-Microsoft 365 Business Premium with its world class productivity tools is a wise choice for small and medium-sized businesses. Designed with cybersecurity in mind, Microsoft 365 Business Premium safeguards your data, devices and information. You are your organization's first and best defense against hackers and cyberattackers, including random individuals, organized crime, or highly sophisticated nation states.

-The task before you is this: let Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following six missions:

-ROBOTS: NO INDEX, NO FOLLOW

-description: "Learn how to automatically install the 32-bit Microsoft 365 apps on Windows computers and keep them updated in Microsoft 365 Business Premium."

-# Prepare to automatically install Microsoft 365 apps to client computers

-Use Microsoft 365 Business Premium to automatically install the 32-bit Microsoft 365 apps on Windows computers and keep them current with updates.

-

-Automatic installation works best if the computer:

-

-To determine if you have the Click-to-Run version of Office, in any Office app go to **File** \> **Account** ( **Office Account** in Outlook). If you see **Office Updates** as shown in the following figure, then the installation was done by using Click-to-Run.

-

-

-

-## Requirements for using this feature

-

-Works with:

-

-Doesn't work with:

-The following table shows what action the end users or admins may need to take, depending on their beginning state, to have a successful 32-bit Click-to-Run version of Office deployment from the Microsoft 365 for business admin console.<br/>

-|Starting Office install status|Action to take before Microsoft 365 for business Office install|End state|

-|:--|:--|:--|

-|No Office suite installed |None |Office 2016 32-bit is installed by using Click-to-Run |

-|Existing Click-to-Run 32-bit version of Office (2016 or earlier) and no standalone apps |None |Upgraded to the latest 32-bit Click-to-Run version of Office 2016, as needed **\*** |

-|Existing Click-to-Run 32-bit version of Office and Click-to-Run 32-bit or 64-bit standalone Microsoft 365 apps (for example, Visio, Project) |None |Standalone apps aren't affected. Suite is upgraded to Click-to-Run 32-bit version of Office 2016 |

-|Existing Click-to-Run 32-bit version of Office and any 32-bit or 64-bit (except 2016) MSI standalone Microsoft 365 apps |None |Standalone apps aren't affected. Suite is upgraded to Click-to-Run 32-bit version of Office 2016 |

-|Any existing Click-to-Run 64-bit version of Office |Uninstall the 64-bit Microsoft 365 apps, if it's OK to replace them with 32-bit Microsoft 365 apps |If Office 64-bit apps are removed, the Click-to-Run 32-bit version of Office 2016 is installed |

-|An existing MSI install of Office 2016 with or without standalone apps |Uninstall MSI Office 2016. |Click-to-Run 32-bit version of Office 2016 is installed. No change to standalone apps |

-|Existing MSI install of Office 2013 (or earlier) and/or standalone Microsoft 365 apps |None |Click-to-Run 32-bit version of Office 2016 with the pre-existing MSI Office install (and standalone apps) exist side-by-side |

- **(\*) Note:** Does not upgrade to Click-to-Run 32-bit version of Office 2016 due to a known bug. A fix is in progress.

-## Next objective

-[Create app protection settings](m365bp-protection-settings-for-windows-10-devices.md)

-

-Watch the following video to see how Microsoft 365 Business Premium helps your business be more productive and secure: <p>

-## Resources to train your users

-The security recommendations provided in [this guidance](index.md) make it much harder for cyberattackers to gain access to your environment. However, an important part of your security strategy includes training everyone in your organization&mdash;the people in your company who use your systems regularly. Users can be your first line of defense. Everyone needs to know how to work productively while maintaining a more secure environment.

-## Before you begin

-Make sure that you meet the following requirements before you begin your setup process:

-| Requirement | Description |

-|:|:|

-| Subscription | Microsoft 365 Business Premium or Microsoft 365 for Campaigns <br/><br/> To start a trial or purchase your subscription, see the following articles: <br/>- [Get Microsoft 365 Business Premium](get-microsoft-365-business-premium.md)<br/>- [Get Microsoft 365 for Campaigns](get-microsoft-365-campaigns.md) |

-| Permissions | To complete the initial setup process, you must be a Global Admin. [Learn more about admin roles](../admin/add-users/about-admin-roles.md). |

-| Browser requirements | Microsoft Edge, Safari, Chrome or Firefox. [Learn more about browser requirements](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources#coreui-heading-uyetipy). |

-| Operating systems (client) | **Windows**: Windows 10 or 11 Pro<br/>**macOS**: One of the three most recent versions of macOS

-| Operating systems (servers) | Windows Server or Linux Server <br/>(Requires an additional license, such as [Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md).) |

-> [!NOTE]

-> For more detailed information about Microsoft 365, Office, and system requirements, see [Microsoft 365 and Office Resources](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources).

-## Guided setup process

-Microsoft 365 Business Premium includes a guided process. The following video shows the guided setup process for Microsoft 365 Business Standard, which also applies to Microsoft 365 Business Premium. (Microsoft 365 Business Premium includes [advanced security settings that you'll configure](m365bp-security-overview.md) after your basic setup process is complete.)<br/><br/>

-> [!TIP]

-> After you have added users, give them a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). The guide walks them through signing in, getting Microsoft 365 apps, and saving, copying, and sharing files.

-When you're finished with the basic setup process, you'll see **Setup is complete**, where you can tell us how setup went and then go to your Microsoft 365 admin center. At this point, basic setup is complete, but you still need to [set up and configure your security settings](m365bp-security-overview.md).

-## Work with a Microsoft partner

-## Next objective

-Proceed to [Boost your security protection](m365bp-security-overview.md).

-For step-by-step instructions, see [Create an app in Azure Active Directory](deploy-facebook-connector.md#step-1-create-an-app-in-azure-active-directory).

-For step-by-step instructions, see [Deploy the connector web service from GitHub to your Azure account](deploy-facebook-connector.md#step-2-deploy-the-connector-web-service-from-github-to-your-azure-account).

-For step-by-step instructions, see [Register the Facebook app](deploy-facebook-connector.md#step-3-register-the-facebook-app).

-For step-by-step instructions, see [Step 5: Set up a Facebook connector in the compliance portal](deploy-facebook-connector.md#step-5-set-up-a-facebook-connector-in-the-compliance-portal).

-For step-by-step instructions, see [Create an app in Azure Active Directory](deploy-twitter-connector.md#step-1-create-an-app-in-azure-active-directory).

