+Microsoft 365 Groups can be added to one of the three SharePoint groups (Owners, Members, or Visitors) to give people permissions to the site.

+8. To allow others to join online or call in to the meeting, select **Teams Meeting**.

+ - **Phone number**: the number of the room itself. This is different from the meeting phone number generated when using Microsoft Teams.

+You can only cancel and receive a prorated credit or refund if you cancel within seven days after the start or renewal of your subscription. If you cancel during this limited time window, the prorated amount is either credited towards your next invoice or returned to you in the next billing cycle.

+If you need to cancel within seven days after the start or renewal of your subscription, go to [Steps to cancel your subscription](#steps-to-cancel-your-subscription) later in this article.

+If more than seven days have passed, [turn off recurring billing](renew-your-subscription.md). This prevents you from being charged again for your subscription, and lets you keep your access to your products and services for the remainder of your subscription.

+- Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

+- Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

+- Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

+- Office 365 A5 subscription (paid or trial version)

+Users included in communication compliance policies must be assigned one of the licenses above. For more information about subscriptions and licensing, see [Microsoft 365 guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#communication-compliance).

+- Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

+- Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

+- Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

+Users included in communication compliance policies must be assigned one of the licenses above. For more information about subscriptions and licensing, see [Microsoft 365 guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#communication-compliance).

+## User-reported messages policy

+As part of a layered defense to detect and remediate inappropriate messages in your organization, you can supplement communication compliance policies with user-reported messages in Microsoft Teams. This feature empowers users in your organization to self-report inappropriate messages, such as harassing or threatening language, sharing of adult content, and sharing of sensitive or confidential information, to help foster a safe and compliant work environment.

+Enabled by default in the [Teams admin center](/microsoftteams/manage-teams-in-modern-portal), the *Report a concern* option in Teams messages allows users in your organization to submit inappropriate messages for review by communication compliance reviewers for the policy. These messages are supported by a default system policy that supports reporting messages in Teams channels, group, and private chats.

+

+When a user submits a Teams chat message for review, the message is copied to the User-reported message policy. Reported messages initially remain visible to all chat members and there isn't any notification to chat members or the submitter that a message has been reported in channel, private, or group chats. A user can't report the same message more than once and the message remains visible to all users included in the chat session during the policy review process.

+During the review process, communication compliance reviewers can perform all the standard [remediation actions](/microsoft-365/compliance/communication-compliance-investigate-remediate#step-3-decide-on-a-remediation-action) on the message, including removing the message from the Teams chat. Depending on how the messages are remediated, the message sender and recipients will see different [notification messages](/microsoftteams/communication-compliance#act-on-inappropriate-messages-in-microsoft-teams) in Teams chats after the review.

+

+User reported messages from Teams chats are the only messages processed by the User-reported message policy and only the assigned reviewers for the policy can be modified. All other policy properties are not editable. When the policy is created, the initial reviewers assigned to the policy are all members of the *Communication Compliance Admins* role group (if populated with at least one user) or all members of your organization's *Global Admin* role group . The policy creator is a randomly selected user from the *Communication Compliance Admins* role group (if populated with at least one user) or a randomly selected user from your organization's *Global Admin* role group.

+Admins should immediately assign custom reviewers to this policy as appropriate for your organization. This may include reviewers such as your Compliance Officer, Risk Officer, or members of your Human Resources department. To customize the reviewers for chat messages submitted as user-reported messages, complete the following steps:

+1. Sign into [Microsoft 365 compliance center](https://compliance.microsoft.com/) using credentials for an admin account in your Microsoft 365 organization.

+2. In the Microsoft 365 compliance center, go to **Communication compliance**.

+3. On the **Policy** tab, select the *User-reported messages* policy and select **Edit**.

+4. On the **Monitor for user-reported messages** pane, assign reviewers for the policy. Reviewers must have mailboxes hosted on Exchange Online. When reviewers are added to a policy, they automatically receive an email message that notifies them of the assignment to the policy and provides links to information about the review process.

+5. Select **Save**.

+To disable users from reporting Teams messages with the *Report a concern option*, disable the **End user reporting** option in the [Teams Admin Center](/microsoftteams/manage-teams-in-modern-portal).

+- **Microsoft Teams**: Chat communications for public and private [Microsoft Teams](/MicrosoftTeams/Teams-overview) channels and individual chats are supported in communication compliance as a standalone channel source or with other Microsoft 365 services. You'll need to manually add individual users, distribution groups, or specific Microsoft Teams channels when you select users and groups to supervise in a communication compliance policy. Teams users can also self-report inappropriate messages in private and group channels and chats for review and remediation.

