success 6c6042f5-6f01-4d67-b8c1-eb99d36eed3e STREAM_O365_E5
+User Success e212cbc7-0961-4c40-9825-01117710dcb1 FORMS_PLAN_E5
+User Success 07699545-9485-468e-95b6-2fca3738be01 FLOW_O365_P3
+User Success 9c0dab89-a30c-4117-86e7-97bda240acd2 POWERAPPS_O365_P3
+User Success 871d91ec-ec1a-452b-a83f-bd76c7d770ef WINDEFATP
+User Success 21b439ba-a0ca-424f-a6cc-52f954a5b111 WIN10_PRO_ENT_SUB
+User Success 57ff2da0-773e-42df-b2af-ffb7a2317929 TEAMS1
+User Success 8c7d2df8-86f0-4902-b2ed-a0458298f3b3 Deskless
+User Success 8e0c0a52-6a6c-4d40-8370-dd62790dcd70 THREAT_INTELLIGENCE
+User Success 4a51bca5-1eff-43f5-878c-177680f191af WHITEBOARD_PLAN3
+User Success efb0351d-3b08-4503-993d-383af8de41e3 MIP_S_CLP2
+User Success 617b097b-4b93-4ede-83de-5f075bb5fb2f PREMIUM_ENCRYPTION
+User Success 8c098270-9dd4-4350-9b30-ba4703f3b36b ADALLOM_S_O365
+Company Success 94065c59-bc8e-4e8b-89e5-5138d471eaff MICROSOFT_SEARCH
+User Success 14ab5db5-e6c4-4b20-b4bc-13e36fd2227f ATA
+User Success 3fb82609-8c27-4f7b-bd51-30634711ee67 BPOS_S_TODO_3
+User Success b1188c4c-1b36-4018-b48b-ee07604f6feb PAM_ENTERPRISE
+User Success 5136a095-5cf0-4aff-bec3-e84448b38ea5 MIP_S_CLP1
+User Success 33c4f319-9bdd-48d6-9c4d-410b750a4a5a MYANALYTICS_P2
+User Success 5689bec4-755d-4753-8b61-40975025187c RMS_S_PREMIUM2
+User Success 4828c8ec-dc2e-4779-b502-87ac9ce28ab7 MCOEV
+User Success 9f431833-0334-42de-a7dc-70aa40db46db LOCKBOX_ENTERPRISE
+User Success 3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40 MCOMEETADV
+User Success 43de0ff5-c92c-492b-9116-175376d08c38 OFFICESUBSCRIPTION
+User Success 0feaeb32-d00e-4d66-bd5a-43b5b83db82c MCOSTANDARD
+User Success 70d33638-9c74-4d01-bfd3-562de28bd4ba BI_AZURE_P2
+Company Success f20fedf3-f3c3-43c3-8267-2bfdd51c0939 ATP_ENTERPRISE
+User Success 4de31727-a228-4ec3-a5bf-8e45b5ca48cc EQUIVIO_ANALYTICS
+User Success efb87545-963c-4e0d-99df-69c6916d9eb0 EXCHANGE_S_ENTERPRISE
+User Success 34c0d7a0-a70f-4668-9238-47f9fc208882 EXCHANGE_ANALYTICS
+User Success 8a256a2b-b617-496d-b51b-e76466e88db0 MFA_PREMIUM
+User Success 41781fb2-bc02-4b7c-bd55-b576c07bb09d AAD_PREMIUM
+User Success bea4c11e-220a-4e6d-8eb8-8ea15d019f90 RMS_S_ENTERPRISE
+User Success eec0eb4f-6444-4f95-aba0-50c24d67f998 AAD_PREMIUM_P2
+User Success 6c57d4b6-3b23-47a5-9bc9-69f17b4947b3 RMS_S_PREMIUM
+User Success 5dbe027f-2339-4123-9542-606e4d348a72 SHAREPOINTENTERPRISE
+User Success b737dad2-2f6c-4c65-90e3-ca563267e8b9 PROJECTWORKMANAGEMENT
+User Success e95bec33-7c88-4a70-8e19-b10bd9d0c014 SHAREPOINTWAC
+User Success 7547a3fe-08ee-4ccb-b430-5077c5041653 YAMMER_ENTERPRISE
+User Success a23b959c-7ce8-4e57-9140-b90eb88a9e97 SWAY
+User Success c4801e8a-cb58-4c35-aca6-f2dcc106f287 INFORMATION_BARRIERS
+User Success b76fb638-6ba6-402a-b9f9-83d28acb3d86 VIVA_LEARNING_SEEDED
+Company Success db4d623d-b514-490b-b7ef-8885eee514de Nucleus
+Company Success 6f23d6a9-adbf-481c-8538-b4c095654487 M365_LIGHTHOUSE_CUSTOMER_PLAN1
+User Success a82fbf69-b4d7-49f4-83a6-915b2cf354f4 VIVAENGAGE_CORE
+User Success 9a6eeb79-0b4b-4bf0-9808-39d99a2cd5a3 Windows_Autopatch
+User Success cd31b152-6326-4d1b-ae1b-997b625182e6 MIP_S_Exchange
+User Success a413a9ff-720c-4822-98ef-2f37c2a21f4c MICROSOFT_COMMUNICATION_COMPLIANCE
+User Success 795f6fe0-cc4d-4773-b050-5dde4dc704c9 UNIVERSAL_PRINT_01
+Company Success 2b815d45-56e4-4e3a-b65c-66cb9175b560 ContentExplorer_Standard
+User Success 7bf960f6-2cd9-443a-8046-5dbff9558365 WINDOWSUPDATEFORBUSINESS_DEPLOYMENTSERVICE
+User Success 3ec18638-bd4c-4d3b-8905-479ed636b83e CustomerLockboxA_Enterprise
+User Success 3efbd4ed-8958-4824-8389-1321f8730af8 MESH_AVATARS_ADDITIONAL_FOR_TEAMS
+User Success 99cd49a9-0e54-4e07-aea1-d8d9f5f704f5 Defender_for_Iot_Enterprise
+User Success 0898bdbb-73b0-471a-81e5-20f1fe4dd66e KAIZALA_STANDALONE
+User Success c948ea65-2053-4a5a-8a62-9eaaaf11b522 PURVIEW_DISCOVERY
+User Success a1ace008-72f3-4ea0-8dac-33b3a23a2472 CLIPCHAMP
+User Success f6de4823-28fa-440b-b886-4783fa86ddba M365_AUDIT_PLATFORM
+User Success 0d0c0d31-fae7-41f2-b909-eaf4d7f26dba Bing_Chat_Enterprise
+User Success dcf9d2f4-772e-4434-b757-77a453cfbc02 MESH_AVATARS_FOR_TEAMS
+User Success c4b8c31a-fb44-4c65-9837-a21f55fcabda MICROSOFT_LOOP
+User Success a6520331-d7d4-4276-95f5-15c0933bc757 GRAPH_CONNECTORS_SEARCH_INDEX
+User Success e26c2fcc-ab91-4a61-b35c-03cdc8dddf66 INFO_GOVERNANCE
+User Success 46129a58-a698-46f0-aa5b-17f6586297d9 DATA_INVESTIGATIONS
+User Success 9d0c4ee5-e4a1-4625-ab39-d82b619b1a34 INSIDER_RISK_MANAGEMENT
+User Success 65cc641f-cccd-4643-97e0-a17e3045e541 RECORDS_MANAGEMENT
+User Success d2d51368-76c9-4317-ada2-a12c004c432f ML_CLASSIFICATION
+User Success bf6f5520-59e3-4f82-974b-7dbbc4fd27c7 SAFEDOCS
+User Success 2f442157-a11c-46b9-ae5b-6e39ff4e5849 M365_ADVANCED_AUDITING
+User Success 41fcdd7d-4733-4863-9cf4-c65b83ce2df4 COMMUNICATIONS_COMPLIANCE
+User Success 6db1f1db-2b46-403f-be40-e39395f08dbb CUSTOMER_KEY
+User Success 6dc145d6-95dd-4191-b9c3-185575ee6f6b COMMUNICATIONS_DLP
+User Success 199a5c09-e0ca-4e37-8f7c-b05d533e1ea2 MICROSOFTBOOKINGS
+User Success ded3d325-1bdc-453e-8432-5bac26d7a014 POWER_VIRTUAL_AGENTS_O365_P3
+Company Success d9fa6af4-e046-4c89-9226-729a0786685d Content_Explorer
+User Success afa73018-811e-46e9-988f-f75d2b1b8430 CDS_O365_P3
+User Success b21a6b06-1988-436e-a07b-51ec6d9f52ad PROJECT_O365_P3
+User Success 64bfac92-2b17-4482-b5e5-a0304429de3e MICROSOFTENDPOINTDLP
+User Success bf28f719-7844-4079-9c78-c1307898e192 MTP
+User Success 28b0fa46-c39a-4188-89e2-58e979a6b014 DYN365_CDS_O365_P3
+User Success d587c7a3-bda9-4f99-8776-9bcf59c84f75 INSIDER_RISK
+User Success 531ee2f8-b1cb-453b-9c21-d2180d014ca5 EXCEL_PREMIUM
+User PendingProvisioning f0ff6ac6-297d-49cd-be34-6dfef97f0c28 MESH_IMMERSIVE_FOR_TEAMS
+User PendingInput c1ec4a95-1f05-45b3-a911-aa3fa01094f5 INTUNE_A
+Company PendingActivation 882e1d05-acd1-4ccb-8708-6ee03664b117 INTUNE_O365
``` The user's PrimarySMTPAddress is no longer scrubbed. The northwindtraders.com domain isn't owned by the contoso.onmicrosoft.com tenant and will persist as the primary SMTP address shown in the directory.
Mailbox signatures are not migrated cross tenant and must be recreated.
This failure is because the user was not in the migration scope when batch was started and the user has AuxArchive on the source. Add user to the correct security group on source target. Remove the migration user from the batch.
- Remove users with the following command: Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ Remove users with the following command:
+
+ ```powershell
+ Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ ```
+
Add user to new batch. - MailboxIsNotInExpectedDBException This failure is due to internal Microsoft maintenance. Remove the migration user from the batch.
- Remove users with the following command: Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ Remove users with the following command:
+
+ ```powershell
+ Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ ```
+
Add user to new batch. - NotAcceptedDomainException There is an invalid proxy address stamped on the target user. An example would be where a user in contoso.onmicrosoft.com had a proxy address of fabrikam.onmicrosoft.com, which is the source tenant.
- Remove the invalid proxy address using Set-MailUser LaraN@contoso.onmicrosoft.com -EmailAddress @{remove="smtp:LaraN@northwindtraders.onmicrosoft.com"}
+ Remove the invalid proxy address using the following command:
+
+ ```powershell
+ Set-MailUser LaraN@contoso.onmicrosoft.com -EmailAddress @{remove="smtp:LaraN@northwindtraders.onmicrosoft.com"}
+ ```
+ Resume the migration batch. - SourceAuxArchiveIsProvisionedDuringCrossTenantMovePermanentException A new AuxArchive was provisioned during migration. Remove the migration user from the batch.
- Remove users with the following command: Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ Remove users with the following command:
+
+ ```powershell
+ Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ ```
+ Add user to new batch. - UserDuplicateInOtherBatchException User exists in another batch already. Remove the migration user from the batch.
- Remove users with the following command: Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ Remove users with the following command:
+
+ ```powershell
+ Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ ```
+ Add user to new batch. - MissingExchangeGuidException The target mailuser object is missing the correct ExchangeGuid value.
- Use Set-MailUser LaraN@contoso.onmicrosoft.com -ExchangeGuid 4e3188c6-39f5-4387-adc7-b355b6b852c8
+ Update the ExchangeGuid with the following command:
+
+ ```powershell
+ Set-MailUser LaraN@contoso.onmicrosoft.com -ExchangeGuid 4e3188c6-39f5-4387-adc7-b355b6b852c8
+ ```
+ Resume migration batch. - SourceMailboxAlreadyBeingMovedPermanentException The source mailbox already has an existing move request. Investigate and remove the existing move. It is possible that this is an internal Microsoft move and you will need to wait for the move to complete. Remove the migration user from the batch.
- Remove users with the following command: Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ Remove users with the following command:
+
+ ```powershell
+ Get-MigrationUser -Identity LaraN@contoso.onmicrosoft.com -IncludeAssociatedUsers | Remove-MigrationUser
+ ```
+ Add user to new batch after the original move has been removed or completed. - UserAlreadyHasDemotedArchiveException The user had an archive mailbox previously that was disabled. Choose one of the two following options to resolve this issue. Permanently delete the disabled archive mailbox, this is unreversable. Set-Mailbox -RemoveDisabledArchive LaraN@contoso.onmicrosoft.com
- Re-enable the disabled archive mailbox. Enable-Mailbox -Archive mailbox@contoso.onmicrosoft.com.
+ Re-enable the disabled archive mailbox with the following command:
+
+ ```powershell
+ Enable-Mailbox -Archive mailbox@contoso.onmicrosoft.com.
+ ```
+ If you re-enable the disabled archive mailbox, you will need to update the archive guid on the target mailuser object. Resume migration batch. +
+## See also
+
+- [Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md)
+- [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started)
frontline Flw Choose Scenarios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-choose-scenarios.md
- highpri - m365solution-frontline - m365solution-scenario- appliesto: - Microsoft Teams - Microsoft 365 for frontline workers Previously updated : 02/01/2023 Last updated : 03/06/2024 # Choose your scenarios for Microsoft 365 for frontline workers
-Microsoft 365 for frontline workers can help you connect and engage your workforce, enhance workforce management, and increase operational efficiency. There are several solution areas that can help you achieve these goals. Think of Microsoft 365's foundational security and device management capabilities as setting a secure baseline, above which you can build scenarios that enable, empower, and transform your frontline business. You can use the capabilities included with Microsoft 365 for frontline workers, from Microsoft Teams, to SharePoint, Viva Connections, Viva Engage, and the Power Platform, or add in solutions from our partners in the digital ecosystem to connect with existing systems or create custom solutions for your business.