-For step-by-step instructions, see [Deploy the connector web service from GitHub to your Azure account](deploy-twitter-connector.md#step-2-deploy-the-connector-web-service-from-github-to-your-azure-account).

-For step-by-step instructions, see [Create the Twitter app](deploy-twitter-connector.md#step-3-create-the-twitter-app).

-For step-by-step instructions, see [Configure the connector web app](deploy-twitter-connector.md#step-4-configure-the-connector-web-app).

-For step-by-step instructions, see [Set up a Twitter connector in the Microsoft Purview compliance portal](deploy-twitter-connector.md#step-5-set-up-a-twitter-connector-in-the-compliance-portal).

-You can analyze communications for data imported into all mailboxes in your Microsoft 365 organization from third-party sources like [Instant Bloomberg](/microsoft-365/compliance/archive-instant-bloomberg-data), [Slack](/microsoft-365/compliance/archive-slack-data), [Zoom](/microsoft-365/compliance/archive-zoommeetings-data), SMS, and many others. For a full list of connectors supported in communication compliance, see [Learn about connectors for third-party data](/microsoft-365/compliance/archiving-third-party-data).

-You must configure a [third-party connector](/microsoft-365/compliance/archiving-third-party-data) for your Microsoft 365 organization before you can assign the connector to a communication compliance policy. The **Third-Party Sources** section of the communication compliance policy wizard only displays currently configured third-party connectors.

-Microsoft provides third-party data connectors that can be configured in the Microsoft Purview compliance portal. For a list of data connectors provided by Microsoft, see the [Third-party data connectors](archiving-third-party-data.md#third-party-data-connectors) table. The table of third-party data connectors also summarizes the compliance solutions that you can apply to third-party data after you import and archive data in Microsoft 365, and links to the step-by-step instructions for each connector.

-To learn more about Microsoft Purview Data Connectors, see [Archiving third-party data](archiving-third-party-data.md). If a third-party data type isn't supported by the data connectors available in the compliance portal, you can work with a partner who can provide you with a custom connector. For a list of partners you can work with and the step-by-step process for this method, see [Work with a partner to archive third-party data](work-with-partner-to-archive-third-party-data.md).

-You can use auto-quarantine to prevent an endless chain of DLP notifications for the user and adminsΓÇösee [Scenario 4: Avoid looping DLP notifications from cloud synchronization apps with auto-quarantine (preview)](endpoint-dlp-using.md#scenario-4-avoid-looping-dlp-notifications-from-cloud-synchronization-apps-with-auto-quarantine-preview).

-The most common use case is to use printers groups as an allowlist as in the above example for allowing the printing of contracts only to printers that are in the legal department. After you define a printer group here, it's available to be used in your policies that are scoped to **Devices**. See, [Scenario 7 Authorization groups](endpoint-dlp-using.md#scenario-7-authorization-groups-preview) for more information on configuring policy actions to use authorization groups.

-The most common use case is to use removable storage devices groups as an allowlist as in the above example for allowing the copying of files only to devices that are in the **Backup** group. After you define a removable storage device group here, it's available to be used in your policies that are scoped to **Devices**. See, [Scenario 7 Authorization groups](endpoint-dlp-using.md#scenario-7-authorization-groups-preview) for more information on configuring policy actions to use authorization groups. While scenario 7 uses printer authorization groups as an example, the principles are identical. The only thing that changes are the names of the groups and the actions you select.

-The most common use case is to use network share group as an allowlist as in the above example for allowing users to save or copy protected files only to the network shares that are defined in the group. After you define a networks share group here, it's available to be used in your policies that are scoped to **Devices**. See, [Scenario 7 Authorization groups](endpoint-dlp-using.md#scenario-7-authorization-groups-preview) for more information on configuring policy actions to use authorization groups.

-<br>

-****

-|Description of limit|Limit|

-|||

-|The maximum number of characters for the search query (including operators and conditions) for a search. <p> **Note:** This limit takes effect after the query is expanded and includes characters from the keyword query, any search permissions filters applied to the user, and the URLs of all site locations. This means the query will get expanded against each of the keywords. For example, if a search query has 15 keywords and additional parameters and conditions, the query gets expanded 15 times, each with the other parameters and conditions in the query. So even though the number of characters in the search query may be below the limit, it's the expanded query that may contribute to exceeding this limit.|**Mailboxes:** 10,000. <p> **Sites:** 4,000 when searching all sites or 2,000 when searching up to 20 sites. ³|

-> ² The intent of the preview page is to show a limited sample of the results. Even for massive searches with thousands of results, the number of items that are shown on the preview page can, and often will, be much less than maximum possible value of 1000. To see the complete search results, you need to export the results.

-> ³ When searching SharePoint and OneDrive for Business locations, the characters in the URLs of the sites being searched are counted against this limit.

-> ⁴ For non-phrase queries (a keyword value that doesn't use double quotation marks) we use a special prefix index. This tells us that a word occurs in a document, but not where it occurs in the document. To do a phrase query (a keyword value with double quotation marks), we need to compare the position within the document for the words in the phrase. This means that we can't use the prefix index for phrase queries. In this case, we internally expand the query with all possible words that the prefix expands to; for example, `"time*"` can expand to `"time OR timer OR times OR timex OR timeboxed OR ..."`. 10,000 is the maximum number of variants the word can expand to, not the number of documents matching the query. There is no upper limit for non-phrase terms.