+- **User-reported messages policy**: This system policy supports user reported messages from channel, group, and private chat messages. Enabled by default in the Teams admin center.

+> Retention policies for Yammer currently do not inform users when messages are deleted as a result of a retention policy.

+ - When this action is selected for the final stage of disposition review, or there is only one stage of disposition: The item is marked as eligible for permanent deletion, which a timer job then actions within 7 days. The exact timing for the item to then be permanently deleted depends on the workload. For more information, see [How retention works for SharePoint and OneDrive](retention-policies-sharepoint.md#how-retention-works-for-sharepoint-and-onedrive) and [How retention works for Exchange](retention-policies-exchange.md#how-retention-works-for-exchange).

+- Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

+- Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

+- Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

+- Office 365 Enterprise E3 subscription + the Office 365 Advanced Compliance add-on (no longer available for new subscriptions, see note)

+This support is available for sensitive information types and keyword dictionaries and will be reflected in data loss prevention (for Exchange Online, SharePoint Online, OneDrive for Business, and Teams), Communications Compliance, Auto Labeling in office apps and Microsoft Defender for Cloud Apps.

+- When a text file attached to an email is in UTF-8 format without byte order mark (BOM), the email isn't detected by the Communication Compliance policy.

+- Communication Compliance policies can't detect values if a sentence is entered for the policy condition: ΓÇ£Message contains any of these wordsΓÇ¥. If the text specified in the policy is written as a word, it can be detected; however, if it's written in the middle of a sentence, it will not be detected.

+- Communication Compliance policies that specify dictionaries as type information don't detect Teams private chats and channel chats.

+- The following conditions aren't supported for Communication Compliance at this stage (we plan to fix these issues in the future):

+- Data loss prevention policies are enforceable on macOS devices (preview) running Catalina 10.15 and higher, except for the below mentioned conditions for East

+ Asian languages including Japanese.

+ - Full-width numbers arenΓÇÖt detected such as using built-in template such as Japan bank account number

+ - Numbers without delimiters arenΓÇÖt detected

+ - Keywords separated by a half-width space arenΓÇÖt detected for a sensitive information type. For example: Japanese word is set at sensitive information type and

+ dictionary isn't detected if it is in a sentence

+ - Words containing both English and Japanese (東京2020) aren’t detected

+- Maximum numbers per tenant:

+

+ - 16,000,000 items in either of the following disposition review states: pending disposition or approved disposition

+

+ - 16,000,000 items marked as records automatically disposed (no disposition review)

+- Maximum numbers for each retention label:

+

+ - 1,000,000 items pending disposition per stage for each retention label

+ - Proof of disposition for up to seven years after the item was disposed, with a limit of 1,000,000 items per retention label for that period.

+

+ If you need proof of disposition higher than this limit of 1,000,000 for items that are marked as records, contact [Microsoft Support](../admin/get-help-support.md).

+Be aware of the following limitation when you use retention for Yammer community messages and user messages:

+|[Apply a default label](sensitivity-labels.md#what-label-policies-can-do) to existing documents | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |

+description: Learn how to use advanced metadata search and search for custom site columns to find items in SharePoint document libraries using SharePoint Syntex.

+Advanced metadata search lets you use the metadata associated with a document to help locate the file in a SharePoint document library. This feature is particularly useful when you have a specific piece of information you want to search for, such as when a document was last modified, a specific person associated with a file, or a specific file type.

+1. From a SharePoint document library, in the **Search this library** box, select the metadata search icon ().

+ The following metadata search fields are currently available. More fields will be added in the future.

+ |Content type |Search by selected content type. This option will only appear if there's a non-default content type applied to the library. Default content types are *document* and *folder*. |

+3. You can also search for custom site columns that are in the current library view. This is especially useful if you have a model running on the library because the metadata extractors automatically populate information into site columns.

+ To add a custom site column to your search, select **Add more options**, and then select the name of the site column.

+ 

+ > [!NOTE]

+ > Currently, the ability to add managed metadata fields or multiline text fields is not available.

+4. Select **Search**. The documents that match your metadata search are shown on the results page.