+Microsoft 365 for frontline workers can help you connect and engage your workforce, enhance workforce management, and increase operational efficiency. There are several solution areas that can help you achieve these goals.
+
+Think of Microsoft 365 foundational security and device management capabilities as setting a secure baseline, on which you can build scenarios that enable, empower, and transform your frontline business. You can use the capabilities included with Microsoft 365 for frontline workers, from Microsoft Teams, to SharePoint, Viva Connections, Viva Engage, and Power Platform, or add in solutions from our partners in the digital ecosystem to connect with existing systems or create custom solutions for your business.
:::image type="content" source="media/flw-maturity-model.png" alt-text="Digital maturity model for frontline, from enable to empower to transform."::: ## Download a poster with scenario overviews
-Use these scenario overviews to start envisioning what your organization can do with Microsoft 365 for frontline workers, then follow the links to find out how to implement these scenarios.
+Use these scenario overviews to start envisioning what your organization can do with Microsoft 365 for frontline workers, and then follow the links to find out how to implement these scenarios.
| Item | Description | |:--|:--|
-|[![Microsoft 365 for frontline worker scenarios.](media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated September 2022 |This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.|
+|[![Microsoft 365 for frontline worker scenarios.](media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.|
## Communications
Use these scenario overviews to start envisioning what your organization can do
Communications solutions connect your frontline workers and allow them to collaborate with each other, with others in the organization, and with your customers.
-Watch the following video to see an example of how you can help your frontline workers connect and collaborate in retail organizations:
+<!-- Watch the following video to see an example of how you can help your frontline workers connect and collaborate in retail organizations:
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWRJVw]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWRJVw]-->
| Scenario | Description | Services | Teams apps | | | | | |
-| [Team communication and collaboration](flw-team-collaboration.md) | Help your frontline workforce communicate within their store, shift, or team with Microsoft Teams. Viva Connections helps you create a dashboard that puts the information they need front and center on their devices, so they can reach out whenever they need to. | Microsoft Teams<br>Outlook<br>SharePoint<br>Viva Connections<br>Power Platform and Power Apps | Approvals, Chat, Files, Lists, Meet, Praise, Shifts, Tasks, Walkie Talkie |
-| [Corporate communications](flw-corp-comms.md) | Employee engagement is a significant contributor to workplace satisfaction, loyalty, and productivity at any organization. Learn how to keep everyone informed and engaged using SharePoint, Teams, Stream, and Viva Engage. Bring it all together with Viva Connections. | Microsoft Teams<br>Outlook<br>SharePoint<br>Viva Engage<br>Viva Connections | Meet |
+| [Team communication and collaboration](flw-team-collaboration.md) | Help your frontline workforce communicate within their store, shift, or team with Microsoft Teams. Viva Connections helps you create a dashboard that puts the information they need front and center on their devices, so they can reach out whenever they need to. | Teams<br>Outlook<br>SharePoint<br>Power Platform and Power Apps | Approvals, Chat, Files, Lists, Meet, Praise, Shifts, Tasks, Walkie Talkie, Viva Connections|
+| [Corporate communications](flw-corp-comms.md) | Employee engagement is a significant contributor to workplace satisfaction, loyalty, and productivity at any organization. Learn how to keep everyone informed and engaged using SharePoint, Teams, and Viva Engage. Bring it all together with Viva Connections. | Teams<br>Outlook<br>SharePoint | Meet, Viva Engage, Viva Connections |
## Wellbeing & engagement
Nurture a sense of belonging with your frontline employees by helping them engag
| Scenario | Description | Services | Teams apps | | | | | |
-| [Engage your employees and focus on employee wellbeing](flw-wellbeing-engagement.md) | Build deeper connections across your organization and create an inclusive workplace. | Microsoft Teams <br>SharePoint <br> Microsoft Stream <br>Viva Connections <br> Viva Engage| Praise |
+| [Engage your employees and focus on employee wellbeing](flw-wellbeing-engagement.md) | Build deeper connections across your organization and create an inclusive workplace. | Teams<br>SharePoint| Viva Engage, Viva Connections, Praise |
## Training & onboarding
Promote continual growth for your employees and encourage knowledge sharing and
| Scenario | Description | Services | Teams apps | | | | | |
-| [Onboard new employees](flw-onboarding-training.md) | Make new employee onboarding a great experience by fostering an all-in-one hybrid work environment where new employees can find important resources, meet people in their organization, and prepare to be successful in their new role.| SharePoint<br>Viva Learning <br>Viva Connections <br>Viva Engage | Lists <br>Live meetings |
-| [Ongoing training](flw-onboarding-training.md#ongoing-training) | After they're onboarded, help your workforce keep their skills up to date with ongoing training in Viva Learning. | SharePoint <br>Viva Learning <br>Viva Connections <br>Viva Engage| |
+| [Onboard new employees](flw-onboarding-training.md) | Make new employee onboard a great experience by fostering an all-in-one hybrid work environment where new employees can find important resources, meet people in their organization, and prepare to be successful in their new role.| SharePoint| Lists, Viva Learning, Viva Connections, Viva Engage |
+| [Ongoing training](flw-onboarding-training.md#ongoing-training) | After they're onboarded, help your workforce keep their skills up to date with ongoing training in Viva Learning. | SharePoint| Viva Learning, Viva Connections, Viva Engage |
## Schedule management
Simplify and streamline schedule coordination with your frontline workforce. Gai
| Scenario | Description | Services | Teams apps | | | | | |
-| [Schedule your team with Shifts](shifts-for-teams-landing-page.md) | Use Shifts and Shifts Connectors to schedule your team and connect with your workforce management tools. | Microsoft Teams | Shifts |
+| [Schedule your teams with Shifts](shifts-for-teams-landing-page.md) | Use Shifts and Shifts connectors to schedule your teams and connect with your workforce management tools. | Teams | Shifts |
## Digitized processes
Simplify and streamline schedule coordination with your frontline workforce. Gai
Drive operational efficiency by digitizing paper-based processes and automating routine, repetitive steps.
-Watch the following video to see an example of how you can simplify business processes in retail environments:
+<!--Watch the following video to see an example of how you can simplify business processes in retail environments:
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWRzfc]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWRzfc]-->
| Scenario | Description | Services | Teams apps | | | | | |
-| [Simplify business processes](simplify-business-processes.md) | Use task publishing to create standard processes across sites, lists to manage information and track ongoing processes, and streamline requests with Approvals. Automated workflows can speed up and automate actions, like collecting data or routing notifications. | Microsoft Teams<br>Power Platform | Tasks<br>Lists<br>Approvals |
-<!--| Manage sites, stores, and projects | Keep on top of tasks and projects. Use Tasks, Lists, Approvals, and Updates to check in with your workforce and keep things running smoothly. | | |-->
+| [Simplify business processes](simplify-business-processes.md) | Use task publishing to create standard processes across sites, lists to manage information and track ongoing processes, and streamline requests with Approvals. Automated workflows can speed up and automate actions, like collecting data or routing notifications. | Teams<br>Power Platform | Tasks, Lists, Approvals |
## Virtual Appointments :::image type="icon" source="media/virtual-appointment-teams.png":::
-Use the Virtual Appointments app or the Bookings app and Microsoft Teams to schedule, manage, and host virtual appointments with clients and customers. You can integrate Forms with your virtual appointments to get the right information about your customers, or as part of your customer support experience to learn what your customers need.
+Use the Virtual Appointments app and Microsoft Teams to schedule, manage, and host virtual appointments with clients and customers. You can integrate Forms with your virtual appointments to get the right information about your customers, or as part of your customer support experience to learn what your customers need.
Watch the following video for an overview of the virtual appointments experience in Teams:
More information: [Virtual Appointments with Microsoft Teams](virtual-appointmen
## More scenarios and solutions with the digital ecosystem
-All of the scenarios above can be achieved with out of the box capabilities from Microsoft. But you can extend even further with third-party apps in [AppSource](https://appsource.microsoft.com/marketplace/apps?search=frontline&page=1) and custom apps that you or our partners build for you with Power Platform, Teams, and Viva extensibility.
+The scenarios described earlier in this article can be achieved with out-of-the-box capabilities from Microsoft. You can extend even further with third-party apps in [AppSource](https://appsource.microsoft.com/marketplace/apps?search=frontline&page=1) and custom apps that you or our partners build for you with Power Platform, Teams, and Viva extensibility.
Learn more about third-party apps in Teams at [Overview of third-party apps in Microsoft Teams](/microsoftteams/overview-third-party-apps).
Quickly build custom apps and digital tools for Microsoft Teams, with little or
- **[Power Apps](/power-apps/teams/create-apps-overview):** Create custom apps to digitize processes and improve efficiency. - **[Power Automate](/power-automate/teams/teams-app-create):** Automate repetitive tasks and connect data to improve agility and productivity.-- **[Power Virtual Agents](/power-virtual-agents/teams/fundamentals-what-is-power-virtual-agents-teams):** Build low-code chatbots to provide conversational, AI-driven insights and information. - **[Power BI](/power-bi/collaborate-share/service-collaborate-microsoft-teams):** Discuss and visualize data to align teams and confidently make data-driven decisions.
-Access to the Power Platform features in Teams is available with the F3 license in Microsoft 365 for frontline workers. For a detailed comparison of what's included in Microsoft 365 with various licenses, see this [Comparison table](https://go.microsoft.com/fwlink/?linkid=2139145).
+### Microsoft Copilot Studio
+
+With [Microsoft Copilot Studio](/microsoft-copilot-studio/fundamentals-what-is-copilot-studio), you can quickly create powerful AI-powered copilots using a guided, no-code graphical experience. Give your frontline access to the help they need. Automate frequently asked questions, common business processes, and more.
### Custom apps built on the Teams platform
-With code from scratch or leveraging templated and sample code, you can build custom apps on the [Teams platform](/microsoftteams/platform/).
+With code from scratch or by using templated and sample code, you can build custom apps on the [Teams platform](/microsoftteams/platform/).
- **Developer tools:** Enjoy frictionless app development with our set of Microsoft Teams toolkits. - **Extensibility points:** Expand the reach of your app with tabs, bots, and messaging extensions. - **UI Elements:** Create rich experiences with adaptive cards, task modules, and notifications.-- **APIs:** Use the Microsoft Graph to enhance apps inside and outside of Teams.
+- **APIs:** Use Microsoft Graph to enhance apps inside and outside of Teams.
-### Viva platform extensibility
+### Viva Connections extensibility
-Developers can [extend Microsoft Viva Connections](/sharepoint/dev/spfx/viva/overview-viva-connections) for building engaging experiences with the widely adopted [SharePoint Framework (SPFx)](/sharepoint/dev/spfx/build-for-teams-overview). Viva Connections is your gateway to a modern employee experience where you can build and integrate apps that shape culture and foster connections to help employees thrive. With SPFx, you have multiple ways to extend ΓÇô using the same out-of-the-box or custom SPFx web parts, SPFx extensions (for example, header, footer), and specific components for optimized mobile experiences.
+Many components of the Viva Connections experience can be customized and extended. Learn more about [Viva Connections extensibility](/sharepoint/dev/spfx/viva/overview-viva-connections).
frontline Flw Pilot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-pilot.md
description: Learn how to run a pilot deployment for the frontline workers in yo
--+ audience: admin search.appverid: MET150
appliesto: - Microsoft Teams - Microsoft 365 for frontline workers Previously updated : 02/01/2023 Last updated : 03/06/2024 # Start with a pilot deployment of Microsoft 365 for frontline workers
-Before you commit to a full rollout of Microsoft 365 for frontline workers across your organization, it's a good idea to try it out first with a small set of real people in your organization. Starting with a pilot program first can help you identify:
+Before you commit to a full rollout of Microsoft 365 for frontline workers across your organization, it's a good idea to try it out first with a small set of people in your organization. Starting with a pilot program first can help:
- Validate user readiness. - Identify and mitigate issues.-- Help ensure a successful, organization-wide rollout.
+- Ensure a successful, organization-wide rollout.
For example, a pilot can help you determine: -- Whether the scenarios you've identified match the business needs of your organization.-- What elements will need to be modified or further customized for your organization.-- What training and orientation information you'll need to provide to users before, during, and after they start working with these new tools.
+- Whether the scenarios you identified match the business needs of your organization.
+- What elements need to be modified or further customized for your organization.
+- What training and orientation information you need to provide to users before, during, and after they start working with these new tools.
Running a pilot program is part of the overall adoption process. For more information about adopting Microsoft 365 in your organization, see:
Running a pilot program is part of the overall adoption process. For more inform
- [Microsoft 365 Adoption best practices](https://adoption.microsoft.com/files/assets/M365AdoptionGuide.pdf). - [Microsoft Teams Adoption](https://adoption.microsoft.com/microsoft-teams/) - [Enabling your frontline workers with Microsoft Teams](https://adoption.microsoft.com/microsoft-teams/frontline-workers/)-- [Three ways to support frontline workers in a hybrid world](https://www.microsoft.com/microsoft-365/blog/2021/10/19/3-ways-to-support-frontline-workers-in-a-hybrid-world/)-
-We recommend that you prepare for deployment by completing this 30-minute learning path: [Prepare for a Teams deployment with Microsoft 365](/training/modules/m365-teams-collab-prepare-deployment/).