-<br>

-****

-|Number of mailboxes|Average search time|

-|||

-<br>

-****

-|Description of limit|Limit|

-|||

-|Maximum amount of exportable data from a single search <p> **Note:** If the search results are larger than 2 TB, consider using date ranges, or other types of filters to decrease the total size of the search results.|2 TB|

-|Maximum an organization can export in a single day <p> **Note:** This limit is reset daily at 12:00AM UTC|2 TB|

-|Maximum size of PST file that can be exported <p> **Note:** If the search results from a user's mailbox are larger than 10 GB, the search results for the mailbox will be exported in two (or more) separate PST files. If you choose to export all search results in a single PST file, the PST file will be spilt into additional PST files if the total size of the search results is larger than 10 GB. If you want to change this default size, you can edit the Windows Registry on the computer that you use to export the search results. See [Change the size of PST files when exporting eDiscovery search results](ediscovery-change-the-size-of-pst-files-when-exporting-results.md). The search results from a specific mailbox won't be divided among multiple PST files unless the content from a single mailbox is more than 10 GB. If you chose to export the search results in one PST file for that contains all messages in a single folder and the search results are larger than 10 GB, the items are still organized in chronological order, so they'll be spilt into additional PST files based on the sent date.|10 GB|

-<br>

-****

-|Indexing limit|Maximum value|Description|

-||||

-|Maximum attachment size|150 MB|The maximum size of an email attachment that will parse for indexing. Any attachment that's larger than this limit won't be parsed for indexing, and the message with the attachment will be marked as partially indexed. <p> **Note:** Parsing is the process where the indexing service extracts text from the attachment, removes unnecessary characters like punctuation and spaces, and then divides the text into words (in a process called tokenization), that are then stored in the index.|

-|Description|Limit|

-|:-|:-|

-|Maximum number of jobs per day in your organization. <p> **Note:** This limit is reset daily at 12:00AM UTC|500|

-## Scenario 4: Avoid looping DLP notifications from cloud synchronization apps with auto-quarantine (preview)

-## Scenario 7 Authorization groups (preview)

-| <br> Manage retention and deletion of high-value items for business, legal, or regulatory record-keeping requirements.|

- - The equivalent of this configuration is now rolling out in preview. For more information, see the [migration playbook to configure oversharing popups](https://microsoft.github.io/ComplianceCxE/playbooks/AIP2MIP/Features/Collaboration/OversharingPopups/).

-For more information about working with a partner to import third-party data and a list of the third-party data types that you can import to Microsoft 365, see [Work with a partner to archive third-party data in Office 365](work-with-partner-to-archive-third-party-data.md).

-> The guidance in this article only applies to third-party data that was imported by a custom partner connector. This article doesn't apply to third-party data that is imported by using the [third-party data connectors](archiving-third-party-data.md#third-party-data-connectors) in the Microsoft compliance center.

-The previous keyword query example includes the subject property. For a list of other properties for third-party data items that can include in a keyword query, see the "More information" section in [Work with a partner to archive third-party data in Office 365](work-with-partner-to-archive-third-party-data.md#more-information).

-> After you edit your settings, make sure you follow the steps to [Disable open shifts, open shifts requests, swap requests, and time off requests.](/microsoft-365/frontline/shifts-connector-wizard-ukg#disable-open-shifts-open-shifts-requests-swap-requests-and-time-off-requests)

- > **Shifts users will not see provider data**: Data won't sync between UKG Dimensions and Shifts. <br>

- > **Shifts users can see provider data**: Data syncing is unidirectional from UKG Dimensions to Shifts. <br>

- > **Shifts users can see and change provider data**: Data syncing is bidirectional between UKG Dimensions and Shifts.

-## Week of February 27, 2023

-| Published On |Topic title | Change |

-|||--|

-| 2/28/2023 | [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) | modified |

-| 2/28/2023 | [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) | modified |

-| 2/28/2023 | [Advanced deployment guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) | modified |

-| 2/28/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified |

-| 2/28/2023 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified |

-| 2/28/2023 | [Manage your Microsoft Defender for Endpoint subscription settings across client devices](/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?view=o365-worldwide) | added |

-| 2/28/2023 | [Create and manage device tags](/microsoft-365/security/defender-endpoint/machine-tags?view=o365-worldwide) | modified |

-| 2/28/2023 | [Zero Trust with Microsoft 365 Defender](/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender?view=o365-worldwide) | added |

-| 2/28/2023 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) | modified |

-| 2/28/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified |

-| 2/27/2023 | [Information protection configuration tasks that you used to do in the Azure portal](/microsoft-365/compliance/azure-portal-migration?view=o365-worldwide) | added |

-| 2/27/2023 | [Get started with data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-get-started?view=o365-worldwide) | modified |

-| 2/27/2023 | [Learn about data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-learn?view=o365-worldwide) | modified |

-| 2/27/2023 | [Use data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-use?view=o365-worldwide) | modified |

-| 2/27/2023 | [Remove blocked connectors from the Restricted entities portal in Microsoft 365](/microsoft-365/security/office-365-security/connectors-remove-blocked?view=o365-worldwide) | modified |

-| 2/27/2023 | [Remove blocked users from the Restricted users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-worldwide) | modified |

-| 2/27/2023 | [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) | modified |

-| 2/27/2023 | [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) | modified |

-| 2/27/2023 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) | modified |

-| 2/27/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified |

-| 2/28/2023 | [Get started with DLP for Power BI](/microsoft-365/compliance/dlp-powerbi-get-started?view=o365-worldwide) | modified |

-| 2/28/2023 | [Troubleshoot error messages and problems in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-troubleshoot?view=o365-worldwide) | modified |

-| 2/28/2023 | [Overview of the Users page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-users-page-overview?view=o365-worldwide) | modified |

-| 2/28/2023 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) | modified |

-| 2/28/2023 | Manage your Microsoft Defender for Endpoint subscription settings across client devices | removed |

-| 3/1/2023 | [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) | modified |

-| 3/1/2023 | [Investigate insider risk management activities](/microsoft-365/compliance/insider-risk-management-activities?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use the Microsoft 365 admin center to manage your Shifts connection to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-blue-yonder-admin-center-manage?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use PowerShell to connect Shifts to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-blue-yonder-powershell-setup?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use PowerShell to manage your Shifts connection to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-powershell-manage?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use the Microsoft 365 admin center to manage your Shifts connection to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-ukg-admin-center-manage?view=o365-worldwide) | modified |

-| 3/1/2023 | [Team Shifts connector for UKG Dimensions known issues](/microsoft-365/frontline/shifts-connector-ukg-known-issues?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use PowerShell to manage your Shifts connection to UKG Dimensions](/microsoft-365/frontline/shifts-connector-ukg-powershell-manage?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use PowerShell to connect Shifts to UKG Dimensions](/microsoft-365/frontline/shifts-connector-ukg-powershell-setup?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use the Shifts connector wizard to connect Shifts to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-wizard-ukg?view=o365-worldwide) | modified |

-| 3/1/2023 | [Use the Shifts connector wizard to connect Shifts to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-wizard?view=o365-worldwide) | modified |

-| 2/28/2023 | [Use multi-segment support in information barriers](/microsoft-365/compliance/information-barriers-multi-segment?view=o365-worldwide) | added |