+| Global Geography 1 ΓÇô EMEA (Europe, Middle East and Africa) | Austria, Finland, France, Ireland, Netherlands, Sweden |

+| European Union | Austria (Vienna), Finland (Helsinki), France (Paris, Marseille), Ireland (Dublin), Netherlands (Amsterdam), Sweden (Gävle, Sandviken, Staffanstorp) |

+To get started with GDAP, see [Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md).

+## Delegated Admin PrivilegesΓÇ»(DAP)

+## Granular Delegated Admin PrivilegesΓÇ»(GDAP)

+Currently, DAP is required to onboard customers to Lighthouse. We recommend also establishing GDAP with your customers to enable more secure delegated access. While DAP and GDAP coexist, GDAP will take precedence for customers where both models are in place. Soon, customers with just GDAP (and no DAP) will be able to onboard to Lighthouse.<br><br>

+| **Various GDAP permission issues across Lighthouse** | Certain GDAP roles by themselves don't grant the same level of access to customer data in Lighthouse as they would in a single-tenant experience. If any of the following roles are assigned individually (this is, not in combination with other GDAP roles) to MSP technicians, they may encounter errors, including:<ul><li>GDAP Security Administrators are unable to view risky users, dismiss risks, or confirm compromised users within Lighthouse.</li><li>GDAP Security Readers are unable to view risky users within Lighthouse.</li><li>GDAP Global Administrators see an error message when trying to view service health within Lighthouse.</li><li>GDAP Global Administrators experience issues deploying deployment plan steps within Lighthouse.</li></ul> | The workaround is to assign a combination of GDAP roles to MSP technicians based on the level of access to customer data that they need. For a list of recommended GDAP roles to use Lighthouse, see [Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md).<br><br>For issues where even GDAP Global Administrator permissions won't allow usage of a feature in Lighthouse, the workaround is to access the appropriate admin center from the customer tenant to manage the customer (for example, access the Microsoft 365 admin center from the customer tenant to check service health). For instructions on how to modify a GDAP relationship, see [Obtain granular admin permissions to manage a customer's service - Partner Center](/partner-center/gdap-obtain-admin-permissions-to-manage-customer). |

+ Title: "Overview of permissions in Microsoft 365 Lighthouse"

+f1.keywords: CSH

+audience: Admin

+ms.localizationpriority: medium

+- M365-subscription-management

+- Adm_O365

+- AdminSurgePortfolib

+- M365-Lighthouse

+search.appverid: MET150

+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn more about Lighthouse permission requirements."

+# Overview of permissions in Microsoft 365 Lighthouse

+Delegated access to customer tenants is required for Managed Service Providers (MSPs) to use Microsoft 365 Lighthouse. Granular Delegated Admin Privileges (GDAP) give MSPs a high level of control and flexibility by providing customer access through [Azure Active Directory (Azure AD) built-in roles](/azure/active-directory/roles/permissions-reference). Assigning the least privileged roles by task through GDAP to MSP technicians reduces security risk for both MSPs and customers. For more information on least privileged roles by task, see [Least-privileged roles - Partner Center](/partner-center/gdap-least-privileged-roles-by-task) and [Least privileged roles by task in Azure Active Directory](/azure/active-directory/roles/delegate-by-task). For more information on setting up a GDAP relationship with a customer tenant, see [Obtain granular admin permissions to manage a customer's service - Partner Center.](/partner-center/gdap-obtain-admin-permissions-to-manage-customer)

+We recommend assigning roles to groups of MSP technicians based on the tasks each group needs to perform on behalf of the customer. For example, Service Desk Technicians may just need to read customer tenant data or reset user passwords. In contrast, Escalation Engineers may need to take more corrective actions to update customer tenant security settings. It's a best practice to assign the least permissive role required to complete a task so that customer and partner data is kept secure. We recommend using Privileged Identity Management (PIM) to enable time-scoped access to the Global Administrator role, if needed. Giving too many users global access is a security risk, and we recommend limiting it as much as possible. For more information on how to enable PIM, see [Set up Azure AD PIM.](m365-lighthouse-configure-portal-security.md#set-up-azure-ad-privileged-identity-management-pim)

+The table in the next section describes which GDAP roles grant permission to read customer data and take action on customer tenants in Lighthouse. See [Permissions in the partner tenant](#permissions-in-the-partner-tenant) in this article for additional roles required to manage Lighthouse entities (for example, tags and Lighthouse service requests).

+> [!NOTE]

+>GDAP is currently in [technical preview](/partner-center/announcements/2022-february#6) (public preview) to allow partners to assign granular permissions before GDAP is generally available. Check [Known Issues](m365-lighthouse-known-issues.md) if you're having a problem accessing or performing an action in Lighthouse.