## Steps to run a pilot program
We recommend that you prepare for deployment by completing this 30-minute learni
### Get your people together
-Assemble a group of individuals from your business, IT, and frontline communities to act as the stakeholder and decision-making group for your Microsoft 365 pilot for frontline workers. Be sure to include individuals from all three communities to give yourself the best chance for success:
+Assemble a group of individuals from your business, IT, and frontline communities to act as the stakeholder and decision-making group for your Microsoft 365 pilot for frontline workers. Be sure to include individuals from all three communities to give yourself the best chance for success.
-Next, identify your phase 1 pilot community and make sure it includes actual frontline workers in the smallest logical grouping for your organization. For example, one restaurant, one division of a department store, one store, one clinical ward, one precinct, one plant, one distribution center, etc. The key is to optimize around the average frontline worker being part of one team only. Managers or specialists may be in more than one.
+Next, identify your phase 1 pilot community and make sure it includes actual frontline workers in the smallest logical grouping for your organization. For example, one restaurant, one division of a department store, one store, one clinical ward, one precinct, one plant, one distribution center, etc. The key is to optimize around the average frontline worker being part of one team only. Managers or specialists might be in more than one team.
#### Best practice
-It's important to include all roles within that smallest logical grouping, from managers to part time or seasonal workers, to uncover valuable insights and enable modern communication scenarios. Your most junior staff will surprise you! Some key delightful and unintended valuable scenarios uncovered during pilots with sample customers include:
--- Standardized Expectations and Training: Taking a picture of a clean stove to illustrate to kitchen staff what clean means. ΓÇ£If it doesnΓÇÖt look like this, then it isnΓÇÖt clean!ΓÇ¥-- Reducing shrinkage: Taking a picture of a known shoplifter and notifying other employees immediately. Teams on future shifts will also see this picture to mitigate future risk.
+It's important to include all roles within that smallest logical grouping, from managers to part time or seasonal workers, to uncover valuable insights and enable modern communication scenarios.
#### Decision points
At the end of this phase, you should be able to answer these questions:
### Plan your pilot
-A successful pilot includes the following:
+Here's some tips for a successful pilot.
-- Defined start and end dates and clearly defined goals for measuring success. These goals can help you plan the rollout after the pilot is complete.
- - Create a test plan and process for gathering feedback, plus a communication plan.
+- Set start and end dates and define clear goals for measuring success. These goals can help you plan your rollout after the pilot is completed.
+- Create a test plan, a process for gathering feedback, and a communication plan.
- Allow enough time to run the pilot and assess its impact. A minimum of 30 days is recommended.-- Include the right stakeholders and participants, knowing you can add more users throughout the pilot, if necessary. For Microsoft 365 for frontline workers, make sure your stakeholders and participants include not only the business leaders and IT staff, but your frontline managers and workers, so you can both:
+- Include the right stakeholders and participants, knowing you can add more users throughout the pilot, if necessary. For Microsoft 365 for frontline workers, make sure your stakeholders and participants include not only the business leaders and IT staff, but your frontline managers and workers, so you can:
- Ensure you understand their challenges while planning the implementation.
- - You can check to make sure your implementation is having a positive impact on those challenges.
+ - Check to make sure your implementation is having a positive effect on those challenges.
- Start small and take time to pause, assess results, and adjust the pilot.
-For a successful pilot for frontline workers, simplicity is key! For most organizations, this community typically isnΓÇÖt provided any company-supported communication or collaboration technology, but are likely already using unsupported consumer tools to accomplish some basic needs. A recommended best practice is to begin where your users are and mimic the capabilities theyΓÇÖre using in consumer tools today. As your pilot progresses and the iteration process begins, you can grow the experience.
+For a successful pilot for frontline workers, simplicity is key! For most organizations, this community typically isnΓÇÖt provided any company-supported communication or collaboration technology, but are likely already using unsupported consumer tools to accomplish some basic needs.
+
+A recommended best practice is to begin where your users are and mimic the capabilities theyΓÇÖre using in consumer tools today. As your pilot progresses and the iteration process begins, you can grow the experience.
#### Decision points -- Which capabilities will be in Phase 1 of your pilot for frontline workers?-- Do your frontline workers need Shifts?-- Which chat configuration will you use?
+- Which capabilities will you include in Phase 1 of your pilot?
+- Do your frontline workers need Shifts for schedule management?
+- Do your frontline workers need Walkie Talkie for push-to-talk (PTT) communications?
#### Not sure what consumer tools these users are currently using?
-Use a pre-pilot survey to inventory the tools, capabilities and scenarios your users rely on today.
+Use a survey to take inventory of the tools, capabilities, and scenarios your users rely on today.
### Set up Microsoft 365 and Teams
-Determine what devices you'll support. For example, you can use the Teams mobile clients on Android and iOS to provide secure access to Teams and frontline worker apps. See [Manage shared and personal devices](flw-devices.md) and [Get the Teams desktop, web, and mobile clients](/microsoftteams/get-clients).
-
-See [Set up Microsoft 365 for frontline workers](flw-setup-microsoft-365.md) for guidance on how to set up Microsoft 365, Microsoft Teams, and the other services you'll need for your pilot.
-
-When you have set up and configured all of the other services you need, you can set up Microsoft Teams.
-
-#### Chat configuration options
-
-Within Teams Chat on mobile, you can have the normal traditional chat layout for Teams OR a layout that includes favorite channels in Chat. This second, simplified UI works well for frontline workers who are only in one team, and is the recommended best practice. Configuring ΓÇ£Show favorite channels in chatΓÇ¥ also creates an opportunity to remove the **Teams** button from the frontline worker app setup policy to further streamline and simplify the end user experience without a loss of functionality. For users who will be in multiple teams, this isn't recommended. You can configure this on a per-user basis and grow in sophistication as needed.
-
-#### Best practice
-
-Configure Phase 1 of the frontline Teams experience to mimic the consumer tools these users are already using! We recommend starting your pilot for frontline workers with ΓÇ£Show favorite channels in ChatΓÇ¥ for simplified communications and Shifts (optional).
+Determine what devices to support. For example, you can use the Teams mobile clients on Android and iOS for on-the-go access to Teams and frontline worker apps. See [Get Teams clients](/microsoftteams/get-clients) and [Manage devices for frontline workers](flw-devices.md).
-| With Shifts | Without Shifts |
-|||
-|:::image type="content" source="media/firstline-worker-chat-with-shifts.png" alt-text="Screenshot of phone screen with Shifts added"::: |:::image type="content" source="media/firstline-worker-chat-without-shifts.png" alt-text="Screenshot of phone screen without Shifts added":::|
+See [Set up Microsoft 365 for frontline workers](flw-setup-microsoft-365.md) and [Teams deployment overview](/microsoftteams/deploy-overview) for guidance on how to set up Microsoft 365, Teams, and the other services you need for your pilot.
#### Decision points -- How many channels/conversation topics do you want for your pilot?-- Which topics feel right for your scenarios?
+- What chat and channel messaging features will you include in your pilot?
+- Will you create teams from scratch or from a [team template](/microsoftteams/get-started-with-teams-templates-in-the-admin-console)?
#### Best practice
-**Keep the channels simple**. We recommend resisting the urge to create a channel for every possible topic of conversation and instead keep things simple. ItΓÇÖs ok if channels are created over time as needed.
+Keep the channels simple. We recommend resisting the urge to create a channel for every possible area of conversation and instead keep things simple. ItΓÇÖs okay if channels are created over time as needed.
+After you set up your teams and channels, configure frontline apps that you want to use in the pilot, including:
-After you have Teams set up and you have your teams and channels created, you can configure any additional frontline apps that you want to use in the pilot, including:
--- The [Virtual Appointments](/microsoftteams/manage-virtual-appointments-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) app or the [Bookings](/microsoftteams/bookings-app-admin?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) app to schedule appointments with clients or customers. - [Shifts](shifts-for-teams-landing-page.md) to schedule your frontline workforce.
+- [Walkie Talkie](/microsoftteams/manage-virtual-appointments-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) for instant voice communications.
+- The [Virtual Appointments](/microsoftteams/walkie-talkie?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) app to schedule appointments with clients or customers.
- [Viva Learning](/sharepoint/build-learning-and-training-experiences-for-employees) to build learning and training experiences for employees. ### Communicate
-Inform your frontline workers of their participation in the pilot, the pilot goals, and provide training, if necessary, on the basic functions. For most customers, this can be a simple instruction to these users to go to the Google Play or Apple Store on their personal mobile devices, download the Microsoft Teams application, and sign in with their company credentials. WeΓÇÖve designed Microsoft Teams with a simple and easy to use interface that most frontline workers should find intuitive.
+Inform your frontline workers of their participation in the pilot, the pilot goals, and provide training, if necessary, on the basics.
+
+For example, this can be an instruction to go to the Google Play or Apple Store on their mobile devices, download the Teams app, and sign in with their company credentials. Share resources from [Microsoft Teams help & learning](https://support.microsoft.com/teams), as needed. We designed Teams with an easy-to-use interface that most frontline workers should find intuitive.
#### Best practice
-DonΓÇÖt forget to train your managers on Shifts! If youΓÇÖre going to include Shifts in your pilot, then make sure to conduct a separate training session with your managers on how to create, manage, and publish schedules to their team. If you would like additional training materials and communication templates, you can find them in your frontline Pilot in a Box.
+DonΓÇÖt forget to train your managers on Shifts! If youΓÇÖre going to include Shifts in your pilot, consider holding a training session with your managers on how to create, manage, and publish schedules to their team.
### Measure
-Empowering your frontline workers is more about people than technology. To understand the impact of Teams, stay focused on your frontline workersΓÇÖ experience. Survey them before, during and after the pilot in order to understand their needs, pain points, and reactions. If you're iterating your pilot and adding new features over time, this feedback can help guide the order, pace, or even whether additional features are needed. In order to help you evaluate the success of your pilot, you can find them in your frontline Pilot in a Box.
+Measure usage and assess user feedback. Usage reports help you understand usage and activity patterns, and along with user feedback, provide valuable insight.
+
+See [Microsoft 365 reports in the admin center](../admin/activity-reports/activity-reports.md), [Microsoft 365 usage analytics](../admin/usage-analytics/usage-analytics.md), and [Teams analytics and reporting](/microsoftteams/teams-analytics-and-reports/teams-reporting-reference).
+
+Empowering your frontline workers is more about people than technology. To understand the impact of Teams, stay focused on your frontline workersΓÇÖ experience. Survey them before, during and after the pilot in order to understand their needs, pain points, and reactions. You might want to set up a Feedback channel in Teams to collect feedback about their experiences.
+
+If you're iterating your pilot and adding new features over time, this feedback can help guide the order, pace, or even whether additional features are needed.
#### Best practice
-**Nurture your champions and highlight your wins**. Reward your frontline workers for embracing these new tools and using them in innovative ways that relate to business outcomes for your company. This, above anything, will ensure continued adoption of Teams and value to your company.
+Nurture your champions and highlight your wins. Reward your frontline workers for embracing these new tools and using them in innovative ways that relate to business outcomes for your company. This helps ensure continued adoption of Teams and value to your company.
### Iterate and expand
-Now that youΓÇÖve successfully completed your first pilot with an initial group of frontline workers, itΓÇÖs time to expand! ItΓÇÖs time to go back to Step 1 with one of the several expansion options below. We recommend working through this process as many times as needed to arrive at a solution, set of best practices, and training documentation for all of your frontline workers.
+Now that you successfully completed your first pilot with an initial group of frontline workers, itΓÇÖs time to expand! Consider one of the following expansion options:
- Expand the number of teams.
- - Instead of one location, can you do one region?
- - Would you want one team for the whole region or individual teams for each location?
-- Expand the features provided.
- - Was there a key feature that your frontline workers suggested I your feedback forms, like Shifts, that you didnΓÇÖt include in your initial feature set?
+ - Instead of one location, can you do one region?
+- Expand features and capabilities.
+ - Was there a key feature that your frontline workers suggested that wasn't included in the initial feature set?
+
+We recommend working through this process as many times as needed to arrive at a solution, set of best practices, and training documentation for your frontline workers.
security Linux Preferences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-preferences.md
When you run the `mdatp health` command for the first time, the value for the ta
>[!NOTE] >Add the comma after the closing curly bracket at the end of the `cloudService` block. Also, make sure that there are two closing curly brackets after adding Tag or Group ID block (please see the above example). At the moment, the only supported key name for tags is `GROUP`.
+## Configuration profile validation
+
+The configuration profile must be a valid JSON-formatted file. There are many tools that can be used to verify this. For example, if you have `python` installed on your device:
+
+```bash
+python -m json.tool mdatp_managed.json
+```
+
+If the JSON is well-formed, the above command outputs it back to the Terminal and returns an exit code of `0`. Otherwise, an error that describes the issue is displayed and the command returns an exit code of `1`.
+
+## Verifying that the mdatp_managed.json file is working as expected
+
+To verify that your /etc/opt/microsoft/mdatp/managed/mdatp_managed.json is working properly, you should see "[managed]" next to these settings:
+
+- cloud_enabled
+- cloud_automatic_sample_submission_consent
+- passive_mode_enabled
+- real_time_protection_enabled
+- automatic_definition_update_enabled
+
+>[!NOTE]
+>No restart of mdatp daemon is required for changes to _most_ configurations in mdatp_managed.json to take effect.
+ **Exception:** The following configurations require a daemon restart to take effect:
+> - cloud-diagnostic
+> - log-rotation-parameters
+## Configuration profile deployment
+
+Once you've built the configuration profile for your enterprise, you can deploy it through the management tool that your enterprise is using. Defender for Endpoint on Linux reads the managed configuration from the */etc/opt/microsoft/mdatp/managed/mdatp_managed.json* file.