-| 2/28/2023 | [Manage information barriers policies](/microsoft-365/compliance/information-barriers-edit-segments-policies?view=o365-worldwide) | modified |

-| 2/28/2023 | [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies?view=o365-worldwide) | modified |

-| 2/28/2023 | [Information barriers](/microsoft-365/compliance/information-barriers-solution-overview?view=o365-worldwide) | modified |

-| 2/28/2023 | [Learn about information barriers](/microsoft-365/compliance/information-barriers?view=o365-worldwide) | modified |

-| 2/28/2023 | [Learn about the DLP alerts dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-learn?view=o365-worldwide) | modified |

-| 2/28/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |

-| 2/28/2023 | [Manage tamper protection for your organization using Microsoft Intune](/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-endpoint-manager?view=o365-worldwide) | modified |

-| 2/28/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified |

-| 2/28/2023 | [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-about?view=o365-worldwide) | modified |

-| 2/28/2023 | [Anti-spoofing protection FAQ](/microsoft-365/security/office-365-security/anti-phishing-protection-spoofing-faq?view=o365-worldwide) | modified |

-| 2/28/2023 | [Anti-spam protection FAQ](/microsoft-365/security/office-365-security/anti-spam-protection-faq?view=o365-worldwide) | modified |

-| 2/28/2023 | [Payloads in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-worldwide) | modified |

-| 2/28/2023 | [Respond to a compromised connector in Microsoft 365](/microsoft-365/security/office-365-security/connectors-detect-respond-to-compromise?view=o365-worldwide) | modified |

-| 2/28/2023 | [EOP general FAQ](/microsoft-365/security/office-365-security/eop-faq?view=o365-worldwide) | modified |

-| 2/28/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified |

-| 2/28/2023 | [Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-worldwide) | modified |

-| 2/28/2023 | [Zero Trust identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-worldwide) | modified |

-| 2/28/2023 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/priority-accounts-security-recommendations?view=o365-worldwide) | modified |

-| 2/28/2023 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-worldwide) | modified |

-| 2/28/2023 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-worldwide) | modified |

-| 2/28/2023 | [Connect Microsoft Defender for Office 365 to Microsoft Sentinel](/microsoft-365/security/office-365-security/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel?view=o365-worldwide) | modified |

-| 2/28/2023 | [Getting started with defense in-depth configuration for email security](/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide?view=o365-worldwide) | modified |

-| 2/28/2023 | [How-to deploy and configure the report message add-in](/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in?view=o365-worldwide) | modified |

-| 2/28/2023 | [Steps to quickly set up the Standard or Strict preset security policies for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies?view=o365-worldwide) | modified |

-| 2/28/2023 | [How to configure quarantine permissions and policies](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies?view=o365-worldwide) | modified |

-| 2/28/2023 | [How to prioritize, Manage, Investigate & Respond to Incidents in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender?view=o365-worldwide) | modified |

-| 2/28/2023 | [Protect your c-suite with Priority account protection in Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection?view=o365-worldwide) | modified |

-| 2/28/2023 | [Review and remove unnecessary allow list entries with Advanced Hunting in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/review-allow-entries?view=o365-worldwide) | modified |

-| 2/28/2023 | [Search for emails and remediate threats using Threat Explorer in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/search-for-emails-and-remediate-threats?view=o365-worldwide) | modified |

-| 2/28/2023 | [Steps to set up a weekly digest email of message center changes for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/stay-informed-with-message-center?view=o365-worldwide) | modified |

-| 2/28/2023 | [Microsoft Defender for Office 365 step-by-step guides and how to use them](/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview?view=o365-worldwide) | modified |

-| 2/28/2023 | [Assess and tune your filtering for bulk mail in Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/tune-bulk-mail-filtering-walkthrough?view=o365-worldwide) | modified |

-| 2/28/2023 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) | modified |

-| 2/28/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified |

-| 2/28/2023 | [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-explorer-threat-hunting?view=o365-worldwide) | modified |

-| 2/28/2023 | [Use Trusted ARC senders for legitimate devices and services between the sender and receiver](/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders?view=o365-worldwide) | modified |

-| 2/28/2023 | [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified |

-| 2/28/2023 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide) | modified |

-| 2/28/2023 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) | modified |

-| 3/1/2023 | [Learn about and configure insider risk management browser signal detection](/microsoft-365/compliance/insider-risk-management-browser-support?view=o365-worldwide) | modified |

-| 3/1/2023 | [Get started with insider risk management forensic evidence (preview)](/microsoft-365/compliance/insider-risk-management-forensic-evidence-configure?view=o365-worldwide) | modified |

-| 3/1/2023 | [Compare Microsoft Defender Vulnerability Management plans and capabilities](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide) | modified |

-| 3/1/2023 | [Microsoft Defender Vulnerability Management frequently asked questions](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-faq?view=o365-worldwide) | modified |

-| 3/1/2023 | [About the Microsoft Defender Vulnerability Management public preview trial](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-trial?view=o365-worldwide) | modified |

-| 3/1/2023 | [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide) | modified |

-| 3/1/2023 | [Sign up for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management?view=o365-worldwide) | modified |

-| 3/1/2023 | [Trial user guide - Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management?view=o365-worldwide) | modified |

-| 3/1/2023 | [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) | modified |

-| 3/1/2023 | [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-worldwide) | modified |

-| 3/1/2023 | [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-worldwide) | modified |

-| 3/1/2023 | [Create and view exceptions for security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-exception?view=o365-worldwide) | modified |

-| 3/1/2023 | [Firmware and hardware assessment](/microsoft-365/security/defender-vulnerability-management/tvm-hardware-and-firmware?view=o365-worldwide) | modified |

-| 3/1/2023 | [Hunt for exposed devices](/microsoft-365/security/defender-vulnerability-management/tvm-hunt-exposed-devices?view=o365-worldwide) | modified |

-| 3/1/2023 | [Network share configuration assessment](/microsoft-365/security/defender-vulnerability-management/tvm-network-share-assessment?view=o365-worldwide) | modified |

-| 3/1/2023 | [Prerequisites & permissions for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites?view=o365-worldwide) | modified |

-| 3/1/2023 | [Security baselines assessment](/microsoft-365/security/defender-vulnerability-management/tvm-security-baselines?view=o365-worldwide) | modified |