+## Example MSP service tiers and recommended GDAP roles

+The following table lists the recommended GDAP roles for some example MSP service tiers and the actions those roles can perform on the different Lighthouse pages.

+|| Account&nbsp;Managers| Service&nbsp;Desk&nbsp;Technician |System&nbsp;Administrators | Escalation&nbsp;Engineers|

+||||||

+| **Recommended GDAP roles** |<ul><li>Helpdesk Administrator</li></ul> |<ul><li>Security Reader<br>+</li><li>Helpdesk Administrator</li></ul> |<ul><li>Global Reader<br>+</li><li>User Administrator<br>+</li><li>Authentication Administrator</li></ul> |<ul><li>Global Reader<br>+</li><li>User Administrator<br>+</li><li>Intune Administrator<br>+</li><li>Security Administrator</li></ul>|

+|**Lighthouse&nbsp;page&nbsp;+&nbsp;allowed&nbsp;actions** |

+| **Home** | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> |

+| **Tenants** | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li></ul> | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li></ul> | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li><li>View Microsoft 365 services usage</li></ul> | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li><li>View Microsoft 365 services usage</li></ul> |

+| **Users** | <ul><li>View tenant level (non-user specific) data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</li></ul> | <ul><li>View all user-specific data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</li></ul>| <ul><li>View all user-specific data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</i><li>Block sign-in</li></ul> | <ul><li>View all user-specific data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</li><li>Block sign-in</li><li>Confirm compromised users</li><li>Dismiss risk for users</li></ul> |

+| **Devices** | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li><li>Sync device</li><li>Restart device</li><li>Collect diagnostics</li></ul>|

+| **Threat management** | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li><li>Run full scan</li><li>Run quick scan</li><li>Update antivirus protection</li><li>Reboot device</li></ul>|

+| **Baselines** | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> |

+| **Windows 365** | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> |

+| **Service health****|

+|**Audit logs****|

+*See [Password reset permissions](/azure/active-directory/roles/permissions-reference#password-reset-permissions) for a table that lists which roles are required to reset passwords for customer tenant administrators.

+**Other roles and permissions are required to view service health and audit logs. For more information, see [Permissions in the partner tenant](#permissions-in-the-partner-tenant).

+> [!NOTE]

+> If you get a message in Lighthouse saying that you don't have permission to view or edit information, you're assigned a role that doesn't have the appropriate permissions to perform the action. You'll need to reach out to an admin in your partner tenant who can assign you the appropriate role for the action you're trying to perform.

+## Delegated Admin Privileges (DAP) in Lighthouse

+GDAP will eventually replace DAP as the primary method to configure delegated access for customer tenants. However, if GDAP hasn't been set up, MSP technicians may still access Lighthouse by using the Helpdesk Agent or Admin Agent roles granted through DAP. For customers where GDAP and DAP coexist, roles granted to MSP technicians through GDAP take precedence. For more information on GDAP or DAP deprecation, see [GDAP frequently asked questions](/partner-center/gdap-faq) or the [Partner Center announcements](/partner-center/announcements/2022-march#15) for dates and timelines.

+For customers with DAP and no GDAP, the Admin Agent role grants permissions to view all tenant data and take any action in Lighthouse (see below for other actions that also require a role in the partner tenant).

+The Helpdesk Agent role grants permissions to view all tenant data and take limited action in Lighthouse, such as resetting user passwords, blocking user sign-ins, and updating customer contact information and websites.

+Given the broad permissions granted to partner users with DAP roles, we recommend adopting GDAP as soon as possible.

+## Permissions in the partner tenant

+For certain actions in Lighthouse, role assignments in the partner tenant are required. The following table lists partner tenant roles and their associated permissions.