++
security Microsoft Defender Antivirus Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
Microsoft Defender Antivirus is a major component of your next-generation protec
Microsoft Defender Antivirus provides anomaly detection, a layer of protection for malware that doesnΓÇÖt fit any predefined pattern. Anomaly detection monitors for process creation events or files that are downloaded from the internet. Through machine learning and cloud-delivered protection, Microsoft Defender Antivirus can stay one step ahead of attackers. Anomaly detection is on by default and can help block attacks such as [3CX Security Alert for Electron Windows App](https://www.3cx.com/blog/news/desktopapp-security-alert/). Microsoft Defender Antivirus started blocking this malware four days before the attack was registered in VirusTotal.
-Modern malware requires modern solutions. Microsoft Defender Antivirus stopped using signature-based engine detections many years ago. The scale and scope of todayΓÇÖs ever-evolving malware landscape requires adaptive, predictive technologies such as, machine learning, applied science, and artificial intelligence to keep you and your organizations safe.
+Modern malware requires modern solutions. In 2015, Microsoft Defender Antivirus moved away from using a static signature-based engine to a model that uses predictive technologies such as, machine learning, applied science, and artificial intelligence as this is what's necessary to keep you and your organizations safe from the complexity of todayΓÇÖs ever-evolving malware landscape.
Microsoft Defender Antivirus can block almost all malware at first sight, in milliseconds.
security Additional Information Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/additional-information-xdr.md
Title: Additional information and important considerations related to Defender Experts for XDR
+ Title: Important considerations related to Defender Experts for XDR
description: Additional information and important considerations related to Defender Experts for XDR keywords: XDR, managed response, incident response, managed threat hunting, managed detection and response (MDR) service, readiness assessment, real-time visibility with XDR experts, Additional information related to XDR, benefits of microsoft xdr
search.appverid: met150
Last updated 11/10/2023
-# Additional information
+# Important considerations for Microsoft Defender Experts for XDR
**Applies to:** - [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)
-## Important considerations for you
- To realize the benefits of Microsoft Defender Experts for XDR, you and your security operations center (SOC) team must take note of the following considerations to ensure timely incident remediation, improve your organization's security posture, and protect your organization from threats. - **Engage actively through the readiness assessment process** ΓÇô The [readiness assessment](get-started-xdr.md#prepare-your-environment-for-the-defender-experts-service) when onboarding for Defender Experts for XDR is an integral part of the offering. Completing it successfully ensures prompt service coverage and protects your organization against known threats. - **Act on managed responses in a timely manner** ΓÇô For any suspicious incidents and alerts, our experts provide a detailed investigation summary and managed responses for remediation. We expect your SOC team to act on these managed responses in a timely manner to prevent further impact from any malicious attempts. - **Configure recommended settings and follow best practices to improve security posture** ΓÇô As part of our service, your service delivery manager and security analyst team share ongoing recommendations to strengthen your security posture. These recommendations are based on incidents investigated in your organization. Your SOC team should review these recommendations and implement them as soon as possible to protect your organization against future threats.
-## Note about incident response
+### Note about incident response
Defender Experts for XDR isn't an incident response (IR) service. While it augments your SOC team to triage, investigate, and remediate threats, Defender Experts for XDR won't be able to provide recovery and crisis management services **if a major security incident has already occurred** in your organization. You should engage instead with your own security IR provider to address urgent incident response issues.
If you don't have your own security IR team, [Microsoft Incident Response](https
### See also
-[General information on Defender Experts for XDR service](frequently-asked-questions.md)
+- [General information on Defender Experts for XDR service](frequently-asked-questions.md)
+- [How Microsoft Defender Experts for XDR permissions work](dex-xdr-permissions.md)
[!INCLUDE [Microsoft Defender XDR rebranding](../../includes/defender-m3d-techcommunity.md)]
security Auditing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/auditing.md
In addition to using Audit New Search in the Microsoft Purview compliance portal
### See also
-[Additional information](additional-information-xdr.md)
+[Important considerations for Microsoft Defender Experts for XDR](additional-information-xdr.md)
[!INCLUDE [Microsoft Defender XDR rebranding](../../includes/defender-m3d-techcommunity.md)]
security Communicate Defender Experts Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/communicate-defender-experts-xdr.md
The SDM engages with your identified **service review contacts**. [Learn more ab
### See also - [Get started with Microsoft Defender Experts for XDR](get-started-xdr.md)-- [Start using Defender Experts for XDR service](start-using-mdex-xdr.md)
+- [Managed detection and response](managed-detection-and-response-xdr.md)
+- [Get real-time visibility with Defender Experts for XDR reports](reports-xdr.md)
[!INCLUDE [Microsoft Defender XDR rebranding](../../includes/defender-m3d-techcommunity.md)]
security Dex Xdr Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/dex-xdr-permissions.md
These policies are configured during the onboarding process and require the rele
### See also
-[Additional information](additional-information-xdr.md)
+[Important considerations for Microsoft Defender Experts for XDR](additional-information-xdr.md)
[!INCLUDE [Microsoft Defender XDR rebranding](../../includes/defender-m3d-techcommunity.md)]
security Faq Incident Notifications Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/faq-incident-notifications-xdr.md
Last updated 08/29/2023
- [Microsoft Defender XDR](microsoft-365-defender.md)
-The following section lists down questions your SOC team might have regarding the receipt of [incident notifications](start-using-mdex-xdr.md#incident-updates).
+The following section lists down questions your SOC team might have regarding the receipt of [incident notifications](managed-detection-and-response-xdr.md#incident-updates).
<a name='in-microsoft-365-defender-portal-and-graph-security-api'></a>
The following section lists down questions your SOC team might have regarding th
| **How do I know whether a Defender Experts analyst has resolved an incident?** | When a Defender Experts analyst has resolved an incident, the incident's **Status** field is updated to _Resolved_. | | **How do I know what conclusion led a Defender Experts analyst to resolve an incident?** | When Defender Experts analysts resolve an incident, they modify the incident's **Classification** and **Determination** fields and provide a concise summary in its **Comments** section.<br><br>If an incident is classified as a True Positive, a comprehensive **Investigation summary** appears in the **Managed response** flyout panel in your Microsoft Defender portal.| | **How do I know what actions a Defender Experts analyst took in my tenant when investigating an incident?** | For each incident they investigate, the Defender Experts analyst summarizes any actions they performed within your tenant in the incident's **Investigation summary** located in the **Managed response** flyout panel in your Microsoft Defender portal.<br><br>You can also retrieve information about these actions, and the times they signed into your tenant, by [searching your audit logs](/microsoft-365/security/defender/auditing#create-a-rule-for-email-notifications) either on the Microsoft Purview compliance portal or through the Office 365 Management Activity API.|
-| **How do I know whether a Defender Experts analyst has sent any response actions for my SOC team?** | The Defender Experts analyst publishes the [response actions](/microsoft-365/security/defender/start-using-mdex-xdr#actions) they recommend your SOC team to perform on an incident in an incident's **Managed response** flyout panel in your Microsoft Defender portal.<br><br>At this time, the incident's **Assigned to** field is updated to _Customer_ and its **Status** is updated to _Awaiting Customer Action_.<br><br>Your incident contacts, which you have [designated](/microsoft-365/security/defender/get-started-xdr#tell-us-who-to-contact-for-important-matters) in **Settings** > **Defender Experts** > **Notification contacts** in your Microsoft Defender portal, also receive a corresponding email notification if there are response actions requiring your attention. |
+| **How do I know whether a Defender Experts analyst has sent any response actions for my SOC team?** | The Defender Experts analyst publishes the response actions they recommend your SOC team to perform on an incident in an incident's **Managed response** flyout panel in your Microsoft Defender portal.<br><br>At this time, the incident's **Assigned to** field is updated to _Customer_ and its **Status** is updated to _Awaiting Customer Action_.<br><br>Your incident contacts, which you have [designated](/microsoft-365/security/defender/get-started-xdr#tell-us-who-to-contact-for-important-matters) in **Settings** > **Defender Experts** > **Notification contacts** in your Microsoft Defender portal, also receive a corresponding email notification if there are response actions requiring your attention. |
| **How do I ask a Defender Experts analyst questions about an investigation or response action?** | After a Defender Experts analyst publishes their investigation summary and recommended response actions in the **Managed response** flyout panel of a True Positive incident, you can use the **Chat** tab in the same panel to ask the Defender Experts team questions about the incident and their investigation.<br><br>Alternatively, your designated incident contacts can directly respond to the email they received from Defender Experts to ask any questions you might have.| | **How do I know which incidents have pending response actions?** | The Defender Experts card in your Microsoft Defender portal home page includes a link that displays a message (for example, _3 incidents awaiting your action_). Selecting this link directs you to a filtered list of incidents specifically requiring your attention.<br><br>You can filter the incident queue in your Microsoft Defender portal by selecting **Assigned to** as _Customer_ or **Status** as _Awaiting Customer Action_.|
The following section lists down questions your SOC team might have regarding th
### See also
-[Start using Defender Experts for XDR service](start-using-mdex-xdr.md)
+[Managed detection and response](managed-detection-and-response-xdr.md)
[!INCLUDE [Microsoft Defender XDR rebranding](../../includes/defender-m3d-techcommunity.md)]
security Faq Managed Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/faq-managed-response.md
Last updated 01/30/2024
- [Microsoft Defender XDR](microsoft-365-defender.md)
-The following section lists down questions you or your SOC team might have regarding [managed response](start-using-mdex-xdr.md#managed-detection-and-response).
+The following section lists down questions you or your SOC team might have regarding [managed response](managed-detection-and-response-xdr.md).
| Questions | Answers | |||
The following section lists down questions you or your SOC team might have regar
### See also
-[Start using Defender Experts for XDR service](start-using-mdex-xdr.md)
+[Managed detection and response](managed-detection-and-response-xdr.md)
[!INCLUDE [Microsoft Defender XDR rebranding](../../includes/defender-m3d-techcommunity.md)]
security Get Started Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-started-xdr.md
The readiness assessment has two parts:
- **Protected assets** ΓÇô This section shows the current number of protected devices and identities versus the ones that you still need to protect to get the Defender Experts for XDR service started.
- The figures are based on your Defender for Endpoint and Defender for Identity licenses; to achieve these target number of protected assets, [onboard more devices](/microsoft-365/security/defender-endpoint/onboarding) to Defender for Endpoint or [install more Defender for Identity sensors](/defender-for-identity/install-sensor).
+ The figures are based on your Defender for Endpoint and Defender for Identity licenses; to achieve these target number of protected assets, [onboard more devices](../defender-endpoint/onboarding.md) to Defender for Endpoint or [install more Defender for Identity sensors](/defender-for-identity/install-sensor).
> [!IMPORTANT] > Defender Experts for XDR reviews your readiness assessment periodically, especially if there are any changes to your environment, such as the addition of new devices and identities. It's important that you regularly monitor and run the readiness assessment beyond the initial onboarding to ensure that your environment has strong security posture to reduce risk. After you complete all the required tasks and met the onboarding targets in your readiness assessment, your service delivery manager (SDM) initiates the monitoring phase of the Defender Experts for XDR service, where, for a few days, our experts start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses.
-Once our experts begin to perform comprehensive response work on your behalf, youΓÇÖll start receiving [notifications about incidents](../defender/start-using-mdex-xdr.md#incident-updates) that require remediation steps and targeted recommendations on critical incidents. You can also chat with our experts or your SDMs regarding important queries and regular business and security posture reviews, and [view real-time reports](../defender/start-using-mdex-xdr.md#understand-the-defender-experts-for-xdr-report) on the number of incidents weΓÇÖve investigated and resolved on your behalf.
+Once our experts begin to perform comprehensive response work on your behalf, youΓÇÖll start receiving [notifications about incidents](managed-detection-and-response-xdr.md#incident-updates) that require remediation steps and targeted recommendations on critical incidents. You can also [chat with our experts](communicate-defender-experts-xdr.md) or your SDMs regarding important queries and regular business and security posture reviews, and [view real-time reports](reports-xdr.md) on the number of incidents weΓÇÖve investigated and resolved on your behalf.
### Next step
-[Start using Microsoft Defender Experts for XDR service](start-using-mdex-xdr.md)
+- [Managed detection and response](managed-detection-and-response-xdr.md)
+- [Get real-time visibility with Defender Experts for XDR reports](reports-xdr.md)
+- [Communicating with experts in the Microsoft Defender Experts for XDR service](communicate-defender-experts-xdr.md)
### See also
security Managed Detection And Response Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/managed-detection-and-response-xdr.md
+
+ Title: Managed detection and response
+
+description: Defender Experts for XDR provides actionable managed response to your security operations center (SOC) teams.
+keywords: XDR, extended detection and response, managed detection and response in defender experts for XDR, experts for xdr, Microsoft Defender Experts for XDR, managed threat hunting, managed detection and response (MDR) service, Managed response in Teams
++
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+ms.localizationpriority: medium
+
+audience: ITPro
+
+ - m365-security
+ - tier1
+ - essentials-manage
+
+search.appverid: met150
Last updated : 02/12/2024++
+# Managed detection and response
+
+**Applies to:**
+
+- [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+Through a combination of automation and human expertise, Microsoft Defender Experts for XDR triages Microsoft Defender XDR incidents, prioritizes them on your behalf, filters out the noise, carries out detailed investigations, and provides actionable managed response to your security operations center (SOC) teams.
+
+## Incident updates
+
+Once our experts start investigating an incident, the incident's **Assigned to** and **Status** fields are updated to _Defender Experts_ and _In progress_, respectively.
+
+When our experts conclude their investigation on an incident, the incident's **Classification** field is updated to one of the following, depending on the experts' findings:
+
+- True Positive
+- False Positive
+- Informational, Expected Activity
+
+The **Determination** field corresponding to each classification is also updated to provide more insights on the findings that led our experts to determine the said classification.