-| 3/1/2023 | [Software inventory](/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide) | modified |

-| 3/1/2023 | [Supported operating systems platforms and capabilities](/microsoft-365/security/defender-vulnerability-management/tvm-supported-os?view=o365-worldwide) | modified |

-| 3/1/2023 | [Mitigate zero-day vulnerabilities](/microsoft-365/security/defender-vulnerability-management/tvm-zero-day-vulnerabilities?view=o365-worldwide) | modified |

-| 3/1/2023 | [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | modified |

-| 3/1/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified |

-| 3/1/2023 | [Get started with insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence-configure?view=o365-worldwide) | modified |

-| 3/1/2023 | [Manage insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence-manage?view=o365-worldwide) | modified |

-| 3/1/2023 | [Learn about insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence?view=o365-worldwide) | modified |

-| 3/2/2023 | [Business subscriptions and billing documentation # < 60 chars](/microsoft-365/commerce/index?view=o365-worldwide) | modified |

-| 3/2/2023 | [Microsoft business subscriptions and billing documentation # < 60 chars](/microsoft-365/commerce/index2?view=o365-worldwide) | added |

-| 3/2/2023 | [Best practices for managing your alerts queue](/microsoft-365/compliance/communication-compliance-alerts-best-practices?view=o365-worldwide) | added |

-| 3/2/2023 | [Create custom sensitive information types](/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-worldwide) | modified |

-| 3/2/2023 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-worldwide) | modified |

-| 3/2/2023 | [Customize a built-in sensitive information type](/microsoft-365/compliance/customize-a-built-in-sensitive-information-type?view=o365-worldwide) | modified |

-| 3/2/2023 | [About Document Fingerprinting](/microsoft-365/compliance/document-fingerprinting?view=o365-worldwide) | modified |

-| 3/2/2023 | [Common usage scenarios for sensitive information types](/microsoft-365/compliance/sit-common-scenarios?view=o365-worldwide) | modified |

-| 3/2/2023 | [Create EDM SIT using the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-schema-rule-package?view=o365-worldwide) | modified |

-| 3/2/2023 | [Custom sensitive information type filters reference](/microsoft-365/compliance/sit-custom-sit-filters?view=o365-worldwide) | modified |

-| 3/2/2023 | [Create notifications for exact data match activities](/microsoft-365/compliance/sit-edm-notifications-activities?view=o365-worldwide) | modified |

-| 3/2/2023 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) | modified |

-| 3/2/2023 | [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) | modified |

-| 3/2/2023 | [Use the Shifts connector wizard to connect Shifts to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-wizard-ukg?view=o365-worldwide) | modified |

-| 3/2/2023 | [Use the Shifts connector wizard to connect Shifts to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-wizard?view=o365-worldwide) | modified |

-| 3/1/2023 | [Sensitive information type REGEX validators and additional checks](/microsoft-365/compliance/sit-regex-validators-additional-checks?view=o365-worldwide) | modified |

-| 3/1/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |

-| 3/1/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified |

-| 3/1/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

-| 3/3/2023 | [Automatic Service Health Incident Creation](/microsoft-365/admin/manage/servicenow-incidents?view=o365-worldwide) | modified |

-| 3/3/2023 | [France national ID card (CNI) entity definition](/microsoft-365/compliance/sit-defn-france-national-id-card?view=o365-worldwide) | modified |

-| 3/3/2023 | [U.S. individual taxpayer identification number (ITIN) entity definition](/microsoft-365/compliance/sit-defn-us-individual-taxpayer-identification-number?view=o365-worldwide) | modified |

-| 3/3/2023 | [Test an exact data match sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-test?view=o365-worldwide) | modified |

-| 3/3/2023 | [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-worldwide) | modified |

-| 3/3/2023 | [Sensitive information type limits](/microsoft-365/compliance/sit-limits?view=o365-worldwide) | modified |

-| 3/3/2023 | [Manage custom sensitive information types in compliance portal](/microsoft-365/compliance/sit-manage-custom-sits-compliance-center?view=o365-worldwide) | modified |

-| 3/3/2023 | [Modify Exact Data Match schema to use configurable match](/microsoft-365/compliance/sit-modify-edm-schema-configurable-match?view=o365-worldwide) | modified |

-| 3/3/2023 | [How to schedule scans with Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-schedule-scan-mde?view=o365-worldwide) | modified |

-| 3/3/2023 | [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](/microsoft-365/security/defender/defender-experts-report?view=o365-worldwide) | modified |

-| 3/3/2023 | [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) | modified |

-| 3/2/2023 | [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) | modified |

-| 3/3/2023 | [Get started with Activity explorer](/microsoft-365/compliance/data-classification-activity-explorer?view=o365-worldwide) | modified |

-| 3/3/2023 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/quarantine-end-user?view=o365-worldwide) | modified |

-| 3/3/2023 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) | modified |

-| 3/3/2023 | [Configure a default sensitivity label for a SharePoint document library](/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label?view=o365-worldwide) | modified |

-| 3/3/2023 | [Increase Classifier Accuracy](/microsoft-365/compliance/data-classification-increase-accuracy?view=o365-worldwide) | modified |

-| 3/3/2023 | [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) | modified |

-| 3/3/2023 | [Quarantine notifications (end-user spam notifications) in Microsoft 365](/microsoft-365/security/office-365-security/quarantine-quarantine-notifications?view=o365-worldwide) | modified |

-| 3/3/2023 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) | modified |

-Clearly articulating roles and responsibilities of persons responsible for monitoring and communicating ASR rules status and activity is a core activity of ASR maintenance. Therefore, it is important to determine:

-For large enterprises, Microsoft recommends deploying ASR rules in "rings." Rings are groups of devices that are visually represented as concentric circles that radiate outward like non-overlapping tree rings. When the innermost ring is successfully deployed, you can transition the next ring into the testing phase. Thorough assessment of your business units, ASR rules champions, apps, and processes is imperative to defining your rings.

- 1. **Send safe samples automatically** (default)

-Block at first sight is a threat protection feature of next-generation protection that detects new malware and blocks it within seconds. Block at first sight is enabled when certain security settings are enabled. These settings include:

-In most enterprise organizations, the settings needed to enable block at first sight are configured with Microsoft Defender Antivirus deployments.