+| Partner tenant roles | Permissions |

+|--|--|

+| Global Administrator of partner tenant | <ul><li>Sign up for Lighthouse in the Microsoft 365 admin center.</li><li>Accept partner contract amendments during the first-run experience.</li><li>Activate and inactivate a tenant.</li><li>Create, update, and delete tags.</li><li>Assign and remove tags from a customer tenant.</li></ul> |

+| Partner tenant member with at least one Azure AD role assigned with the following property set:<br>**microsoft.office365.supportTickets/allEntities/allTasks**<br>(For a complete list of Azure AD roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).) | Create Lighthouse service requests. |

+| Partner tenant member who meets *both* of the following requirements: <ul><li>Has at least one Azure AD role assigned with the following property set:<br>**microsoft.office365.serviceHealth/allEntities/allTasks**<br>(For a complete list of Azure AD roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).)</li><li>Has at least one DAP delegated role assigned (Admin Agent or Helpdesk Agent)</li></ul> | View service health information. |

+## Related content

+[Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md) (article)

+[Delegated administration privileges (DAP) FAQ](/partner-center/dap-faq) (article)

+[Assign roles and permissions to users](/partner-center/permissions-overview) (article)

+[Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md) (article)

+[Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md) (article)

+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)

+| [Device images](service-description/device-images.md) | Added Windows 10 Pro section |

+| [Admin support](working-with-managed-desktop/admin-support.md) | Added severity note to the Edit case details section |

+| [Configurable settings reference](working-with-managed-desktop/config-setting-ref.md) | Added additional proxy requirements |

+### Windows 10 Pro

+If you're ordering devices with Windows 10, work directly with your OEM sales preresentative. As of November 1, 2022, OEMs can only sell Windows 10 Pro under the Windows 11 Pro with Windows 10 Pro Downgrade license. For more information, see [Windows 10 support dates](https://docs.microsoft.com/lifecycle/products/windows-10-enterprise-and-education?msclkid=4a74c7b9b04111eca478c6fdafbc51a5) for the retirement dates of Windows 10 versions.

+For customers interested in moving to Windows 11, you can find more information on the recommended process [here](https://docs.microsoft.com/microsoft-365/managed-desktop/intro/win11-overview?view=o365-worldwide).

+> [!NOTE]

+> The severity level can only be set for certain support request types. If selecting a severity level wasn't an option when you created the support request, you won't be able to edit your support request.

+## Before you begin

+The following table lists some examples of exclusions based on file extension and folder location.

+ 4. If you are specifying a file, ensure that you enter a fully qualified path to the file, including the drive letter, folder path, file name, and extension.

+- [MpCmdRun](command-line-arguments-microsoft-defender-antivirus.md)

+- [PowerShell](/powershell/module/defender)

+To determine the category of a website, you can use the URL search function available on the Microsoft 365 Defender portal (<https://security.microsoft.com>) under **Endpoints** \> **Search**. In the URL search results, the web content filtering category appears under **URL/Domain details**. If the category result is not shown, the URL is not currently assigned to an existing web content filtering category.

+<!:::image type="content" source="../../media/web-content-filtering-category-lookup.png" alt-text="The web content filtering category lookup results" lightbox="../../media/web-content-filtering-category-lookup.png":::>

+- *Client type*: Indicates the Client type from which the email was sent like REST.

+- *Forwarding*: For scenarios with autoforwaridng, it indicates the forwarding user as well as the forwarding type like ETR or SMTP forwarding.

+- *Distribution list*: Shows the distribution list, if the recipient receieved the email as a member of the list. It shows the top level distribution list if there are nested distribution lists involved.

+- *To, Cc*: Indicates the addresses which are listed in To, Cc fields of an email. The information in these fields is restricted to 5000 characters.

+ - *Quarantine actions*: For more information on different quarantine actions, see [Manage quarantined messages](manage-quarantined-messages-and-files.md#take-action-on-quarantined-email).

+To view and use your Threat Trackers for your organization, open the Microsoft 365 Defender portal at <https://security.microsoft.com>, and go to **Email & collaboration** \> **Threat tracker**. To go directly to the **Threat tracker** page, use <https://security.microsoft.com/threattrackerv2>.

+Trending trackers (formerly called Campaigns) highlight new threats received in your organization's email in the past week. The Trending trackers view provides dynamic assessments of email threats impacting your organizationΓÇÖs Office 365 environment. This view shows tenant level malware trends, identifying malware families on the rise, flat, or declining, giving admins greater insight into which threats require further attention.

+- 2| or Not junk:

+- 3| or Phishing:

+**Navigation:** SharePoint admin center > **Policies** > <a href="https://go.microsoft.com/fwlink/?linkid=2185222" target="_blank">**Sharing**</a>

+**Navigation:** SharePoint admin center > **Policies** > <a href="https://go.microsoft.com/fwlink/?linkid=2185222" target="_blank">**Sharing**</a>

+**Navigation:** SharePoint admin center > **Policies** > <a href="https://go.microsoft.com/fwlink/?linkid=2185222" target="_blank">**Sharing**</a>