++
+If an incident is classified as _False Positive_ or _Informational_, _Expected Activity_, then the incident's **Status** field gets updated to _Resolved_. Our experts then conclude their work on this incident and the **Assigned to** field gets updated to _Unassigned_. Our experts may share updates from their investigation and their conclusion when resolving an incident. These updates are posted in the incident's **Comments and history** flyout panel.
+
+> [!NOTE]
+> Incident comments are one-way posts. Defender Experts can't respond to any comments or questions you add in the **Comments and history** panel. For more information about how to correspond with our experts, see [Communicating with experts in the Microsoft Defender Experts for XDR service](communicate-defender-experts-xdr.md).
+
+Otherwise, if an incident is classified as _True Positive_, our experts then identify the required response actions that need to be performed. The method in which the actions are performed depends on the permissions and access levels you have given the Defender Experts for XDR service. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts).
+
+- If you have granted Defender Experts for XDR the recommended Security Operator access permissions, our experts could perform the required response actions on the incident on your behalf. These actions, along with an **Investigation summary**, show up in the incident's [Managed response](#how-to-use-managed-response-in-microsoft-365-defender) flyout panel in your Microsoft Defender portal for you or your SOC team to review. All actions that are completed by Defender Experts for XDR appear under the **Completed actions** section. Any pending actions that require you or you SOC team to complete are listed under the **Pending actions** section. For more information, see the [Actions](#actions) section. Once our experts have taken all the necessary actions on the incident, its **Status** field is then updated to _Resolved_ and the **Assigned to** field is updated to _Unassigned_.
+
+- If you have granted Defender Experts for XDR the default Security Reader access, then the required response actions, along with an **Investigation summary**, show up in the incident's **Managed response** flyout panel under the **Pending actions** section in your Microsoft Defender portal for you or your SOC team to perform. For more information, see the [Actions](#actions) section. To identify this handover, the incident's **Status** field is updated to _Awaiting Customer Action_ and the **Assigned to** field is updated to _Customer_.
+
+You can check the number of incidents that require your action in the Defender Experts banner at the top of the Microsoft Defender homepage.
++
+To view the incidents our experts have investigated or are currently investigating, filter the incident queue in your Microsoft Defender portal using the _Defender Experts_ tag.
++
+<a name='how-to-use-managed-response-in-microsoft-365-defender'></a>
+
+## How to use managed response in Microsoft Defender XDR
+
+In the Microsoft Defender portal, an incident that requires your attention using managed response has the **Assigned to** field set to _Customer_ and a task card on top of the **Incidents** pane. Your designated incident contacts also receives a corresponding email notification with a link to the Defender portal to view the incident. [Learn more about notification contacts](get-started-xdr.md#tell-us-who-to-contact-for-important-matters).
+
+Select **View managed response** on the task card or on the top of the portal page (**Managed response** tab) to open a flyout panel where you can read our experts' investigation summary, complete pending actions identified by our experts, or engage with them through chat.
+
+### Investigation summary
+
+The **Investigation summary** section provides you with more context about the incident analyzed by our experts to provide you with visibility about its severity and potential impact if not addressed immediately. It could include the device timeline, indicators of attack, and indicators of compromise (IOCs) observed, and other details.
++
+### Actions
+
+The **Actions** tab displays task cards that contain response actions recommended by our experts.
+
+Defender Experts for XDR currently supports the following one-click managed response actions:
+
+|**Action**|**Description**|
+||--|
+|[Isolate device](/microsoft-365/security/defender-endpoint/respond-machine-alerts##isolate-devices-from-the-network)|Isolates a device, which helps prevent an attacker from controlling it and performing further activities such as data exfiltration and lateral movement. The isolated device will still be connected to Microsoft Defender for Endpoint.|
+|[Quarantine file](/microsoft-365/security/defender-endpoint/respond-file-alerts##stop-and-quarantine-files)|Stops running processes, quarantines the files, and deletes persistent data such as registry keys.|
+|[Restrict app execution](/microsoft-365/security/defender-endpoint/respond-machine-alerts##restrict-app-execution)| Restricts the execution of potentially malicious programs and locks down the device to prevent further attempts.|
+|[Release from isolation](/microsoft-365/security/defender-endpoint/respond-machine-alerts#isolate-devices-from-the-network)| Undoes isolation of a device.|
+|[Remove app restriction](/microsoft-365/security/defender-endpoint/respond-machine-alerts#restrict-app-execution)| Undoes release from isolation.|
+
+Apart from these one-click actions, you can also receive managed responses from our experts that you need to perform manually.
+
+> [!NOTE]
+> Before performing any of the recommended managed response actions, make sure that they are not already being addressed by your automated investigation and response configurations. [Learn more about automated investigation and response capabilities in Microsoft Defender XDR](m365d-autoir.md).
+
+**To view and perform the managed response actions:**
+
+1. Select the arrow buttons in an action card to expand it and read more information about the required action.
++
+2. For cards with one-click response actions, select the required action. The **Action status** in the card changes to **In progress**, then to **Failed** or **Completed**, depending on the action's outcome.
++
+> [!TIP]
+> You can also monitor the status of in-portal response actions in the [Action center](m365d-action-center.md). If a response action fails, try doing it again from the **View device details** page or [initiate a chat](communicate-defender-experts-xdr.md#in-portal-chat) with Defender Experts.
+
+3. For cards with required actions that you need to perform manually, select **I've completed this action** once you've performed them, then select **Yes, I've done it** in the confirmation dialog box that appears.
++
+4. If you don't want to complete a required action right away, select **Skip**, then select **Yes, skip this action** in the confirmation dialog box that appears.
+
+> [!IMPORTANT]
+>If you notice that any of the buttons on the action cards are grayed out, it could indicate that you don't have the necessary permissions to perform the action. Make sure that you're signed into the Microsoft Defender XDR portal with the appropriate permissions. Most managed response actions require that you have at least the Security Operator access. If you still encounter this issue even with the appropriate permissions, navigate to **View device details** and complete the steps from there.
+
+## Get visibility to Defender Experts investigations in your SIEM or ITSM application
+
+As Defender Experts for XDR investigate incidents and come up with remediation actions, you can have visibility to their work on incidents in your security information and event management (SIEM) and IT service management (ITSM) applications, including applications that are available out of the box.
+
+### Microsoft Sentinel
+
+You can get incident visibility in Microsoft Sentinel by turning on its out-of-the-box Microsoft Defender XDR data connector. [Learn more](/azure/sentinel/connect-microsoft-365-defender).
+
+Once you have turned on the connector, updates by Defender Experts to the **Status**, **Assigned to**, **Classification**, and **Determination** fields in Microsoft Defender XDR will show up in the corresponding **Status**, **Owner**, and **Reason for closing** fields in Sentinel.
+
+> [!NOTE]
+> The status of incidents investigated by Defender Experts in Microsoft Defender XDR typically transitions from _Active_ to _In progress_ to _Awaiting Customer Action_ to _Resolved_, while in Sentinel, it follows the _New_ to _Active_ to _Resolved_ path. The Microsoft Defender XDR Status _**Awaiting Customer Action**_ doesn't have an equivalent field in Sentinel; instead, it's displayed as a tag in an incident in Sentinel.
+
+The following section describes how an incident handled by our experts is updated in Sentinel as it progresses through the investigation journey:
+
+1. An incident being investigated by our experts has the **Status** listed as _Active_ and the **Owner** listed as _Defender Experts_.
+1. An incident that our experts have confirmed as a _True Positive_ has a managed response posted in Microsoft Defender XDR, and a **Tag** _Awaiting Customer Action_ and the **Owner** is listed as _Customer_. You need to act on the incident based on using the provided managed response.
+1. Once our experts have concluded their investigation and closed an incident as _False Positive_ or _Informational_, _Expected Activity_, the incident's **Status** is updated to _Resolved_, the **Owner** is updated to _Unassigned_, and a **Reason for closing** is provided.
++
+### Other applications
+
+You could obtain visibility into incidents in your SIEM or ITSM application by using the [Microsoft Defender XDR API](../defender/api-overview.md) or [connectors in Sentinel](/azure/sentinel/data-connectors-reference).
+
+After configuring a connector, the updates by Defender Experts to an incident's **Status**, **Assigned to**, **Classification**, and **Determination** fields in Microsoft Defender XDR can be synchronized with the third-party SIEM or ITSM applications, depending on how the field mapping has been implemented. To illustrate, you can take a look at the [connector available from Sentinel to ServiceNow](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Servicenow/StoreApp).
++
+### See also
+
+- [Get started with Microsoft Defender Experts for XDR](get-started-xdr.md)
+- [Get real-time visibility with Defender Experts for XDR reports](reports-xdr.md)
+- [Communicating with experts in the Microsoft Defender Experts for XDR service](communicate-defender-experts-xdr.md)
+
security Microsoft Threat Actor Naming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-threat-actor-naming.md
GetThreatActorAlias("ZINC")
The following files containing the comprehensive mapping of old threat actor names with their new names are also available: - [JSON format](https://github.com/microsoft/mstic/blob/master/PublicFeeds/ThreatActorNaming/MicrosoftMapping.json)-- [downloadable Excel](https://download.microsoft.com/download/4/5/2/45208247-c1e9-432d-a9a2-1554d81074d9/microsoft-threat-actor-list.xls)
+- [downloadable Excel](https://download.microsoft.com/download/4/5/2/45208247-c1e9-432d-a9a2-1554d81074d9/microsoft-threat-actor-list.xlsx)
security Reports Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/reports-xdr.md
+
+ Title: Defender experts for XDR report
+
+description: Defender Experts for XDR includes an interactive, on-demand report that provides a clear summary of our expert analysts.
+keywords: XDR, extended detection and response, managed detection and response in defender experts for XDR, Defender xdr reports, XDR report, impacted assets, avergae time to resolve incidents, view incidents, resolved directly
++
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+ms.localizationpriority: medium
+
+audience: ITPro
+
+ - m365-security
+ - tier1
+ - essentials-manage
+
+search.appverid: met150
Last updated : 02/12/2024++
+# Get real-time visibility with Defender Experts for XDR reports
+
+**Applies to:**
+
+- [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)
++
+Defender Experts for XDR includes an interactive, on-demand report that provides a clear summary of the work our expert analysts are doing on your behalf, aggregate information about your incident landscape, and granular details about specific incidents. Your service delivery manager (SDM) also uses the report to provide you with more context regarding the service during a monthly business review.
++
+Each section of the report is designed to provide more insights about the incidents our experts investigated and resolved in your environment in real time. You can also select the **Date range** to get detailed information about incidents based on severity, category, and understand the time taken to investigate and resolve an incident during a specific period.
+
+## Understand the Defender Experts for XDR report
+
+The topmost section of the Defender Experts for XDR report provides the percentage of incidents we resolved in your environment, providing you with transparency in our operations. This percentage is derived from the following figures, which are also presented in the report:
+
+- **Investigated** ΓÇô The number of active threats and other incidents from your incident queue that we triaged, investigated, or currently investigating within our scope.
+- **Resolved** ΓÇô The total number of investigated incidents that were closed.
+- **Resolved directly** ΓÇô The number of investigated incidents that we were able to close directly on your behalf.
+- **Resolved with your help** ΓÇô The number of investigated incidents that were resolved because of your action on one or more managed response tasks.
+
+The **Average time to resolve incidents** section displays a bar chart of the average time, in minutes, our experts spent investigating and closing incidents in your environment and the average time you spent performing the required managed response actions.
+
+The **Incidents by severity**, **Incidents by category**, and **Incidents by service source** sections break down resolved incidents by severity, attack technique, and Microsoft security service source, respectively. These sections let you identify potential attack entry points and types of threats detected in your environment, assess their impact, and develop strategies to mitigate and prevent them. Select **View incidents** to get a filtered view of the incident queue based on the selections you made in each of the two sections.
+
+The **Most impacted assets** section shows the users and devices in your environment that were involved in the most number of incidents during your selected date range. You can see the volume of incidents each asset was involved in. Select an asset to get a filtered view of the incident queue based on the incidents that included the said asset.
+
+### See also
+
+- [Get started with Microsoft Defender Experts for XDR](get-started-xdr.md)
+- [Managed detection and response](managed-detection-and-response-xdr.md)
+- [Communicating with experts in the Microsoft Defender Experts for XDR service](communicate-defender-experts-xdr.md)
+
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
You can also get product updates and important notifications through the [messag
- (Preview) The [DeviceInfo](advanced-hunting-deviceinfo-table.md) table in advanced hunting now also includes the columns `DeviceManualTags` and `DeviceDynamicTags` in public preview to surface both manually and dynamically assigned tags related to the device you are investigating. -- The **Guided response** feature in Microsoft Defender Experts for XDR has been renamed to **[Managed response](start-using-mdex-xdr.md#how-to-use-managed-response-in-microsoft-365-defender)**. We have also added a [new FAQ section](faq-incident-notifications-xdr.md#understanding-and-managing-defender-experts-for-xdr-incident-updates) on incident updates.
+- The **Guided response** feature in Microsoft Defender Experts for XDR has been renamed to **[Managed response](managed-detection-and-response-xdr.md)**. We have also added a [new FAQ section](faq-incident-notifications-xdr.md#understanding-and-managing-defender-experts-for-xdr-incident-updates) on incident updates.
## July 2023 - (GA) The [Attack story](investigate-incidents.md#attack-story) in incidents is now generally available. The attack story provides the full story of the attack and allows incident response teams to view the details and apply remediation. -- A new URL and domain page is now available in Microsoft Defender XDR. The updated URL and domain page provides a single place to view all the information about a URL or a domain, including its reputation, the users who clicked it, the devices that accessed it, and emails where the URL or domain was seen. For details, see [Investigate URLs in Microsoft Defender XDR](/microsoft-365/security/defender-endpoint/investigate-domain).