-### Create a device configuration profile

-1. In the Microsoft Intune admin center (<https://endpoint.microsoft.com>), navigate to **Devices** \> **Configuration profiles**.

-2. Select or create a profile using the **Device restrictions** profile type.

-3. In the **Configuration settings** for the Device restrictions profile, set or confirm the following settings under **Microsoft Defender Antivirus**:

- - **Cloud-delivered protection**: Enabled

- - **File Blocking Level**: High

- - **Time extension for file scanning by the cloud**: 50

- - **Prompt users before sample submission**: Send all data without prompting

- :::image type="content" source="../../media/intune-block-at-first-sight.png" alt-text="Intune config block at first sight" lightbox="../../media/intune-block-at-first-sight.png":::

-4. Save your settings.

-> [!TIP]

->

-> - Setting the file blocking level to **High** applies a strong level of detection. In the unlikely event that file blocking causes a false positive detection of legitimate files, your security operations team can [restore quarantined files](./restore-quarantined-files-microsoft-defender-antivirus.md).

-> - For more information about configuring Microsoft Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure).

-> - For a list of Microsoft Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](/intune/device-restrictions-windows-10#microsoft-defender-antivirus).

-### Create an endpoint security policy

-1. In the Microsoft Intune admin center (<https://endpoint.microsoft.com>), go to **Endpoint security** \> **Antivirus**.

-2. Select an existing policy, or create a new policy using the **Microsoft Defender Antivirus** profile type.

-3. Set or confirm the following configuration settings:

- - **Turn on cloud-delivered protection**: Yes

- - **Cloud-delivered protection level**: High

- - **Microsoft Defender Antivirus Extended Timeout in Seconds**: 50

- :::image type="content" source="images/endpointmgr-antivirus-cloudprotection.png" alt-text="Block at first sight settings in the Microsoft Intune admin center portal" lightbox="images/endpointmgr-antivirus-cloudprotection.png":::

-4. Apply the Microsoft Defender Antivirus profile to a group, such as **All users**, **All devices**, or **All users and devices**.

-> Turning off block at first sight will lower the protection state of your device(s) and your network.

-You might choose to disable block at first sight if you want to retain the prerequisite settings without actually using block at first sight protection. You might temporarily turn block at first sight off to see how this feature affects your network. However, we do not recommend disabling block at first sight protection permanently.

-5. Change one or more of the following settings:

- - Set **Turn on cloud-delivered protection** to **No** or **Not configured**.

- - Set **Cloud-delivered protection level** to **Not configured**.

- - Clear the check box for **Microsoft Defender Antivirus Extended Timeout In Seconds**.

-> [!TIP]

-> If you're looking for Antivirus related information for other platforms, see:

-> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)

-> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)

-> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)

-> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)

-> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)

-> - [Configure Defender for Endpoint on Android features](android-configure.md)

-> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)

-Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, cloud-delivered protection is set to **Not configured**; however, we recommend setting it to **High**. To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus).

-You can use [Intune](/mem/intune/fundamentals/what-is-intune) or other methods, such as [Group Policy](/azure/active-directory-domain-services/manage-group-policy), to edit or set your cloud-delivered protection settings. (see [Manage Microsoft Defender for Endpoint](manage-mde-post-migration.md)).

-#### Use Intune to review and edit cloud-delivered protection settings (for existing policies)

-1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-set-cloud-delivered-protection-settings-for-a-new-policy)).

-2. Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.

-3. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting cloud-delivered protection to **Not configured**, which provides strong protection while reducing the chances of getting false positives.

-4. Choose **Review + save**, and then **Save**.

-#### Use Intune to set cloud-delivered protection settings (for a new policy)

-1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** \> **+ Create policy**.

-2. For **Platform**, select an option, and then for **Profile**, select **Antivirus** or **Microsoft Defender Antivirus** (the specific option depends on what you selected for **Platform**.) Then choose **Create**.

-3. On the **Basics** tab, specify a name and description for the policy. Then choose **Next**.

-4. On the **Configuration settings** tab, expand **Cloud protection**, and specify the following settings:

- - Set **Turn on cloud-delivered protection** to **Yes**.

- - Set **Cloud-delivered protection level** to **Not configured**. (This level provides a strong level of protection by default while reducing the chances of getting false positives.)

-5. On the **Scope tags** tab, if you're using scope tags in your organization, specify scope tags for the policy. (See [Scope tags](/mem/intune/fundamentals/scope-tags).)

-6. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).)

-7. On the **Review + create** tab, review the settings, and then choose **Create**.

-> [!TIP]

-> To learn more about PUA, see [Detect and block potentially unwanted applications](/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).

-We recommend using [Intune](/mem/endpoint-manager-overview) to edit or set PUA protection settings; however, you can use other methods, such as [Group Policy](/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-mde-post-migration.md).

-#### Use Intune to edit PUA protection (for existing configuration profiles)

-1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Devices** \> **Configuration profiles**, and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-set-pua-protection-for-a-new-configuration-profile).)

-2. Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.

-3. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.

-4. Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you'll be able to see detections.)

-5. Choose **Review + save**, and then choose **Save**.

-#### Use Intune to set PUA protection (for a new configuration profile)

-1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Devices** \> **Configuration profiles** \> **+ Create profile**.

-2. For the **Platform**, choose **Windows 10 and later**, and for **Profile**, select **Device restrictions**.

-3. On the **Basics** tab, specify a name and description for your policy. Then choose **Next**.

-4. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.

-5. Set **Detect potentially unwanted applications** to **Audit**, and then choose **Next**. (You can turn off PUA protection, but by using audit mode, you'll be able to see detections.)

-6. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).)

-7. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.

-8. On the **Review + create** tab, review your settings, and, and then choose **Create**.

-> [!TIP]

-> If you're looking for Antivirus related information for other platforms, see:

-> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)

-> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)

-> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)

-> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)

-> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)

-> - [Configure Defender for Endpoint on Android features](android-configure.md)

-> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)

- | Create a new policy | 1. For **Platform**, select **Windows 10, Windows 11, and Windows Server**. <br/>2. For **Profile**, select **Microsoft Defender Antivirus**.<br/>3. On the **Basics** page, specify a name and description for the policy, and then choose **Next**.<br/>4. In the **Defender** section, find **Allow Cloud Protection**, and set it to **Allowed**. Then choose **Next**. <br/>5. On the **Scope tags** step, if your organization is using [scope tags](/mem/intune/fundamentals/scope-tags), select the tags you want to use, and then choose **Next**.<br/>6. On the **Assignments** step, select the groups, users, or devices that you want to apply this policy to, and then choose **Next**.<br/>7. On the **Review + create** step, review the settings for your policy, and then choose **Create**. |

- | Edit an existing policy | 1. Select the policy that you want to edit.<br/>2. Under **Configuration settings**, choose **Edit**.<br/>3. In the **Defender** section, find **Allow Cloud Protection**, and set it to **Allowed**.<br/>4. Select **Review + save**. |

- > If automatic sample submission has been configured with Group Policy then the setting will be greyed-out and unavailable.