+- A new URL and domain page is now available in Microsoft Defender XDR. The updated URL and domain page provides a single place to view all the information about a URL or a domain, including its reputation, the users who clicked it, the devices that accessed it, and emails where the URL or domain was seen. For details, see [Investigate URLs in Microsoft Defender XDR](../defender-endpoint/investigate-domain.md).
## June 2023
You can also get product updates and important notifications through the [messag
- (GA) The [unified Assets tab in the Incidents page](investigate-incidents.md) is now generally available. -- Microsoft is using a new weather-based naming taxonomy for threat actors. This new naming schema will provide more clarity and will be easier to reference. [Learn more about the new naming taxonomy](/microsoft-365/security/intelligence/microsoft-threat-actor-naming).
+- Microsoft is using a new weather-based naming taxonomy for threat actors. This new naming schema will provide more clarity and will be easier to reference. [Learn more about the new naming taxonomy](../intelligence/microsoft-threat-actor-naming.md).
## March 2023
The security operations team can view all actions pending approval, and the stip
- [New alert page in the Microsoft Defender portal](https://techcommunity.microsoft.com/t5/microsoft-365-defender/easily-find-anomalies-in-incidents-and-alerts/ba-p/2339243)
- Provides enhanced information for the context into an attack. You can see which other triggered alert caused the current alert and all the affected entities and activities involved in the attack, including files, users and mailboxes. See [Investigate alerts](/microsoft-365/security/defender/investigate-alerts) for more information.
+ Provides enhanced information for the context into an attack. You can see which other triggered alert caused the current alert and all the affected entities and activities involved in the attack, including files, users and mailboxes. See [Investigate alerts](investigate-alerts.md) for more information.
- [Trend graph for incidents and alerts in the Microsoft Defender portal](https://techcommunity.microsoft.com/t5/microsoft-365-defender/new-alert-page-for-microsoft-365-defender-incident-detections/ba-p/2350425)
- Determine if there are several alerts for a single incident or that your organization is under attack with several different incidents. See [Prioritize incidents](/microsoft-365/security/defender/incident-queue) for more information.
+ Determine if there are several alerts for a single incident or that your organization is under attack with several different incidents. See [Prioritize incidents](incident-queue.md) for more information.
## April 2021
security Quarantine Admin Manage Messages Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files.md
Watch this short video to learn how to manage quarantined messages as an admin.
- You need to be assigned permissions before you can do the procedures in this article. You have the following options: - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security Data / email quarantine (manage)** (management via PowerShell).
- - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Global Administrator**, **Security Administrator**, or **Quarantine Administrator** role group.
- - [Microsoft Entra permissions](/microsoft-365/admin/add-users/about-admin-roles): Membership these roles gives users the required permissions _and_ permissions for other features in Microsoft 365:
- - _Take action on quarantined messages for all users_: Membership in the **Global Administrator** or **Security Administrator** roles.
- - _Submit messages from quarantine to Microsoft_: Membership in the **Security Administrator** role.
+ - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md):
+ - _Take action on quarantined messages for all users_: Membership in the **Quarantine Administrator**, **Security Administrator**, or **Organization Management** role groups.
+ - _Submit messages from quarantine to Microsoft_: Membership in the **Quarantine Administrator** or **Security Administrator** role groups.
+ - _Use **Block sender** to [add senders to your own Blocked Senders list](#block-email-senders-from-quarantine)_: Membership in the **Security Reader**, **Quarantine Administrator** or **Security Administrator** role groups.
+ - _Read-only access to quarantined messages for all users_: Membership in the **Security Reader** or **Global Reader** role groups.
+ - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership these roles gives users the required permissions _and_ permissions for other features in Microsoft 365:
+ - _Take action on quarantined messages for all users_: Membership in the **Security Administrator or **Global Administrator** roles.
+ - _Submit messages from quarantine to Microsoft_: Membership in the **Security Administrator** role.
+ - _Use **Block sender** to [add senders to your own Blocked Senders list](#block-email-senders-from-quarantine)_: Membership in the **Security Reader** or **Security Administrator** roles.
- _Read-only access to quarantined messages for all users_: Membership in the **Global Reader** or **Security Reader** roles. > [!TIP]
You can sort the entries by clicking on an available column header. Select :::im
- **Release status**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) - **Policy type**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) - **Expires**<sup>\*</sup>-- **Recipient**
+- **Recipient**: The recipient email address always resolves to the primary email address, even if the message was sent to a [proxy address](/exchange/recipients-in-exchange-online/manage-user-mailboxes/add-or-remove-email-addresses).
- **Message ID** - **Policy name** - **Message size**
Use the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" bor
After you've entered the search criteria, press the enter ENTER key to filter the results. > [!NOTE]
-> The **Search** box searches for quarantined items in the current view, not all quarantined items. To search all quarantined items, use **Filter** and the resulting **Filters** flyout.
+> The **Search** box searches for quarantined items in the current view (which is limited to 100 items), not all quarantined items. To search all quarantined items, use **Filter** and the resulting **Filters** flyout.
After you find a specific quarantined message, select the message to view details about it and to take action on it (for example, view, release, download, or delete the message). > [!TIP] > On mobile devices, the previously described controls are available under :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More**. >
-> :::image type="content" source="../../media/quarantine-message-main-page-mobile-actions.png" alt-text="Selecting a quarantined message and selecting More on a mobile device." lightbox="../../media/quarantine-message-main-page-mobile-actions.png":::
+> :::image type="content" source="../../media/quarantine-message-main-page-mobile-actions.png" alt-text="Selecting a quarantined message and selecting More on a mobile device." lightbox="../../media/quarantine-message-main-page-mobile-actions.png":::
### View quarantined email details
In the details flyout that opens, the following information is available:
- **Policy name** - **Recipient count** - **Recipients**: If the message contains multiple recipients, you might need to use [Preview message](#preview-email-from-quarantine) or [View message header](#view-email-message-headers) to see the complete list of recipients.+
+ Recipient email addresses always resolve to the primary email address, even if the message was sent to a [proxy address](/exchange/recipients-in-exchange-online/manage-user-mailboxes/add-or-remove-email-addresses).
+ - **Released to**: All email addresses (if any) to which the message has been released. - **Delivery details** section: - **Threats**
If you don't release or remove a message, it's automatically deleted from quaran
- Users can report false positives to Microsoft from quarantine, depending on the value of the **Reporting from quarantine** setting in [user reported settings](submissions-user-reported-messages-custom-mailbox.md). > [!TIP]
-> Third party anti-virus solutions or security services can cause the following issues for messages that are released from quarantine:
-> - The message is quarantined after being released.
-> - Content is removed from the released message before it reaches the recipient's Inbox.
-> - The released message never arrives in the recipient's Inbox.
-> - Actions in [quarantine notifications](quarantine-quarantine-notifications.md) might be randomly selected.
>
-> Verify that you aren't using third party filtering before you open a support ticket about these issues.
+> - Third party anti-virus solutions, security services, and [outbound connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/use-connectors-to-configure-mail-flow) can cause the following issues for messages that are released from quarantine:
+> - The message is quarantined after being released.
+> - Content is removed from the released message before it reaches the recipient's Inbox.
+> - The released message never arrives in the recipient's Inbox.
+> - Actions in [quarantine notifications](quarantine-quarantine-notifications.md) might be randomly selected.
+>
+> Verify that you aren't using third party filtering before you open a support ticket about these issues.
+>
+> - Inbox rules ([created by users in Outlook](https://support.microsoft.com/c24f5dea-9465-4df4-ad17-a50704d66c59) or by admins using the **\*-InboxRule** cmdlets in Exchange Online PowerShell) can move or delete messages from the Inbox.
> > Admins can use [message trace](message-trace-defender-portal.md) to determine if a released message was delivered to the recipient's Inbox.
If you select **Approve release**, an **Approve release** flyout opens where you
If you select **Deny**, a **Deny release** flyout opens where you can review information about the message. To deny the request, select **Deny release**. A **Release denied** flyout opens where you can select the link to learn more about releasing messages. Select **Done** when you're finished on the **Release denied** flyout. Back on the **Email** tab, the **Release status** value of the message changes to **Denied**.
+> [!TIP]
+> You can deny release for all recipients only. You can't deny release for specific recipients.
+ #### Delete email from quarantine When you delete an email message from quarantine, the message is removed and isn't sent to the original recipients.
In the **Submit to Microsoft for analysis** flyout that opens, configure the fol
- **I've confirmed it's clean** (default): Select this option if you're sure that the message is clean, and then select **Next**. Then the following settings are available: - **Allow this email**: If you select this option, allow entries are added to the [Tenant Allow/Block List](tenant-allow-block-list-about.md) for the sender and any related URLs or attachments in the message. The following options also appear:
- - **Remove entry after**: The default value is **30 days**, but you can also select **1 day**, **7 days**, or a **Specific date** that's less than 30 days.
+ - **Remove entry after**: The default value is **30 days**, but you can also select **1 day**, **7 days**, or a **Specific date** that's less than 30 days.
- **Allow entry note**: Enter an optional note that contains additional information. - **It appears clean**: Select this option if you're unsure and you want a verdict from Microsoft.
security Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md
You create and assign quarantine policies in the Microsoft Defender portal or in
- You need to be assigned permissions before you can do the procedures in this article. You have the following options: - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Core Security settings (manage)**.
- - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in any of the following role groups:
- - **Organization Management**
- - **Security Administrator**
- - **Quarantine Administrator**
- - [Microsoft Entra permissions](/microsoft-365/admin/add-users/about-admin-roles): Membership in the **Global Administrator**, **Security Administrator**, or **Quarantine Administrator** roles gives users the required permissions _and_ permissions for other features in Microsoft 365.
+ - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Quarantine Administrator**, **Security Administrator**, or **Organization Management** role groups.
+ - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership in the **Global Administrator** or **Security Administrator** roles gives users the required permissions _and_ permissions for other features in Microsoft 365.
## Step 1: Create quarantine policies in the Microsoft Defender portal
The global settings for quarantine policies allow you to customize the quarantin
### Customize quarantine notifications for different languages
-Quarantine notifications are already localized based on the recipient's language settings. You can customize the **Sender display name**, **Subject**, and **Disclaimer** values that are used in quarantine notifications based on the recipient's language.
+The message body of quarantine notifications is already localized based on the language setting of the recipient's cloud-based mailbox.
+
+You can use the procedures in this section to customize the **Sender display name**, **Subject**, and **Disclaimer** values that are used in quarantine notifications based on the language setting of the recipient's cloud-based mailbox:
- The **Sender display name** as shown in the following screenshot:
Quarantine notifications are already localized based on the recipient's language
:::image type="content" source="../../media/quarantine-tags-esn-customization-disclaimer.png" alt-text="A custom disclaimer at the bottom of a quarantine notification." lightbox="../../media/quarantine-tags-esn-customization-disclaimer.png"::: > [!TIP]
-> A custom quarantine notification for a specific language is shown to users only when their account/mailbox language matches the language in the custom quarantine notification.
+> Quarantine notifications aren't localized for on-premises mailboxes.
+>
+> A custom quarantine notification for a specific language is shown to users only when their mailbox language matches the language in the custom quarantine notification.
> > The value **English_USA** applies only to US English clients. The value **English_Great Britain** applies to all other English clients (Great Britain, Canada, Australia, etc.).
+>
+> The languages **Norwegian** and **Norwegian (Nynorsk)** are available. Norwegian (Bokmål) isn't available.
To create customized quarantine notifications for up to three languages, do the following steps:
To create customized quarantine notifications for up to three languages, do the
1. Select the language from the **Choose language** box. The default value is **English_USA**.
- Although this box is in the middle of the page, you need to select it first. If you enter values in the **Sender display name**, **Subject**, or **Disclaimer** boxes before you select the language value, the other values are removed and you start over when you select the language value.
+ Although this box isn't the first setting, you need to configure it first. If you enter values in the **Sender display name**, **Subject**, or **Disclaimer** boxes before you select the language, those values disappear.
+
+ 2. After you select the language, enter values for **Sender display name**, **Subject**, and **Disclaimer**. The values must be unique for each language. If you try to reuse a value in a different language, you'll get an error when you select **Save**.
- 2. Enter values for **Sender display name**, **Subject**, and **Disclaimer**. The values must be unique for each language. If you try to reuse a value in a different language, you'll get an error when you select **Save**.
- 3. Select the **Add** button.
- 4. Repeat the previous steps to create a maximum of three customized quarantine notifications based on the recipient's language. An unlabeled box shows the languages that you've configured:
+ 3. Select the **Add** button near the **Choose language** box.
+
+ After you select **Add**, the configured settings for the language appear in the **Click the language to show the previously configured settings** box. To reload the settings, click on the language name. To remove the language, select :::image type="icon" source="../../media/m365-cc-sc-remove-selection-icon.png" border="false":::.
:::image type="content" source="../../media/quarantine-tags-esn-customization-selected-languages.png" alt-text="The selected languages in the global quarantine notification settings of quarantine policies." lightbox="../../media/quarantine-tags-esn-customization-selected-languages.png":::
- Select the language value in the box to edit the settings for that language. Select :::image type="icon" source="../../media/m365-cc-sc-remove-selection-icon.png" border="false"::: to remove the language.
+ 4. Repeat the previous steps to create a maximum of three customized quarantine notifications based on the recipient's language.
4. When you're finished on the **Quarantine notifications** flyout, select **Save**. :::image type="content" source="../../medio-quarantine-policy-quarantine-notification-settings.png":::
+For information about the **Specify sender address**
+ ### Customize all quarantine notifications Even if you don't customize quarantine notifications for different languages, settings are available in the **Quarantine notifications flyout** to customize all quarantine notifications. Or, you can configure the settings before, during, or after you customize quarantine notifications for different languages (these settings apply to all languages): -- **Specify sender address**: Select an existing user for the sender email address of quarantine notifications. The default sender is quarantine@messaging.microsoft.com.
+- **Specify sender address**: Select an existing user for the sender email address of quarantine notifications. The default sender is `quarantine@messaging.microsoft.com`.
- **Use my company logo**: Select this option to replace the default Microsoft logo that's used at the top of quarantine notifications. Before you do this step, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](/microsoft-365/admin/setup/customize-your-organization-theme) to upload your custom logo.
Even if you don't customize quarantine notifications for different languages, se
:::image type="content" source="../../media/quarantine-tags-esn-customization-logo.png" alt-text="A custom logo in a quarantine notification" lightbox="../../media/quarantine-tags-esn-customization-logo.png":::
+- **Send end-user spam notification every (days)**: Select the frequency for quarantine notifications. You can select **Within 4 hours**, **Daily**, or **Weekly**.
> [!TIP] > If you select every four hours, and a message is quarantined _just after_ the last notification generation, the recipient will receive the quarantine notification _slightly more than_ four hours later.
For detailed syntax and parameter information, see [Set-QuarantinePolicy](/power
## Remove quarantine policies in the Microsoft Defender portal
-**Notes**:
--- You can't remove the default quarantine policies named AdminOnlyAccessPolicy, DefaultFullAccessPolicy, or DefaultFullAccessWithNotificationPolicy.-- Before you remove a quarantine policy, verify that it's not being used. For example, run the following command in PowerShell:-
- ```powershell
- Write-Output -InputObject "Anti-spam policies",("-"*25);Get-HostedContentFilterPolicy | Format-List Name,*QuarantineTag; Write-Output -InputObject "Anti-phishing policies",("-"*25);Get-AntiPhishPolicy | Format-List Name,*QuarantineTag; Write-Output -InputObject "Anti-malware policies",("-"*25);Get-MalwareFilterPolicy | Format-List Name,QuarantineTag; Write-Output -InputObject "Safe Attachments policies",("-"*25);Get-SafeAttachmentPolicy | Format-List Name,QuarantineTag
- ```
+> [!NOTE]
+> Don't remove a quarantine policy until you verify that it isn't being used. For example, run the following command in PowerShell:
- If the quarantine policy is being used, [replace the assigned quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) before you remove it.
+> ```powershell
+> Write-Output -InputObject "Anti-spam policies",("-"*25);Get-HostedContentFilterPolicy | Format-List Name,*QuarantineTag; Write-Output -InputObject "Anti-phishing policies",("-"*25);Get-AntiPhishPolicy | Format-List Name,*QuarantineTag; Write-Output -InputObject "Anti-malware policies",("-"*25);Get-MalwareFilterPolicy | Format-List Name,QuarantineTag; Write-Output -InputObject "Safe Attachments policies",("-"*25);Get-SafeAttachmentPolicy | Format-List Name,QuarantineTag
+> ```
+>
+> If the quarantine policy is being used, [replace the assigned quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) before you remove it to avoid the potential disruption in quarantine notifications.
+>
+> You can't remove the default quarantine policies named AdminOnlyAccessPolicy, DefaultFullAccessPolicy, or DefaultFullAccessWithNotificationPolicy.
1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Quarantine policies** in the **Rules** section. Or, to go directly to the **Quarantine policies** page, use <https://security.microsoft.com/quarantinePolicies>.
security Reports Email Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md
On the **Threat protection status** page, the :::image type="icon" source="../..
In the **View data by System override** and **Chart breakdown by Reason** view, the following override reason information is shown in the chart: -- **Exchange transport rule** (mail flow rule)-- **IP Allow** - **On-premises skip**-- **Organization allowed domains**
+- **IP Allow**
+- **Exchange transport rule**
- **Organization allowed senders**
+- **Organization allowed domains**
+- **ZAP not enabled**
+- **User Safe Sender**
+- **User Safe Domain**
+- **Sender Domain List**
+- **Trusted Senders List (Outlook)**
+- **Trusted Recipient Address List**
+- **Trusted Recipient Domain List**
+- **Trusted Contact List - Sender in Address Book**
+- **Exclusive setting (Outlook)**
- **Phishing simulation**: For more information, see [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](advanced-delivery-policy-configure.md).-- **TABL - Both URL and file allowed**-- **TABL - File allowed**-- **TABL - File blocked**-- **TABL - Sender allowed**-- **TABL - Sender blocked**
+- **Third party filter**
- **TABL - URL allowed**
+- **TABL - File allowed**
+- **TABL - Both URL and file allowed**
+- **TABL Sender email address Allow**
- **TABL - URL blocked**-- **Third party filter**-- **User Safe Domain**-- **User Safe Sender**-- **ZAP not enabled**
+- **TABL - File blocked**
+- **TABL Sender email address block**
+- **TABL Spoof Block**
+- **Data Loss Prevention**
In the details table below the chart, the following information is available:
security Submissions Users Report Message Add In Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure.md
Install and configure the Report Message or Report Phishing add-ins for the orga
### Get the Report Message or the Report Phishing add-ins for your Microsoft 365 GCC or GCC High organization
-Admins in Microsoft 365 Government Community Cloud (GCC) or GCC High need to use the steps in this section to get the Report Message or Report Phishing add-ins for their organizations.
+Admins in Microsoft 365 Government Community Cloud (GCC) or GCC High need to use the steps in this section to get the Report Message or Report Phishing add-ins for their organizations. These steps apply to Outlook and Outlook on the web (formerly known as Outlook Web App or OWA) and don't apply to Outlook for iOS and Android.
> [!NOTE] > It could take up to 24 hours for the add-in to appear in your organization.
solutions Collaborate Guests Cross Cloud https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-guests-cross-cloud.md
In order to invite guests from an organization in a different Microsoft Azure cl
Note that tenants in Microsoft Azure Government (Microsoft 365 GCC High and DoD) can't create a cross-tenant connection with tenants in Microsoft Azure China.
-> [!NOTE]
-> Cross-cloud guest access between Microsoft 365 China (21Vianet) and other Microsoft 365 cloud environments is in preview.
- > [!NOTE] > VDI clients aren't supported for cross-cloud guests.
+>
+> B2B Member accounts aren't supported for cross cloud guests. All cross cloud users must be of type B2B guest.
> [!IMPORTANT] > The organization that you're collaborating with must also configure these settings for their organization.
syntex Backup Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-overview.md
description: Learn about the backup and recovery capabilities for SharePoint, Ex
# Overview of Microsoft 365 Backup (Preview) > [!NOTE]
-> Microsoft 365 Backup (Preview) is now available worldwide in all commercial cloud environments. This preview feature is subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md).
+> Microsoft 365 Backup (Preview) is now available worldwide in all commercial cloud environments. General availability is expected to be mid-2024. This preview feature is subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md).
## About the preview
-Microsoft 365 Backup is currently in preview and will begin rolling out to organizations in early 2024. You can set up billing for the product as described in [Set up Microsoft 365 Backup](backup-setup.md). Once Microsoft 365 Backup has been deployed and is available for use in your tenant, you'll see it in the Microsoft 365 admin center page under **Settings**.
+Microsoft 365 Backup is currently in preview and begins rolling out to organizations in mid-2024. You can set up billing for the product as described in [Set up Microsoft 365 Backup](backup-setup.md). Once Microsoft 365 Backup has been deployed and is available for use in your tenant, you'll see it in the Microsoft 365 admin center page under **Settings**.
During the preview period, performance and speed of web interfaces, initial configuration, and restores might be slower than expected as we scale up our infrastructure to remove undesirable latency from our system.
In the case of a partner application, operation of the Microsoft 365 Backup tool
Business continuity assurance is a top-of-mind concern for many companies. Microsoft 365 Backup delivers business continuity peace of mind by providing performance and reliable restore confidence. When evaluating a backup and restore offering, what really matters isn't solely the backup, but the ability to restore your data to a healthy state quickly when you need to do so. Recovering large volumes of content is difficult when copying data at a scale from a remote, air-gapped location requiring weeks or even months to get your business back up and running.
-In cases of a ransomware attack that encrypts large swaths of your data, or instances of an internal accidental or malicious data deletion or overwrite event, you need to be able to get your business back to a healthy state as soon as possible. This is what the Microsoft 365 Backup product offers, both through the Microsoft 365 admin center, as well as via third-party applications built on the Microsoft 365 Backup Storage platform.
+In cases of a ransomware attack that encrypts large swaths of your data, or instances of an internal accidental or malicious data deletion or overwrite event, you need to be able to get your business back to a healthy state as soon as possible. This is what the Microsoft 365 Backup product offers, both through the Microsoft 365 admin center, and via partner applications built on the Microsoft 365 Backup Storage platform.
To summarize, applications built on top of the Microsoft 365 Backup Storage platform deliver the following benefits regardless of the size or scale of the protected tenant:
Key architectural takeaways:
#### Backup policy performance
-Creating a new protection policy initiates the process of backing up selected SharePoint sites, OneDrive accounts, and Exchange mailboxes. Once you submit a request to activate a valid protection policy, it takes on average up to 60 minutes to process and another 60 minutes to create publish restore points.
+Creating a new protection policy initiates the process of backing up selected SharePoint sites, OneDrive accounts, and Exchange mailboxes. Once you submit a request to activate a valid protection policy, it takes on average up to 60 minutes to process and another 60 minutes to create restore points.
Restore points are physically created in the service as soon as the policy is confirmed to be activated in the tool, even if those restore points take some additional time to become visible in the restore tool.
All restore points and restores to new URLs will be relatively fast, but same UR
It will take on average less than one hour for the first full site or account protection unit to be restored when a new restore session is initiated. After the first site or account is restored in a session, the remaining protection units will complete in relatively fast succession.
-The following table summarizes expected performance for a normally distributed tenant, including tenants of very large size and scale. During the preview period, actual performance might deviate from these general availability targets.
+The following table summarizes expected performance for a normally distributed tenant, including tenants of large size and scale. During the preview period, actual performance might deviate from these general availability targets.
|Scenario |First full-container restore completes |Restore of all containers complete | |:-|:-|:--|
syntex Backup Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-setup.md
description: Learn how to set up and configure Microsoft 365 Backup and backup p
# Set up Microsoft 365 Backup (Preview) > [!NOTE]
-> Microsoft 365 Backup (Preview) is now available worldwide in all commercial cloud environments. This preview feature is subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md).
+> Microsoft 365 Backup (Preview) is now available worldwide in all commercial cloud environments. General availability is expected to be mid-2024. This preview feature is subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md).
Get started with Microsoft 365 Backup by following these simple three steps in the Microsoft 365 admin center.
test-base Accesslevel https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/accesslevel.md
f1.keywords: NOCSH
# Request to change access level + We're now making access to pre-release Windows update content more available. Once your request for access to pre-release updates is approved, your uploaded packages will automatically get scheduled to be tested against the pre-release Windows updates for the OS versions selected during onboarding. To request access, select the "Access level change request" option in the left navigation bar and fill out all the details for your organization and submit the request. You'll be notified on the registered email address once your request is approved. Once approved, when a new pre-release build is available, your packages will automatically get tested against the new update for the versions selected.
test-base Against Windows New Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/against-windows-new-features.md
f1.keywords: NOCSH
# Test against Windows new features + If youΓÇÖre seeking further validation of your eco-system solution(s) against Windows new features, or hesitating whether to deploy the latest Windows feature or the next version of security solution to your organization, Test Base provides you with a way to test your applications against preview builds in Windows Insider program automatically (More about [Windows Insider](https://www.microsoft.com/windowsinsider/about-windows-insider-program)). This section shows you how to set up your own scheduled tests against preview features in Windows insider channel.
test-base Analyze Regression Causes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/analyze-regression-causes.md
f1.keywords: NOCSH
# Analyzing the Causes of Regressions + In order to understand the cause of a Memory or CPU utilization regression, you have various data sources and tools that you can utilize to assist you. As part of the Windows Assessment and Deployment Kit (Windows ADK), Windows Performance Recorder (WPR) is a performance recording tool based on Event Tracing for Windows (ETW). This tool assists you in gathering the right data from which you can gain an understanding of the cause(s) of a regression. It records system and application events in an .etl file, which you will thereafter use as input to the Windows Performance Analyzer (WPA). you can also use WPR and WPA together to investigate specific areas of performance and to gain an overall understanding of resource consumption. Once a regression is detected, you can download the Windows Performance Analyzer toolkit and analyze reasons for Memory or CPU performance regressions, that is, after you provide the above mentioned .etl file as input to the WPA.
test-base Buildpackage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/buildpackage.md
f1.keywords: NOCSH
# Build a package + A package is a .zip file containing your application binary and test scripts, which is the prerequisite to use Test Base. This QuickStart will guide you to build your first package, with which you can perform Out-of-box testing on your application. - *An **Out-of-Box (OOB)** test performs an install, launch, close, and uninstall of your application. After the install, the launch-close routine is repeated 30 times before a single uninstall is run. The OOB test provides you with standardized telemetry on your package to compare across Windows builds.*
test-base Chat https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/chat.md
f1.keywords: NOCSH
# Test Base Chat + Test Base Chat, a new feature applying the power of AI, serves as your personal support guide throughout your use of Test Base. Tired of manually searching through documentation or the web to find answers to your application testing questions? Simply initiate a conversation with Test Base Chat anywhere within Test Base to pose your queries. You'll receive tailored step-by-step guidance, complete with links to relevant pages in our [Test Base for Microsoft 365 documentation](/microsoft-365/test-base/). This feature is designed to save you time and eliminate any inconvenience. You can open the **Test Base Chat** pane via the icon at the right-hand bottom.