-## See also

-> [!NOTE]

-> Selecting **High**, **High +**, or **Zero tolerance** could cause some legitimate files to be detected. If that happens, you can unblock the detected file or dispute that detection in the Microsoft 365 Defender portal.

-3. Select an antivirus profile. (If you don't have one yet, or if you want to create a new profile, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure).

-## Training for security analysts

-Use this learning module from Microsoft Learn to understand how Microsoft 365 Defender uses automated self-healing for incident investigation and response.

-|Training:|Automate self-healing with Microsoft 365 Defender|

-|||

-|| Microsoft 365 Defender uses AI to automate remediation for incidents, helping your security operations team address threats more efficiently and effectively. <p> 11 min - 5 Units |

-> [!div class="nextstepaction"]

-> [Start >](/training/modules/defender-self-healing/)

-One of the most crucial elements in a phishing simulation is the payload selection. If you're tracking only click-through as a quality metric, there's an incentive to decrease the click rate by selecting easier-to-spot phishing payloads. Eventually, it's less likely that the user will change their behavior when a real phishing messages comes along.

-|**Information Protection**|Full control over all information protection features, including sensitivity labels and their policies, DLP, all classifier types, activity and content explorers, and all related reports.|Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Purview Evaluation Administrator|

-|**Information Protection Admins**|Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.|Information Protection Admin <br/><br/> Purview Evaluation Administrator|

-|**Information Protection Analysts**|Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Data Classification List Viewer <br/><br/> Information Protection Analyst <br/><br/> Purview Evaluation Administrator|

-|**Information Protection Investigators**|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Purview Evaluation Administrator|

-|**Purview Evaluation Administrator**|Used to create and manage M365 Purview Evaluation lab|Information Protection <br/><br/> Information Protection Admins <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators|

-description: Configure the security and infrastructure that allows your employees to work remotely from anywhere and at any time.

-# Configure a team with security isolation in a dev/test environment

-This article provides step-by-step instructions to create a [team with security isolation](secure-teams-security-isolation.md) in a dev/test environment.

-[Configuration for the Company Strategy isolated team.](../media/team-security-isolation-dev-test/team-security-isolation-dev-test-config.png)

-Use this dev/test environment to experiment and fine-tune settings for your specific needs before deploying this type of team in production.

-## Phase 1: Build out your Microsoft 365 Enterprise test environment

-If you just want to test sensitive and highly sensitive teams in a lightweight way with the minimum requirements, follow the instructions in [Lightweight base configuration](../enterprise/lightweight-base-configuration-microsoft-365-enterprise.md).

-If you want to test sensitive and highly sensitive teams in a simulated enterprise, follow the instructions in [Password hash synchronization](../enterprise/password-hash-sync-m365-ent-test-environment.md).

-> [!NOTE]

-> Testing a team with security isolation does not require the simulated enterprise test environment, which includes a simulated intranet connected to the Internet and directory synchronization for an Active Directory Domain Services (AD DS) forest. It is provided here as an option so that you can test a team with security isolation and experiment with it in an environment that represents a typical organization.

-## Phase 2: Create and configure your Azure Active Directory (Azure AD) group and users

-In this phase, you create and configure an Azure AD group and users for your fictional organization.

-First, create a security group with the Azure portal.

-1. Create a separate tab in your browser, and then go to the Azure portal at [https://portal.azure.com](https://portal.azure.com). If needed, sign in with the credentials of the global administrator account for your Microsoft 365 E5 trial or paid subscription.

-2. In the Azure portal, click **Azure Active Directory > Groups**.

-3. On the **Groups - All groups** blade, click **+ New group**.

-4. On the **Group** blade:

- - Select **Security** in **Group type**.

- - Type **C-Suite** in **Name**.

- - Select **Assigned** in **Membership type**.

-5. Click **Create**, and then close the **Group** blade.

-Next, configure automatic licensing so that members of the new **C-Suite** group are automatically assigned a Microsoft 365 E5 license.

-1. In the Azure portal, click **Azure Active Directory > Licenses > All products**.

-2. In the list, select **Microsoft 365 Enterprise E5**, and then click **Assign**.

-3. In the **Assign license** blade, click **Users and groups**.

-4. In the list of groups, select the **C-Suite** group.

-5. Click **Select**, and then click **Assign**.

-6. Close the Azure portal tab in your browser.

-Next, [connect with the Azure Active Directory PowerShell for Graph module](../enterprise/connect-to-microsoft-365-powershell.md#connect-with-the-azure-active-directory-powershell-for-graph-module).

-Fill in your organization name, your location, and a common password, and then run these commands from the PowerShell command prompt or Integrated Script Environment (ISE) to create new user accounts and add them to the C-Suite group:

-```powershell

-$orgName="<organization name, such as contoso-test for the contoso-test.onmicrosoft.com trial subscription domain name>"

-$location="<the ISO ALPHA2 country code, such as US for the United States>"

-$commonPassword="<common password for all the new accounts>"

-$PasswordProfile=New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile

-$PasswordProfile.Password=$commonPassword

-$groupName="C-Suite"

-$userNames=@("CEO","CFO","CIO")

-$groupID=(Get-AzureADGroup | Where { $_.DisplayName -eq $groupName }).ObjectID

-ForEach ($element in $userNames){

-New-AzureADUser -DisplayName $element -PasswordProfile $PasswordProfile -UserPrincipalName ($element + "@" + $orgName + ".onmicrosoft.com") -AccountEnabled $true -MailNickName $element -UsageLocation $location

-Add-AzureADGroupMember -RefObjectId (Get-AzureADUser | Where { $_.DisplayName -eq $element }).ObjectID -ObjectId $groupID

-}

-```

-> [!NOTE]

-> The use of a common password here is for automation and ease of configuration for a dev/test environment. Obviously, this is highly discouraged for production subscriptions.

-Use these steps to verify that group-based licensing is working correctly.

-1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com).

-2. From the new **Microsoft 365 admin center** tab of your browser, click **Users**.

-3. In the list of users, click **CEO**.

-4. In the pane that lists the properties of the **CEO** user account, verify that it has been assigned the **Microsoft 365 Enterprise E5** license in **Product licenses**.

-## Phase 3: Create your team

-In this phase, you create and configure a team with security isolation for members of the senior leadership team to collaborate on company strategy.

-First, enable sensitivity labels to protect content in Microsoft Teams, Office 365 groups, and SharePoint sites before you proceed with the steps in [this article](../compliance/sensitivity-labels-teams-groups-sites.md).

-Next, create the team:

-1. In Teams, click **Teams** on the left side of the app, then click **Join or create a team** at the bottom of the teams list.

-2. Click **Create team** (first card, top left corner).

-3. Choose **Build a team from scratch**.

-4. In the **Sensitivity** list, keep the default.

-5. Under **Privacy**, click **Private**.

-6. Type **Company Strategy**, and then click **Create** > **Close**.

-Next, restrict the creation of private channels to owners of the Company Strategy group.

-1. In the team, click **More options**, and then click **Manage team**.

-2. On the **Settings** tab, expand **Member permissions**.

-3. Clear the **Allow members to create private channels** check box.

-Next, you need to configure a sensitivity label with the following settings:

-Follow these steps:

-1. Open the Microsoft Purview compliance portal, under **Solutions**, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2174015" target="_blank">**Information protection**</a>.

-1. Click **Create a label**.

-1. Type **Company Strategy** for the label name.

-1. Type **Senior leadership company strategy documents** as the tool tip, and then click **Next**.

-1. On the **Encryption** page, in the **Encryption** dropdown, choose **Apply**.

-1. To add the team permissions:<br>

- a. Click **Assign permissions**.<br>

- b. Click **Add users or groups**, select **Company Strategy**, and then click **Add**.<br>

- c. Click **Choose permissions**.<br>

- d. Choose **Co-Author** from the dropdown list, and then click **Save**.<br>

-1. Click **Next**.

-1. On the **Content marking** page, click **Next**.

-1. On the **Site and group settings** page, set **Site and group settings** to **On**.

-1. In the **Privacy of Office 365 group-connected team sites** dropdown, choose **Private - only members can access the site**.

-1. Under **Unmanaged devices**, choose **Block access**.

-1. Click **Next**.

-1. On the **Auto-labeling for Office apps** page, click **Next**.

-1. Click **Submit**, and then click **Done**.

-Next, publish the new label with these steps:

-1. In the Microsoft Purview compliance portal, on the <a href="https://go.microsoft.com/fwlink/p/?linkid=2174015" target="_blank">**Information protection**</a>, choose the **Label policies** tab.

-2. Click **Publish labels**.

-3. On the **Choose sensitivity labels to publish** page, click **Choose sensitivity labels to publish**.

-4. Select **Company Strategy**, and then click **Add**.

-5. Click **Next**.

-6. On the **Publish to users and groups** page, click **Choose users and groups**.

-7. Click **Add**, and then select **Company Strategy**.

-8. Click **Add**, and then click **Done**.

-9. Click **Next**.

-10. On the Policy settings page, select the **Users must provide justification to remove a label or lower classification label** check box, and then click **Next**.

-11. Type **Company Strategy** for the policy name, and then click **Next**.

-12. Click **Submit** and then click **Done**.

-It may take some time for the **Company Strategy** label to become available after it's been published.

-Next, apply your new label to the **Company Strategy** team and update the default sharing link type to reduce the risk of accidentally sharing files and folders to a wider audience than intended.

-1. Open the SharePoint admin center, under **Sites**, select <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a>.

-1. Select the **Company Strategy** site.

-1. On the **Policies** tab, under **Sensitivity**, select **Edit**.

-1. Select the **Company Strategy** label, and then select **Save**.

-1. On the **Policies** tab, under **External sharing**, select **Edit**.

-1. Choose **Only people in your organization**.

-1. Under **Default sharing** link type, clear the **Same as organization-level setting** check box, and select **People with existing access**.

-1. Select **Save**.

-Next, configure owners-only site sharing for the **Company Strategy** team.

-1. In Teams, navigate to the **General** tab of the **Company Strategy** team.

-2. In the tool bar for the team, click **Files**.

-3. Click the ellipsis, and then click **Open in SharePoint**.

-4. In the tool bar of the underlying SharePoint site, click the settings icon, and then click **Site permissions**.

-5. In the Site permissions pane, under **Site Sharing**, click **Change how members can share**.

-6. Under **Sharing permissions**, choose **Only site owners can share files, folders, and the site**, and then click **Save**.

-7. Close the **Permissions** and **Settings** panes.

-If you sign in as a member of the Company Strategy group, you will see **Company Strategy** in the **Sensitivity** option in the Home toolbar of Word, Excel, and PowerPoint. Select the **Company Strategy** label from the **Sensitivity** option to assign the label to a file.

-Here is the resulting configuration for the Company Strategy team.

-

-## Next step

-When you're ready for production deployment, see these [configuration instructions](secure-teams-security-isolation.md).

-description: "Use Test Lab Guides to build out Microsoft 365 solutions and scenarios in a dev/test environment."

-# Test Lab Guides for solutions and scenarios

-Test Lab Guides (TLGs) help you quickly learn about Microsoft products. They provide prescriptive instructions to configure simplified but representative test environments. You can use these environments for demonstration, customization, or creation of complex proofs of concept for the duration of a trial or paid subscription.

-TLGs are designed to be modular. They build upon each other to create multiple configurations that more closely match your learning or test configuration needs. The "I built it out myself and it works" hands-on experience helps you understand the deployment requirements of a new product or scenario so you can better plan for hosting it in production.

-You can also use TLGs to create representative environments for development and testing of applications, also known as dev/test environments.

-

-

-Try [this Test Lab Guide](team-security-isolation-dev-test.md) to set up a team with security isolation.

-For additional guides for Microsoft 365 features and configuration, see [Microsoft 365 for enterprise Test Lab Guides](../enterprise/m365-enterprise-test-lab-guides.md).