test-base Clonepackage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/clonepackage.md
f1.keywords: NOCSH
# Clone an existing package + In this section, you'll learn how to create a new package by duplicating your previously published package as a starting point. There are multiple entrances on Test Base portal for you to start the clone package journey. > [!IMPORTANT]
test-base Contentguideline https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/contentguideline.md
f1.keywords: NOCSH
# Test package guidelines + ## 1. Script referencing When you upload a .zip file to the portal, we unzip all the content of that file into a root folder. You do not need to write any code to do this initial unzip operation. You also can reference any file within the .zip by using the path relative to the zip file uploaded.
test-base Cpu https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/cpu.md
f1.keywords: NOCSH
# Intelligent CPU regression analysis + CPU utilization can indicate whether an application is affected by an operating system update. Test Base for Microsoft 365 provides software developers with an insight into CPU performance regressions which occur when their application is running on different versions of an upcoming Windows Operating System (OS) update.
test-base Createaccount https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/createaccount.md
f1.keywords: NOCSH
# Creating a Test Base Account + To create a **Test Base** account, perform the steps that follow. > [!IMPORTANT]
test-base Createpackagefromappgallery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/createpackagefromappgallery.md
f1.keywords: NOCSH
-# Create Package from App Gallery #
+# Create Package from App Gallery
++ This section provides the steps necessary to onboard a package from App Gallery onto Test Base. > [!IMPORTANT] > If you do not have a Test Base account, you will need to create one before proceeding, as described in Creating a Test Base Account.
test-base Determine Relevant Processes Regression Detection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/determine-relevant-processes-regression-detection.md
f1.keywords: NOCSH
# Determining Relevant Processes for Regression Detection + To identify regressed processes in each application, different types of performance counters for every process running on a virtual machine during a test run should be tracked. Analyzing a performance regression involves assessing variables for many processes during application testing. Thus making the case for determining which are relevant for monitoring. To decide which processes are relevant for a given application, Test Base uses a mutual information ranking algorithm. The application and process can both be considered a type of discrete random variable. The association of the two random variables is measured using conditional probabilities for relevance. Processes are currently not displayed based on relevance.
test-base Download Analyze Test Result Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/download-analyze-test-result-files.md
f1.keywords: NOCSH
# Downloading and Analyzing Test Result Files + **Test Base for Microsoft 365** generates downloadable event trace log (ETL) files that collect low-level data based on application testing. These trace files contain event data that is captured during test execution, from which memory utilization, CPU utilization, and other performance data is derived. Additional relevant test execution results data that you can analyze is described in the table that follows. The data folders listed in the table below exist within the a **logs.zip** folder that is accessible from the **Log files: Download** link in the Test Base results for an application that completed testing against a specified operating system version.
test-base Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/faq.md
f1.keywords: NOCSH
# Test Base FAQ + **Q: How do we submit our packages to the Test Base team?** **A:** Submit your packages directly to the Test Base environment using our self-serve portal.
test-base Feature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/feature.md
f1.keywords: NOCSH
# Windows Feature update validation + Do you need insights on how your applications will perform with the latest Windows features - prior to it being available in the market and without you maintaining an environment? Do you want to run your validation tests against Windows Insider Program builds in our Azure environment?
test-base Functional https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/functional.md
f1.keywords: NOCSH
# Functional testing + As a software publisher, you can now perform custom functional tests, using the test framework of your choice - via the self-serve Test Base for Microsoft 365 portal. When we initially launched the service, we offered the Out-of-box tests, which is a pre-defined set of tests driven through standardized scripting. However, it couldn't achieve full test coverage for many Independent Software Vendors (ISVs).
test-base Import Intune Credentials https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/import-intune-credentials.md
f1.keywords: NOCSH
# Validate applications from your own Intune tenant + Many enterprises' IT departments have mentioned compatibility concerns after applications re-formatting during their migration to Intune. Others might be suffering to validate policy deployment before they reach the end users. Test Base now provides an efficient way that allows you to validate your Intune applications in batch, or to set up even more complex automatic testing plans. This guidance shows you how to enroll the testing VM under your Intune tenant and set up your test plan with our upgraded testing service.
test-base Test Base Deprecation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/includes/test-base-deprecation.md
++++ Last updated : 03/06/2024++
+> [!IMPORTANT]
+> **Test Base for Microsoft 365 will transition to end-of-life (EOL) on May 31, 2024.** We're committed to working closely with each customer to provide support and guidance to make the transition as smooth as possible. If you have any questions, concerns, or need assistance, [submit a support request](https://aka.ms/TestBaseSupport).
test-base Learn Cpu Regression Analysis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/learn-cpu-regression-analysis.md
f1.keywords: NOCSH
# Understanding CPU Regression Analysis + After uploading your application's binaries along with associated test scripts, the Test Base service will then run the test scripts, and automatically perform CPU and Memory regression analysis. The service will then check if the CPU utilization for the application on the pre-release version of the update for the target OS is in line with the CPU utilization for the released version of the OS. CPU utilization is not likely to be a direct comparative match by operating system, given there can be differences for processes that are running on two different operating system versions. However, in these cases, the **Test Base** service analysis should be able to demonstrate whether CPU utilization for your application is impacted by an upcoming operating system update and specifically which processes have regressed from previous test runs.
test-base Learn Memory Regression Analysis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/learn-memory-regression-analysis.md
f1.keywords: NOCSH
# Understanding Memory Regression Analysis + As a performance metric, memory usage can be an indication of overall application health. With **Test Base**, you can readily observe increasing memory usage of the test virtual machines (VMs) that are hosting your application/s, as it occurred during a test run. For all test runs in the **Test Base** service, memory signals are captured in the **Memory utilization** tab. The example that follows shows a recent test run against a February 2022 OS security update, with an onboarded application named ΓÇ£USL AppCrashΓÇ¥ (a test application written to illustrate regressions).
test-base Managed Identity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/managed-identity.md
f1.keywords: NOCSH
# Grant Test Base managed identities to your Key Vault account + This article includes step-by-step guidance to grant Test Base access to your key vault secrets so that you can authorize Test Base access to other platforms during your compatibility tests in a secure way. **In this article,**
test-base Memory Cpu Regressions Results Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/memory-cpu-regressions-results-overview.md
f1.keywords: NOCSH
# Memory and CPU Regression Results Overview + Increases in Memory or CPU utilization can be an indication that an application was affected by an operating system update. **Test Base for Microsoft 365** provides software developers and others with insights into Memory and CPU performance regressions. Such changes in performance may occur when an application is running on different pre-release versions of an upcoming Windows operating system update. In the sections that follow, more is described about Memory and CPU regression analysis.
test-base Memory https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/memory.md
f1.keywords: NOCSH
# Memory Regression Analysis + Test Base helps you more clearly notice significant memory usage increases in the test VMs running your apps. Performance metrics, such as memory usage, can be indicative of overall application health and we believe this addition will greatly help keep your apps performing optimally. Read on for more details or watch this video for a quick walk-through of the latest improvements.
test-base Monitor Test Status https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/monitor-test-status.md
f1.keywords: NOCSH
# Monitoring Test Status + Test run status in the Test Base portal keeps you informed of where your package is in the testing process. You can see status in the **Test summary** page in addition to the **Details** pane. This status provides details about test execution. If failures were detected during test execution, you'll find additional status and guidance information on the **Test Analysis** tab.
test-base Ondemandrun https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/ondemandrun.md
f1.keywords: NOCSH
# Run your test on-demand + > [!NOTE] > Test Base now provides the option to kickoff a test with an on-demand approach.
test-base Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/overview.md
f1.keywords: NOCSH
# What is Test Base for Microsoft 365?
-> [!IMPORTANT]
-> **Test Base for Microsoft 365 will transition to end-of-life (EOL) on May 31, 2024.** We're committed to working closely with each customer to provide support and guidance to make the transition as smooth as possible. If you have any questions, concerns, or need assistance, [submit a support request](https://aka.ms/TestBaseSupport).
Test Base is an Azure service that enables data-driven application testing for users anywhere in the world.
test-base Packagevalidation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/packagevalidation.md
f1.keywords: NOCSH
# Package Validation + ## Package Validation When a [new package](buildpackage.md) is created or onboarded to Test Base, a validation run is triggered. The purpose of the validation run is to check the package and make sure it's ready for testing.
test-base Prepare Testbase Vhd File https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/prepare-testbase-vhd-file.md
f1.keywords: NOCSH
# How to prepare a Windows VHD for Test Base + Before you upload a Windows virtual machine (VM) from on-premises to Test Base, you need to prepare the virtual hard disk (VHD) first. Test Base only supports generation 2 VMs that use the VHD file format and have a fixed-size disk. The maximum size for the OS VHD on a generation 2 VM is 128 GiB on Test Base.
test-base Rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/rules.md
f1.keywords: NOCSH
# Application/Test rules + All applications or tests in Test Base need to comply with the following rules: ## Test Base folders
test-base Sdkapi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/sdkapi.md
f1.keywords: NOCSH
# Manage your resource with SDK & APIs + Automation is a key aspect of DevOps and agile development. Are you looking to manage Test Base for Microsoft 365 resources, get test results programmatically, and integrate them with our CI tools? Test Base APIs/SDK can help you achieve all these and more! These APIs/SDK enable IT professionals and app developers to:
test-base Server https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/server.md
f1.keywords: NOCSH
# Windows Server Application Testing + With Test Base for Microsoft 365, you can now validate your applications against Windows Server 2016 and 2019, including Server Core! To get started with validating your uploaded applications against pre-release updates for Windows Server 2016 and 2019 operating systems on Test Base for Microsoft 365, kindly adhere to the following steps:
test-base Test Application With In Place Upgrade https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/test-application-with-in-place-upgrade.md
f1.keywords: NOCSH
# Test your application with in-place upgrade++ > [!NOTE] > This guide will provide instruction on how to test your application with in-place upgrade feature
test-base Test With M365 App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/test-with-m365-app.md
f1.keywords: NOCSH
# Test your application with latest Microsoft 365 apps This section provides instructions on how to test your application with latest Microsoft 365 apps.
test-base Testapplication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/testapplication.md
f1.keywords: NOCSH
# Creating and Testing Binary Files on Test Base + This section provides all the steps necessary to create a new package containing binary files, for uploading and testing on Test Base. If you already have a pre-built .zip file, you can see [Uploading pre-built Zip package](uploadApplication.md), to upload your file. > [!IMPORTANT]
test-base Testintuneapplication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/testintuneapplication.md
f1.keywords: NOCSH
# Test your Intune application on Test Base ++ > [!Note] > This guide will guide you to upload your intunewin format package to Test Base. For general Test Base package upload instruction, please refer to this [doc](https://microsoft.sharepoint.com/:w:/t/AzureSUVPCoreTeam/EeHQIT3qA0FKqBDWI5TzmzgBiH2Syz39o5VbY2kdugMn4A?e=Rk1KD9).
test-base Testoverview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/testoverview.md
f1.keywords: NOCSH
# Test your application on Test Base + In this section, you'll learn how to create packages with different types of applications for uploading and testing on **Test Base**. Application types consist of the following values: > [!div class="mx-imgBorder"]
test-base Uploadapplication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/uploadapplication.md
f1.keywords: NOCSH
# Uploading a pre-built zip package + This section provides all the steps necessary to edit, upload, and test on Test Base when you already have a pre-built .zip file. **Pre-requests**
test-base Usagecost https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/usagecost.md
f1.keywords: NOCSH
# Understand your usage cost ++ > [!NOTE] > Test Base now offers the billing hub feature to help users understand their test usage and cost.
test-base Validate Apps Against A Custom Image https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/validate-apps-against-a-custom-image.md
f1.keywords: NOCSH
# Validate apps against a custom image++ > [!NOTE] > This guide will show you how to onboard your own Windows image to Test Base as a baseline for security update or in-place upgrade validation.
test-base Validate Monthly Security Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/validate-monthly-security-updates.md
f1.keywords: NOCSH
# Test against Windows monthly security updates + Test Base provides scheduled automatic tests against these fixed issues in a proactive way, so that you can get more assurance and have a chance to fix the issue before any damage happens, and your organization or your users can stay productive and protected. This section shows you how to set up your own scheduled tests against Windows monthly security updates.
test-base View Application Liability Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/view-application-liability-results.md
f1.keywords: NOCSH
# Viewing Application Reliability Results + You can determine application reliability by reviewing the data in the tables on the **Reliability** tab. For example, by reviewing data from this tab on how your application processes performed, you can determine if such processes are crashing or hanging at an unacceptable rate. This is possible because the **Reliability** tab exposes statistics for all the underlying running processes, which is inclusive of specific application reliability performance data. The dashboard also organizes the details of these processes that ran on the test machine into **Crash** signal and **Unresponding** signal categories for better assessment of results. To display the **Reliability** tab, perform the steps of the procedure that follows:
test-base View Log Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/view-log-files.md
f1.keywords: NOCSH
# Viewing Log Files + You can download public facing log files separately as an aid to troubleshooting script failures, regressions, reliability issues, or other unexpected results. Each test run that completes successfully should generate a collection of logs and data files that include .log, .etl, .csv, and .evtx files that are distributed in the following categories: - Script installation and status logs
test-base View Script Execution Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/view-script-execution-results.md
f1.keywords: NOCSH
# Viewing Script Execution Results + To display the Test Results for script execution, perform the steps that follow. 1. Select the **Security update results** under the **Insights** menu category.
test-base View Test Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/view-test-results.md
f1.keywords: NOCSH
# Viewing Test Results + Logging into the Azure portal, you can see application test results at scheduled intervals against selected updates from the Overview page of your Test Base account. Clicking your Test Base account name, and then clicking links under the Insights category in the left-hand sector of the page, as follows: