Updates from: 04/12/2022 02:02:46
Category Microsoft Docs article Related commit history on GitHub Change details
admin Active Users Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/active-users-ww.md
For example, you can use the **Active Users** report to find out how many produc
## How to get to the Active Users report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Services card.
+2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Services card.
## Interpret the Active Users report
The Activity chart shows you daily activity count in the reporting period separa
The Services chart shows you count of users by activity type and Service. - On the Users chart, the x axis shows the selected reporting time period and the y axis displays the daily active users separated and color coded by license type.
-On the Activity chart, the x axis shows the selected reporting time period and the y axis displays the daily activity count separated and color coded by license type.
+On the Activity chart, the x axis shows the selected reporting time period and the y axis displays the daily activity count separated and color coded by license type.
On the Services activity chart, the X axis displays the individual services your users are enabled for in the given time period and the Y axis is the Count of users by activity status, color coded by activity status. - You can filter the series you see on the chart by selecting an item in the legend. Changing this selection doesn't change the info in the grid table.
On the Services activity chart, the X axis displays the individual services your
- You can change what information is displayed in the grid table with column controls. If your subscription is operated by 21Vianet, then you will not see Yammer. -- If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in [Activity Reports in the Microsoft 365 admin center](activity-reports.md).
admin Browser Usage Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/browser-usage-report.md
The Microsoft 365 Reports dashboard shows you an activity overview across the pr
1. In the admin center, go to the **Reports** \> <b><a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a></b> page.
-2. From the dashboard homepage, click on the **View more** button on the Microsoft browser usage card.
+2. From the dashboard homepage, click on the **View more** button on the Microsoft browser usage card.
## How to notify users to upgrade their browser
admin Forms Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/forms-activity-ww.md
For example, you can understand the activity of every user licensed to use Micro
## How to get to the Forms activity report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Forms card.
+2. From the dashboard homepage, click on the **View more** button on the Forms card.
## Interpret the Forms activity report
admin Forms Pro Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/forms-pro-activity-ww.md
For example, you can understand the activity of every user licensed to use Micro
## How to get to the Dynamics 365 Customer Voice activity report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Dynamics 365 Customer Voice card.
+2. From the dashboard homepage, click on the **View more** button on the Dynamics 365 Customer Voice card.
## Interpret the Dynamics 365 Customer Voice activity report
admin Microsoft Office Activations Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-office-activations-ww.md
The Office Activation report gives you a view of which users have activated thei
## How to get to the Office activations report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Office activations card.
+2. From the dashboard homepage, click on the **View more** button on the Office activations card.
## Interpret the Office activations report
admin Microsoft Teams Device Usage Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-device-usage-preview.md
The Microsoft 365 Reports dashboard shows you the activity overview across the p
## How to get to the Microsoft Teams app usage report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Microsoft Teams activity card.
+2. From the dashboard homepage, click on the **View more** button on the Microsoft Teams activity card.
## Interpret the Microsoft Teams app usage report
admin Microsoft Teams Usage Activity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-usage-activity.md
ms.localizationpriority: medium -+ - M365-subscription-management - Adm_O365 - Adm_NonTOC
description: "Learn how to get the Microsoft Teams usage activity report and gai
# Microsoft 365 Reports in the admin center - Microsoft Teams usage activity
-The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). <br/>
+The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md).
-The brand-new **Teams usage report** gives you an overview of the usage activity in Teams, including the number of active users, channels and messages so you can quickly see how many users across your organization are using Teams to communicate and collaborate. It also includes other Teams specific activities, such as the number of active guests, meetings, and messages.
-
-<br/>![Microsoft 365 reports - Microsoft Teams activity report.](../../media/teams-usage.png)
+The brand-new **Teams usage report** gives you an overview of the usage activity in Teams, including the number of active users, channels and messages so you can quickly see how many users across your organization are using Teams to communicate and collaborate. It also includes other Teams specific activities, such as the number of active guests, meetings, and messages.
+![Microsoft 365 reports - Microsoft Teams activity report.](../../media/teams-usage.png)
## How to get to the Microsoft Teams usage activity report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the **Microsoft Teams activity** card.<br/>
-<br/>![Microsoft 365 reports - Microsoft Teams activity card.](../../media/teams-usage-card.png)<br/>
+2. From the dashboard homepage, click on the **View more** button on the **Microsoft Teams activity** card.
-3. On the **Microsoft Teams** reports page, select the **Teams Usage** tab.
+ ![Microsoft 365 reports - Microsoft Teams activity card.](../../media/teams-usage-card.png)<br/>
+3. On the **Microsoft Teams** reports page, select the **Teams Usage** tab.
## Interpret the Microsoft Teams usage activity report You can view the user activity in the Teams report by choosing the **Teams Usage** tab. This will display the following charts: -- **Channel usage**: Tracks the number of channel uses, by activity type, over time.<br/>
- <br/> ![Teams usage activity report - channel usage.](../../media/teams-usage-channel.png)<br/>
+- **Channel usage**: Tracks the number of channel uses, by activity type, over time.
-- **Team usage**: Tracks the number of teams, by type and activity, over time.<br/>
- <br/> ![Teams usage activity report - team usage.](../../media/teams-usage-usage.png)<br/>
+ ![Teams usage activity report - channel usage.](../../media/teams-usage-channel.png)
+
+- **Team usage**: Tracks the number of teams, by type and activity, over time.
+
+ ![Teams usage activity report - team usage.](../../media/teams-usage-usage.png)
Additionally, the chart includes usage details for individual teams, such as last activity date, active users, active channels, and other data.
-<br/>![Microsoft 365 reports - Microsoft Teams usage activity table.](../../media/teams-usage-table.png)
+![Microsoft 365 reports - Microsoft Teams usage activity table.](../../media/teams-usage-table.png)
+
+In the table, select **Choose columns** to add or remove columns from the report.
-In the table, select **Choose columns** to add or remove columns from the report. <br/> <br/>
![Teams usage activity report - choose columns.](../../media/teams-usage-columns.png) You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. The exported format for **audio time**, **video time**, and **screen share time** follows ISO8601 duration format.
To ensure data quality, we perform daily data validation checks for the past thr
> [!Important] > Data for a given day will show up within 48 hours. For example, data for January 10th should show up in the report by January 12th. - ### Channel usage metrics The Channel usage chart shows data on the following metrics.
The Channel usage chart shows data on the following metrics.
|Item|Description| |:--|:--| |**Metric**|**Definition**|
-|Active channel users <br/> |This is the total of internal active users, active guests, and external active users. <br/><br/> **Internal active users** - Users that have at least one panel action in the specified time period. This excludes guests. <br/> **Active guests** - Guests that have at least one panel action in the specified time period. A guest is a person from outside your organization who accesses shared resources by signing in to a guest account in my directory. <br/> **External active user** - External participants that have at least one panel action in the specified time period. An external participant is a person from outside your organization who is participating in a resource ΓÇô such as a shared channel ΓÇô using their own identity and not a guest account in your directory. <br/>|
-|Active channels <br/> |Valid channels in active teams that have at least one active user in the specified time period. This includes public, private, or shared channels. <br/> |
-|Channel messages <br/> |The number of unique messages that the user posted in a private chat during the specified time period. <br/> |
+|Active channel users|This is the total of internal active users, active guests, and external active users. <br/><br/> **Internal active users** - Users that have at least one panel action in the specified time period. This excludes guests. <br/> **Active guests** - Guests that have at least one panel action in the specified time period. A guest is a person from outside your organization who accesses shared resources by signing in to a guest account in my directory. <br/> **External active user** - External participants that have at least one panel action in the specified time period. An external participant is a person from outside your organization who is participating in a resource ΓÇô such as a shared channel ΓÇô using their own identity and not a guest account in your directory.|
+|Active channels|Valid channels in active teams that have at least one active user in the specified time period. This includes public, private, or shared channels.|
+|Channel messages|The number of unique messages that the user posted in a private chat during the specified time period.|
### Team usage metrics
The Teams usage chart shows data on the following metrics.
|Item|Description| |:--|:--| |**Metric**|**Definition**|
-|Private teams <br/> |A private team that is either active or inactive. |
-|Public teams <br/> |A public team that is either active or inactive. |
-|Active private teams <br/> |A team that is private and active. |
-|Active public teams <br/> |A team that is public and active. |
+|Private teams|A private team that is either active or inactive.|
+|Public teams|A public team that is either active or inactive.|
+|Active private teams|A team that is private and active.|
+|Active public teams|A team that is public and active.|
### Teams details
Data for following metrics are available for individual teams.
|Item|Description| |:--|:--| |**Metric**|**Definition**|
-|Team ID <br/> |Team identifier <br/>|
-|Internal active users <br/> |Users that have at least one panel action in the specified time period including guests. <br/> <br/> Internal users and guests that reside in the same tenant. Internal users exclude guests. |
-|Active guests <br/> |Guests that have at least one panel action in the specified time period. <br/> <br/> A guest is defined as persons from outside your organization who accesses shared resources by signing in to a guest account in my directory. |
-|External active users <br/> |External participants that have at least one panel action in the specified time period.<br/><br/> An external participant is defined as a person from outside your organization who is participating in a resource ΓÇô such as a shared channel ΓÇô using their own identity and not a guest account in your directory. |
-|Active channels <br/> |Valid channels in active teams that have at least one active user in the specified time period. This includes public, private, or shared channels. <br/> |
-|Active shared channels <br/> |Valid shared channels in active teams that have at least one active user in the specified time. <br/> <br/>A shared channel is defined as a Teams channel that can be shared with people outside the team. These people can be inside your organization or from other Azure AD organizations. |
-|Total organized meetings <br/> |The sum of one-time scheduled, recurring, ad hoc and unclassified meetings a user organized during the specified time period. <br/>|
-|Posts <br/> |Count of all the post messages in channels in the specified time period. |
-|Replies <br/> |Count of all the reply messages in channels in the specified time period. |
-|Mentions <br/> |Count of all mentions made in the specified time period. <br/>|
-|Reactions <br/> |Number of reactions an active user made in the specified time period. |
-|Urgent messages <br/> |Count of urgent messages in the specified time period. |
-|Channel messages <br/> |The number of unique messages that the user posted in a team chat during the specified time period. <br/>|
-|Last activity date <br/> |The latest date that any member of the team has committed an action. |
+|Team ID|Team identifier|
+|Internal active users|Users that have at least one panel action in the specified time period including guests. <br/> <br/> Internal users and guests that reside in the same tenant. Internal users exclude guests.|
+|Active guests|Guests that have at least one panel action in the specified time period. <br/> <br/> A guest is defined as persons from outside your organization who accesses shared resources by signing in to a guest account in my directory.|
+|External active users|External participants that have at least one panel action in the specified time period.<br/><br/> An external participant is defined as a person from outside your organization who is participating in a resource ΓÇô such as a shared channel ΓÇô using their own identity and not a guest account in your directory.|
+|Active channels|Valid channels in active teams that have at least one active user in the specified time period. This includes public, private, or shared channels.|
+|Active shared channels|Valid shared channels in active teams that have at least one active user in the specified time. <br/> <br/>A shared channel is defined as a Teams channel that can be shared with people outside the team. These people can be inside your organization or from other Azure AD organizations.|
+|Total organized meetings|The sum of one-time scheduled, recurring, ad hoc and unclassified meetings a user organized during the specified time period.|
+|Posts|Count of all the post messages in channels in the specified time period.|
+|Replies|Count of all the reply messages in channels in the specified time period.|
+|Mentions|Count of all mentions made in the specified time period.|
+|Reactions|Number of reactions an active user made in the specified time period.|
+|Urgent messages|Count of urgent messages in the specified time period.|
+|Channel messages|The number of unique messages that the user posted in a team chat during the specified time period.|
+|Last activity date|The latest date that any member of the team has committed an action.|
## Make the user-specific data anonymous
To make the data in Teams user activity report anonymous, you have to be a globa
3. Select **Save changes**. ---- ## See also+ [Microsoft Teams device usage report](../activity-reports/microsoft-teams-device-usage-preview.md) [Microsoft Teams user activity report](../activity-reports/microsoft-teams-user-activity-preview.md)---------
admin Microsoft Teams User Activity Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview.md
The Microsoft 365 Reports dashboard shows you the activity overview across the p
## How to get to the Microsoft Teams user activity report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Microsoft Teams activity card.
+2. From the dashboard homepage, click on the **View more** button on the Microsoft Teams activity card.
## Interpret the Microsoft Teams user activity report
admin Microsoft365 Apps Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww.md
description: "Learn how to get a Microsoft 365 Apps for usage report using the M
The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md).
- For example, you can understand the activity of each user licensed to use Microsoft 365 Apps apps by looking at their activity across the apps and how they are utilized across platforms.
-
- > [!NOTE]
- > Shared computer activations are not included in this report.
+For example, you can understand the activity of each user licensed to use Microsoft 365 Apps apps by looking at their activity across the apps and how they are utilized across platforms.
+
+> [!NOTE]
+> Shared computer activations are not included in this report.
## How to get to the Microsoft 365 Apps usage report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Apps card.
+2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Apps card.
## Interpret the Microsoft 365 Apps usage report
You can get a view into your user's Microsoft 365 Apps activity by looking at th
> ![Microsoft 365 Apps usage report.](../../media/0bcf67e6-a6e4-4109-a215-369f9f20ad84.png) |Item|Description|
- |:--|:--|
- |1. <br/> |The **Microsoft 365 Apps usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated). <br/> |
- |2. <br/> |The data in each report usually covers up to the last two days. Every six day, we will refresh the report with minor updates to ensure data quality. <br/> |
- |3. <br/> |The **Users** view shows the trend in the number of active users for each app ΓÇô Outlook, Word, Excel, PowerPoint, OneNote, and Teams. "Active users" are any who perform any intentional actions within these apps. <br/> |
- |4. <br/> |The **Platforms** view shows the trend of active users across all apps for each platform ΓÇô Windows, Mac, Web, and Mobile. <br/> |
- |5.<br/>|On the **Users** chart, the Y-axis is the number of unique active users for the respective app. On the **Platforms** chart, the Y-axis is the number of unique users for the respective platform. The X-axis on both charts is the date on which an app was used on a given platform.<br/>|
- 6.<br/>|You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Users** chart, select Outlook, Word, Excel, PowerPoint, OneDrive, or Teams to see only the info related to each one. Changing this selection doesn't change the info in the grid table below it.|
- |7.<br/>|The table shows you a breakdown of data at the per-user level. You can add or remove columns from the table. <br/><br/>**Username** is the email address of the user who performed the activity on Microsoft Apps.<br><br/>**Last activation date (UTC)** is the latest date on which the user activated their Microsoft 365 Apps subscription on a machine or logs on shared computer and starts the app with their account. <br/><br/>**Last activity date (UTC)** is the latest date an intentional activity was performed by the user. To see activity that occurred on a specific date, select the date directly in the chart.<br/><br/>The other columns identify if the user was active on that platform for that app (within Microsoft 365 Apps) in the period selected. |
- |8.<br/>|Select the **Choose columns** icon to add or remove columns from the report.|
- |9.<br/>|You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data for all users and enables you to do simple aggregation, sorting, and filtering for further analysis. If you have less than 100 users, you can sort and filter within the table in the report itself. If you have more than 100 users, in order to filter and sort, you will need to export the data.|
+|||
+|1.|The **Microsoft 365 Apps usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated).|
+|2.|The data in each report usually covers up to the last two days. Every six day, we will refresh the report with minor updates to ensure data quality.|
+|3.|The **Users** view shows the trend in the number of active users for each app ΓÇô Outlook, Word, Excel, PowerPoint, OneNote, and Teams. "Active users" are any who perform any intentional actions within these apps.|
+|4.|The **Platforms** view shows the trend of active users across all apps for each platform ΓÇô Windows, Mac, Web, and Mobile.|
+|5.|On the **Users** chart, the Y-axis is the number of unique active users for the respective app. On the **Platforms** chart, the Y-axis is the number of unique users for the respective platform. The X-axis on both charts is the date on which an app was used on a given platform.|
+ 6.|You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Users** chart, select Outlook, Word, Excel, PowerPoint, OneDrive, or Teams to see only the info related to each one. Changing this selection doesn't change the info in the grid table below it.|
+|7.|The table shows you a breakdown of data at the per-user level. You can add or remove columns from the table. <br/><br/>**Username** is the email address of the user who performed the activity on Microsoft Apps.<br><br/>**Last activation date (UTC)** is the latest date on which the user activated their Microsoft 365 Apps subscription on a machine or logs on shared computer and starts the app with their account. <br/><br/>**Last activity date (UTC)** is the latest date an intentional activity was performed by the user. To see activity that occurred on a specific date, select the date directly in the chart.<br/><br/>The other columns identify if the user was active on that platform for that app (within Microsoft 365 Apps) in the period selected.|
+|8.|Select the **Choose columns** icon to add or remove columns from the report.|
+|9.|You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data for all users and enables you to do simple aggregation, sorting, and filtering for further analysis. If you have less than 100 users, you can sort and filter within the table in the report itself. If you have more than 100 users, in order to filter and sort, you will need to export the data.|
admin Office 365 Groups Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/office-365-groups-ww.md
The Microsoft 365 Reports dashboard shows you the activity overview across the p
1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Apps or the Active users - Microsoft 365 Services card to get to the Office 365 report page.
+2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Apps or the Active users - Microsoft 365 Services card to get to the Office 365 report page.
## Interpret the groups report
admin Onedrive For Business Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-activity-ww.md
For example, you can understand the activity of every user licensed to use OneDr
## How do I get to the OneDrive Activity report? 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the OneDrive card.
+2. From the dashboard homepage, click on the **View more** button on the OneDrive card.
## Interpret the OneDrive for Business activity report
admin Onedrive For Business Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww.md
For example, the OneDrive card on the dashboard gives you a high-level view of t
## How do I get to the OneDrive usage report? 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the OneDrive card.
+2. From the dashboard homepage, click on the **View more** button on the OneDrive card.
## Interpret the OneDrive usage report
admin Sharepoint Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-activity-ww.md
For example, you can understand the activity of every user licensed to use Share
## How do I get to the to the SharePoint activity report? 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the SharePoint card.
+2. From the dashboard homepage, click on the **View more** button on the SharePoint card.
## Interpret the SharePoint activity report
admin Sharepoint Site Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
As a Microsoft 365 admin, the Reports dashboard shows you the activity overview
## How to get to the SharePoint site usage report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the SharePoint card.
+2. From the dashboard homepage, click on the **View more** button on the SharePoint card.
## Show user details in the reports
admin Viva Insights Activity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/viva-insights-activity.md
For example, you can understand the adoption of Viva Insights by looking at the
## Interpret the Microsoft 365 Apps usage report
-You can get a view into your user's Viva Insights activity by looking at the **Active users chart**. The Viva Insights active user chart can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days.
+You can get a view into your user's Viva Insights activity by looking at the **Active users chart**. The Viva Insights active user chart can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days.
> [!div class="mx-imgBorder"] > ![Microsoft 365 Apps usage report with Viva Insights.](../../media/viva-insights-chart.png)
admin Yammer Activity Report Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-activity-report-ww.md
As Microsoft 365 admin, the Reports dashboard shows you data on the usage of the
## How do I get to the Yammer activity report? 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Yammer card.
+2. From the dashboard homepage, click on the **View more** button on the Yammer card.
## Interpret the Yammer activity report
admin Yammer Device Usage Report Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-device-usage-report-ww.md
The Yammer device usage reports give you information about which devices your us
## How do I get to the Yammer device usage report? 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Yammer card.
+2. From the dashboard homepage, click on the **View more** button on the Yammer card.
## Interpret the Yammer device usage report
admin Yammer Groups Activity Report Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-groups-activity-report-ww.md
The Microsoft 365 Reports dashboard shows you the activity overview across the p
## How do I get to the Yammer groups activity report? 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Yammer card.
+2. From the dashboard homepage, click on the **View more** button on the Yammer card.
## Interpret the Yammer groups activity report
admin Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/capabilities.md
If people in your organization use mobile devices that aren't supported by Basic
The supported apps for the different types of mobile devices in the following table prompt users to enroll in Basic Mobility and Security where there is a new mobile device management policy that applies to a userΓÇÖs device and the user hasnΓÇÖt previously enrolled the device. If a userΓÇÖs device doesnΓÇÖt comply with a policy, depending on how you set the policy up, a user might be blocked from accessing Microsoft 365 resources in these apps, or they might have access but Microsoft 365 reports a policy violation.
-|**Product**|**iOS**|**Android**|
-|:--|:--|:--|
-|**Exchange** Exchange ActiveSync includes built-in email and third-party apps, like TouchDown, that use Exchange ActiveSync Version 14.1 or later. |Mail |Email |
-|**Office** and **OneDrive for Business** |Outlook </br>OneDrive </br>Word </br>Excel </br>PowerPoint|**On phones and tablets**:<br/>Outlook <br/> OneDrive <br/> Word <br/> Excel <br/> PowerPoint <br/> **On phones only:** <br/> Office Mobile |
+|Product|iOS|Android|
+||||
+|**Exchange** Exchange ActiveSync includes built-in email and third-party apps, like TouchDown, that use Exchange ActiveSync Version 14.1 or later.|Mail|Email|
+|**Office** and **OneDrive for Business**|Outlook </br>OneDrive </br>Word </br>Excel </br>PowerPoint|**On phones and tablets**:<br/>Outlook <br/> OneDrive <br/> Word <br/> Excel <br/> PowerPoint <br/> **On phones only:** <br/> Office Mobile|
> [!NOTE] >
-> - Support for iOS 10.0 and later versions includes iPhone and iPad devices.
+> - Support for iOS 10.0 and later versions includes iPhone and iPad devices.
> - Management of BlackBerry OS devices isnΓÇÖt supported by Basic Security and Mobility. Use BlackBerry Business Cloud Services (BBCS) from BlackBerry to manage BlackBerry OS devices. Blackberry devices running Android OS are supported as standard Android devices > - Users wonΓÇÖt be prompted to enroll and wonΓÇÖt be blocked or reported for policy violation if they use the mobile browser to access Microsoft 365 SharePoint sites, documents in Office Online, or email in Outlook Web App.
The following diagram shows what happens when a user with a new device signs in
:::image type="content" source="../../media/basic-mobility-security/bms-1-access-control.png" alt-text="Basic Mobility and Security access control."::: > [!NOTE]
-> Policies and access rules created in Basic Mobility and Security for Microsoft 365 Business Standard will override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in Basic Mobility and Security for Microsoft 365 Business Standard, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored. To learn more about Exchange ActiveSync, seeΓÇ»[Exchange ActiveSync in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/exchange-activesync).
+> Policies and access rules created in Basic Mobility and Security for Microsoft 365 Business Standard will override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in Basic Mobility and Security for Microsoft 365 Business Standard, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored. To learn more about Exchange ActiveSync, see [Exchange ActiveSync in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/exchange-activesync).
## Policy settings for mobile devices
-If you create a policy to block access with certain settings turned on, users are blocked from accessing Microsoft 365 resources when using a supported app that is listed in [Access control for Microsoft 365 email and documents](capabilities.md).
+If you create a policy to block access with certain settings turned on, users are blocked from accessing Microsoft 365 resources when using a supported app that is listed in [Access control for Microsoft 365 email and documents](capabilities.md).
The settings that can block users from accessing Microsoft 365 resources are in these sections:
The following sections list the policy settings you can use to help secure and m
## Security settings
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
|Require a password|Yes|Yes|Yes| |Prevent simple password|Yes|No|No| |Require an alphanumeric password|Yes|No|No|
-|Minimum password length |Yes|Yes|Yes|
-|Number of sign-in failures before device is wiped |Yes|Yes|Yes|
-|Minutes of inactivity before device is locked |Yes|Yes|Yes|
-|Password expiration (days) |Yes|Yes|Yes|
-|Remember password history and prevent reuse |Yes|Yes|Yes|
+|Minimum password length|Yes|Yes|Yes|
+|Number of sign-in failures before device is wiped|Yes|Yes|Yes|
+|Minutes of inactivity before device is locked|Yes|Yes|Yes|
+|Password expiration (days)|Yes|Yes|Yes|
+|Remember password history and prevent reuse|Yes|Yes|Yes|
## Encryption settings
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
-|Require data encryption on devices<sup>1</sup> |No|Yes|Yes|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
+|Require data encryption on devices<sup>1</sup>|No|Yes|Yes|
<sup>1</sup>With Samsung Knox, you can also require encryption on storage cards. ## Jail broken setting
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
-|Device cannot be jail broken or rooted |Yes|Yes|Yes|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
+|Device cannot be jail broken or rooted|Yes|Yes|Yes|
## Managed email profile option The following option can block users from accessing their Microsoft 365 email if theyΓÇÖre using a manually created email profile. Users on iOS devices must delete their manually created email profile before they can access their email. After they delete the profile, a new profile is automatically created on the device. For instructions on how end users can get compliant, see [An existing email account was found](/intune-user-help/existing-company-email-account-found).
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
-|Email profile is managed |Yes|No|No|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
+|Email profile is managed|Yes|No|No|
## Cloud settings
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
-|Require encrypted backup |Yes|No|No|
-|Block cloud backup |Yes|No|No|
-|Block document synchronization |Yes|No|No|
-|Block photo synchronization |Yes|No|No|
-|Allow Google backup |N/A|No|Yes|
-|Allow Google account auto sync |N/A|No|Yes|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
+|Require encrypted backup|Yes|No|No|
+|Block cloud backup|Yes|No|No|
+|Block document synchronization|Yes|No|No|
+|Block photo synchronization|Yes|No|No|
+|Allow Google backup|N/A|No|Yes|
+|Allow Google account auto sync|N/A|No|Yes|
## System settings
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
-|Block screen capture |Yes|No|Yes|
-|Block sending diagnostic data from device |Yes|No|Yes|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
+|Block screen capture|Yes|No|Yes|
+|Block sending diagnostic data from device|Yes|No|Yes|
## Application settings
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
-|Block video conferences on device |Yes|No|No|
-|Block access to application store |Yes|No|Yes|
-|Require password when accessing application store |No|Yes|Yes|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
+|Block video conferences on device|Yes|No|No|
+|Block access to application store|Yes|No|Yes|
+|Require password when accessing application store|No|Yes|Yes|
## Device capabilities settings
-|**Setting name**|**iOS** |**Android**|**Samsung Knox**|
-|:--|:--|:--|:--|
-|Block connection with removable storage |Yes|Yes|No|
-|Block Bluetooth connection |Yes|Yes|No|
+|Setting name|iOS|Android|Samsung Knox|
+|||||
+|Block connection with removable storage|Yes|Yes|No|
+|Block Bluetooth connection|Yes|Yes|No|
## Additional settings
-You can set the following additional policy settings by using Security & Compliance Center PowerShell cmdlets. For more information, seeΓÇ»[Security & Compliance Center PowerShell](/powershell/exchange/scc-powershell).
+You can set the following additional policy settings by using Security & Compliance Center PowerShell cmdlets. For more information, see [Security & Compliance Center PowerShell](/powershell/exchange/scc-powershell).
-|**Setting name**|**iOS** |**Android**|
-|:--|:--|:--|
+|Setting name|iOS|Android|
+||||
|CameraEnabled|Yes|Yes| |RegionRatings|Yes|No| |MoviesRatings|Yes|No|
-|TVShowsRating |Yes|No|
-|AppsRatings |Yes|No|
-|AllowVoiceDialing |Yes|No|
-|AllowVoiceAssistant |Yes|No|
-|AllowAssistantWhileLocked |Yes|No|
-|AllowPassbookWhileLocked |Yes|No|
-|MaxPasswordGracePeriod |Yes|No|
-|PasswordQuality |No|Yes|
-|SystemSecurityTLS |Yes|No|
-|WLANEnabled |No|No|
+|TVShowsRating|Yes|No|
+|AppsRatings|Yes|No|
+|AllowVoiceDialing|Yes|No|
+|AllowVoiceAssistant|Yes|No|
+|AllowAssistantWhileLocked|Yes|No|
+|AllowPassbookWhileLocked|Yes|No|
+|MaxPasswordGracePeriod|Yes|No|
+|PasswordQuality|No|Yes|
+|SystemSecurityTLS|Yes|No|
+|WLANEnabled|No|No|
## Settings supported by Windows
-You can manage Windows 10 devices by enrolling them as mobile devices. After an applicable policy is deployed, users with Windows 10 devices will be required to enroll in Basic Mobility and Security the first time they use the built-in email app to access their Microsoft 365 email (requires Azure AD premium subscription).
+You can manage Windows 10 devices by enrolling them as mobile devices. After an applicable policy is deployed, users with Windows 10 devices will be required to enroll in Basic Mobility and Security the first time they use the built-in email app to access their Microsoft 365 email (requires Azure AD premium subscription).
The following settings are supported for Windows 10 devices that are enrolled as mobile devices. These setting wonΓÇÖt block users from accessing Microsoft 365 resources.
You can set these additional policy settings by using PowerShell cmdlets:
If a device is lost or stolen, you can remove sensitive organizational data and help prevent access to your Microsoft 365 organization resources by doing a wipe from Security & Compliance center > **Data loss prevention** > **Device management**. You can do a selective wipe to remove only organizational data or a full wipe to delete all information from a device and restore it to its factory settings.
-For more information, seeΓÇ»[Wipe a mobile device in Basic Mobility and Security](wipe-mobile-device.md).
+For more information, see [Wipe a mobile device in Basic Mobility and Security](wipe-mobile-device.md).
## Related content
admin Choose Between Basic Mobility And Security And Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md
Basic Mobility and Security remote actions include retire, wipe and full wipe. F
With Intune you have the following set of actions: - [Autopilot reset](/mem/autopilot/windows-autopilot-reset) (Windows only)-- [Bitlocker key recovery](https://support.microsoft.com/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6)ΓÇ»(Windows only)
+- [Bitlocker key recovery](https://support.microsoft.com/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6) (Windows only)
- [Use wipe, retire, or manually unenrolling the device](/mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal)-- [Disable activation lock](/mem/intune/remote-actions/device-activation-lock-disable)ΓÇ»(iOS only)-- [Fresh start](/mem/intune/remote-actions/device-fresh-start)ΓÇ»(Windows only)-- [Full scan](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)ΓÇ»(Windows 10 only)-- [Locate device](/mem/intune/remote-actions/device-locate)ΓÇ»(iOS only)-- [Lost mode](/mem/intune/remote-actions/device-lost-mode)ΓÇ»(iOS only)- [Quick scan](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)(Windows 10 only)
+- [Disable activation lock](/mem/intune/remote-actions/device-activation-lock-disable) (iOS only)
+- [Fresh start](/mem/intune/remote-actions/device-fresh-start) (Windows only)
+- [Full scan](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) (Windows 10 only)
+- [Locate device](/mem/intune/remote-actions/device-locate) (iOS only)
+- [Lost mode](/mem/intune/remote-actions/device-lost-mode) (iOS only)- [Quick scan](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)(Windows 10 only)
- [Remote control for Android](/mem/intune/remote-actions/teamviewer-support) - [Remote lock](/mem/intune/remote-actions/device-remote-lock) - [Rename device](/mem/intune/remote-actions/device-rename)-- [Reset passcode](/mem/intune/remote-actions/device-passcode-reset) [Restart](/mem/intune/remote-actions/device-restart)ΓÇ»(Windows only)
+- [Reset passcode](/mem/intune/remote-actions/device-passcode-reset) [Restart](/mem/intune/remote-actions/device-restart) (Windows only)
- [Update Windows Defender Security Intelligence](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Windows only) - [Windows 10 PIN reset](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset) (Windows only)-- [Send custom notifications](/mem/intune/remote-actions/custom-notifications#send-a-custom-notification-to-a-single-device)ΓÇ»(Android, iOS, iPad OS)
+- [Send custom notifications](/mem/intune/remote-actions/custom-notifications#send-a-custom-notification-to-a-single-device) (Android, iOS, iPad OS)
- [Synchronize device](/mem/intune/remote-actions/device-sync) For more information on Intune actions, see [Microsoft Intune documentation](/mem/intune/).
admin Create An Apns Certificate For Ios Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices.md
To manage iOS devices such as iPads and iPhones in Basic Mobility and Security,
1. Sign in to Microsoft 365 with your global admin account.
-2. In your browser, typeΓÇ»<https://protection.office.com/>.
+2. In your browser, type <https://protection.office.com/>.
-3. Select ΓÇ»**Data loss prevention**ΓÇ»>ΓÇ»**Device management**, and choose **APNs Certificate for iOS devices**.
+3. Select **Data loss prevention** \> **Device management**, and choose **APNs Certificate for iOS devices**.
-4. On the Apple Push Notification Certificate Settings page, choose **Next**.
+4. On the Apple Push Notification Certificate Settings page, choose **Next**.
-5. Select Download your CSR file and save the certificate signing request to somewhere on your computer that you'll remember. Select  **Next**.
+5. Select Download your CSR file and save the certificate signing request to somewhere on your computer that you'll remember. Select **Next**.
-6. On the Create an APNs certificate page:
+6. On the Create an APNs certificate page:
- 1. SelectΓÇ» Apple APNS Portal to open the Apple Push Certificates Portal.
+ 1. Select Apple APNS Portal to open the Apple Push Certificates Portal.
2. Sign in with an Apple ID. > [!IMPORTANT] > Use a company Apple ID associated with an email account that will remain with your organization even if the user who manages the account leaves. Save this ID because you'll need to use the same ID when it's time to renew the certificate.
- 3. Select  **Create a Certificate**  and accept the Terms of Use.
+ 3. Select **Create a Certificate** and accept the Terms of Use.
4. Browse to the certificate signing request you downloaded to your computer from Microsoft 365, and select **Upload**.
To manage iOS devices such as iPads and iPhones in Basic Mobility and Security,
> [!TIP] > If you're having trouble downloading the certificate, refresh your browser.
-7. Go back to Microsoft 365, and select **Next**  to get to the  **Upload APNS certificate** page.
+7. Go back to Microsoft 365, and select **Next** to get to the **Upload APNS certificate** page.
8. Browse to the APN certificate you downloaded from the Apple Push Certificates Portal.
-9. SelectΓÇ» **Finish**.
+9. Select **Finish**.
-To complete setup, go back to the Security & Compliance Center > **Security policies** > **Device management** > **Manage settings**.
+To complete setup, go back to the Security & Compliance Center \> **Security policies** \> **Device management** \> **Manage settings**.
admin Enroll Your Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device.md
description: "Before you can use Microsoft 365 services with your device, you mi
Using your phone, tablet, and other mobile devices for work is a great way to stay informed and work on business projects while youΓÇÖre away from the office. Before you can use Microsoft 365 services with your device, you might need to first enroll it in Basic Mobility and Security for Microsoft 365 using Microsoft Intune Company Portal.
-Organizations choose Basic Mobility and Security so that employees can use their mobile devices to securely access work email, calendars, and documents while the business secures important data and meets their compliance requirements. To learn more, see [Overview of Basic Mobility and Security for Microsoft 365](overview.md). For more info, see [What information can my organization see when I enroll my device?](/intune-user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune).
+Organizations choose Basic Mobility and Security so that employees can use their mobile devices to securely access work email, calendars, and documents while the business secures important data and meets their compliance requirements. To learn more, see [Overview of Basic Mobility and Security for Microsoft 365](overview.md). For more info, see [What information can my organization see when I enroll my device?](/intune-user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune).
> [!IMPORTANT] > When you enroll your device in Basic Mobility and Security for Microsoft 365, you might be required to set up a password, together with allowing the option for your work organization to wipe the device. A device wipe can be performed from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, for example, to remove all data from the device if the password is entered incorrectly too many times or if usage terms are broken.
Basic Mobility and Security for Microsoft 365 hosted by the Intune service works
If your device is not listed above, and you need to use it with Basic Mobility and Security, contact your work or school administrator. > [!TIP]
-> If you're having trouble enrolling your device, seeΓÇ»[Troubleshoot Basic Mobility and Security](troubleshoot.md).
+> If you're having trouble enrolling your device, see [Troubleshoot Basic Mobility and Security](troubleshoot.md).
## Set up your mobile device with Intune and Basic Mobility and Security
To connect and configure your Android phone or tablet with the Company portal to
Go to the Microsoft Store, and download and install Intune Company Portal
-To connect and configure your Windows phone or PC with the Company portal to Microsoft 365, see [Windows device enrollment in Intune Company Portal](/intune-user-help/windows-enrollment-company-portal).
+To connect and configure your Windows phone or PC with the Company portal to Microsoft 365, see [Windows device enrollment in Intune Company Portal](/intune-user-help/windows-enrollment-company-portal).
## Next steps
admin Get Details About Managed Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices.md
This article shows you how to use Windows PowerShell to get details about the de
Here's a breakdown for the device details available to you.
-|**Detail**|**What to look for in PowerShell**|
-|:-|:|
-|Device is enrolled in Basic Mobility and Security. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md)|The value of the *isManaged* parameter is:<br/>**True**= device is enrolled.<br/>**False**= device is not enrolled. |
-|Device is compliant with your device security policies. For more info, see [Create device security policies](create-device-security-policies.md)|The value of the *isCompliant* parameter is:<br/>**True** = device is compliant with policies.<br/>**False** = device is not compliant with policies.|
+|Detail|What to look for in PowerShell|
+|||
+|Device is enrolled in Basic Mobility and Security. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md)|The value of the *isManaged* parameter is:<br/>**True**= device is enrolled.<br/>**False**= device is not enrolled.|
+|Device is compliant with your device security policies. For more info, see [Create device security policies](create-device-security-policies.md)|The value of the *isCompliant* parameter is:<br/>**True** = device is compliant with policies.<br/>**False** = device is not compliant with policies.|
:::image type="content" source="../../media/basic-mobility-security/bms-7-powershell-parameters.png" alt-text="Basic Mobility and Security PowerShell parameters."::: > [!NOTE]
-> The commands and scripts in this article also return details about any devices managed byΓÇ»[Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune).
+> The commands and scripts in this article also return details about any devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune).
## Before you begin
There are a few things you need to set up to run the commands and scripts descri
### Step 1: Download and install the Azure Active Directory Module for Windows PowerShell
-For more info on these steps, seeΓÇ»[Connect to Microsoft 365 with PowerShell](/office365/enterprise/powershell/connect-to-office-365-powershell).
+For more info on these steps, see [Connect to Microsoft 365 with PowerShell](/office365/enterprise/powershell/connect-to-office-365-powershell).
-1. Go to [Microsoft Online Services Sign-In Assistant for IT Professionals RTWl](https://download.microsoft.com/download/7/1/E/71EF1D05-A42C-4A1F-8162-96494B5E615C/msoidcli_32bit.msi) and select  **Download for Microsoft Online Services Sign-in Assistant**.
+1. Go to [Microsoft Online Services Sign-In Assistant for IT Professionals RTWl](https://download.microsoft.com/download/7/1/E/71EF1D05-A42C-4A1F-8162-96494B5E615C/msoidcli_32bit.msi) and select **Download for Microsoft Online Services Sign-in Assistant**.
2. Install the Microsoft Azure Active Directory Module for Windows PowerShell with these steps:
For more info on these steps, seeΓÇ»[Connect to Microsoft 365 with PowerShell](/
$UserCredential = Get-Credential ```
-2. In the Windows PowerShell Credential Request dialog box, type the user name and password for your Microsoft 365 global admin account, and then select **OK**.
+2. In the Windows PowerShell Credential Request dialog box, type the user name and password for your Microsoft 365 global admin account, and then select **OK**.
3. Run the following command.
For more info on these steps, seeΓÇ»[Connect to Microsoft 365 with PowerShell](/
> [!NOTE] > You can skip this step if youΓÇÖre already set up to run PowerShell scripts.
-To run the Get-MsolUserDeviceComplianceStatus.ps1 script, you need to enable the running of PowerShell scripts.
+To run the Get-MsolUserDeviceComplianceStatus.ps1 script, you need to enable the running of PowerShell scripts.
-1. From your Windows Desktop, select **Start**, and then type Windows PowerShell. Right-click Windows PowerShell, and then select **Run as administrator**.
+1. From your Windows Desktop, select **Start**, and then type Windows PowerShell. Right-click Windows PowerShell, and then select **Run as administrator**.
2. Run the following command. ```powershell
- Set-ExecutionPolicy RemoteSigned
+ Set-ExecutionPolicy RemoteSigned
```
-3. When prompted, type Y and then press Enter.
+3. When prompted, type Y and then press Enter.
#### Run the Get-MsolDevice cmdlet to display details for all devices in your organization
To run the Get-MsolUserDeviceComplianceStatus.ps1 script, you need to enable
Get-MsolDevice -All -ReturnRegisteredOwners | Where-Object {$_.RegisteredOwners.Count -gt 0} ```
-For more examples, see ΓÇ»[Get-MsolDevice](https://go.microsoft.com/fwlink/?linkid=2157939).
+For more examples, see [Get-MsolDevice](https://go.microsoft.com/fwlink/?linkid=2157939).
## Run a script to get device details
First, save the script to your computer.
} ```
-2. Save it as a Windows PowerShell script file by using the file extension .ps1; for example, Get-MsolUserDeviceComplianceStatus.ps1.
+2. Save it as a Windows PowerShell script file by using the file extension .ps1; for example, Get-MsolUserDeviceComplianceStatus.ps1.
## Run the script to get device information for a single user account 1. Open the Microsoft Azure Active Directory Module for Windows PowerShell.
-2. Go to the folder where you saved the script. For example, if you saved it to C:\PS-Scripts, run the following command.
+2. Go to the folder where you saved the script. For example, if you saved it to C:\PS-Scripts, run the following command.
```powershell cd C:\PS-Scripts
The information is exported to your Windows Desktop as a CSV file. You can use a
1. Open the Microsoft Azure Active Directory Module for Windows PowerShell.
-2. Go to the folder where you saved the script. For example, if you saved it to C:\PS-Scripts, run the following command.
+2. Go to the folder where you saved the script. For example, if you saved it to C:\PS-Scripts, run the following command.
```powershell cd C:\PS-Scripts
admin Manage Device Access Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-device-access-settings.md
description: "Basic Mobility and Security can help you secure and manage mobile
# Manage device access settings in Basic Mobility and Security
-If you're using Basic Mobility and Security, there might be devices that you can't manage with Basic Mobility and Security. If so, you should block Exchange ActiveSync app access to Microsoft 365 email for mobile devices that aren't supported by Basic Mobility and Security. This helps secure your organization information across more devices.
+If you're using Basic Mobility and Security, there might be devices that you can't manage with Basic Mobility and Security. If so, you should block Exchange ActiveSync app access to Microsoft 365 email for mobile devices that aren't supported by Basic Mobility and Security. This helps secure your organization information across more devices.
Use these steps: 1. Sign in to Microsoft 365 with your global admin account.
-2. In your browser, type:ΓÇ»[https://protection.office.com](https://protection.office.com/).
+2. In your browser, type: [https://protection.office.com](https://protection.office.com/).
> [!IMPORTANT] > If this is the first time you're using Basic Mobility and Security for Microsoft 365 Business Standard, activate it here: [Activate Basic Security and Mobility](https://admin.microsoft.com/EAdmin/Device/IntuneInventory.aspx). After you've activated it, manage your devices with [Office 365 Security & Compliance](https://protection.office.com/).
-3. Go to Data loss prevention > **Device management** > **Device policies**, and select **Manage organization-wide device access settings**.
+3. Go to Data loss prevention > **Device management** > **Device policies**, and select **Manage organization-wide device access settings**.
-4. SelectΓÇ»**Block**.
+4. Select **Block**.
:::image type="content" source="../../media/basic-mobility-security/bms-5-block-access.png" alt-text="Basic Mobility and Security block access checkbox.":::
-5. SelectΓÇ»**Save**.
+5. Select **Save**.
-To learn what devices Basic Mobility and Security supports, seeΓÇ»[Capabilities of Basic Mobility and Security](capabilities.md).
+To learn what devices Basic Mobility and Security supports, see [Capabilities of Basic Mobility and Security](capabilities.md).
admin Manage Enrolled Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices.md
description: "Basic Mobility and Security can help you secure and manage your or
The built-in mobile device management for Microsoft 365 helps you secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones. The first step is to sign in to Microsoft 365 and set up Basic Mobility and Security. For more info, see [Set up Basic Mobility and Security](set-up.md).
-After you've set it up, the people in your organization must enroll their devices in the service. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md). Then you can use Basic Mobility and Security to help manage devices in your organization. For example, you can use device security policies to help limit email access or other services, view devices reports, and remotely wipe a device. You'll typically go to the Security & Compliance Center to do these tasks. For more info, see [Microsoft 365 compliance center](../../compliance/microsoft-365-compliance-center.md).
+After you've set it up, the people in your organization must enroll their devices in the service. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md). Then you can use Basic Mobility and Security to help manage devices in your organization. For example, you can use device security policies to help limit email access or other services, view devices reports, and remotely wipe a device. You'll typically go to the Security & Compliance Center to do these tasks. For more info, see [Microsoft 365 compliance center](../../compliance/microsoft-365-compliance-center.md).
## Device management tasks To get to the device management panel, follow these steps:
-1. Go to theΓÇ»[Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).
+1. Go to the [Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).
-2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
+2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
:::image type="content" source="../../media/basic-mobility-security/bms-6-mobile-device-management-option.png" alt-text="Mobile device management option.":::
-3. SelectΓÇ» **Let's get started**.
+3. Select **Let's get started**.
## Manage mobile devices After you've got Basic Mobility and Security set up, here are some ways you can manage the mobile devices in your organization.
-|**To do this**|**Do this**|
-|:-|:|
-|Wipe a device |In the Device Management panel, select *device name*, then  **Full wipe**  to delete all information or  **Selective wipe**  to delete only organizational information on the device. For more info, see [Wipe a mobile device in Basic Mobility and Security](wipe-mobile-device.md).|
-|Block unsupported devices from accessing Exchange email using Exchange ActiveSync |In the Device Management panel, selectΓÇ» **Block**. |
-|Set up device policies like password requirements and security settings |In the Device Management panel, select **Device security policies**ΓÇ»>ΓÇ»**Add +**. For more info, seeΓÇ»[Create device security policies in Basic Mobility and Security](create-device-security-policies.md).|
-|View list of blocked devices |In the Device Management panel, underΓÇ» **Select a view**ΓÇ» selectΓÇ» **Blocked**. |
-|Unblock noncompliant or unsupported device for a user or group of users |Pick one of the following to unblock devices:<br/>- Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>, and then select group name. Select **Edit members and admins**.<br/>- Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name, and then select **Edit** > **Deployment**.<br/>- Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name and then select **Edit** > **Access requirements**. Select  **Allow access and report violation**.<br/>- To unblock a noncompliant or unsupported device for a user or a group of users, go to Security & Compliance Center > **Security policies** > **Device management** > **Manage device access settings**. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. For more info, see [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).|
-|Remove users so their devices are no longer managed by Basic Mobility and Security |To remove the user, edit the security group that has device management policies for Basic Mobility and Security. For more info, seeΓÇ» [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).<br/>To remove Basic Mobility and Security from all your Microsoft 365 users, see [Turn off Basic Mobility and Security](turn-off.md).|
+|To do this|Do this|
+|||
+|Wipe a device|In the Device Management panel, select *device name*, then **Full wipe** to delete all information or **Selective wipe** to delete only organizational information on the device. For more info, see [Wipe a mobile device in Basic Mobility and Security](wipe-mobile-device.md).|
+|Block unsupported devices from accessing Exchange email using Exchange ActiveSync|In the Device Management panel, select **Block**.|
+|Set up device policies like password requirements and security settings|In the Device Management panel, select **Device security policies** > **Add +**. For more info, see [Create device security policies in Basic Mobility and Security](create-device-security-policies.md).|
+|View list of blocked devices|In the Device Management panel, under **Select a view** select **Blocked**.|
+|Unblock noncompliant or unsupported device for a user or group of users|Pick one of the following to unblock devices:<br/>- Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>, and then select group name. Select **Edit members and admins**.<br/>- Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name, and then select **Edit** > **Deployment**.<br/>- Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name and then select **Edit** > **Access requirements**. Select **Allow access and report violation**.<br/>- To unblock a noncompliant or unsupported device for a user or a group of users, go to Security & Compliance Center > **Security policies** > **Device management** > **Manage device access settings**. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. For more info, see [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).|
+|Remove users so their devices are no longer managed by Basic Mobility and Security|To remove the user, edit the security group that has device management policies for Basic Mobility and Security. For more info, see [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).<br/>To remove Basic Mobility and Security from all your Microsoft 365 users, see [Turn off Basic Mobility and Security](turn-off.md).|
-Live (v14)
+Live (v14)
admin Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/overview.md
You can manage and secure mobile devices when they're connected to your Microsof
You can use Basic Mobility and Security to manage many types of mobile devices like Windows Phone, Android, iPhone, and iPad. To manage mobile devices used by people in your organization, each person must have an applicable Microsoft 365 license and their device must be enrolled in Basic Mobility and Security.
-To see what Basic Mobility and Security supports for each type of device, seeΓÇ»[Capabilities of Basic Mobility and Security](capabilities.md).
+To see what Basic Mobility and Security supports for each type of device, see [Capabilities of Basic Mobility and Security](capabilities.md).
## Setup steps for Basic Mobility and Security
-A Microsoft 365 global admin must complete the following steps to activate and set up Basic Mobility and Security. For detailed steps, follow the guidance in [Set up Basic Mobility and Security](set-up.md).
+A Microsoft 365 global admin must complete the following steps to activate and set up Basic Mobility and Security. For detailed steps, follow the guidance in [Set up Basic Mobility and Security](set-up.md).
Here's a summary of the steps:
-**Step 1:** Activate Basic Mobility and Security by following steps in theΓÇ»[Set up Basic Mobility and Security](set-up.md).
+**Step 1:** Activate Basic Mobility and Security by following steps in the [Set up Basic Mobility and Security](set-up.md).
**Step 2:** Set up Basic Mobility and Security by, for example, creating an APNs certificate to manage iOS devices and adding a Domain Name System (DNS) record for your domain to support Windows phones.
-**Step 3:** Create device policies and apply them to groups of users. When you do this, your users get an enrollment message on their device, and when they've completed enrollment, their devices are restricted by the policies you've set up for them. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md).
+**Step 3:** Create device policies and apply them to groups of users. When you do this, your users get an enrollment message on their device, and when they've completed enrollment, their devices are restricted by the policies you've set up for them. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md).
:::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Security and Mobility policy settings.":::
After you've got Basic Mobility and Security set up and your users have enrolled
## Other ways to manage devices and apps
-If you just need mobile app management (MAM), perhaps for people updating work projects on their own devices, Intune provides another option besides enrolling and managing devices. An Intune subscription allows you to set up MAM policies by using the Azure portal, even if people's devices aren't enrolled in Intune. For more info, seeΓÇ»[App protection policies overview](/mem/intune/apps/app-protection-policy).
+If you just need mobile app management (MAM), perhaps for people updating work projects on their own devices, Intune provides another option besides enrolling and managing devices. An Intune subscription allows you to set up MAM policies by using the Azure portal, even if people's devices aren't enrolled in Intune. For more info, see [App protection policies overview](/mem/intune/apps/app-protection-policy).
## Related content
admin Privacy And Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/privacy-and-security.md
description: "After you activate Basic Mobility and Security, you can create mob
Basic Mobility and Security is a cloud-based service powered by Microsoft Intune that helps you manage and secure mobile devices in your organization. After you activate Basic Mobility and Security, you can create mobile device management policies. These policies can then be deployed to mobile devices that have been enrolled by licensed Microsoft 365 users in your organization.
-Microsoft Intune sends information to Microsoft 365 about the compliance status of each managed device, and then you can generate reports that show whether managed devices in your organization are compliant based upon the policies that were set. To learn more about Microsoft's commitment to the privacy and security, see theΓÇ»[Microsoft Trust Center](https://www.microsoft.com/trust-center).
+Microsoft Intune sends information to Microsoft 365 about the compliance status of each managed device, and then you can generate reports that show whether managed devices in your organization are compliant based upon the policies that were set. To learn more about Microsoft's commitment to the privacy and security, see the [Microsoft Trust Center](https://www.microsoft.com/trust-center).
admin Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md
description: "Set up Basic Mobility and Security to secure and manage your users
The built-in Basic Mobility and Security for Microsoft 365 helps you secure and manage users' mobile devices such as iPhones, iPads, Androids, and Windows phones. You can create and manage device security policies, remotely wipe a device, and view detailed device reports.
-Have questions? For a FAQ to help address common questions, see [Basic Mobility and Security Frequently-asked questions (FAQ)](frequently-asked-questions.yml). Be aware that you cannot use a delegated administrator account to manage Basic Mobility and Security. For more info, see [Partners: Offer delegated administration](https://support.microsoft.com/office/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e). 
+Have questions? For a FAQ to help address common questions, see [Basic Mobility and Security Frequently-asked questions (FAQ)](frequently-asked-questions.yml). Be aware that you cannot use a delegated administrator account to manage Basic Mobility and Security. For more info, see [Partners: Offer delegated administration](https://support.microsoft.com/office/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e).
Device management is part of the Security & Compliance Center so you'll need to go there to kick off Basic Mobility and Security setup. ## Activate the Basic Mobility and Security service
-1. Sign in to Microsoft 365 with your global admin account.
+1. Sign in to Microsoft 365 with your global admin account.
2. Go to [Activate Basic Mobility and Security](https://admin.microsoft.com/EAdmin/Device/IntuneInventory.aspx).
When the service is ready, complete the following steps to finish setup.
If you don't have a custom domain associated with Microsoft 365 or if you're not managing Windows devices, you can skip this section. Otherwise, you'll need to add DNS records for the domain at your DNS host. If you've added the records already, as part of setting up your domain with Microsoft 365, you're all set. After you add the records, Microsoft 365 users in your organization who sign in on their Windows device with an email address that uses your custom domain are redirected to enroll in Basic Mobility and Security.
-Need help setting up the records? Find your domain registrar and select the registrar name to go to step-by-step help for creating DNS record in the list provided inΓÇ»[Add DNS records to connect your domain](/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider). Use those instructions to create CNAME records described in [Simplify Windows enrollment without Azure AD Premium](/mem/intune/enrollment/windows-enroll#simplify-windows-enrollment-without-azure-ad-premium).
+Need help setting up the records? Find your domain registrar and select the registrar name to go to step-by-step help for creating DNS record in the list provided in [Add DNS records to connect your domain](/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider). Use those instructions to create CNAME records described in [Simplify Windows enrollment without Azure AD Premium](/mem/intune/enrollment/windows-enroll#simplify-windows-enrollment-without-azure-ad-premium).
-After you add the two CNAME records, go back to the Security & Compliance Center and go to **Data loss prevention** > **Device management** to complete the next step.
+After you add the two CNAME records, go back to the Security & Compliance Center and go to **Data loss prevention** > **Device management** to complete the next step.
### Step 2: (Required) Configure an APNs Certificate for iOS devices To manage iOS devices like iPad and iPhones, you need to create an APNs certificate.
-1. Sign in to Microsoft 365 with your global admin account.
+1. Sign in to Microsoft 365 with your global admin account.
-2. In your browser type:ΓÇ»[https://protection.office.com](https://protection.office.com/).
+2. In your browser type: [https://protection.office.com](https://protection.office.com/).
-3. SelectΓÇ»**Data loss prevention**ΓÇ»>ΓÇ»**Device management**, and choose **APNs Certificate for iOS devices**.
+3. Select **Data loss prevention** > **Device management**, and choose **APNs Certificate for iOS devices**.
-4. On the Apple Push Notification Certificate Settings page, choose **Next**.
+4. On the Apple Push Notification Certificate Settings page, choose **Next**.
-5. Select **Download your CSR file** and save the Certificate signing request to somewhere on your computer that you'll remember. Select **Next**.
+5. Select **Download your CSR file** and save the Certificate signing request to somewhere on your computer that you'll remember. Select **Next**.
-6. On the Create an APNs certificate page:
+6. On the Create an APNs certificate page:
- - Select Apple APNS Portal to open the Apple Push Certificates Portal.
+ - Select Apple APNS Portal to open the Apple Push Certificates Portal.
- Sign in with an Apple ID. > [!IMPORTANT] > Use a company Apple ID associated with an email account that will remain with your organization even if the user who manages the account leaves. Save this ID because you'll need to use the same ID when it's time to renew the certificate.
- - Select Create a Certificate and accept the Terms of Use.
+ - Select Create a Certificate and accept the Terms of Use.
- Browse to the Certificate signing request you downloaded to your computer from Microsoft 365 and selectUpload. - Download the APN certificate created by the Apple Push Certificate Portal to your computer.
To manage iOS devices like iPad and iPhones, you need to create an APNs certific
8. Browse to the APN certificate you downloaded from the Apple Push Certificates Portal.
-9. SelectΓÇ» **Finish**.
+9. Select **Finish**.
### Step 3: (Recommended) Set up multi-factor authentication MFA helps secure the sign in to Microsoft 365 for mobile device enrollment by requiring a second form of authentication. Users are required to acknowledge a phone call, text message, or app notification on their mobile device after correctly entering their work account password. They can enroll their device only after this second form of authentication is completed. After user devices are enrolled in Basic Mobility and Security, users can access Microsoft 365 resources with only their work account.
-To learn how to turn on MFA in the Azure AD portal, seeΓÇ»[Set up multi-factor authentication](../security-and-compliance/set-up-multi-factor-authentication.md).
+To learn how to turn on MFA in the Azure AD portal, see [Set up multi-factor authentication](../security-and-compliance/set-up-multi-factor-authentication.md).
-After you set up MFA, go back to the Security & Compliance Center and navigate to **Data loss prevention** > **Device management** > **Device policies** to complete the next step.
+After you set up MFA, go back to the Security & Compliance Center and navigate to **Data loss prevention** > **Device management** > **Device policies** to complete the next step.
### Step 4: (Recommended) Manage device security policies
The next step is to create and deploy device security policies to help protect y
1. Sign in to Microsoft 365 with your global admin account.
-2. SelectΓÇ»[Activate Mobile Device Management](https://admin.microsoft.com/EAdmin/Device/IntuneInventory.aspx). If the service is activated, instead the activation steps you'll see a link toΓÇ»[Manage Devices](https://admin.microsoft.com/adminportal/home#/MifoDevices)ΓÇ».
+2. Select [Activate Mobile Device Management](https://admin.microsoft.com/EAdmin/Device/IntuneInventory.aspx). If the service is activated, instead the activation steps you'll see a link to [Manage Devices](https://admin.microsoft.com/adminportal/home#/MifoDevices) .
-3. Go toΓÇ»**Device policies**.
+3. Go to **Device policies**.
:::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Security and Mobility policy settings.":::
-4. Create and deploy device security policies appropriate for your organization following the steps inΓÇ»[Create device security policies in Basic Mobility and Security](create-device-security-policies.md).
+4. Create and deploy device security policies appropriate for your organization following the steps in [Create device security policies in Basic Mobility and Security](create-device-security-policies.md).
> [!TIP] >
Users with Android or iOS devices are required to install the Company Portal app
## Related content [Capabilities of Basic Mobility and Security](capabilities.md) (article)\
-[Create device security policies in Basic Mobility and Security](create-device-security-policies.md) (article)
+[Create device security policies in Basic Mobility and Security](create-device-security-policies.md) (article)
admin Troubleshoot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/troubleshoot.md
To start, check the following:
## iOS phone or tablet -- Make sure that you've set up an APNs certificate. For more info, see [Create an APNs Certificate for iOS devices](create-an-apns-certificate-for-ios-devices.md).
+- Make sure that you've set up an APNs certificate. For more info, see [Create an APNs Certificate for iOS devices](create-an-apns-certificate-for-ios-devices.md).
-- In **Settings** > **General** > **Profile (or Device Management)**, make sure that a Management Profile is not already installed. If it is, remove it.
+- In **Settings** > **General** > **Profile (or Device Management)**, make sure that a Management Profile is not already installed. If it is, remove it.
- If you see the error message, "Device failed to enroll," sign in to Microsoft 365 and make sure that a license that includes Exchange Online has been assigned to the user who is signed in to the device.
To start, check the following:
## Windows RT -- Make sure that your domain is set up in Microsoft 365 to work with Basic Mobility and Security. For more info, see [Set up Basic Mobility and Security](set-up.md).
+- Make sure that your domain is set up in Microsoft 365 to work with Basic Mobility and Security. For more info, see [Set up Basic Mobility and Security](set-up.md).
-- Make sure that the user is choosing **Turn On** rather than choosing **Join**.
+- Make sure that the user is choosing **Turn On** rather than choosing **Join**.
## Windows 10 PC -- Make sure that your domain is set up in Microsoft 365 to work with Basic Mobility and Security. For more info, see [Set up Basic Mobility and Security](set-up.md).
+- Make sure that your domain is set up in Microsoft 365 to work with Basic Mobility and Security. For more info, see [Set up Basic Mobility and Security](set-up.md).
-- Unless you have Azure Active Directory Premium, make sure that the user is choosing **Enroll in Device Management only** rather than choosing **Connect**.
+- Unless you have Azure Active Directory Premium, make sure that the user is choosing **Enroll in Device Management only** rather than choosing **Connect**.
## Android phone or tablet
To start, check the following:
- If you see the error message, "We couldn't enroll this device," sign in to Microsoft 365 and make sure that a license that includes Exchange Online has been assigned to the user who is signed in to the device. -- Check the Notification Area on the device to see if any required end-user actions are pending, and if they are, complete the actions.
+- Check the Notification Area on the device to see if any required end-user actions are pending, and if they are, complete the actions.
admin Turn Off https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/turn-off.md
To effectively turn off Basic Mobility and Security, you remove groups of people
These options remove Basic Mobility and Security enforcement for devices in your organization. Unfortunately, you can't simply "unprovision" Basic Mobility and Security after you've set it up. > [!IMPORTANT]
-> Be aware of the impact on users' devices when you remove user security groups from policies or remove the policies themselves. For example, email profiles and cached emails might be removed, depending on the device. For more info, seeΓÇ» [What happens when you delete a policy or remove a user from the policy?](../../admin/basic-mobility-security/create-device-security-policies.md)
+> Be aware of the impact on users' devices when you remove user security groups from policies or remove the policies themselves. For example, email profiles and cached emails might be removed, depending on the device. For more info, see [What happens when you delete a policy or remove a user from the policy?](../../admin/basic-mobility-security/create-device-security-policies.md)
## Remove user security groups from Basic Mobility and Security device policies
-1. In your browser type:ΓÇ»[https://protection.office.com/devicev2](https://protection.office.com/devicev2).
+1. In your browser type: [https://protection.office.com/devicev2](https://protection.office.com/devicev2).
2. Select a device policy, and select **Edit policy**.
-3. On the  **Deployment**  page, select **Remove**.
+3. On the **Deployment** page, select **Remove**.
-4. UnderΓÇ» **Groups**, select a security group.
+4. Under **Groups**, select a security group.
-5. Select ΓÇ»**Remove**, and select **Save**.
+5. Select **Remove**, and select **Save**.
## Remove Basic Mobility and Security device policies
-1. In your browser type:ΓÇ»[https://protection.office.com/devicev2](https://protection.office.com/devicev2).
+1. In your browser type: [https://protection.office.com/devicev2](https://protection.office.com/devicev2).
-2. Select a device policy, and then select ΓÇ»**Delete policy**.
+2. Select a device policy, and then select **Delete policy**.
-3. In the Warning dialog box, select **Yes**.
+3. In the Warning dialog box, select **Yes**.
> [!NOTE]
-> For more steps to unblock devices if your organization devices are still in a blocked state, see the blog post [Removing Access Control from Mobile Device Management for Office 365](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Removing-Access-Control-from-Mobile-Device-Management-for-Office/ba-p/279934).
+> For more steps to unblock devices if your organization devices are still in a blocked state, see the blog post [Removing Access Control from Mobile Device Management for Office 365](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Removing-Access-Control-from-Mobile-Device-Management-for-Office/ba-p/279934).
admin Wipe Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/wipe-mobile-device.md
You can use built-in Basic Mobility and Security for Microsoft 365 to remove onl
## Before you begin
-Mobile devices can store sensitive organizational information and provide access to your organization's Microsoft 365 resources. To help protect your organization's information, you can do Factory reset or Remove company data:
+Mobile devices can store sensitive organizational information and provide access to your organization's Microsoft 365 resources. To help protect your organization's information, you can do Factory reset or Remove company data:
- **Factory reset**: Deletes all data on a user's mobile device, including installed applications, photos, and personal information. When the wipe is complete, the device is restored to its factory settings. - **Remove company data**: Removes only organization data and leaves installed applications, photos, and personal information on a user's mobile device. - **When a device is wiped (Factory Reset or Remove Company Data)**, the device is removed from the list of managed devices.
-
-- **Automatically reset a device**: You can set up a Basic Mobility and Security policy that automatically factory resets a device after the user unsuccessfully tries to enter the device password a specific number of times. To do this, follow the steps inΓÇ»[Create device security policies in basic mobility and security](create-device-security-policies.md).
-
-- **If you want to know the user experience** when you wipe their device, seeΓÇ» [What's the user and device impact?](#whats-the-user-and-device-impact).+
+- **Automatically reset a device**: You can set up a Basic Mobility and Security policy that automatically factory resets a device after the user unsuccessfully tries to enter the device password a specific number of times. To do this, follow the steps in [Create device security policies in basic mobility and security](create-device-security-policies.md).
+
+- **If you want to know the user experience** when you wipe their device, see [What's the user and device impact?](#whats-the-user-and-device-impact).
## Wipe a mobile device
-1. Go to theΓÇ»[Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).
+1. Go to the [Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).
2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
Wipe a device for these reasons:
The wipe is sent immediately to the mobile device and the device is marked as not compliant in Azure active directory. While all data is removed when a device is reset to factory defaults, the following table describes what content is removed for each device type when a device when you remove company data.
-|**Content impact**|**iOS**|**Android**|
-|:--|:--|:--|
+|Content impact|iOS|Android|
+||||
|Microsoft 365 app data is wiped if the device is protected by Intune App Protection policies. The apps aren't removed. For devices not protected by Mobile Application Management (MAM) policies, Outlook and OneDrive won't remove cached data.<br/>**Note** For applying Intune App protection policies you must have an Intune license.|Yes|Yes| |Policy settings applied by Basic Mobility and Security to devices are no longer enforced; users can change the settings.|Yes|Yes| |Email profiles created by Basic Mobility and Security are removed and cached email on the device is deleted.|Yes|N/A|
admin Create Dns Records At 1 1 Internet https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-1-1-internet.md
ms.localizationpriority: medium -+ - M365-subscription-management - Adm_O365 - Adm_NonTOC
description: "Learn to verify your domain and set up DNS records for email, Skyp
# Connect your DNS records at IONOS by 1&1 to Microsoft 365
- **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.
+ **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.
If IONOS by 1&1 is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype for Business Online, and so on.
If IONOS by 1&1 is your DNS hosting provider, follow the steps in this article t
You have two options for setting up DNS records for your domain: -- [**Use Domain Connect**](#use-domain-connect-to-verify-and-set-up-your-domain) If you haven't set up your domain with another email service provider, use the Domain Connect steps to automatically verify and set up your new domain to use with Microsoft 365.
+- [**Use Domain Connect**](#use-domain-connect-to-verify-and-set-up-your-domain) If you haven't set up your domain with another email service provider, use the Domain Connect steps to automatically verify and set up your new domain to use with Microsoft 365.
OR -- [**Use the manual steps**](#create-dns-records-with-manual-setup) Verify your domain using the manual steps below and choose when and which records to add to your domain registrar. This allows you to set up new MX (mail) records, for example, at your convenience.
+- [**Use the manual steps**](#create-dns-records-with-manual-setup) Verify your domain using the manual steps below and choose when and which records to add to your domain registrar. This allows you to set up new MX (mail) records, for example, at your convenience.
## Use Domain Connect to verify and set up your domain
Follow these steps to automatically verify and set up your IONOS by 1&1 domain w
:::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup.":::
-1. On the How do you want to connect your domain? page, select **Continue**.
+1. On the How do you want to connect your domain? page, select **Continue**.
1. On the Add DNS records page, select **Add DNS records**.
Follow these steps to automatically verify and set up your IONOS by 1&1 domain w
:::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-3.png" alt-text="Select Connect, and then Allow.":::
- This completes your domain setup for Microsoft 365.
+ This completes your domain setup for Microsoft 365.
## Create DNS records with manual setup After you add these records at IONOS by 1&1, your domain will be set up to work with Microsoft services.
-
+ > [!CAUTION] > Note that IONOS by 1&1 doesn't allow a domain to have both an MX record and a top-level Autodiscover CNAME record. This limits the ways in which you can configure Exchange Online for Microsoft. There is a workaround, but we recommend employing it **only** if you already have experience with creating subdomains at IONOS by 1&1. > If despite this [service limitation](../setup/domains-faq.yml) you choose to manage your own Microsoft DNS records at IONOS by 1&1, follow the steps in this article to verify your domain and to set up DNS records for email, Skype for Business Online, and so on.
-
+ > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+ ### Add a TXT record for verification Before you use your domain with Microsoft, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Microsoft that you own the domain.
-
+ > [!NOTE] > This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
-
+ 1. To get started, go to your domains page at IONOS by 1&1 by using [this link](https://my.1and1.com/). You'll be prompted to log in. 1. Select **Menu**, and then select **Domains and SSL**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL.":::
-
+ 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list.":::
Before you use your domain with Microsoft, we have to make sure that you own it.
1. On the Add a DNS record page, in the boxes for the new record, type or copy and paste the values from the following table.
- |**Host name** <br/> |**Value** <br/> | **TTL**
- |:--|:--|:--|
- |(Leave this field blank) <br/> |MS=ms *XXXXXXXX* <br/> NOTE: This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) | 1 hour |
+ |Host name|Value|TTL|
+ ||||
+ |(Leave this field blank)|MS=ms *XXXXXXXX* <br/> NOTE: This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|1 hour|
1. Select **Save**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-5.png" alt-text="Select Save.":::
-
+ Wait a few minutes before you continue, so that the record you just created can update across the Internet. Now that you've added the record at your domain registrar's site, you'll go back to Microsoft 365 and request Microsoft 365 to look for the record. When Microsoft finds the correct TXT record, your domain is verified. To verify the record in Microsoft 365:
-
+ 1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>. 1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
To verify the record in Microsoft 365:
:::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup."::: 1. Select **Continue**.
-
+ 1. On the **Verify domain** page, select **Verify**. > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+ ### Add an MX record so email for your domain will come to Microsoft
-
+ > [!NOTE]
-> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
+> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
1. To get started, go to your domains page at IONOS by 1&1 by using [this link](https://my.1and1.com/). You'll be prompted to log in. 1. Select **Menu**, and then select **Domains and SSL**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL.":::
-
+ 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list.":::
To verify the record in Microsoft 365:
1. Select the **MX** section. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-MX.png" alt-text="Select the MX section.":::
-
+ 1. On the Add a DNS record page, in the boxes for the new record, type or copy and paste the values from the following table.
- | **Host name**| **Points to** |**Priority**| **TTL** |
- |:--|:--|:--| :--|
- | @ | *\<domain-key\>* .mail.protection.outlook.com <br/> NOTE: Get your \<domain-key\> from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) |10 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml) | 1 hour |
-
+ |Host name|Points to|Priority|TTL|
+ |||||
+ |@|*\<domain-key\>*.mail.protection.outlook.com <br/> NOTE: Get your \<domain-key\> from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|10 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml)|1 hour|
+ 1. Select **Save**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-MX-Save.png" alt-text="Select Save.":::
To verify the record in Microsoft 365:
### Add the CNAME record required for Microsoft > [!NOTE]
-> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
-
+> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
+ 1. To get started, go to your domains page at IONOS by 1&1 by using [this link](https://my.1and1.com/). You'll be prompted to log in. 1. Select **Menu**, and then select **Domains and SSL**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL.":::
-
+ 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list.":::
- Now you'll create two subdomains and set an **Alias** value for each.<br/>(This is required because 1&1 IONOS supports only one top-level CNAME record, but Microsoft requires several CNAME records.)<br/>First, you'll create the Autodiscover subdomain.
+ Now you'll create two subdomains and set an **Alias** value for each.
+
+ (This is required because 1&1 IONOS supports only one top-level CNAME record, but Microsoft requires several CNAME records.)
+
+ First, you'll create the Autodiscover subdomain.
1. Select **Subdomains**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-Subdomains.png" alt-text="Select Subdomain.":::
-
+ 1. Select **Add subdomain**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-add-subdomains.png" alt-text="Select Add subdomains.":::
-
+ 1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.)
- |**Add subdomain**| **Alias** |
- |:--|:--|
- |autodiscover <br/> | autodiscover.outlook.com |
+ |Add subdomain|Alias|
+ |||
+ |autodiscover|autodiscover.outlook.com|
-1. Under **Actions** for the **autodiscover** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list. <br/>
+1. Under **Actions** for the **autodiscover** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list.
1. Select **Add record**, and then select the **CNAME** section.
-1. In the **Alias:** box, type or copy and paste only the **Alias** value from the following table. <br/>
+1. In the **Alias:** box, type or copy and paste only the **Alias** value from the following table.
+
+ |Add subdomain|Alias|
+ |||
+ |autodiscover|autodiscover.outlook.com|
- |**Add subdomain**| **Alias** |
- |:--|:--|
- |autodiscover <br/> | autodiscover.outlook.com |
-
1. Select **Save**. ## Add a TXT record for SPF to help prevent email spam > [!IMPORTANT]
-> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md). To validate your SPF record, you can use one of these[SPF validation tools](../setup/domains-faq.yml).
-
+> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md). To validate your SPF record, you can use one of these[SPF validation tools](../setup/domains-faq.yml).
+ > [!NOTE]
-> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
-
+> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
+ 1. To get started, go to your domains page at IONOS by 1&1 by using [this link](https://my.1and1.com/). You'll be prompted to log in. 1. Select **Menu**, and then select **Domains and SSL**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL.":::
-
+ 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list.":::
To verify the record in Microsoft 365:
:::image type="content" source="../../media/dns-IONOS/IONOS-domains-SPFTXT.png" alt-text="Select the SPF (TXT) section.":::
-1. In the boxes for the new record, type or copy and paste the values from the following table. <br/>
+1. In the boxes for the new record, type or copy and paste the values from the following table.
+
+ |Type|Host name|Value|TTL|
+ |||||
+ |SPF (TXT)|(Leave this field empty.)|v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|1 hour|
- |**Type**|**Host name**|**Value**| **TTL** |
- |:--|:--|:--|:--|
- |SPF (TXT) <br/> |(Leave this field empty.) <br/> |v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct. | 1 hour |
-
1. Select **Save**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-SPFTXT-Save.png" alt-text="Select Save."::: ## Advanced option: Skype for Business
-Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for online communication services like chat, conference calls, and video calls, in addition to ΓÇÄMicrosoft TeamsΓÇÄ. ΓÇÄSkypeΓÇÄ needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
+Only select this option if your organization uses Skype for Business for online communication services like chat, conference calls, and video calls, in addition to Microsoft Teams. Skype needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
### Add two additional CNAME records
-
+ 1. To get started, go to your domains page at IONOS by 1&1 by using [this link](https://my.1and1.com/). You'll be prompted to log in. 1. Select **Menu**, and then select **Domains and SSL**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL.":::
-
+ 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list.":::
- Now you'll create two subdomains and set an **Alias** value for each.<br/>(This is required because 1&1 IONOS supports only one top-level CNAME record, but Microsoft requires several CNAME records.)<br/>First, you'll create the lyncdiscover subdomain.
+ Now you'll create two subdomains and set an **Alias** value for each.
+
+ (This is required because 1&1 IONOS supports only one top-level CNAME record, but Microsoft requires several CNAME records.)
+
+ First, you'll create the lyncdiscover subdomain.
1. Select **Subdomains**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-Subdomains.png" alt-text="Select Subdomain.":::
-
+ 1. Select **Add subdomain**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-add-subdomains.png" alt-text="Select Add subdomains.":::
-1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.)<br/>
+1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.)
- |**Add subdomain**|**Alias**|
- |:--|:--|
+ |Add subdomain|Alias|
+ |||
|lyncdiscover |webdir.online.lync.com |
-1. Under **Actions** for the **lyncdiscover** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list. <br/>
+1. Under **Actions** for the **lyncdiscover** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list.
1. Select **Add record**, and then select the **CNAME** section.
-1. In the **Alias:** box, type or copy and paste only the **Alias** value from the following table. <br/>
+1. In the **Alias:** box, type or copy and paste only the **Alias** value from the following table.
- |**Create Subdomain**|**Alias**|
- |:--|:--|
- |lyncdiscover <br/> |webdir.online.lync.com <br/> |
+ |Create Subdomain|Alias|
+ |||
+ |lyncdiscover|webdir.online.lync.com|
-1. Create another subdomain (SIP): <br/>Select **Add subdomain**.
+1. Create another subdomain (SIP): Select **Add subdomain**.
-1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.) <br/>
+1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.)
- |**Add subdomain**|**Alias**|
- |:--|:--|
- |sip <br/> |sipdir.online.lync.com <br/> |
+ |Add subdomain|Alias|
+ |||
+ |sip|sipdir.online.lync.com|
-1. Under **Actions** for the subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list. <br/>
+1. Under **Actions** for the subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list.
1. Select **Add record**.
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
1. Select the **CNAME** section.
-1. in the **Alias:** box, type or copy and paste only the **Alias** value from the following table.
+1. in the **Alias:** box, type or copy and paste only the **Alias** value from the following table.
- |**Create Subdomain**|**Alias**|
- |:--|:--|
- |sip <br/> |sipdir.online.lync.com <br/> |
+ |Create Subdomain|Alias|
+ |||
+ |sip|sipdir.online.lync.com|
1. Select the check box for the **I am aware** disclaimer, and then select **Save**. ## Add the two SRV records required for Microsoft
-
+ > [!NOTE]
-> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
-
+> If you've registered with 1und1.de, [sign in here](https://go.microsoft.com/fwlink/?linkid=859152).
+ 1. To get started, go to your domains page at IONOS by 1&1 by using [this link](https://my.1and1.com/). You'll be prompted to log in. 1. Select **Menu**, and then select **Domains and SSL**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL.":::
-
+ 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list.":::
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
:::image type="content" source="../../media/dns-IONOS/IONOS-domains-SRV.png" alt-text="Select the SRV section.":::
-1. In the boxes for the new record, type or copy and paste the values from the following table. <br/>
+1. In the boxes for the new record, type or copy and paste the values from the following table.
+
+ |Type|Service|Protocol|Host name|Points to|Priority|Weight|Port|TTL|
+ ||||||||||
+ |SRV|_sip|tls|(Leave this field empty.)|sipdir.online.lync.com|100|1|443|1 hour|
+ |SRV|_sipfederationtls|tcp|(Leave this field empty.)|sipfed.online.lync.com|100|1|5061|1 hour|
- |**Type**|**Service**|**Protocol**|**Host name**|**Points to**|**Priority**|**Weight**|**Port**|**TTL**|
- |:--|:--|:--|:--|:--|:--|:--|:--|:--|
- |SRV <br/> |_sip <br/> |tls <br/> |(Leave this field empty.) <br/> |sipdir.online.lync.com <br/> |100 <br/> |1 <br/> |443 <br/> |1 hour <br/> |
- |SRV <br/> |_sipfederationtls <br/> |tcp <br/> |(Leave this field empty.) <br/> |sipfed.online.lync.com <br/> |100 <br/> |1 <br/> |5061 <br/> |1 hour <br/> |
-
1. Select **Save**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-SRV-Save.png" alt-text="Select Save.":::
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
1. Add the other SRV record. > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
## Advanced option: Intune and Mobile Device Management for Microsoft 365
-This service helps you secure and remotely manage mobile devices that connect to your domain. ΓÇÄMobile Device ManagementΓÇÄ needs 2 CNAME records so that users can enroll devices to the service.
+This service helps you secure and remotely manage mobile devices that connect to your domain. Mobile Device Management needs 2 CNAME records so that users can enroll devices to the service.
### Add the two required CNAME records > [!IMPORTANT]
-> Follow the subdomain procedure that you used for the other CNAME records, and supply the values from the following table.
-
+> Follow the subdomain procedure that you used for the other CNAME records, and supply the values from the following table.
+ 1. To get started, go to your domains page at IONOS by 1&1 by using [this link](https://my.1and1.com/). You'll be prompted to log in. 1. Select **Menu**, and then select **Domains and SSL**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL.":::
-
+ 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list.":::
- Now you'll create two subdomains and set an **Alias** value for each.<br/>(This is required because 1&1 IONOS supports only one top-level CNAME record, but Microsoft requires several CNAME records.)<br/>First, you'll create the lyncdiscover subdomain.
+ Now you'll create two subdomains and set an **Alias** value for each.
+
+ (This is required because 1&1 IONOS supports only one top-level CNAME record, but Microsoft requires several CNAME records.)
+
+ First, you'll create the lyncdiscover subdomain.
1. Select **Subdomains**.
-
+ :::image type="content" source="../../media/dns-IONOS/IONOS-domains-Subdomains.png" alt-text="Select Subdomain.":::
-
+ 1. Select **Add subdomain**. :::image type="content" source="../../media/dns-IONOS/IONOS-domains-add-subdomains.png" alt-text="Select Add subdomains.":::
-1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.)<br/>
+1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.)
- |**Add subdomain**|**Alias**|
- |:--|:--|
- |enterpriseregistration <br/> |enterpriseregistration.windows.net <br/> |
+ |Add subdomain|Alias|
+ |||
+ |enterpriseregistration|enterpriseregistration.windows.net|
-1. Under **Actions** for the **enterpriseregistration** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list. <br/>
+1. Under **Actions** for the **enterpriseregistration** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list.
1. Select **Add record**, and then select the **CNAME** section.
-1. In the **Alias:** box, type or copy and paste only the **Alias** value from the following table. <br/>
+1. In the **Alias:** box, type or copy and paste only the **Alias** value from the following table.
- |**Add subdomain**|**Alias**|
- |:--|:--|
- |enterpriseregistration <br/> |enterpriseregistration.windows.net <br/> |
+ |Add subdomain|Alias|
+ |||
+ |enterpriseregistration|enterpriseregistration.windows.net|
-1. Create another subdomain: <br/>Select **Add subdomain**.
+1. Create another subdomain: Select **Add subdomain**.
-1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.) <br/>
+1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.)
- |**Add subdomain**|**Alias**|
- |:--|:--|
- |enterpriseenrollment <br/> |enterpriseenrollment-s.manage.microsoft.com <br/> |
+ |Add subdomain|Alias|
+ |||
+ |enterpriseenrollment|enterpriseenrollment-s.manage.microsoft.com|
-1. Under **Actions** for the **enterpriseenrollment** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list. <br/>
+1. Under **Actions** for the **enterpriseenrollment** subdomain that you just created, select the gear control, and then select **DNS** from the drop-down list.
1. Select **Add record**.
This service helps you secure and remotely manage mobile devices that connect to
1. Select the **CNAME** section.
-1. in the **Alias:** box, type or copy and paste only the **Alias** value from the following table.
+1. in the **Alias:** box, type or copy and paste only the **Alias** value from the following table.
- |**Create Subdomain**|**Alias**|
- |:--|:--|
- |enterpriseenrollment <br/> |enterpriseenrollment-s.manage.microsoft.com <br/> |
+ |Create Subdomain|Alias|
+ |||
+ |enterpriseenrollment|enterpriseenrollment-s.manage.microsoft.com|
-1. Select the check box for the **I am aware** disclaimer, and then select **Save**.
+1. Select the check box for the **I am aware** disclaimer, and then select **Save**.
admin Create Dns Records At Aws https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-aws.md
Only select this option if your organization uses Skype for Business for online
> [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-### Add the two required CNAME records
+### Add the two required CNAME records for Skype for Business
1. To get started, go to your domains page at AWS by using [this link](https://console.aws.amazon.com/route53/home). You'll be prompted to log in first.
admin Create Dns Records At Cloudflare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-cloudflare.md
Only select this option if your organization uses Skype for Business for online
> [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-### Add the two required CNAME records
+### Add the two required CNAME records for Skype for Business
1. To get started, go to your domains page at Cloudflare by using [this link](https://www.cloudflare.com/a/login). You'll be prompted to log in first.
admin Create Dns Records At Godaddy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-godaddy.md
Follow these steps to automatically verify and set up your GoDaddy domain with M
1. On the GoDaddy login page, sign in to your account, and select **Authorize**.
- This completes your domain setup for Microsoft 365.
+ This completes your domain setup for Microsoft 365.
## Create DNS records with manual setup
Before you use your domain with Microsoft, we have to make sure that you own it.
1. In the boxes for the new record, type or copy and paste the values from the table.
- |**Type** |**Host**|**TXT Value**|**TTL** |
- |:--|:--|:--|:--|
- |TXT |@|MS=ms *XXXXXXXX*<br>**Note**: This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|1 hour <br>|
+ |Type|Host|TXT Value|TTL|
+ |||||
+ |TXT|@|MS=ms *XXXXXXXX*<br>**Note**: This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|1 hour <br>|
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXT-values.png" alt-text="Fill in the values from the table for the TXT record.":::
To verify the record in Microsoft 365:
5. In the boxes for the new record, type or copy and paste the values from the following table.
- (Choose the **Type** and **TTL** values from the drop-down list.)
+ (Choose the **Type** and **TTL** values from the drop-down list.)
- |**Type**|**Host**|**Points to**|**Priority**|**TTL**|
- |:--|:--|:--|:--|:--|
- |MX <br/> |@ <br/> | *\<domain-key\>* .mail.protection.outlook.com <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) |10 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml) <br/> |1 hour <br/> |
+ |Type|Host|Points to|Priority|TTL|
+ ||||||
+ |MX|@| *\<domain-key\>*.mail.protection.outlook.com <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|10 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml)|1 hour|
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-Type.png" alt-text="Fill in the values from the table for the MX record.":::
To verify the record in Microsoft 365:
5. Create the CNAME record.
- In the boxes for the new record, type or copy and paste the values from the first row of the following table.
+ In the boxes for the new record, type or copy and paste the values from the first row of the following table.
- (Choose the **TTL** value from the drop-down list.)
+ (Choose the **TTL** value from the drop-down list.)
- |**Type**|**Host**|**Points to**|**TTL**|
- |:--|:--|:--|:--|
- |CNAME <br/> |autodiscover <br/> |autodiscover.outlook.com <br/> |1 hour <br/> |
+ |Type|Host|Points to|TTL|
+ |||||
+ |CNAME|autodiscover|autodiscover.outlook.com|1 hour|
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-values.png" alt-text="Fill in the values from the table for the CNAME record.":::
To verify the record in Microsoft 365:
5. In the boxes for the new record, type or copy and paste the following values.
- (Choose the **TTL** value from the drop-down lists.)
+ (Choose the **TTL** value from the drop-down lists.)
- |**Type**|**Host**|**TXT Value**|**TTL**|
- |:--|:--|:--|:--|
- |TXT <br/> |@ <br/> |v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct. |1 hour <br/> |
+ |Type|Host|TXT Value|TTL|
+ |||||
+ |TXT|@|v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|1 hour|
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXT-values.png" alt-text="Fill in the values from the table for the TXT record.":::
To verify the record in Microsoft 365:
## Advanced option: Skype for Business
-Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for online communication services like chat, conference calls, and video calls, in addition to ΓÇÄMicrosoft TeamsΓÇÄ. ΓÇÄSkypeΓÇÄ needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
+Only select this option if your organization uses Skype for Business for online communication services like chat, conference calls, and video calls, in addition to Microsoft Teams. Skype needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
### Add the two required SRV records
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
1. Create the first SRV record.
- In the boxes for the new record, type or copy and paste the values from the first row of the following table.
+ In the boxes for the new record, type or copy and paste the values from the first row of the following table.
- (Choose the **Type** and **TTL** values from the drop-down lists.)
+ (Choose the **Type** and **TTL** values from the drop-down lists.)
- |**Type**|**Service**|**Protocol**| **Name** | **Target**|**Priority**|**Weight**|**Port**|**TTL**|
- |:--|:--|:--|:--|:--|:--|:--|:--|:--|
- |SRV <br/> |_sip <br/> |_tls <br/> |@ <br/> |sipdir.online.lync.com <br/> |100 <br/> | 1 <br/> |443 <br/> |1 Hour <br/> |
- |SRV <br/> |_sipfederationtls <br/> |_tcp <br/> |@ <br/> | sipfed.online.lync.com <br/> | 100 <br/> |1 <br/> |5061 <br/> |1 Hour <br/> |
+ |Type|Service|Protocol|Name|Target|Priority|Weight|Port|TTL|
+ ||||||||||
+ |SRV|_sip|_tls|@|sipdir.online.lync.com|100| 1|443|1 Hour|
+ |SRV|_sipfederationtls|_tcp|@| sipfed.online.lync.com| 100|1|5061|1 Hour|
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-SRV-values.png" alt-text="Fill in the values from the table for the SRV record.":::
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
> [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-### Add the two required CNAME records
+### Add the two required CNAME records for Skype for Business
1. To get started, go to your domains page at GoDaddy by using [this link](https://account.godaddy.com/products/?go_redirect=disabled). If you're prompted to log in, use your login credentials, select your login name in the upper right, and then select **My Products**.
-2. Under **Domains**, select the three dots next to the domain you want to verify, and then select **Manage DNS**.
+1. Under **Domains**, select the three dots next to the domain you want to verify, and then select **Manage DNS**.
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-1.png" alt-text="Select Manage DNS from the drop-down list.":::
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
1. In the empty boxes for the new records, type or copy and paste the values from the first row in the following table.
- |**Type**|**Host**|**Points to**|**TTL**|
- |:--|:--|:--|:--|
- |CNAME <br/> |sip <br/> |sipdir.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |1 Hour <br/> |
- |CNAME <br/> |lyncdiscover <br/> |webdir.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |1 Hour <br/> |
+ |Type|Host|Points to|TTL|
+ |||||
+ |CNAME|sip|sipdir.online.lync.com. <br/> **This value MUST end with a period (.)**|1 Hour|
+ |CNAME|lyncdiscover|webdir.online.lync.com. <br/> **This value MUST end with a period (.)**|1 Hour|
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-values.png" alt-text="Fill in the values from the table for the CNAME record.":::
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
## Advanced option: Intune and Mobile Device Management for Microsoft 365
-This service helps you secure and remotely manage mobile devices that connect to your domain. ΓÇÄMobile Device ManagementΓÇÄ needs 2 CNAME records so that users can enroll devices to the service.
+This service helps you secure and remotely manage mobile devices that connect to your domain. Mobile Device Management needs 2 CNAME records so that users can enroll devices to the service.
-### Add the two required CNAME records
+### Add the two required CNAME records Mobile Device Management
1. To get started, go to your domains page at GoDaddy by using [this link](https://account.godaddy.com/products/?go_redirect=disabled).
This service helps you secure and remotely manage mobile devices that connect to
1. In the empty boxes for the new records, type or copy and paste the values from the first row in the following table.
- |**Type**|**Host**|**Points to**|**TTL**|
- |:--|:--|:--|:--|
- |CNAME <br/> |enterpriseregistration <br/> |enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)** <br/> |1 Hour <br/> |
- |CNAME <br/> |enterpriseenrollment <br/> |enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)** <br/> |1 Hour <br/> |
+ |Type|Host|Points to|TTL|
+ |||||
+ |CNAME|enterpriseregistration|enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)**|1 Hour|
+ |CNAME|enterpriseenrollment|enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)**|1 Hour|
:::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-values.png" alt-text="Fill in the values from the table for the CNAME record.":::
admin Create Dns Records At Namecheap https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-namecheap.md
ms.localizationpriority: medium -+ - M365-subscription-management - Adm_O365 - Adm_NonTOC
description: "Learn to verify your domain and set up DNS records for email, Skyp
# Connect your DNS records at Namecheap to Microsoft 365
- **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.
-
+ **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.
+ If Namecheap is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype for Business Online, and so on.
-
+ After you add these records at Namecheap, your domain will be set up to work with Microsoft services.
-
+ > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Add a TXT record for verification Before you use your domain with Microsoft, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Microsoft that you own the domain.
-
+ > [!NOTE]
-> This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
-
+> This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
+ 1. To get started, go to your domains page at Namecheap by using [this link](https://www.namecheap.com/myaccount/login.aspx?ReturnUrl=%2f). You'll be prompted to Sign in and Continue. :::image type="content" source="../../media/1827f9fc-4dc9-4f9d-a392-7817c47b00b3.png" alt-text="Sign in to Namecheap.":::
-1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
+1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
:::image type="content" source="../../media/3f457d64-4589-422c-ae34-fc24b0e819eb.png" alt-text="Select Domain List from the drop-down list.":::
Before you use your domain with Microsoft, we have to make sure that you own it.
:::image type="content" source="../../media/8849abfe-deb6-4f6a-b56d-e69be9a28b0f.png" alt-text="Select ADD NEW RECORD."::: 1. In the **Type** drop-down, select **TXT Record**.
-
+ > [!NOTE]
- > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
+ > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
:::image type="content" source="../../media/a5b40973-19b5-4c32-8e1b-1521aa971836.png" alt-text="Select TXT Record."::: 1. In the boxes for the new record, type or copy and paste the values from the following table.
-
- (Choose the **TTL** value from the drop-down list.)
-
- |**Type**|**Host**|**Value**|**TTL**|
- |:--|:--|:--|:--|
- |TXT <br/> |@ <br/> |MS=ms *XXXXXXXX* <br/>**Note:** This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) |30 min <br/> |
+
+ (Choose the **TTL** value from the drop-down list.)
+
+ |Type|Host|Value|TTL|
+ |||||
+ |TXT|@|MS=ms *XXXXXXXX* <br/>**Note:** This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|30 min|
:::image type="content" source="../../media/fe75c0fd-f85c-4bef-8068-edaf9779b7f1.png" alt-text="Copy and paste the values from the table.":::
-1. Select the **Save Changes** (check mark) control.
+1. Select the **Save Changes** (check mark) control.
:::image type="content" source="../../media/b48d2c67-66b5-4aa4-8e59-0c764f236fac.png" alt-text="Select the Save Changes control."::: 1. Wait a few minutes before you continue, so that the record you just created can update across the Internet.
-
-Now that you've added the record at your domain registrar's site, you'll go back to Microsoft and request the record. When Microsoft finds the correct TXT record, your domain is verified.
+
+Now that you've added the record at your domain registrar's site, you'll go back to Microsoft and request the record. When Microsoft finds the correct TXT record, your domain is verified.
To verify the record in Microsoft 365:
-
+ 1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
-
-1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
+
+1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
:::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup."::: 1. Select **Continue**.
-
+ 1. On the **Verify domain** page, select **Verify**.
-
+ > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Add an MX record so email for your domain will come to Microsoft
-
+ 1. To get started, go to your domains page at Namecheap by using [this link](https://www.namecheap.com/myaccount/login.aspx?ReturnUrl=%2f). You'll be prompted to Sign in and Continue. :::image type="content" source="../../media/1827f9fc-4dc9-4f9d-a392-7817c47b00b3.png" alt-text="Sign in to Namecheap.":::
-1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
+1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
:::image type="content" source="../../media/3f457d64-4589-422c-ae34-fc24b0e819eb.png" alt-text="Choose Domain List from the drop-down list.":::
To verify the record in Microsoft 365:
:::image type="content" source="../../media/05a4f0b9-1d27-448e-9954-2b23304c5f65.png" alt-text="Select Advanced DNS.":::
-1. In the **MAIL SETTINGS** section, select **Custom MX** from the **Email Forwarding** drop-down list.
-
+1. In the **MAIL SETTINGS** section, select **Custom MX** from the **Email Forwarding** drop-down list.
+ (You may have to scroll down.)
- :::image type="content" source="../../media/40199e2c-42cf-4c3f-9936-3cbe5d4e81a4.png" alt-text="Select Custom MX.":::
+ :::image type="content" source="../../media/40199e2c-42cf-4c3f-9936-3cbe5d4e81a4.png" alt-text="Select Custom MX.":::
1. Select **Add New Record**. :::image type="content" source="../../media/8d169b81-ba48-4d51-84ea-a08fa1616457.png" alt-text="ADD NEW RECORD."::: 1. In the boxes for the new record, type or copy and paste the values, from the following table.
-
- (The **Priority** box is the unnamed box to the right of the **Value** box. Choose the **TTL** value from the drop-down list.)
-
- |**Type**|**Host**|**Value**|**Priority**|**TTL**|
- |:--|:--|:--|:--|:--|
- |MX Record <br/> |@ <br/> |\<*domain-key*\>.mail.protection.outlook.com. <br/> **This value MUST end with a period (.)** <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) |0 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml) <br/> |30 min <br/> |
+
+ (The **Priority** box is the unnamed box to the right of the **Value** box. Choose the **TTL** value from the drop-down list.)
+
+ |Type|Host|Value|Priority|TTL|
+ ||||||
+ |MX Record|@|\<*domain-key*\>.mail.protection.outlook.com. <br/> **This value MUST end with a period (.)** <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|0 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml)|30 min|
:::image type="content" source="../../media/f3b76d62-5022-48c1-901b-8615a8571309.png" alt-text="Copy and paste the values from the table.":::
-1. Select the **Save Changes** (check mark) control.
+1. Select the **Save Changes** (check mark) control.
:::image type="content" source="../../media/ef4e3112-36d2-47c8-a478-136a565dd71d.png" alt-text="Select the Save Changes control."::: 1. If there are any other MX records, use the following two-step process to remove each of them:
-
- First, select **Delete** (trash can) for the record that you want to remove.
+
+ First, select **Delete** (trash can) for the record that you want to remove.
:::image type="content" source="../../media/7a7a751f-29c2-495f-8f55-98ca37ce555a.png" alt-text="Select Delete.":::
- Second, select **Yes** to confirm the deletion.
+ Second, select **Yes** to confirm the deletion.
:::image type="content" source="../../media/85ebc0c7-8787-43ee-9e7b-647375b3345c.png" alt-text="Select Yes."::: Remove all MX records except for the one that you added earlier in this procedure.
-
+ ## Add the CNAME record required for Microsoft 1. To get started, go to your domains page at Namecheap by using [this link](https://www.namecheap.com/myaccount/login.aspx?ReturnUrl=%2f). You'll be prompted to Sign in and Continue. :::image type="content" source="../../media/1827f9fc-4dc9-4f9d-a392-7817c47b00b3.png" alt-text="Sign in to Namecheap.":::
-1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
+1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
:::image type="content" source="../../media/3f457d64-4589-422c-ae34-fc24b0e819eb.png" alt-text="Select Domain List.":::
To verify the record in Microsoft 365:
:::image type="content" source="../../media/8849abfe-deb6-4f6a-b56d-e69be9a28b0f.png" alt-text="Select ADD NEW RECORD."::: 1. In the **Type** drop-down, select **CNAME Record**.
-
+ > [!NOTE]
- > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
+ > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
:::image type="content" source="../../media/0898f3b2-06ab-4364-a86a-a603a25b39f4.png" alt-text="Select CNAME Record."::: 1. In the empty boxes for the new record, select **CNAME** for the **Record Type**, and then type or copy and paste the values from the first row in the following table.
-
- |**Type**|**Host**|**Value**|**TTL**|
- |:--|:--|:--|:--|
- |CNAME <br/> |autodiscover <br/> |autodiscover.outlook.com. <br/> **This value MUST end with a period (.)** <br/> |Automatic <br/> |
+
+ |Type|Host|Value|TTL|
+ |||||
+ |CNAME|autodiscover|autodiscover.outlook.com. <br/> **This value MUST end with a period (.)**|Automatic|
:::image type="content" source="../../media/f79c5679-34eb-4544-8517-caa2e8a4111a.png" alt-text="Copy and paste the values from the table.":::
-1. Select the **Save Changes** (check mark) control.
+1. Select the **Save Changes** (check mark) control.
:::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Select the Save Changes control."::: ## Add a TXT record for SPF to help prevent email spam > [!IMPORTANT]
-> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values.
+> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values.
1. To get started, go to your domains page at Namecheap by using [this link](https://www.namecheap.com/myaccount/login.aspx?ReturnUrl=%2f). You'll be prompted to Sign in and Continue.
-
-1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
+
+1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
:::image type="content" source="../../media/3f457d64-4589-422c-ae34-fc24b0e819eb.png" alt-text="Select Domain List.":::
To verify the record in Microsoft 365:
:::image type="content" source="../../media/8849abfe-deb6-4f6a-b56d-e69be9a28b0f.png" alt-text="Select ADD NEW RECORD."::: 1. In the **Type** drop-down, select **TXT Record**.
-
+ > [!NOTE]
- > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
+ > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
:::image type="content" source="../../media/c5d1fddb-28b5-48ec-91c9-3e5d3955ac80.png" alt-text="Select TXT Record."::: 1. In the boxes for the new record, type or copy and paste the following values from the following table.
-
- (Choose the **TTL** value from the drop-down list.)
-
- |**Type**|**Host**|**Value**|**TTL**|
- |:--|:--|:--|:--|
- |TXT <br/> |@ <br/> |v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct. |30 min <br/> |
+
+ (Choose the **TTL** value from the drop-down list.)
+
+ |Type|Host|Value|TTL|
+ |||||
+ |TXT|@|v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|30 min|
:::image type="content" source="../../media/ea0829f1-990b-424b-b26e-9859468318dd.png" alt-text="Copy and paste the values from the table.":::
-1. Select the **Save Changes** (check mark) control.
+1. Select the **Save Changes** (check mark) control.
:::image type="content" source="../../media/f2846c36-ace3-43d8-be5d-a65e2c267619.png" alt-text="Select the Save Changes control."::: ## Advanced option: Skype for Business
-Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for online communication services like chat, conference calls, and video calls, in addition to ΓÇÄMicrosoft TeamsΓÇÄ. ΓÇÄSkypeΓÇÄ needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
+Only select this option if your organization uses Skype for Business for online communication services like chat, conference calls, and video calls, in addition to Microsoft Teams. Skype needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
### Add the two required SRV records
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
:::image type="content" source="../../media/1827f9fc-4dc9-4f9d-a392-7817c47b00b3.png" alt-text="Sign in to Namecheap.":::
-1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
+1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
:::image type="content" source="../../media/3f457d64-4589-422c-ae34-fc24b0e819eb.png" alt-text="Choose Domain List.":::
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
:::image type="content" source="../../media/8849abfe-deb6-4f6a-b56d-e69be9a28b0f.png" alt-text="Select ADD NEW RECORD."::: 1. In the **Type** drop-down, select **SRV Record**.
-
+ > [!NOTE]
- > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
+ > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
:::image type="content" source="../../media/fd55cd7c-2243-4de1-8d39-2c3f7ea3ae51.png" alt-text="Select the SRV Record type."::: 1. In the empty boxes for the new records, type or copy and paste the values from the first row in the following table.
-
- |**Service**|**Protocol**|**Priority**|**Weight**|**Port**|**Target**|**TTL**|
- |:--|:--|:--|:--|:--|:--|:--|
- |_sip <br/> |_tls <br/> |100 <br/> |1 <br/> |443 <br/> |sipdir.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |Automatic <br/> |
- |_sipfederationtls <br/> |_tcp <br/> |100 <br/> |1 <br/> |5061 <br/> |sipfed.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |Automatic <br/> |
-
+
+ |Service|Protocol|Priority|Weight|Port|Target|TTL|
+ ||||||||
+ |_sip|_tls|100|1|443|sipdir.online.lync.com. <br/> **This value MUST end with a period (.)**|Automatic|
+ |_sipfederationtls|_tcp|100|1|5061|sipfed.online.lync.com. <br/> **This value MUST end with a period (.)**|Automatic|
+ :::image type="content" source="../../media/ff9566ea-0096-4b7f-873c-027080a23b56.png" alt-text="Copy and paste the values from the table.":::
-1. Select the **Save Changes** (check mark) control.
+1. Select the **Save Changes** (check mark) control.
:::image type="content" source="../../media/48a8dee4-c66d-449d-8759-9e9784c82b13.png" alt-text="Select the Save Changes control."::: 1. Add the other SRV record by choosing the values from the second row of the table.
-
+ > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+
+### Add the two required CNAME records for Skype for Business
-### Add the two required CNAME records
-
1. In the **HOST RECORDS** section, select **ADD NEW RECORD**.
-
+ :::image type="content" source="../../media/8849abfe-deb6-4f6a-b56d-e69be9a28b0f.png" alt-text="Select ADD NEW NAME."::: 1. In the **Type** drop-down, select **CNAME**.
-
+ > [!NOTE]
- > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
+ > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
:::image type="content" source="../../media/fd55cd7c-2243-4de1-8d39-2c3f7ea3ae51.png" alt-text="Select CNAME."::: 1. In the empty boxes for the new records, type or copy and paste the values from the first row in the table.
-
- |**Type**|**Host**|**Value**|**TTL**|
- |:--|:--|:--|:--|
- |CNAME <br/> |sip <br/> |sipdir.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |Automatic <br/> |
- |CNAME <br/> |lyncdiscover <br/> |webdir.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |Automatic <br/> |
+
+ |Type|Host|Value|TTL|
+ |||||
+ |CNAME|sip|sipdir.online.lync.com. <br/> **This value MUST end with a period (.)**|Automatic|
+ |CNAME|lyncdiscover|webdir.online.lync.com. <br/> **This value MUST end with a period (.)**|Automatic|
:::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Copy and paste the CNAME values from the table.":::
-1. Select the **Save Changes** (check mark) control.
+1. Select the **Save Changes** (check mark) control.
:::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Select the Save Changes control."::: 1. Add the other CNAME record by choosing the values from the second row of the table.
-
+ > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Advanced option: Intune and Mobile Device Management for Microsoft 365
-This service helps you secure and remotely manage mobile devices that connect to your domain. ΓÇÄMobile Device ManagementΓÇÄ needs two CNAME records so that users can enroll devices to the service.
+This service helps you secure and remotely manage mobile devices that connect to your domain. Mobile Device Management needs two CNAME records so that users can enroll devices to the service.
-### Add the two required CNAME records
+### Add the two required CNAME records for Mobile Device Management
1. To get started, go to your domains page at Namecheap by using [this link](https://www.namecheap.com/myaccount/login.aspx?ReturnUrl=%2f). You'll be prompted to sign in. :::image type="content" source="../../media/1827f9fc-4dc9-4f9d-a392-7817c47b00b3.png" alt-text="Sign in to Namecheap.":::
-1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
+1. On the landing page, under **Account**, choose **Domain List** from the drop-down list.
:::image type="content" source="../../media/3f457d64-4589-422c-ae34-fc24b0e819eb.png" alt-text="Select Domain List."::: 1. On the **Domain List** page, select the domain that you want to edit, and then select **Manage**.
-
+ :::image type="content" source="../../media/fb2020d8-707c-4148-835e-304ac6244d66.png" alt-text="Select Manage."::: 1. Select **Advanced DNS**.
This service helps you secure and remotely manage mobile devices that connect to
:::image type="content" source="../../media/05a4f0b9-1d27-448e-9954-2b23304c5f65.png" alt-text="Select Manage DNS Records from the drop-down list."::: 1. In the **HOST RECORDS** section, select **ADD NEW RECORD**.
-
+ :::image type="content" source="../../media/8849abfe-deb6-4f6a-b56d-e69be9a28b0f.png" alt-text="Select ADD NEW RECORD."::: 1. In the **Type** drop-down, select **CNAME Record**.
-
+ > [!NOTE]
- > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
-
+ > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**.
+ :::image type="content" source="../../media/0898f3b2-06ab-4364-a86a-a603a25b39f4.png" alt-text="Select CNAME Record."::: 1. In the empty boxes for the new records, type or copy and paste the values from the first row in the table.
-
- |**Type**|**Host**|**Value**|**TTL**|
- |:--|:--|:--|:--|
- |CNAME <br/> |enterpriseregistration <br/> |enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)** <br/> |Automatic <br/> |
- |CNAME <br/> |enterpriseenrollment <br/> |enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)** <br/> |Automatic <br/> |
-
+
+ |Type|Host|Value|TTL|
+ |||||
+ |CNAME|enterpriseregistration|enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)**|Automatic|
+ |CNAME|enterpriseenrollment|enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)**|Automatic|
+ :::image type="content" source="../../media/f79c5679-34eb-4544-8517-caa2e8a4111a.png" alt-text="Copy and paste the values from the table.":::
-1. Select the **Save Changes** control.
+1. Select the **Save Changes** control.
:::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Select the Save Changes control."::: 1. Add the other CNAME record by choosing the values from the second row of the table.
-
-> [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> [!NOTE]
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
admin Create Dns Records At Network Solutions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-network-solutions.md
ms.localizationpriority: medium -+ - M365-subscription-management - Adm_O365 - Adm_NonTOC
description: "Learn to verify your domain and set up DNS records for email, Skyp
# Connect your DNS records at Network Solutions to Microsoft 365
- **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.
-
+ **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.
+ If Network Solutions is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype for Business Online, and so on. After you add these records at Network Solutions, your domain will be set up to work with Microsoft services.
-
+ > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Add a TXT record for verification Before you use your domain with Microsoft, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Microsoft that you own the domain.
-
+ > [!NOTE]
-> This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
-
+> This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
+ 1. To get started, go to your domains page at Network Solutions by using [this link](https://www.networksolutions.com/manage-it). You'll be prompted to log in.
-
+ 1. On the landing page, select **Domain Names**. 1. Select the check box next to the domain that you want to modify.
-
+ 1. Under **Actions**, select the three dots, and then select **Manage** from the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
-
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
+ 1. Scroll down to select **Advanced Tools**, and next to **Advanced DNS Records**, select **MANAGE**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+
+ You might have to select **Continue** to get to the Manage Advanced DNS Records page.
- You might have to select **Continue** to get to the Manage Advanced DNS Records page.
-
1. On the Manage Advanced DNS Records page, select **+ADD RECORD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
1. Under **Type**, select **TXT** from the drop-down list.
-
+ 1. In the boxes for the new record, type or copy and paste the values in the following table.
-
- | Refers to | TXT Value | TTL |
- |:--|:--|:--|
- |@ <br/> (The system will change this value to **@ (None)** when you save the record.) |MS=ms *XXXXXXXX* <br/> **Note:** This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) |3600 <br/> |
+
+ |Refers to|TXT Value|TTL|
+ ||||
+ |@ <br/> (The system will change this value to **@ (None)** when you save the record.)|MS=ms *XXXXXXXX* <br/> **Note:** This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|3600|
1. Select **ADD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Select ADD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Select ADD.":::
+
+ > [!NOTE]
+ > Select **Classic View** in the upper right to view the TXT record you created.
- > [!NOTE]
- > Select **Classic View** in the upper right to view the TXT record you created.
-
- Wait a few minutes before you continue, so that the record you just created can update across the Internet.
+ Wait a few minutes before you continue, so that the record you just created can update across the Internet.
Now that you've added the record at your domain registrar's site, you'll go back to Microsoft and request the record. When Microsoft finds the correct TXT record, your domain is verified. To verify the record in Microsoft 365:
-
+ 1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
-1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
+1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
- :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup.":::
+ :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup.":::
1. Select **Continue**.
-
+ 1. On the **Verify domain** page, select **Verify**. > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+ ## Add an MX record so email for your domain will come to Microsoft
-
+ 1. To get started, go to your domains page at Network Solutions by using [this link](https://www.networksolutions.com/manage-it). You'll be prompted to log in.
-
+ 1. On the landing page, select **Domain Names**. 1. Select the check box next to the domain that you want to modify.
-
+ 1. Under **Actions**, select the three dots, and then select **Manage** in the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
-
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
+ 1. Scroll down to select **Advanced Tools**, and next to **Advanced DNS Records**, select **MANAGE**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
- You might have to select **Continue** to get to the Manage Advanced DNS Records page.
+ You might have to select **Continue** to get to the Manage Advanced DNS Records page.
1. On the Manage Advanced DNS Records page, select **+ADD RECORD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
1. Under **Type**, select **MX** from the drop-down list.
-
- 1. In the boxes for the new record, type or copy and paste the values from the following table.
-
- | Refers to | Mail server | Priority | TTL |
- |:--|:--|:--|:--|
- | @ | *\<domain-key\>* .mail.protection.outlook.com <br/> **This value CANNOT end with a period (.)** <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) | 0 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml) | 1 Hour |
-
+
+ |Refers to|Mail server|Priority|TTL|
+ |||||
+ |@|*\<domain-key\>*.mail.protection.outlook.com <br/> **This value CANNOT end with a period (.)** <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|0 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml)|1 Hour|
+ 1. Select **ADD**.
-
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-MX-add.png" alt-text="Select ADD.":::
- > [!NOTE]
- > Select **Classic View** in the upper right to view the TXT record you created.
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-MX-add.png" alt-text="Select ADD.":::
+
+ > [!NOTE]
+ > Select **Classic View** in the upper right to view the TXT record you created.
1. If there are any other MX records, delete all of them by selecting the edit tool, and then **Delete** for each record.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-edit.png" alt-text="Select the Edit tool.":::
-
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-edit.png" alt-text="Select the Edit tool.":::
+ ## Add the CNAME record required for Microsoft 1. To get started, go to your domains page at Network Solutions by using [this link](https://www.networksolutions.com/manage-it). You'll be prompted to log in.
-
+ 1. On the landing page, select **Domain Names**. 1. Select the check box next to the domain that you want to modify.
-
+ 1. Under **Actions**, select the three dots, and then select **Manage** in the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
-
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
+ 1. Select **Advanced Tools**, and next to **Advanced DNS Records**, select **MANAGE**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
- You might have to select **Continue** to get to the Manage Advanced DNS Records page.
+ You might have to select **Continue** to get to the Manage Advanced DNS Records page.
1. On the Manage Advanced DNS Records page, select **+ADD RECORD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
1. Under **Type**, select **CNAME** from the drop-down list.
-
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname.png" alt-text="Select CNAME type from the drop-down list.":::
-
+
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname.png" alt-text="Select CNAME type from the drop-down list.":::
+ 1. In the boxes for the CNAME record, type or copy and paste the values from the following table.
-
- | Refers to | Host Name | Alias to | TTL |
- |:--|:--|:--|:--|
- |Other Host| autodiscover | autodiscover.outlook.com **This value CANNOT end with a period (.)** <br/> 1 Hour |
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname-values.png" alt-text="Type or copy and paste the CNAME values from the table into the window.":::
-
+ |Refers to|Host Name|Alias to|TTL|
+ |||||
+ |Other Host|autodiscover|autodiscover.outlook.com **This value CANNOT end with a period (.)** <br/> 1 Hour|
+
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname-values.png" alt-text="Type or copy and paste the CNAME values from the table into the window.":::
+ 1. Select **ADD**.
- > [!NOTE]
- > Select **Classic View** in the upper right to view the record you created.
-
+ > [!NOTE]
+ > Select **Classic View** in the upper right to view the record you created.
+ ## Add a TXT record for SPF to help prevent email spam > [!IMPORTANT]
-> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values.
-
+> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values.
+ 1. To get started, go to your domains page at Network Solutions by using [this link](https://www.networksolutions.com/manage-it). You'll be prompted to log in.
-
+ 1. On the landing page, select **Domain Names**. 1. Select the check box next to the domain that you want to modify. 1. Under **Actions**, select the three dots, and then select **Manage** in the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
1. Select **Advanced Tools**, and next to **Advanced DNS Records**, select **MANAGE**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
- You might have to select **Continue** to get to the Manage Advanced DNS Records page.
+ You might have to select **Continue** to get to the Manage Advanced DNS Records page.
1. On the Manage Advanced DNS Records page, select **+ADD RECORD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
1. Under **Type**, select **TXT** from the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-TXT.png" alt-text="Select TXT from the Type drop-down list.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-TXT.png" alt-text="Select TXT from the Type drop-down list.":::
1. In the boxes for the new record, type or copy and paste the following values.
-
- | Refers to | TXT Value | TTL
- |:--|:--|:--|
- |@ <br/> (The system will change this value to **@ (None)** when you save the record.) |v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct. | 1 Hour |
-
+
+ |Refers to|TXT Value|TTL
+ ||||
+ |@ <br/> (The system will change this value to **@ (None)** when you save the record.)|v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|1 Hour|
+ 1. Select **ADD**.
-
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Select ADD.":::
- > [!NOTE]
- > Select **Classic View** in the upper right to view the record you created.
-
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Select ADD.":::
+
+ > [!NOTE]
+ > Select **Classic View** in the upper right to view the record you created.
+ ## Advanced option: Skype for Business
-Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for online communication services like chat, conference calls, and video calls, in addition to ΓÇÄMicrosoft TeamsΓÇÄ. ΓÇÄSkypeΓÇÄ needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
+Only select this option if your organization uses Skype for Business for online communication services like chat, conference calls, and video calls, in addition to Microsoft Teams. Skype needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
### Add the two required SRV records 1. To get started, go to your domains page at Network Solutions by using [this link](https://www.networksolutions.com/manage-it). You'll be prompted to log in.
-
+ 1. On the landing page, select **Domain Names**. 1. Select the check box next to the domain that you want to modify. 1. Under **Actions**, select the three dots, and then select **Manage** in the drop-down list.
-
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
+
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
1. Select **Advanced Tools**, and next to **Advanced DNS Records**, select **MANAGE**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
- You might have to select **Continue** to get to the Manage Advanced DNS Records page.
+ You might have to select **Continue** to get to the Manage Advanced DNS Records page.
1. On the Manage Advanced DNS Records page, select **+ADD RECORD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
1. Under **Type**, select **SRV** from the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-srv.png" alt-text="Select SRV from the Type drop-down list.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-srv.png" alt-text="Select SRV from the Type drop-down list.":::
1. In the boxes for the two new records, type or copy and paste the values from the following table.
- (Choose the **Service** and **Protocol** values from the drop-down lists.)
-
- | Type | Service | Protocol | Weight | Port | Target | Priority | TTL |
- |:--|:--|:--|:--|:--|:--|:--|:--|
- | SRV |_sip |TLS |100 |443 |sipdir.online.lync.com <br/> **This value CANNOT end with a period (.)** | 1 | 1 Hour |
- | SRV |_sipfederationtls |TCP |100 |5061 |sipfed.online.lync.com <br/> **This value CANNOT end with a period (.)** |1 | 1 Hour |
-
+ (Choose the **Service** and **Protocol** values from the drop-down lists.)
+
+ |Type|Service|Protocol|Weight|Port|Target|Priority|TTL|
+ |||||||||
+ |SRV|_sip|TLS|100|443|sipdir.online.lync.com <br/> **This value CANNOT end with a period (.)**|1|1 Hour|
+ |SRV|_sipfederationtls|TCP|100|5061|sipfed.online.lync.com <br/> **This value CANNOT end with a period (.)**|1|1 Hour|
+ 1. Select **ADD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-srv-add.png" alt-text="Select ADD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-srv-add.png" alt-text="Select ADD.":::
- > [!NOTE]
- > Select **Classic View** in the upper right to view the record you created.
+ > [!NOTE]
+ > Select **Classic View** in the upper right to view the record you created.
1. Add the other SRV record by copying the values from the second row of the table. > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-### Add the two required CNAME records
+### Add the two required CNAME records for Skype for Business
1. To get started, go to your domains page at Network Solutions by using [this link](https://www.networksolutions.com/manage-it). You'll be prompted to log in.
-
+ 1. On the landing page, select **Domain Names**. 1. Select the check box next to the domain that you want to modify. 1. Under **Actions**, select the three dots, and then select **Manage** in the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
1. Select **Advanced Tools**, and next to **Advanced DNS Records**, select **MANAGE**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
- You might have to select **Continue** to get to the Manage Advanced DNS Records page.
+ You might have to select **Continue** to get to the Manage Advanced DNS Records page.
1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
1. Under **Type**, select **CNAME** from the drop-down list.
-
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname.png" alt-text="Select CNAME type from the drop-down list.":::
-
+
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname.png" alt-text="Select CNAME type from the drop-down list.":::
+ 1. In the boxes for the CNAME record, type or copy and paste the values from the following table.
- | Type | Refers to | Host Name | Alias to | TTL |
- |:--|:--|:--|:--|:--|
- | CNAME | Other Host | sip <br/> |sipdir.online.lync.com <br/> **This value CANNOT end with a period (.)** |1 Hour |
- | CNAME| Other Host | lyncdiscover <br/> |webdir.online.lync.com <br/> **This value CANNOT end with a period (.)** | 1 Hour |
+ |Type|Refers to|Host Name|Alias to|TTL|
+ ||||||
+ |CNAME|Other Host|sip|sipdir.online.lync.com <br/> **This value CANNOT end with a period (.)**|1 Hour|
+ |CNAME|Other Host|lyncdiscover|webdir.online.lync.com <br/> **This value CANNOT end with a period (.)**|1 Hour|
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname-values.png" alt-text="Type or copy and paste the CNAME values from the table into the window.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname-values.png" alt-text="Type or copy and paste the CNAME values from the table into the window.":::
1. Select **ADD**.
- > [!NOTE]
- > Select **Classic View** in the upper right to view the record you created.
+ > [!NOTE]
+ > Select **Classic View** in the upper right to view the record you created.
1. Add the other CNAME record by copying the values from the second row of the table. > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Advanced option: Intune and Mobile Device Management for Microsoft 365
-This service helps you secure and remotely manage mobile devices that connect to your domain. ΓÇÄMobile Device ManagementΓÇÄ needs 2 CNAME records so that users can enroll devices to the service.
+This service helps you secure and remotely manage mobile devices that connect to your domain. Mobile Device Management needs 2 CNAME records so that users can enroll devices to the service.
-### Add the two required CNAME records
+### Add the two required CNAME records for Mobile Device Management
1. To get started, go to your domains page at Network Solutions by using [this link](https://www.networksolutions.com/manage-it). You'll be prompted to log in.
-
+ 1. On the landing page, select **Domain Names**. 1. Select the check box next to the domain that you want to modify. 1. Under **Actions**, select the three dots, and then select **Manage** in the drop-down list.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-1.png" alt-text="Select Manage from the drop-down list.":::
1. Select **Advanced Tools**, and next to **Advanced DNS Records**, select **MANAGE**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-2.png" alt-text="Next to Advanced DNS records, select MANAGE.":::
- You might have to select **Continue** to get to the Manage Advanced DNS Records page.
+ You might have to select **Continue** to get to the Manage Advanced DNS Records page.
1. On the Manage Advanced DNS Records page, select **+ADD RECORD**.
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
-
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add-record.png" alt-text="Select +ADD RECORD.":::
+ 1. Under **Type**, select **CNAME** from the drop-down list.
-
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname.png" alt-text="Select CNAME type from the drop-down list.":::
-
+
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname.png" alt-text="Select CNAME type from the drop-down list.":::
+ 1. In the boxes for the CNAME record, type or copy and paste the values from the following table.
- | Type | Refers to | Host Name | Alias to | TTL |
- |:--|:--|:--|:--|:--|
- | CNAME | Other Host | enterpriseregistration |enterpriseregistration.windows.net <br/> **This value CANNOT end with a period (.)** | 1 Hour |
- | CNAME | Other Host |enterpriseenrollment |enterpriseenrollment-s.manage.microsoft.com <br/> **This value CANNOT end with a period (.)** | 1 Hour |
+ |Type|Refers to|Host Name|Alias to|TTL|
+ ||||||
+ |CNAME|Other Host|enterpriseregistration|enterpriseregistration.windows.net <br/> **This value CANNOT end with a period (.)**|1 Hour|
+ |CNAME|Other Host|enterpriseenrollment|enterpriseenrollment-s.manage.microsoft.com <br/> **This value CANNOT end with a period (.)**|1 Hour|
- :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname-values.png" alt-text="Type or copy and paste the CNAME values from the table into the window.":::
+ :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-cname-values.png" alt-text="Type or copy and paste the CNAME values from the table into the window.":::
1. Select **ADD**.
- > [!NOTE]
- > Select **Classic View** in the upper right to view the record you created.
+ > [!NOTE]
+ > Select **Classic View** in the upper right to view the record you created.
1. Add the other CNAME record by copying the values from the second row of the table.
admin Create Dns Records At Ovh https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-ovh.md
ms.localizationpriority: medium -+ - M365-subscription-management - Adm_O365 - Adm_NonTOC
description: "Learn to verify your domain and set up DNS records for email, Skyp
# Connect your DNS records at OVH to Microsoft 365 [Check the Domains FAQ](../setup/domains-faq.yml) if you don't find what you're looking for.
-
+ If OVH is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype for Business Online, and so on. After you add these records at OVH, your domain will be set up to work with Microsoft services. > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Add a TXT record for verification Before you use your domain with Microsoft, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Microsoft that you own the domain.
-
+ > [!NOTE]
-> This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
-
+> This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
+ 1. To get started, go to your domains page in OVH by using [this link](https://www.ovh.com/manager/). You'll be prompted to log in. ![OVH login.](../../media/1424cc15-720d-49d1-b99b-8ba63b216238.png) 1. On the dashboard landing page, under **View all my activity**, select the name of the domain that you want edit.
-
+ 1. Select **DNS zone**. ![OVH Select DNS zone.](../../media/45218cbe-f3f8-4804-87f9-cfcef89ea113.png)
-
+ 1. Select **Add an entry**. ![OVH Add an entry.](../../media/13ded54b-9e48-4c98-8e1b-8c4a99633bc0.png)
-
+ 1. Select **TXT** ![OVH select TXT entry.](../../media/3aaa9dae-0b1d-436b-a980-b67a970f31a9.png)
-
-1. In the boxes for the new record, type or copy and paste the values from the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
- |**Record type**|**Sub-domain**|**TTL**|**Value**|
- |:--|:--|:--|:--|
- |TXT <br/> |(leave blank) <br/> |3600 (seconds) <br/> |MS=msxxxxxxxx <br/> **Note:** This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) |
+1. In the boxes for the new record, type or copy and paste the values from the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+
+ |Record type|Sub-domain|TTL|Value|
+ |||||
+ |TXT|(leave blank)|3600 (seconds)|MS=msxxxxxxxx <br/> **Note:** This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|
1. Select **Next**. 1. Select **Confirm**. ![OVH confirm TXT for verification.](../../media/bde45596-9a55-4634-b5e7-16d7cde6e1b8.png)
-
+ 1. Wait a few minutes before you continue, so that the record you just created can update across the Internet. Now that you've added the record at your domain registrar's site, you'll go back to Microsoft and request the record. When Microsoft finds the correct TXT record, your domain is verified. To verify the record in Microsoft 365:
-
+ 1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
-1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
+1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
:::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup."::: 1. Select **Continue**.
-
+ 1. On the **Verify domain** page, select **Verify**. > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Add an MX record so email for your domain will come to Microsoft 1. To get started, go to your domains page in OVH by using [this link](https://www.ovh.com/manager/). You'll be prompted to log in. ![OVH login.](../../media/1424cc15-720d-49d1-b99b-8ba63b216238.png)
-
+ 1. On the dashboard landing page, under **View all my activity**, select the name of the domain that you want edit.
-
+ 1. Select **DNS zone**. ![OVH Select DNS zone.](../../media/45218cbe-f3f8-4804-87f9-cfcef89ea113.png)
-
+ 1. Select **Add an entry**. ![OVH Add an entry.](../../media/13ded54b-9e48-4c98-8e1b-8c4a99633bc0.png)
-
+ 1. Select **MX**. ![OVH MX record type.](../../media/29b5e54e-440a-41f2-9eb9-3de573922ddf.png)
-
-1. In the boxes for the new record, type or copy and paste the values from the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+
+1. In the boxes for the new record, type or copy and paste the values from the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
> [!NOTE]
- > By default OVH uses relative notation for the target, which adds the domain name to the end of the target record. To use absolute notation instead, add a dot to the target record as shown in the table below.
-
- |**Sub-domain**|**TTL**|**Priority**|**Target**|
- |:--|:--|:--|:--|
- |(leave blank) <br/> |3600 (seconds) <br/> |0 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml) <br/> |\<domain-key\>.mail.protection.outlook.com. <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md) |
+ > By default OVH uses relative notation for the target, which adds the domain name to the end of the target record. To use absolute notation instead, add a dot to the target record as shown in the table below.
+
+ |Sub-domain|TTL|Priority|Target|
+ |||||
+ |(leave blank)|3600 (seconds)|0 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml)|\<domain-key\>.mail.protection.outlook.com. <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|
![OVH MX record for mail.](../../media/6e2f5655-93e2-4620-8f19-c452e7edf8f0.png)
-
+ 1. Select **Next**. ![OVH MX record select Next.](../../media/4db62d07-0dc4-49f6-bd19-2b4a07fd764a.png)
-
+ 1. Select **Confirm**. ![OVH MX record select Confirm.](../../media/090bfb11-a753-4af0-8982-582a4069a169.png)
To verify the record in Microsoft 365:
1. Delete any other MX records in the list on the **DNS zone** page. Select each record and, in the **Actions** column, select the trash-can **Delete** icon. ![OVH delete MX record.](../../media/892b328b-7057-4828-b8c5-fe26284dc8c2.png)
-
+ 1. Select **Confirm**. ## Add the CNAME record required for Microsoft
To verify the record in Microsoft 365:
1. To get started, go to your domains page in OVH by using [this link](https://www.ovh.com/manager/). You'll be prompted to log in. ![OVH login.](../../media/1424cc15-720d-49d1-b99b-8ba63b216238.png)
-
+ 1. On the dashboard landing page, under **View all my activity**, select the name of the domain that you want edit.
-
+ 1. Select **DNS zone**. ![OVH Select DNS zone.](../../media/45218cbe-f3f8-4804-87f9-cfcef89ea113.png)
-
+ 1. Select **Add an entry**. ![OVH Add an entry.](../../media/13ded54b-9e48-4c98-8e1b-8c4a99633bc0.png)
-
+ 1. Select **CNAME**. ![OVH Add CNAME record type.](../../media/33c7ac74-18d7-4ae1-9e27-1c0f9773a3c3.png)
-1. In the boxes for the new record, type or copy and paste the values from the first row of the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+1. In the boxes for the new record, type or copy and paste the values from the first row of the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
- |**Sub-domain**|**TTL**|**Target**|
- |:--|:--|:--|
- |autodiscover <br/> |3600 (seconds) <br/> |autodiscover.outlook.com. <br/> |
+ |Sub-domain|TTL|Target|
+ ||||
+ |autodiscover|3600 (seconds)|autodiscover.outlook.com.|
![OVH CNAME record.](../../media/516938b3-0b12-4736-a631-099e12e189f5.png)
-
+ 1. Select **Next**. ![OVH Add CNAME values and select Next.](../../media/f9481cb1-559d-4da1-9643-9cacb0d80d29.png)
-
+ 1. Select **Confirm**. ## Add a TXT record for SPF to help prevent email spam > [!IMPORTANT]
-> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values.
-
+> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a *single* SPF record that includes both sets of values.
+ 1. To get started, go to your domains page in OVH by using [this link](https://www.ovh.com/manager/). You'll be prompted to log in. ![OVH login.](../../media/1424cc15-720d-49d1-b99b-8ba63b216238.png)
-
+ 1. On the dashboard landing page, under **View all my activity**, select the name of the domain that you want edit.
-
+ 1. Select **DNS zone**. ![OVH Select DNS zone.](../../media/45218cbe-f3f8-4804-87f9-cfcef89ea113.png)
-
+ 1. Select **Add an entry**. ![OVH Add an entry.](../../media/13ded54b-9e48-4c98-8e1b-8c4a99633bc0.png)
-
+ 1. Select **TXT**.
-1. In the boxes for the new record, type or copy and paste the following values. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+1. In the boxes for the new record, type or copy and paste the following values. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
- |**Sub-domain**|**TTL**|**Value**|
- |:--|:--|:--|
- |(leave blank) <br/> |3600 (seconds) <br/> |v=spf1 include:spf.protection.outlook.com -all <br/**Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct. |
+ |Sub-domain|TTL|Value|
+ ||||
+ |(leave blank)|3600 (seconds)|v=spf1 include:spf.protection.outlook.com -all <br/**Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|
![OVH Add TXT record for SPF.](../../media/f50466e9-1557-4548-8a39-e98978a5ee2e.png)
-
+ 1. Select **Next**. ![OVH Add TXT record for SPF and select Next.](../../media/7937eb7c-114f-479f-a916-bcbe476d6108.png)
-
+ 1. Select **Confirm**. ![OVH Add TXT record for SPF and Confirm.](../../media/649eefeb-3227-49e3-98a0-1ce19c42fa54.png)
-
+ ## Advanced option: Skype for Business
-Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for online communication services like chat, conference calls, and video calls, in addition to ΓÇÄMicrosoft TeamsΓÇÄ. ΓÇÄSkypeΓÇÄ needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
+Only select this option if your organization uses Skype for Business for online communication services like chat, conference calls, and video calls, in addition to Microsoft Teams. Skype needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
### Add the two required SRV records 1. To get started, go to your domains page in OVH by using [this link](https://www.ovh.com/manager/). You'll be prompted to log in. ![OVH login.](../../media/1424cc15-720d-49d1-b99b-8ba63b216238.png)
-
+ 1. On the dashboard landing page, under **View all my activity**, select the name of the domain that you want edit.
-
+ 1. Select **DNS zone**. ![OVH Select DNS zone.](../../media/45218cbe-f3f8-4804-87f9-cfcef89ea113.png)
-
+ 1. Select **Add an entry**. ![OVH Add an entry.](../../media/13ded54b-9e48-4c98-8e1b-8c4a99633bc0.png) 1. Select **SRV**.
-1. In the boxes for the new record, type or copy and paste the following values. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+1. In the boxes for the new record, type or copy and paste the following values. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+
+ |Sub-domain|TTL (Seconds)|Priority|Weight|Port|Target|
+ |||||||
+ |_sip._tls|3600 (s.)|100|1|443|sipdir.online.lync.com. **This value MUST end with a period (.)**><br> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|
+ |_sipfederationtls._tcp|3600 (s.)|100|1|5061|sipfed.online.lync.com. **This value MUST end with a period (.)**<br> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|
- |**Sub-domain**|**TTL (Seconds)**| **Priority** | **Weight** | **Port**|**Target**|
- |:--|:--|:--|:--|:--|:--|
- |_sip._tls|3600 (s.) |100 | 1 | 443 |sipdir.online.lync.com. **This value MUST end with a period (.)**><br> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct. |
- |_sipfederationtls._tcp| 3600 (s.)|100 | 1 | 5061 | sipfed.online.lync.com. **This value MUST end with a period (.)**<br> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct. |
-
1. To add the other SRV record, select **Add another record**, create a record using the values from the next row in the table, and then select **Create records**. > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-### Add the two required CNAME records
+### Add the two required CNAME records for Skype for Business
1. To get started, go to your domains page in OVH by using [this link](https://www.ovh.com/manager/). You'll be prompted to log in. ![OVH login.](../../media/1424cc15-720d-49d1-b99b-8ba63b216238.png)
-
+ 1. On the dashboard landing page, under **View all my activity**, select the name of the domain that you want edit.
-
+ 1. Select **DNS zone**. ![OVH Select DNS zone.](../../media/45218cbe-f3f8-4804-87f9-cfcef89ea113.png)
-
+ 1. Select **Add an entry**. ![OVH Add an entry.](../../media/13ded54b-9e48-4c98-8e1b-8c4a99633bc0.png)
Only select this option if your organization uses ΓÇÄSkype for BusinessΓÇÄ for o
![OVH Add CNAME record type.](../../media/33c7ac74-18d7-4ae1-9e27-1c0f9773a3c3.png)
-1. In the boxes for the new record, type or copy and paste the values from the first row of the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+1. In the boxes for the new record, type or copy and paste the values from the first row of the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+
+ |Sub-domain|TTL|Target|
+ ||||
+ |sip|3600 (s.)|sipdir.online.lync.com. <br/> **This value MUST end with a period (.)**|
+ |lyncdiscover|3600 (s.)|webdir.online.lync.com. <br/> **This value MUST end with a period (.)**|
- |**Sub-domain**| **TTL** | **Target** |
- |:--|:--|:--|
- |sip <br/> | 3600 (s.) <br/> |sipdir.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |
- |lyncdiscover <br/> |3600 (s.) |webdir.online.lync.com. <br/> **This value MUST end with a period (.)** <br/> |
-
1. Select **Next**. ![OVH Add CNAME values and select Next.](../../media/f9481cb1-559d-4da1-9643-9cacb0d80d29.png)
-
+ 1. Select **Confirm**. 1. Add the other CNAME record. > [!NOTE]
-> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-
+> Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md).
+ ## Advanced option: Intune and Mobile Device Management for Microsoft 365
-This service helps you secure and remotely manage mobile devices that connect to your domain. ΓÇÄMobile Device ManagementΓÇÄ needs two CNAME records so that users can enroll devices to the service.
+This service helps you secure and remotely manage mobile devices that connect to your domain. Mobile Device Management needs two CNAME records so that users can enroll devices to the service.
-### Add the two required CNAME records
+### Add the two required CNAME records for Mobile Device Management
1. To get started, go to your domains page in OVH by using [this link](https://www.ovh.com/manager/). You'll be prompted to log in. ![OVH login.](../../media/1424cc15-720d-49d1-b99b-8ba63b216238.png)
-
+ 1. On the dashboard landing page, under **View all my activity**, select the name of the domain that you want edit.
-
+ 1. Select **DNS zone**. ![OVH Select DNS zone.](../../media/45218cbe-f3f8-4804-87f9-cfcef89ea113.png)
-
+ 1. Select **Add an entry**. ![OVH Add an entry.](../../media/13ded54b-9e48-4c98-8e1b-8c4a99633bc0.png)
-
+ 1. Select **CNAME**. ![OVH Add CNAME record type.](../../media/33c7ac74-18d7-4ae1-9e27-1c0f9773a3c3.png)
-1. In the boxes for the new record, type or copy and paste the values from the first row of the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
-
- |**Sub-domain**| **TTL** | **Target** |
- |:--|:--|:--|
- |enterpriseregistration <br/>| 3600 (s.) <br/> |enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)** <br/> |
- |enterpriseenrollment <br/> |3600 (s.) |enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)** <br/>|
+1. In the boxes for the new record, type or copy and paste the values from the first row of the following table. To assign a TTL value, choose **Custom** from the drop-down list, and then type the value in the text box.
+
+ |Sub-domain|TTL|Target|
+ ||||
+ |enterpriseregistration <br/>|3600 (s.)|enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)**|
+ |enterpriseenrollment|3600 (s.)|enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)**|
1. Select **Next**. ![OVH Add CNAME values and select Next.](../../media/f9481cb1-559d-4da1-9643-9cacb0d80d29.png)
-
+ 1. Select **Confirm**. 1. Add the other CNAME record.
admin Create Dns Records At Web Com https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-web-com.md
Only select this option if your organization uses Skype for Business for online
> [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-### Add the two required CNAME records
+### Add the two required CNAME records for Skype for Business
1. To get started, go to your domains page at web.com by using [this link](https://checkout.web.com/manage-it/index.jsp). Log in first.
admin Create Dns Records At Wix https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-wix.md
Only select this option if your organization uses Skype for Business for online
> [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md).
-### Add the two required CNAME records
+### Add the two required CNAME records for Skype for Business
1. Select **+ Add another** in the **CNAME (Aliases)** row of the DNS editor, and enter the values from the first row in the following table.
admin Add Another Email Alias For A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-another-email-alias-for-a-user.md
You must have Global Admin rights to add email aliases to a user.
> [!IMPORTANT]
- > If you get the error message **This user is synchronized with your local Active DirectoryΓÇÄ. Some details can be edited only through your local Active Directory**, It means that the Active Directory is authoritative for attributes on synchronized users, you need to modify the attributes in your on-premises Active Directory.
+ > If you get the error message **This user is synchronized with your local Active Directory. Some details can be edited only through your local Active Directory**, It means that the Active Directory is authoritative for attributes on synchronized users, you need to modify the attributes in your on-premises Active Directory.
> [!TIP] > The email alias must end with a domain from the drop-down list. To add another domain name to the list, see [Add a domain to Microsoft 365](../setup/add-domain.md).
admin Manage Email App Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/manage-email-app-access.md
description: "Learn how to choose which mobile apps people can use to access ema
Use the mobile email access settings to choose which mobile apps people in your organization can use to access their work or school account to access email, calendar and contacts. > [!IMPORTANT]
-> Your organization will have access to this setting unless you're using Microsoft Intune or you've configured mobile device management settings in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>.
+> Your organization will have access to this setting unless you're using Microsoft Intune or you've configured mobile device management settings in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>.
## Manage email app options > [!IMPORTANT]
->  If you don't use this feature, there'll be no changes to your users' experience. They'll be able to use any mobile email app to access their work or school account for email, calendar, and contacts from their mobile device.
-
-1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">Services &amp; add-ins</a> page.
+> If you don't use this feature, there'll be no changes to your users' experience. They'll be able to use any mobile email app to access their work or school account for email, calendar, and contacts from their mobile device.
+
+1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">Services &amp; add-ins</a> page.
2. On the **Mobile email access options** page, select the check box, and then choose how users in your organization use email apps on their devices: Choose the option to set how users in your organization access their work or school account from their mobile devices -- **Outlook only** - users in your organization will be required to use the Outlook for Android or Outlook for iOS app on their mobile device.
-
-- **Any email app** - all users in your organization will be prompted to use Outlook, but they can choose to use any email app.
-
-- **Any email app** - new users or devices in your organization will be prompted once to use Outlook, but they can choose to use any email app.
-
+- **Outlook only** - users in your organization will be required to use the Outlook for Android or Outlook for iOS app on their mobile device.
+
+- **Any email app** - all users in your organization will be prompted to use Outlook, but they can choose to use any email app.
+
+- **Any email app** - new users or devices in your organization will be prompted once to use Outlook, but they can choose to use any email app.
+ For more details, check out [Options for accessing email from your mobile device](access-email-from-a-mobile-device.md). ## New user or device is activated in your organization
As soon as a user in your organization adds their work or school email to a thir
## Previously configured users in your organization
-If you decide to recommend Outlook to everyone in your organization, in addition to the experience described above for new users, users who have previously connected their work or school email account to a third-party app will receive an email from **Microsoft on behalf of your organization** within 48 hours of this setting being enabled. The email will let them know about the benefits of using the Outlook mobile app and provide a link to the download location. Your users can then choose whether to continue using the third-party app or choose to use the Outlook mobile app. During the 24 hours after the user first receives this email, their device will be in quarantine, and email, calendar, and contact data won't be updated. If they choose to use the Outlook mobile app, the third-party app will remain quarantined and data will only sync with the Outlook mobile app. If they decide to continue using the third-party app, data will start to sync instantly. If no action is taken during those first 24 hours, the email will be removed from their inbox and data will start to sync from the server automatically.
-
-
+If you decide to recommend Outlook to everyone in your organization, in addition to the experience described above for new users, users who have previously connected their work or school email account to a third-party app will receive an email from **Microsoft on behalf of your organization** within 48 hours of this setting being enabled. The email will let them know about the benefits of using the Outlook mobile app and provide a link to the download location. Your users can then choose whether to continue using the third-party app or choose to use the Outlook mobile app. During the 24 hours after the user first receives this email, their device will be in quarantine, and email, calendar, and contact data won't be updated. If they choose to use the Outlook mobile app, the third-party app will remain quarantined and data will only sync with the Outlook mobile app. If they decide to continue using the third-party app, data will start to sync instantly. If no action is taken during those first 24 hours, the email will be removed from their inbox and data will start to sync from the server automatically.
admin Transfer A Domain From Microsoft To Another Host https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/transfer-a-domain-from-microsoft-to-another-host.md
description: "Find the steps here to transfer a domain from Microsoft to another
You can't transfer a Microsoft 365 domain to another registrar for 60 days after you purchase the domain from Microsoft. > [!NOTE]
-> A _Whois_ query shows a Microsoft purchased domain registrar as Wild West Domains LLC. However, only Microsoft should be contacted regarding your Microsoft 365 purchased domain.
+> A _Whois_ query shows a Microsoft purchased domain registrar as Wild West Domains LLC. However, only Microsoft should be contacted regarding your Microsoft 365 purchased domain.
Follow these steps to get a code at Microsoft 365, and then go to the other domain registrar website to set up transferring your domain name to the new registrar. ## Transfer a domain
-1. In the admin center, go toΓÇ» **Settings**ΓÇ»> **Domains**.
+1. In the admin center, go to **Settings** \> **Domains**.
2. On the **Domains** page, select the Microsoft 365 domain that you want to transfer to another domain registrar, and then select **Check health**.
Follow these steps to get a code at Microsoft 365, and then go to the other doma
8. Go to the website of the domain registrar you want to manage your domain name going forward. Follow directions for transferring a domain (search for help on their website). This usually means paying transfer fees and giving the Authcode to the new registrar so they can initiate the transfer. Microsoft will email you to confirm weΓÇÖve received the transfer request, and the domain will transfer within 5 days.
- You can find the authorization code **Registration** tab on the ΓÇ»**Domains** page in Microsoft 365.
-
+ You can find the authorization code **Registration** tab on the **Domains** page in Microsoft 365.
+ > [!TIP] > .uk domains require a different procedure. Contact Microsoft Support and request an **IPS Tag change** to match the registrar you want to manage your domain going forward. Once the tag changes, the domain immediately transfers to the new registrar. You will then need to work with the new registrar to complete the transfer, likely paying transfer fees and adding the transferred domain to your account with your new registrar. 9. After the transfer is complete, you'll renew your domain at the new domain registrar.
-10. To finish the process, go back to the **Domains** page in the admin center, and then selectΓÇ» **Complete domain transfer**. This will mark the domain as no longer purchased from Microsoft 365, and will disable the domain subscription. It will not remove the domain from the tenant, and will not affect existing users and mailboxes on the domain.
+10. To finish the process, go back to the **Domains** page in the admin center, and then select **Complete domain transfer**. This will mark the domain as no longer purchased from Microsoft 365, and will disable the domain subscription. It will not remove the domain from the tenant, and will not affect existing users and mailboxes on the domain.
> [!NOTE] > Microsoft 365 purchased domains are not eligible for nameserver changes or transferring the domain between Microsoft 365 organizations. If either of these are required, the domain registration must be transferred to another registrar.
admin Manage Industry News https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-industry-news.md
To provide your users with up-to-date news headlines about your industry and inf
You have the option to send your users a daily Industry Updates email with headlines and links to full articles. Users can customize their email updates by following additional topics, choosing when the update is delivered, excluding articles behind paywalls, and selecting the number of articles they want to see.
-Signed-in users who go to the Bing homepage see your industry's news feed under the personalized info for your organization.
+Signed-in users who go to the Bing homepage see your industry's news feed under the personalized info for your organization.
:::image type="content" source="../../media/manage-industry-news-2.jpg" alt-text="Screenshot of image carousel with industry news from the web.":::
admin Minors And Acquiring Addins From The Store https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/minors-and-acquiring-addins-from-the-store.md
audience: Admin
ms.localizationpriority: medium--- M365-subscription-management +
+- M365-subscription-management
- Adm_O365 - Adm_NonTOC
description: "Learn about the General Data Protection Regulation (GDPR) regulati
# Minors and acquiring add-ins from the Store The General Data Protection Regulation (GDPR) is a European Union regulation that becomes effective May 25, 2018. It gives users rights to and protection of their data. One of the aspects of the GDPR is that minors cannot have their personal data sent to parties that their parent or guardian hasn't approved. The specific age defined as a minor depends on the region where the individual is located.
-
+ Regions that have statutory regulations about parental consent include the United States, South Korea, the United Kingdom, and the European Union. For those regions, a minor will be blocked (via Azure Active Directory) from getting any new Office add-ins from the Store and running add-ins that were previously acquired. For countries without statutory regulations, there will be no download restrictions.
-
+ A user is determined to be a minor based on data specified in Azure Active Directory. The organization admin is responsible for declaring the legal age group and the parental consent for that user.
-
+ If the parent/guardian consents to a minor using a specific add-In, then the organization admin can use centralized deployment to deploy that add-In to all minors who have consent.
-
+ To be GDPR compliant for minors you need to ensure that one of following builds of Office is deployed in your school/organization.
-
- **For Word, Excel, PowerPoint, and Project**:
-
-|**Platform** <br/> |**Build number** <br/> |
-|:--|:--|
-|Microsoft 365 Apps for enterprise (Current Channel) <br/> |9001.2138ΓÇ» <br/> |
-|Microsoft 365 Apps for enterprise (Semi-Annual Enterprise Channel) <br/> |8431.2159 <br/> |
-|Office 2016 for Windows <br/> |16.0.4672.1000 <br/> |
-|Office 2013 for Windows <br/> |15.0.5023.1000 <br/> |
-|Office 2016 for Mac <br/> |16.11.18020200 <br/> |
-|Office for the web <br/> |N/A <br/> |
-
- **For Outlook**:
-
-|**Platform** <br/> |**Build number** <br/> |
-|:--|:--|
-|Outlook 2016 for Windows (MSI) <br/> |Build No TBD <br/> |
-|Outlook 2016 for Windows (C2R) <br/> |16.0.9323.1000 <br/> |
-|Office 2016 for Mac <br/> |16.0.9318.1000 <br/> |
-|Outlook mobile for iOS <br/> |2.75.0 <br/> |
-|Outlook mobile for Android <br/> |2.2.145 <br/> |
-|Outlook.com <br/> |N/A <br/> |
+
+ **For Word, Excel, PowerPoint, and Project**:
+
+|Platform|Build number|
+|||
+|Microsoft 365 Apps for enterprise (Current Channel)|9001.2138|
+|Microsoft 365 Apps for enterprise (Semi-Annual Enterprise Channel)|8431.2159|
+|Office 2016 for Windows|16.0.4672.1000|
+|Office 2013 for Windows|15.0.5023.1000|
+|Office 2016 for Mac|16.11.18020200|
+|Office for the web|N/A|
+
+ **For Outlook**:
+
+|Platform|Build number|
+|||
+|Outlook 2016 for Windows (MSI)|Build No TBD|
+|Outlook 2016 for Windows (C2R)|16.0.9323.1000|
+|Office 2016 for Mac|16.0.9318.1000|
+|Outlook mobile for iOS|2.75.0|
+|Outlook mobile for Android|2.2.145|
+|Outlook.com|N/A|
**Office 2013 requirements**
-
+ Word, Excel, and PowerPoint 2013 for Windows will support the same minors checks if Active Directory Authentication Library (ADAL) is enabled. There are two options for compliance, as explained next.
-
+ - **Enable ADAL**. This article explains how to enable ADAL for Office 2013: [Using Microsoft 365 modern authentication with Office clients](../../enterprise/modern-auth-for-office-2013-and-2016.md).<br/>You also need to set the registry keys to enable ADAL as explained in [Enable Modern Authentication for Office 2013 on Windows devices](../security-and-compliance/enable-modern-authentication.md).<br/>Additionally, you need to install the following April updates for Office 2013:
-
+ - [Description of the security update for Office 2013: April 10, 2018](https://support.microsoft.com/help/4018330/description-of-the-security-update-for-office-2013-april-10-2018)
-
+ - [April 3, 2018, update for Office 2013 (KB4018333)](https://support.microsoft.com/help/4018333/april-3-2018-update-for-office-2013-kb4018333)
-
+ - **Don't enable ADAL**. If you're unable to enable ADAL in Office 2013, then our recommendation is to use Group Policy to turn off the Store for the Office clients. Information on how to turn off the app for Office settings is located [here](/previous-versions/office/office-2013-resource-kit/cc178992(v=office.15)). ## Related articles
admin Test And Deploy Microsoft 365 Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
You won't be able to deploy a single store app or Microsoft 365 Apps by partner
## Prepare to deploy add-ins in Integrated apps
-Office add-ins help you personalize your documents and streamline the way you access information on the web (see Start using your Office Add-in).
+Office add-ins help you personalize your documents and streamline the way you access information on the web (see Start using your Office Add-in).
Add-ins provides the following benefits:
For Outlook, your users must be using one of the following:
### Exchange Online requirements Microsoft Exchange stores the add-in manifests within your organization's tenant. The admin deploying add-ins and the users receiving those add-ins must be on a version of Exchange Online that supports OAuth authentication.
-Check with your organization's Exchange admin to find out which configuration is in use. OAuth connectivity per user can be verified by using the [Test-OAuthConnectivity](/powershell/module/exchange/test-oauthconnectivity) PowerShell cmdlet.
+Check with your organization's Exchange admin to find out which configuration is in use. OAuth connectivity per user can be verified by using the [Test-OAuthConnectivity](/powershell/module/exchange/test-oauthconnectivity) PowerShell cmdlet.
### User and group assignments The deployment of add-in is currently supported to the majority of groups supported by Azure Active Directory, including Microsoft 365 groups, distribution lists, and security groups. Deployment supports users in top-level groups or groups without parent groups, but not users in nested groups or groups that have parent groups.
In the following example, Sandra, Sheila, and the Sales Department group are ass
### Find out if a group contains nested groups
-The easiest way to detect if a group contains nested groups is to view the group contact card within Outlook. If you enter the group name within the **To** field of an email and then select the group name when it resolves, it will show you if it contains users or nested groups. In the example below, the **Members** tab of the Outlook contact card for the Test Group shows no users and only two sub groups.
+The easiest way to detect if a group contains nested groups is to view the group contact card within Outlook. If you enter the group name within the **To** field of an email and then select the group name when it resolves, it will show you if it contains users or nested groups. In the example below, the **Members** tab of the Outlook contact card for the Test Group shows no users and only two sub groups.
![Members tab of Outlook contact card.](../../media/d9db88c4-d752-426c-a480-b11a5b3adcd6.png)
-You can do the opposite query by resolving the group to see if it's a member of any group. In the example below, you can see under the <b>Membership</b> tab of the Outlook contact card that Sub Group 1 is a member of the Test Group.
+You can do the opposite query by resolving the group to see if it's a member of any group. In the example below, you can see under the <b>Membership</b> tab of the Outlook contact card that Sub Group 1 is a member of the Test Group.
![Membership tab of the Outlook contact card.](../../media/a9f9b6ab-9c19-4822-9e3d-414ca068c42f.png)
-Note that you can use the Azure Active Directory Graph API to run queries to find the list of groups within a group. For more information, seeΓÇ»[Operations on groups | Graph API reference](/previous-versions/azure/ad/graph/api/groups-operations).
+Note that you can use the Azure Active Directory Graph API to run queries to find the list of groups within a group. For more information, see [Operations on groups | Graph API reference](/previous-versions/azure/ad/graph/api/groups-operations).
## Recommended approach for deploying Office add-ins To roll out add-ins by using a phased approach, we recommend the following:
Depending on the size of the target audience, you can add or remove roll-out ste
1. In the admin center, select **Settings**, then select **Integrated apps**.
-2. SelectΓÇ»**Get apps** at the top of the page. AppSource will load in an embedded format. Either search for an add-in or find it through clicking on Product on the left nav. If the add-in has been linked by the ISV to a SaaS app or other apps and add-ins and if the SaaS app is a paid app then you will be shown a dialog box to either buy the license or Deploy. Irrespective of whether you have bought the license or not you can go ahead with the deployment. Select **Deploy**.
+2. Select **Get apps** at the top of the page. AppSource will load in an embedded format. Either search for an add-in or find it through clicking on Product on the left nav. If the add-in has been linked by the ISV to a SaaS app or other apps and add-ins and if the SaaS app is a paid app then you will be shown a dialog box to either buy the license or Deploy. Irrespective of whether you have bought the license or not you can go ahead with the deployment. Select **Deploy**.
3. You will see the **Configuration** page where all the apps are listed. If you donΓÇÖt have permissions or the right access to deploy the app, the respective information will be highlighted. You can select the apps you want to deploy. By selecting **Next**, you will view the **Users** page. If the add-in hasnΓÇÖt been linked by the ISV, you will be routed to the Users page.
-4. Select **Everyone**, **Specific users/groups**, or **Just me** to specify whom the add-in is deployed to. Use the Search box to find specific users or groups. If you are testing the add-in, select **Is this a test deployment**.
+4. Select **Everyone**, **Specific users/groups**, or **Just me** to specify whom the add-in is deployed to. Use the Search box to find specific users or groups. If you are testing the add-in, select **Is this a test deployment**.
5. Select **Next**. All the app capabilities and permissions are displayed in a single pane along with certification info if the app has Microsoft 365 certification. Selecting the certification logo lets the user see more details about the certification.
It's good practice to inform users and groups that the deployed add-in is availa
Global admins and Exchange admins can assign an add-in to everyone or to specific users and groups. Each option has implications: -- **Everyone** This option assigns the add-in to every user in the organization. Use this option sparingly and only for add-ins that are truly universal to your organization.
+- **Everyone** This option assigns the add-in to every user in the organization. Use this option sparingly and only for add-ins that are truly universal to your organization.
-- **Users** If you assign an add-in to an individual user, and then deploy the add-in to a new user, you must first add the new user.
+- **Users** If you assign an add-in to an individual user, and then deploy the add-in to a new user, you must first add the new user.
-- **Groups** If you assign an add-in to a group, users who are added to the group are automatically assigned the add-in. When a user is removed from a group, the user loses access to the add-in. In either case, no additional action is required from the admin.
+- **Groups** If you assign an add-in to a group, users who are added to the group are automatically assigned the add-in. When a user is removed from a group, the user loses access to the add-in. In either case, no additional action is required from the admin.
-- **Just me** If you assign an add-in to just yourself, the add-in is assigned to only your account, which is ideal for testing the add-in.
+- **Just me** If you assign an add-in to just yourself, the add-in is assigned to only your account, which is ideal for testing the add-in.
The right option for your organization depends on your configuration. However, we recommend making assignments by using groups. As an admin, you might find it easier to manage add-ins by using groups and controlling the membership of those groups rather than assigning individual users each time. In some situations, you might want to restrict access to a small set of users by making assignments to specific users by assigning users manually.
Office add-ins combine an XML manifest file that contains some metadata about th
- Read a user's document to provide contextual services. - Read and write data to and from a user's document to provide value to that user.
-For more information about the types and capabilities of Office add-ins, seeΓÇ»[Office Add-ins platform overview](/office/dev/add-ins/overview/office-add-ins), especially the section "Anatomy of an Office Add-in."
+For more information about the types and capabilities of Office add-ins, see [Office Add-ins platform overview](/office/dev/add-ins/overview/office-add-ins), especially the section "Anatomy of an Office Add-in."
-To interact with the user's document, the add-in needs to declare what permission it needs in the manifest. A five-level JavaScript API access-permissions model provides the basis for privacy and security for users of task pane add-ins. The majority of the add-ins in the Office Store are level ReadWriteDocument with almost all add-ins supporting at least the ReadDocument level. For more information about the permission levels, seeΓÇ»[Requesting permissions for API use in content and task pane add-ins](/office/dev/add-ins/develop/requesting-permissions-for-api-use-in-content-and-task-pane-add-ins).
+To interact with the user's document, the add-in needs to declare what permission it needs in the manifest. A five-level JavaScript API access-permissions model provides the basis for privacy and security for users of task pane add-ins. The majority of the add-ins in the Office Store are level ReadWriteDocument with almost all add-ins supporting at least the ReadDocument level. For more information about the permission levels, see [Requesting permissions for API use in content and task pane add-ins](/office/dev/add-ins/develop/requesting-permissions-for-api-use-in-content-and-task-pane-add-ins).
When updating a manifest, the typical changes are to an add-in's icon and text. Occasionally, add-in commands change. However, the permissions of the add-in do not change. The web application where all the code and logic for the add-in runs can change at any time, which is the nature of web applications. Updates for add-ins happen as follows: -- **Line-of-business add-in**: In this case, where an admin explicitly uploaded a manifest, the add-in requires that the admin upload a new manifest file to support metadata changes. The next time the relevant Office applications start, the add-in will update. The web application can change at any time.
+- **Line-of-business add-in**: In this case, where an admin explicitly uploaded a manifest, the add-in requires that the admin upload a new manifest file to support metadata changes. The next time the relevant Office applications start, the add-in will update. The web application can change at any time.
-- **Office Store add-in**: When an admin selected an add-in from the Office Store, if an add-in updates in the Office Store, the next time the relevant Office applications start, the add-in will update. The web application can change at any time.
+- **Office Store add-in**: When an admin selected an add-in from the Office Store, if an add-in updates in the Office Store, the next time the relevant Office applications start, the add-in will update. The web application can change at any time.
> [!NOTE]
-> For Word, Excel and PowerPoint use a [SharePoint App Catalog](https://dev.office.com/docs/add-ins/publish/publish-task-pane-and-content-add-ins-to-an-add-in-catalog) to deploy add-ins to users in an on-premises environment with no connection to Microsoft 365 and/or support for SharePoint add-ins required. For Outlook use Exchange control panel to deploy in an on-premises environment without a connection to Microsoft 365.
+> For Word, Excel and PowerPoint use a [SharePoint App Catalog](https://dev.office.com/docs/add-ins/publish/publish-task-pane-and-content-add-ins-to-an-add-in-catalog) to deploy add-ins to users in an on-premises environment with no connection to Microsoft 365 and/or support for SharePoint add-ins required. For Outlook use Exchange control panel to deploy in an on-premises environment without a connection to Microsoft 365.
## Add-in states
-An add-in can be in either the **On** or **Off** state.
+An add-in can be in either the **On** or **Off** state.
| State | How the state occurs | Impact | |:--|:--|:--|
Post deployment, admins can also manage user access to add-ins.
1. In the admin center, select **Settings**, then select **Integrated apps**. 2. On the Integrated apps page, it will display a list of apps will be either single add-ins or add-ins that have been linked with other apps.
-3. Select an app with **Status** of **More apps available** to open the **Manage** pane. The status of **more apps available** lets you know that there are more integrations from the ISVs that aren't yet deployed.
-4. On the **Overview** tab, select **Deploy**. Some apps require you to add users before you can select Deploy.
-5. Select **Users**, select **Is this a test deployment**, and then select either **Entire organization**, **Specific users/groups** or **Just me**. You can also select **Test deployment** if you prefer to wait to deploy the app to the entire organization. Specific users or groups can be a Microsoft 365 group, a security group, or a distribution group.
-6. Select **Update** and then select **Done**. You can now select **Deploy** on the **Overview** tab.
-7. Review the app information, and then selectΓÇ»**Deploy**.
-8. Select **Done** on the **Deployment completed** page, and review the details of the test or full deployment on the **Overview** tab.
-9. If the app has a status ofΓÇ»**Update pending**, you can click on the app to open the **Manage** pane and update the app.
+3. Select an app with **Status** of **More apps available** to open the **Manage** pane. The status of **more apps available** lets you know that there are more integrations from the ISVs that aren't yet deployed.
+4. On the **Overview** tab, select **Deploy**. Some apps require you to add users before you can select Deploy.
+5. Select **Users**, select **Is this a test deployment**, and then select either **Entire organization**, **Specific users/groups** or **Just me**. You can also select **Test deployment** if you prefer to wait to deploy the app to the entire organization. Specific users or groups can be a Microsoft 365 group, a security group, or a distribution group.
+6. Select **Update** and then select **Done**. You can now select **Deploy** on the **Overview** tab.
+7. Review the app information, and then select **Deploy**.
+8. Select **Done** on the **Deployment completed** page, and review the details of the test or full deployment on the **Overview** tab.
+9. If the app has a status of **Update pending**, you can click on the app to open the **Manage** pane and update the app.
10. To just update users, select the **Users** tab and make the appropriate change. Select **Update** after making your changes. ## Delete an add-in
admin Upgrade Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
Upgrade-DistributionGroup -DlIdentities <DL SMTP address1>, <DL SMTP address2>,
For example, if you want to upgrade five DLs with SMTP address `dl1@contoso.com` and `dl2@contoso.com`, `dl3@contoso.com`, `dl4@contoso.com` and `dl5@contoso.com`, run the following command:
-`Upgrade-DistributionGroup -DlIdentities dl1@contoso.com, dl2@contoso.com, dl3@contoso.com, dl4@contoso.com, dl5@contoso.com`
+```powershell
+Upgrade-DistributionGroup -DlIdentities dl1@contoso.com, dl2@contoso.com, dl3@contoso.com, dl4@contoso.com, dl5@contoso.com
+```
### Upgrade all eligible DLs
There are two ways in which you can upgrade all the eligible DLs.
1. Get the eligible DLs in the tenant and upgrade them using the upgrade command:
-```PowerShell
-Get-EligibleDistributionGroupForMigration | Foreach-Object{
- Upgrade-DistributionGroup -DlIdentities $_.PrimarySMTPAddress
-}
-```
+ ```PowerShell
+ Get-EligibleDistributionGroupForMigration | Foreach-Object{
+ Upgrade-DistributionGroup -DlIdentities $_.PrimarySMTPAddress
+ }
+ ```
2. Get the list of all DLs and upgrade only the eligible DLs:
-```PowerShell
-Get-DistributionGroup| Foreach-Object{
- Upgrade-DistributionGroup -DlIdentities $_.PrimarySMTPAddress
-}
-```
+ ```PowerShell
+ Get-DistributionGroup| Foreach-Object{
+ Upgrade-DistributionGroup -DlIdentities $_.PrimarySMTPAddress
+ }
+ ```
## FAQ about upgrading distribution lists to Microsoft 365 Groups in Outlook
Get-DistributionGroup| Foreach-Object{
You can only upgrade cloud-managed, simple, non-nested distribution lists. The table below lists distribution lists that **CANNOT** be upgraded.
-|**Property**|**Eligible?**|
-|:--|:--|
-|On-premises managed distribution list. <br/> |No <br/> |
-|Nested distribution lists. Distribution list either has child groups or is a member of another group. <br/> |No <br/> |
-|Distribution lists with member **RecipientTypeDetails** other than **UserMailbox**, **SharedMailbox**, **TeamMailbox**, **MailUser** <br/> |No <br/> |
-|Distribution list that has more than 100 owners <br/> |No <br/> |
-|Distribution list that only has members but no owner <br/> |No <br/> |
-|Distribution list that has alias containing special characters <br/> |No <br/> |
-|If the distribution list is configured to be a forwarding address for Shared Mailbox <br/> |No <br/> |
-|If the DL is part of **Sender Restriction** in another DL. <br/> |No <br/> |
-|Security groups <br/> |No <br/> |
-|Dynamic Distribution lists <br/> |No <br/> |
-|Distribution lists that were converted to **RoomLists** <br/> |No <br/> |
+|Property|Eligible?|
+|||
+|On-premises managed distribution list.|No|
+|Nested distribution lists. Distribution list either has child groups or is a member of another group.|No|
+|Distribution lists with member **RecipientTypeDetails** other than **UserMailbox**, **SharedMailbox**, **TeamMailbox**, **MailUser**|No|
+|Distribution list that has more than 100 owners|No|
+|Distribution list that only has members but no owner|No|
+|Distribution list that has alias containing special characters|No|
+|If the distribution list is configured to be a forwarding address for Shared Mailbox|No|
+|If the DL is part of **Sender Restriction** in another DL.|No|
+|Security groups|No|
+|Dynamic Distribution lists|No|
+|Distribution lists that were converted to **RoomLists**|No|
### Check which DLs are eligible for upgrade If you want to check whether a DL is eligible or not, you can run the below command:
-`Get-DistributionGroup <DL SMTP address> | Get-EligibleDistributionGroupForMigration`
+```PowerShell
+Get-DistributionGroup <DL SMTP address> | Get-EligibleDistributionGroupForMigration
+```
If you want to check which DLs are eligible for upgrade just run the following command:
-`Get-EligibleDistributionGroupForMigration`
+```PowerShell
+Get-EligibleDistributionGroupForMigration
+```
### Who can run the upgrade scripts?
There are some cases in which though DL is eligible but could not be upgraded. T
- DLs with **MemberJoinRestriction** or **MemberDepartRestriction** set to **Closed**, could not be upgraded -- The Microsoft 365 Group creation is allowed only to few users, using the steps from [this article](/microsoft-365/solutions/manage-creation-of-groups). In this scenario, if the owner of distribution list is not allowed to create Microsoft 365 Group, the distribution list will not upgrade to Microsoft 365 Group.
+- The Microsoft 365 Group creation is allowed only to few users, using the steps from [this article](/microsoft-365/solutions/manage-creation-of-groups). In this scenario, if the owner of distribution list is not allowed to create Microsoft 365 Group, the distribution list will not upgrade to Microsoft 365 Group.
Workaround: Use one of the following workaround for the above scenario:
-1) Ensure all the users mentioned as owners of the DL are allowed to create M365 Group, i.e. are member of the security group that is allowed to M365 Group.
-OR
-2) Temporarily, replace the owner of the DL that is not allowed to create M365 Group with user that is allowed to create M365 Group
+
+1. Ensure all the users mentioned as owners of the DL are allowed to create M365 Group, i.e. are member of the security group that is allowed to M365 Group.
+
+ OR
+
+2. Temporarily, replace the owner of the DL that is not allowed to create M365 Group with user that is allowed to create M365 Group.
### What happens to the DL if the upgrade from EAC fails?
admin Cortana Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
audience: Admin
ms.localizationpriority: medium--- M365-subscription-management +
+- M365-subscription-management
- Adm_O365 - Adm_NonTOC-+ - AdminTemplateSet - admindeeplinkMAC search.appverid:
When signed in with valid work or school accounts, users can get cloud-based ass
- Existing consumer experiences, including Cortana in Windows 10 (version 1909 and earlier), are governed by the [Microsoft Services Agreement](https://www.microsoft.com/licensing/product-licensing/products) and [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) (see ΓÇ£Existing services for consumersΓÇ¥ section below). These terms will also govern Cortana enterprise services provided to the user when signed in with their consumer credentials.
-## What data is processed by Cortana enterprise services?
+## What data is processed by Cortana enterprise services?
Cortana enterprise services process queries from the user, Office data needed to fulfill the user's request, and other telemetry generated by Microsoft systems to run the service. The data collected by Cortana enterprise services include the text representation of the userΓÇÖs spoken queries (i.e., transcriptions from speech recognition). This text data is Customer Data, and it is managed in accordance with the [Online Services Terms](https://www.microsoft.com/licensing/product-licensing/products). It is only used to develop and improve machine learning models consistent with the Online Service Terms.
Consistent with other Office 365 services, Cortana enterprise services are secur
The table below describes the data handling for Cortana enterprise services.
-| Name | Description |
-|:--|:--|
-|**Storage** <br/> |Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. <br/><br/>Speech audio is not retained. <br/> |
-|**Stays in Geo** <br/> |Customer Data is stored on Microsoft servers inside the Office 365 cloud in Geo. Your data is part of your tenant. <br/> |
-|**Retention** <br/> |Customer Data is deleted when the account is closed by the tenant administrator or when a GDPR Data Subject Rights deletion request is made. <br/><br/>Speech audio is not retained. <br/> |
-|**Processing and Confidentiality** <br/> |Personnel engaged in the processing of Customer Data and personal data (i) will process such data only on instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends. <br/> |
-|**Usage** <br/> |Microsoft uses Customer Data only to provide the services agreed upon, and for purposes that are compatible with those services. Machine learning to develop and improve models is one of those purposes. Machine learning is done inside the Office 365 cloud, and there is no human viewing, review or labeling of your Customer Data. <br/><br/>Your data is not used to target advertising. <br/> |
+|Name|Description|
+|||
+|**Storage**|Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. <br/><br/>Speech audio is not retained.|
+|**Stays in Geo**|Customer Data is stored on Microsoft servers inside the Office 365 cloud in Geo. Your data is part of your tenant.|
+|**Retention**|Customer Data is deleted when the account is closed by the tenant administrator or when a GDPR Data Subject Rights deletion request is made. <br/><br/>Speech audio is not retained.|
+|**Processing and Confidentiality**|Personnel engaged in the processing of Customer Data and personal data (i) will process such data only on instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends.|
+|**Usage**|Microsoft uses Customer Data only to provide the services agreed upon, and for purposes that are compatible with those services. Machine learning to develop and improve models is one of those purposes. Machine learning is done inside the Office 365 cloud, and there is no human viewing, review or labeling of your Customer Data. <br/><br/>Your data is not used to target advertising.|
## Cortana enterprise services in Microsoft 365 experiences
Beginning with Windows 10, version 2004, Cortana is a Universal Windows Platform
> [!NOTE] > Cortana voice assistance is supported in Microsoft Teams mobile apps for iOS and Android and [Microsoft Teams displays](/microsoftteams/devices/teams-displays) in the English language for users in the United States, United Kingdom, Canada, India, and Australia. Microsoft Teams Rooms on Windows is only supported for users in the United States. Cortana voice assistance isn't currently available for GCC, GCC-High, DoD, EDU tenants. Expansion to additional languages and regions will happen as part of future releases and admin customers will be notified through Message Center and the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=65346).
-Cortana voice assistance in the Teams mobile app and on Microsoft Teams display devices enables Microsoft 365 Enterprise users to streamline communication, collaboration, and meeting-related tasks using spoken natural language. Users can speak to Cortana by selecting the microphone button located in the upper right of the Teams mobile app, or by saying &#8220;Cortana&#8221; in the Microsoft Teams display. To quickly connect with their team hands-free and while on the go, users can say queries such as &#8220;call Megan&#8221; or &#8220;send a message to my next meeting&#8221;. Users can also join meetings by saying &#8220;join my next meeting&#8221; and use voice assistance to share files, check their calendar, and more. These voice assistance experiences are delivered using Cortana enterprise-grade services that fully comply with Office 365's privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/licensing/product-licensing/products).
+Cortana voice assistance in the Teams mobile app and on Microsoft Teams display devices enables Microsoft 365 Enterprise users to streamline communication, collaboration, and meeting-related tasks using spoken natural language. Users can speak to Cortana by selecting the microphone button located in the upper right of the Teams mobile app, or by saying "Cortana" in the Microsoft Teams display. To quickly connect with their team hands-free and while on the go, users can say queries such as "call Megan" or "send a message to my next meeting". Users can also join meetings by saying "join my next meeting" and use voice assistance to share files, check their calendar, and more. These voice assistance experiences are delivered using Cortana enterprise-grade services that fully comply with Office 365's privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/licensing/product-licensing/products).
#### Admin control
-Cortana voice assistance will be enabled by default for tenants. Admins can control who in their tenant can use Cortana voice assistance in Teams via a policy (TeamsCortanaPolicy). This policy can be set at either a user account level or tenant level. Admins can also use the CortanaVoiceInvocationMode field within this policy control to determine whether Cortana is disabled, enabled with push button invocation only, or enabled with wake word invocation as well (applicable to devices that support it, like the Microsoft Teams display).
+Cortana voice assistance will be enabled by default for tenants. Admins can control who in their tenant can use Cortana voice assistance in Teams via a policy (TeamsCortanaPolicy). This policy can be set at either a user account level or tenant level. Admins can also use the CortanaVoiceInvocationMode field within this policy control to determine whether Cortana is disabled, enabled with push button invocation only, or enabled with wake word invocation as well (applicable to devices that support it, like the Microsoft Teams display).
#### User control
-Individual users can try out Cortana voice assistance in the Teams mobile app by clicking on the mic button. They can try out Cortana voice assistance on Microsoft Teams display devices by simply saying &#8220;Cortana.&#8221; They can also control whether Cortana responds to the wake word invocation.
+Individual users can try out Cortana voice assistance in the Teams mobile app by clicking on the mic button. They can try out Cortana voice assistance on Microsoft Teams display devices by simply saying "Cortana." They can also control whether Cortana responds to the wake word invocation.
1. Open Teams mobile 2. Go to **Settings**
Individual users can try out Cortana voice assistance in the Teams mobile app by
### Cortana voice assistance in Teams Meeting Room
-Cortana voice assistance in Teams Meeting Rooms goes beyond what can be done with Teams on personal devices by providing unique in-room capabilities, like one-touch join, content cameras to share physical whiteboards into the meeting in an intelligent way, and proximity features like seamlessly transferring the room into a Teams meeting from your own personal device. Users can use push to talk (PTT) by pressing the microphone to initiate Cortana then saying, ΓÇ£Start my meeting.ΓÇ¥ With Keyword Spotting (KWS) enabled Cortana will start listening when users say "Cortana."
+Cortana voice assistance in Teams Meeting Rooms goes beyond what can be done with Teams on personal devices by providing unique in-room capabilities, like one-touch join, content cameras to share physical whiteboards into the meeting in an intelligent way, and proximity features like seamlessly transferring the room into a Teams meeting from your own personal device. Users can use push to talk (PTT) by pressing the microphone to initiate Cortana then saying, ΓÇ£Start my meeting.ΓÇ¥ With Keyword Spotting (KWS) enabled Cortana will start listening when users say "Cortana."
#### Admin control
-Cortana voice assistance in Teams is delivered using services that fully comply with the Office 365 enterprise-level privacy, security, and compliance promises. For more information on data processing in Cortana enterprise services see, Cortana in Microsoft 365. Cortana is enabled by default in Teams Meetings Rooms for tenants. IT admins can opt out of voice assistance for Teams Meeting Room in the Microsoft 365 admin center.
-
+Cortana voice assistance in Teams is delivered using services that fully comply with the Office 365 enterprise-level privacy, security, and compliance promises. For more information on data processing in Cortana enterprise services see, Cortana in Microsoft 365. Cortana is enabled by default in Teams Meetings Rooms for tenants. IT admins can opt out of voice assistance for Teams Meeting Room in the Microsoft 365 admin center.
+ How to opt out of all Cortana features in Teams Meeting Rooms:
-1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com/adminportal/home?ref=Domains)
-2. Select **Devices**
-3. Select **Teams Rooms**
-4. Choose one or multiple devices you want to make changes to
-5. Select **Edit Settings**
-6. Go to **Cortana** and select Replace existing value with **Off**
-7. Select Apply
+
+1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com/adminportal/home?ref=Domains)
+2. Select **Devices**
+3. Select **Teams Rooms**
+4. Choose one or multiple devices you want to make changes to
+5. Select **Edit Settings**
+6. Go to **Cortana** and select Replace existing value with **Off**
+7. Select Apply
How to opt out of voice activation in Teams Meeting Rooms:
-1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com/adminportal/home?ref=Domains)
-2. Select **Devices**
-3. Select **Teams Rooms**
-4. Choose one or multiple devices you want to make changes to
-5. Select **Edit Settings**
-6. Uncheck the **Wake word detection** box
-7. Select **Apply**
+
+1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com/adminportal/home?ref=Domains)
+2. Select **Devices**
+3. Select **Teams Rooms**
+4. Choose one or multiple devices you want to make changes to
+5. Select **Edit Settings**
+6. Uncheck the **Wake word detection** box
+7. Select **Apply**
#### Configure Cortana remotely using an XML configuration file
-For information on how to Manage a Microsoft Teams Rooms console settings remotely with an XML configuration file see, [Remotely manage Microsoft Teams Rooms device settings](/microsoftteams/rooms/xml-config-file).
+For information on how to Manage a Microsoft Teams Rooms console settings remotely with an XML configuration file see, [Remotely manage Microsoft Teams Rooms device settings](/microsoftteams/rooms/xml-config-file).
[Learn more about Cortana voice assistance in Teams](/microsoftteams/cortana-in-teams)
Individuals can opt out of Play My Emails using the following steps.
1. Open Outlook mobile. 2. Go to **Settings**.
-
+ 3. Select **Play My Emails**. 4. Move the toggle to off on the accounts you want to disable.
We'll continue to introduce more experiences like the above to help increase you
Here are the two ways to think of how Cortana works in your enterprise:
-**New experiences for organizations with Cortana enterprise services**: Cortana enterprise services are designed to meet the security and compliance needs of organizations:
+**New experiences for organizations with Cortana enterprise services**: Cortana enterprise services are designed to meet the security and compliance needs of organizations:
1. This is a new service and is discussed here in this document. 2. For services subject to the Online Services Terms, Microsoft is a data processor: Microsoft collects and uses Customer Data from customers only to provide the online services requested by our customers and for the purposes instructed by our customers. Under the EUΓÇÖs General Data Protection Regulation (GDPR), the customer is the data controller of their data. See the [Online Services Terms](https://www.microsoft.com/licensing/product-licensing/products) and [Introducing more privacy transparency for our commercial cloud customers](https://blogs.microsoft.com/eupolicy/2019/11/18/introducing-privacy-transparency-commercial-cloud-customers/).
-3. As an example, Play My Emails is a Cortana service that your users can connect to through Outlook for iOS and utilizes Cortana enterprise services.
+3. As an example, Play My Emails is a Cortana service that your users can connect to through Outlook for iOS and utilizes Cortana enterprise services.
-4. IT admins will always have controls for optional connected experiences for Cortana, similar to optional connected experiences while using Office ProPlus applications.
+4. IT admins will always have controls for optional connected experiences for Cortana, similar to optional connected experiences while using Office ProPlus applications.
**Existing services for consumers**: Cortana optional connected services are designed primarily for consumer experiences and are currently delivered in Windows 10 (version 1909 and earlier) and the Cortana app on iOS and Android.
Turn off Cortana access to your organization's Microsoft hosted data
3. Select **Save changes**.
-For services governed by the [Microsoft Services Agreement](https://go.microsoft.com/fwlink/p/?LinkId=2109174) andΓÇ»[Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement), Microsoft is the data controller. As the data controller, Microsoft uses data to improve products and services in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
+For services governed by the [Microsoft Services Agreement](https://go.microsoft.com/fwlink/p/?LinkId=2109174) and [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement), Microsoft is the data controller. As the data controller, Microsoft uses data to improve products and services in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
## Related content
-
+ [Cortana voice assistance in Teams](/microsoftteams/cortana-in-teams) (article)\ [Configure Cortana in Windows 10](/windows/configuration/cortana-at-work/cortana-at-work-overview) (article)\ [What can you do with Play My Emails from Cortana?](https://support.microsoft.com/help/4558256)-
admin Empower Your Small Business With Remote Work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/empower-your-small-business-with-remote-work.md
description: "Find the latest how-to information, tips, resources, and guidance
As businesses adapt to the increased need to have people work remotely and connect with their customers virtually, this site is updated with the latest how-to information, tips, resources, and guidance on remote work for businesses using Microsoft 365. > [!TIP]
-> Don't have Microsoft_Teams? Get 6 months of Microsoft Teams in Office for free (when you sign up for 1 year). Get the technologies described in this article as part of the offer. For details, see [Try 1 month free](https://aka.ms/SMBTeamsOffer).
+> Don't have Microsoft_Teams? Get 6 months of Microsoft Teams in Office for free (when you sign up for 1 year). Get the technologies described in this article as part of the offer. For details, see [Try 1 month free](https://aka.ms/SMBTeamsOffer).
## Remote work for your small business (video)
As businesses adapt to the increased need to have people work remotely and conne
## Transitioning to a remote workforce
-In light of the COVID-19 (Novel Coronavirus) outbreak, many business owners are finding themselves with a completely remote work staff. Here's what you can do to make a transition to remote work safe, secure, and productive.
+In light of the COVID-19 (Novel Coronavirus) outbreak, many business owners are finding themselves with a completely remote work staff. Here's what you can do to make a transition to remote work safe, secure, and productive.
For more information, see [Get started with Microsoft Teams in your small business](https://support.microsoft.com/office/6723dc43-dbc0-46e6-af49-8a2d1c5cb937).
-Already have a subscription but need to get set up? See [Microsoft 365 small business training](../../business-video/index.yml).
+Already have a subscription but need to get set up? See [Microsoft 365 small business training](../../business-video/index.yml).
## Connect with employees and customers
-You can still connect with employees, customers, clients, and partners, even if you can’t meet face to face. Use Microsoft Teams to continue doing business and connecting with your customers.
+You can still connect with employees, customers, clients, and partners, even if you canΓÇÖt meet face to face. Use Microsoft Teams to continue doing business and connecting with your customers.
### Meet up in Teams
For more information, see [Create a team](https://support.microsoft.com/office/f
## Manage and secure your business to run remotely
-Just a few steps can help you keep your business secure, even with remote employees and guest users.
+Just a few steps can help you keep your business secure, even with remote employees and guest users.
### Secure your users
For more information, see [Manage devices](../../business-video/secure-win-10-pr
### More for admins and partners
-Technical documentation hub for Microsoft 365 Business is updated with new secure remote work guidance.
+Technical documentation hub for Microsoft 365 Business is updated with new secure remote work guidance.
For details, see [Microsoft 365 Business resources](/microsoft-365/business). ## Need to ask a question?
-Ask in the [Teams forum](https://answers.microsoft.com/msteams/forum) or the [Office Admins forum](https://answers.microsoft.com).
+Ask in the [Teams forum](https://answers.microsoft.com/msteams/forum) or the [Office Admins forum](https://answers.microsoft.com).
> [!NOTE] > Most of the tasks in this article and video can be accomplished with a subscription to Microsoft 365 Business Basic (formerly Office 365 Business Essentials), but some require a premium subscription.
admin Apps Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/apps-health.md
description: "Details of the Microsoft 365 Apps health - technology experiences
Productivity Score provides insights into your organization's digital transformation journey through its use of Microsoft 365 and the technology experiences that support it. Your organization's score reflects people and technology experience measurements and can be compared to benchmarks from organizations similar to yours. The apps health category is part of the measurements that falls under technology experiences. To learn more, check out the [Productivity Score overview](productivity-score.md) and read [Microsoft's Privacy Statement](https://privacy.microsoft.com/privacystatement).
-## Why your organization&#39;s Microsoft 365 apps health score matters
+## Why your organization's Microsoft 365 apps health score matters
Your organizational productivity is dependent on healthy application environment. Devices running most current versions of Microsoft 365 apps on recommended channel are more secure and help people in your organization get the most out of the features in Microsoft 365.
This section helps you act on the metrics you want to focus on by providing rele
The following columns are presented in the table at the channel/version level: -- **Channel** : Current Microsoft 365 apps channel on the devices.-- **Status:**   Microsoft 365 apps support state of the devices based on current channel and version.-- **Versions:**  Current Microsoft 365 apps versions on the devices.-- **# of devices:** Number of devices.
+- **Channel**: Current Microsoft 365 apps channel on the devices.
+- **Status**: Microsoft 365 apps support state of the devices based on current channel and version.
+- **Versions**: Current Microsoft 365 apps versions on the devices.
+- **# of devices**: Number of devices.
## Related content
admin Parity Between Azure Information Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/parity-between-azure-information-protection.md
For the encryption to work correctly, RMS must be enabled for the tenant.
1. Check if RMS is enabled: 1. Launch PowerShell as an administrator.
- 2. If the AIPService module isn't installed, run `Install-Module AipService`.
+ 2. If the AIPService module isn't installed, run `Install-Module AipService`.
3. Import the module using `Import-Module AipService`.
- 4. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
- 5. Run `(Get-AipServiceConfiguration).FunctionalState` and check if the state is `Enabled`.
+ 4. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
+ 5. Run `(Get-AipServiceConfiguration).FunctionalState` and check if the state is `Enabled`.
-2. If the functional state is `Disabled`, run `Enable-AipService`.
+2. If the functional state is `Disabled`, run `Enable-AipService`.
### Step 2: Add the Microsoft Information Protection Sync Service service principal
Also, the assumption is that users will log in with a username based off the ten
1. Get the RMS ID: 1. Launch PowerShell as an administrator.
- 2. If the AIPService module isn't installed, run `Install-Module AipService`.
- 3. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
- 4. Run `(Get-AipServiceConfiguration).RightsManagementServiceId` to get the RMS ID.
+ 2. If the AIPService module isn't installed, run `Install-Module AipService`.
+ 3. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
+ 4. Run `(Get-AipServiceConfiguration).RightsManagementServiceId` to get the RMS ID.
2. Log in to your DNS provider, navigate to the DNS settings for the domain, and then add a new SRV record.
- - Service = `_rmsredir`
- - Protocol = `_http`
- - Name = `_tcp`
- - Target = `[GUID].rms.aadrm.cn` (where GUID is the RMS ID)
+ - Service = `_rmsredir`
+ - Protocol = `_http`
+ - Name = `_tcp`
+ - Target = `[GUID].rms.aadrm.cn` (where GUID is the RMS ID)
- Priority, Weight, Seconds, TTL = default values
-3. Associate the custom domain with the tenant in the [Azure portal](https://portal.azure.cn/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Domains). This will add an entry in DNS, which might take several minutes to get verified after you add the value to the DNS settings.
+3. Associate the custom domain with the tenant in the [Azure portal](https://portal.azure.cn/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Domains). This will add an entry in DNS, which might take several minutes to get verified after you add the value to the DNS settings.
4. Log in to the Microsoft 365 admin center with the corresponding global admin credentials and add the domain (for example, `contoso.cn`) for user creation. In the verification process, additional DNS changes might be required. Once verification is done, users can be created.
Also, the assumption is that users will log in with a username based off the ten
Log in to your DNS provider, navigate to the DNS settings for the domain, and then add a new SRV record. -- Service = `_rmsdisco`-- Protocol = `_http`-- Name = `_tcp`-- Target = `api.aadrm.cn`-- Port = `80`
+- Service = `_rmsdisco`
+- Protocol = `_http`
+- Name = `_tcp`
+- Target = `api.aadrm.cn`
+- Port = `80`
- Priority, Weight, Seconds, TTL = default values
admin Services In China https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/services-in-china.md
audience: Admin
ms.localizationpriority: medium--- M365-subscription-management +
+- M365-subscription-management
- Adm_O365 - Adm_NonTOC - SPO_Content-+ - AdminSurgePortfolio - AdminTemplateSet search.appverid:
monikerRange: 'o365-21vianet'
# Office 365 operated by 21Vianet Office 365 operated by 21Vianet is designed to meet the needs for secure, reliable and scalable cloud services in China. This service is powered by technology that Microsoft has licensed to 21Vianet.
-
+ Microsoft does not operate the service itself. 21Vianet operates, provides, and manages delivery of the service. 21Vianet is the largest carrier-neutral Internet data center services provider in China, providing hosting, managed network services, and cloud computing infrastructure services. By licensing Microsoft technologies, 21Vianet operates local Office 365 datacenters to provide you the ability to use Office 365 services while keeping your data within China. 21Vianet also provides your subscription and billing services, as well as support.
-
+ > [!NOTE]
-> These services are subject to Chinese laws.
-
+> These services are subject to Chinese laws.
+ **Follow us on WeChat**
-
+ Scan this QR code to follow us on WeChat and get the latest updates for Office 365 operated by 21Vianet.
-
+ ![Scan this QR code to follow us on WeChat.](../../media/9bbbdf3b-b3ab-4355-82a0-37a84d70735b.png)
-
+ **About services in Office 365 operated by 21Vianet**
-
+ The sections below highlight some of the differences you will find in each service. Ultimately our goal is to achieve parity with global services. However, due to the unique nature of the China services - operated by a partner from datacenters inside China - there are some features that have not yet been enabled. Customers will see the services come closer to full feature parity over time. For a more detailed look at services available for each Office 365 plan operated by 21Vianet, see the [Office 365 Service Description](/office365/servicedescriptions/office-365-platform-service-description/office-365-operated-by-21vianet).
-
-
+ If you would like to learn how to get started with general Office 365 services, see [Get started](../admin-overview/get-started-with-office-365.md).
-
+ ## Office 365 Suite |Function|Availability|
-|:--|:--|
-|Custom domains <br/> |Administrators can create and/or use custom domains registered through Chinese-specific domain providers. If you don't have a custom domain, you can [How to buy a domain name](../get-help-with-domains/buy-a-domain-name.md) from a domain name registrar. If you already have one, [Find your domain registrar or DNS hosting provider](../get-help-with-domains/find-your-domain-registrar.md). <br/> Additionally, if you create a public website using the Office 365 SharePoint Online service, China Internet compliance policy requires that you get an Internet Content Provider (ICP) number. **Note:** Automatic validation for disallowed words in custom domain names is not available. |
-|Subscriptions, billing, and technical support <br/> |Provided by 21Vianet. For information on how to contact support, see [Contact Office 365 for business support](../../business-video/get-help-support.md). <br/> |
-|Self-service password reset <br/> |Available for admins only. For more information, see [Change or reset your password in Office 365 operated by 21Vianet](https://support.microsoft.com/office/d8eb5b62-9d0e-4267-a9bf-2aa491ee6d0b). <br/> |
-|Security, privacy, compliance, and details on levels of support <br/> |Provided by 21Vianet. <br/> |
-|Office Desktop Setup <br/> |Office desktop setup is not available for Office 2010 and Office 2007. However, administrators can [Configure current Office desktop applications to work with Office 365](https://support.microsoft.com/office/85646aba-7e6c-4e24-a047-8fd9ce4f9d2e). <br/> |
-|Mobile and device support\* <br/> | Coming soon are the following mobile features: <br/> Mobile Device Management (MDM) <br/> Blackberry Business Cloud Services (BBCS) is not available, but you can use Exchange ActiveSync devices or an offering from Research in Motion (RIM, the BlackBerry wireless email solution) to run Blackberry Enterprise Server (BES). <br/> For more information on mobile support, see [Set up and manage mobile access for your users](https://support.microsoft.com/office/01fff219-4492-40f2-82d3-fd2ffc0ad802). <br/> |
-|Office Lens <br/> |Not available. <br/> |
-|Microsoft Planner <br/> |Coming soon. <br/> |
-|Microsoft Teams <br/> |Not available. <br/> |
-|Sway <br/> |Coming soon. <br/> |
-|Help in multiple languages <br/> |Help is available in Simplified Chinese and English only. <br/> |
-|Community-provided help <br/> |Community-provided help is not available yet, but you can select the Help button ( **?** ) in the upper right corner of your portal to see help articles. <br/> |
-
+|||
+|Custom domains|Administrators can create and/or use custom domains registered through Chinese-specific domain providers. If you don't have a custom domain, you can [How to buy a domain name](../get-help-with-domains/buy-a-domain-name.md) from a domain name registrar. If you already have one, [Find your domain registrar or DNS hosting provider](../get-help-with-domains/find-your-domain-registrar.md). <br/> Additionally, if you create a public website using the Office 365 SharePoint Online service, China Internet compliance policy requires that you get an Internet Content Provider (ICP) number. **Note:** Automatic validation for disallowed words in custom domain names is not available.|
+|Subscriptions, billing, and technical support|Provided by 21Vianet. For information on how to contact support, see [Contact Office 365 for business support](../../business-video/get-help-support.md).|
+|Self-service password reset|Available for admins only. For more information, see [Change or reset your password in Office 365 operated by 21Vianet](https://support.microsoft.com/office/d8eb5b62-9d0e-4267-a9bf-2aa491ee6d0b).|
+|Security, privacy, compliance, and details on levels of support|Provided by 21Vianet.|
+|Office Desktop Setup|Office desktop setup is not available for Office 2010 and Office 2007. However, administrators can [Configure current Office desktop applications to work with Office 365](https://support.microsoft.com/office/85646aba-7e6c-4e24-a047-8fd9ce4f9d2e).|
+|Mobile and device support\*|Coming soon are the following mobile features: <br/> Mobile Device Management (MDM) <br/> Blackberry Business Cloud Services (BBCS) is not available, but you can use Exchange ActiveSync devices or an offering from Research in Motion (RIM, the BlackBerry wireless email solution) to run Blackberry Enterprise Server (BES). <br/> For more information on mobile support, see [Set up and manage mobile access for your users](https://support.microsoft.com/office/01fff219-4492-40f2-82d3-fd2ffc0ad802).|
+|Office Lens|Not available.|
+|Microsoft Planner|Coming soon.|
+|Microsoft Teams|Not available.|
+|Sway|Coming soon.|
+|Help in multiple languages|Help is available in Simplified Chinese and English only.|
+|Community-provided help|Community-provided help is not available yet, but you can select the Help button ( **?** ) in the upper right corner of your portal to see help articles.|
+ \*Optional services provided directly by Microsoft, and subject to Microsoft's Terms of Service and privacy statements.
-
+ ## SharePoint Online |Function|Availability|
-|:--|:--|
-|Sharing a document, library, or site by email with someone outside of your organization <br/> |This feature is available, but off by default as using it could make files shared accessible outside of your country. Administrators do have the ability to turn it on, but will get a warning message indicating that it could make files shared accessible outside of your country. Users who attempt to share with someone outside of the organization will also receive a warning. For more information, see [Share SharePoint files or folders in Office 365](https://support.microsoft.com/office/1fe37332-0f9a-4719-970e-d2578da4941c). <br/> |
-|Access Services <br/> |Access 2013 is supported, but adding new Access apps may not be available as this feature will be retired from Office 365 and SharePoint Online. Creation of new Access-based web apps and Access web databases in Office 365 and SharePoint Online will stop starting in June 2017 and any remaining web apps and web databases by April 2018. Additionally, Access 2010 functionality is not supported, and attempting to use an Access 2010 database will result in errors and possible data loss. <br/> |
-|Microsoft Power Apps <br/> |Microsoft Power Apps and Microsoft Power Automate are now available to customers in regulated industries and commercial organizations that do business with tables in China and require local data residency. <br/> |
-|Information Rights Management (IRM) <br/> |The ability to set IRM capabilities to SharePoint for your organization is coming soon. <br/> |
-|Ability to translate text or pages <br/> |Available, but off by default. Tenant admins can turn this ability on, but the translation cloud service may be located outside your country. If you do not want users to send content to a translation cloud service, you may keep these features disabled. <br/> |
-|Public website ICP registration <br/> |China Internet compliance policy requires that you get an Internet Content Provider (ICP) number for your public website. |
-|Public website features <br/> |Public websites are available only if you purchased Office 365 before March 9, 2015. However, Bing maps, external sharing, and comments are not available in a public web site as these features may send data outside of your country. <br/> |
-|Newsfeed and Yammer (enterprise social networks) <br/> |Newsfeed (the social hub where you'll see updates from the people, documents, sites, and tags you're following) is available. Yammer is unavailable. <br/> |
-|Autohosted apps <br/> |You can deploy a provider-hosted app that uses SharePoint and SQL Azure. For more information, see [Create a basic provider hosted app for SharePoint](/sharepoint/dev/sp-add-ins/get-started-creating-provider-hosted-sharepoint-add-ins). Coming soon is the ability for developers to deploy an app that uses an autohosted web site. <br/> |
-|InfoPath <br/> |Not available. <br/> |
-|SharePoint Store <br/> |The Office and SharePoint App Stores are optional services operated by Microsoft Corporation or its affiliate from any of Microsoft's worldwide facilities. The apps available in the Store are provided by various app publishers, and are subject to the app publisher's terms and conditions and privacy statement. Your use of any of these apps may result in your data being transferred to, stored, or processed in any country where the app publisher, its affiliates or service providers maintain facilities. Please carefully review the app publisher's terms and conditions and privacy statements before downloading and using such apps. <br/> |
-|Office 365 Developer Site: Publish to SharePoint Store using the Seller Dashboard\* <br/> |Learn about the [requirements for submitting apps for SharePoint](/office/dev/store/submit-sharepoint-add-ins-for-office-365-operated-by-21vianet-in-china) for distribution to users of Office 365 operated by 21Vianet. <br/> |
-
+|||
+|Sharing a document, library, or site by email with someone outside of your organization|This feature is available, but off by default as using it could make files shared accessible outside of your country. Administrators do have the ability to turn it on, but will get a warning message indicating that it could make files shared accessible outside of your country. Users who attempt to share with someone outside of the organization will also receive a warning. For more information, see [Share SharePoint files or folders in Office 365](https://support.microsoft.com/office/1fe37332-0f9a-4719-970e-d2578da4941c).|
+|Access Services|Access 2013 is supported, but adding new Access apps may not be available as this feature will be retired from Office 365 and SharePoint Online. Creation of new Access-based web apps and Access web databases in Office 365 and SharePoint Online will stop starting in June 2017 and any remaining web apps and web databases by April 2018. Additionally, Access 2010 functionality is not supported, and attempting to use an Access 2010 database will result in errors and possible data loss.|
+|Microsoft Power Apps|Microsoft Power Apps and Microsoft Power Automate are now available to customers in regulated industries and commercial organizations that do business with tables in China and require local data residency.|
+|Information Rights Management (IRM)|The ability to set IRM capabilities to SharePoint for your organization is coming soon.|
+|Ability to translate text or pages|Available, but off by default. Tenant admins can turn this ability on, but the translation cloud service may be located outside your country. If you do not want users to send content to a translation cloud service, you may keep these features disabled.|
+|Public website ICP registration|China Internet compliance policy requires that you get an Internet Content Provider (ICP) number for your public website.|
+|Public website features|Public websites are available only if you purchased Office 365 before March 9, 2015. However, Bing maps, external sharing, and comments are not available in a public web site as these features may send data outside of your country.|
+|Newsfeed and Yammer (enterprise social networks)|Newsfeed (the social hub where you'll see updates from the people, documents, sites, and tags you're following) is available. Yammer is unavailable.|
+|Autohosted apps|You can deploy a provider-hosted app that uses SharePoint and SQL Azure. For more information, see [Create a basic provider hosted app for SharePoint](/sharepoint/dev/sp-add-ins/get-started-creating-provider-hosted-sharepoint-add-ins). Coming soon is the ability for developers to deploy an app that uses an autohosted web site.|
+|InfoPath|Not available.|
+|SharePoint Store|The Office and SharePoint App Stores are optional services operated by Microsoft Corporation or its affiliate from any of Microsoft's worldwide facilities. The apps available in the Store are provided by various app publishers, and are subject to the app publisher's terms and conditions and privacy statement. Your use of any of these apps may result in your data being transferred to, stored, or processed in any country where the app publisher, its affiliates or service providers maintain facilities. Please carefully review the app publisher's terms and conditions and privacy statements before downloading and using such apps.|
+|Office 365 Developer Site: Publish to SharePoint Store using the Seller Dashboard\*|Learn about the [requirements for submitting apps for SharePoint](/office/dev/store/submit-sharepoint-add-ins-for-office-365-operated-by-21vianet-in-china) for distribution to users of Office 365 operated by 21Vianet.|
+ \*Optional services provided directly by Microsoft, and subject to Microsoft's Terms of Service and privacy statements.
-
+ ## Outlook Web App |Function|Availability|
-|:--|:--|
-|Blackberry Business Cloud Services (BBCS) <br/> |Not available, but you can use Exchange ActiveSync devices or an offering from Research in Motion (RIM, the BlackBerry wireless email solution) to run Blackberry Enterprise Server (BES). <br/> |
-|Information Rights Management <br/> |Coming soon. <br/> |
-|Free/Busy information <br/> |Free/Busy information between on-premises and Exchange Online mailboxes is available. <br/> |
-|Sharing your calendar <br/> |Calendar sharing between on-premises and Exchange Online mailboxes is available. <br/> |
-|Sharing contacts <br/> |Coming soon. <br/> |
-|Message tracking <br/> |Coming soon. <br/> |
-|Apps <br/> |Coming soon. <br/> |
-|Places feature <br/> |This feature shows maps of addresses in email; because it may allow data outside of your country, it is not available. <br/> |
-|Connected Accounts <br/> |Connecting to other accounts such as Hotmail (Outlook.com) is coming soon. <br/> |
-
+|||
+|Blackberry Business Cloud Services (BBCS)|Not available, but you can use Exchange ActiveSync devices or an offering from Research in Motion (RIM, the BlackBerry wireless email solution) to run Blackberry Enterprise Server (BES).|
+|Information Rights Management|Coming soon.|
+|Free/Busy information|Free/Busy information between on-premises and Exchange Online mailboxes is available.|
+|Sharing your calendar|Calendar sharing between on-premises and Exchange Online mailboxes is available.|
+|Sharing contacts|Coming soon.|
+|Message tracking|Coming soon.|
+|Apps|Coming soon.|
+|Places feature|This feature shows maps of addresses in email; because it may allow data outside of your country, it is not available.|
+|Connected Accounts|Connecting to other accounts such as Hotmail (Outlook.com) is coming soon.|
+ ## Exchange
- New with Exchange 2013 Cumulative Update 5 (CU5), full-featured hybrid deployments between on-premises Exchange 2013 organizations and Office 365 services are now supported. Leveraging new improvements in the Hybrid Configuration wizard, Exchange 2013 CU5 supports the following hybrid features between your on-premises and Exchange Online organizations:
--- Secure mail routing between on-premises and Exchange Online organizations. -- Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @contoso.com SMTP domain. -- A unified global address list (GAL), also called a "shared address book." -- Free/busy and calendar sharing between on-premises and Exchange Online organizations. -- Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization. -- A single Office Outlook Web App URL for both the on-premises and Exchange Online organizations. -- The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed. -- Centralized mailbox management using the on-premises Exchange admin center (EAC). -- MailTips, HD photo support for Outlook contacts, and multi-mailbox search between on-premises and Exchange Online organizations. -- Cloud-based message archiving for on-premises Exchange mailboxes. -
-For organizations running older or mixed versions of Exchange Server, some hybrid features aren't fully supported for Office 365 tenants hosted by 21Vianet. Use the following table to learn more about hybrid feature support in different Exchange deployment scenarios: <br/>
--
-|**On-Premises Exchange Version**|**Exchange Hybrid Server Version**|**Hybrid Configuration Wizard Supported?**|**Supported Hybrid Features**|
-|:--|:--|:--|:--|
-| 2016 <br/> | N/A <br/> | Yes <br/> | All <br/> |
-| 2013 CU5 <br/> | N/A <br/> | Yes <br/> | All <br/> |
-| 2013 SP1 <br/> | 2013 CU5 <br/> | Yes <br/> | All <br/> |
-| 2013 SP1 <br/> | 2013 SP1 <br/> | Yes <br/> | All <br/> |
-| Mixed 2013 SP1/2010 SP3 <br/> | 2013 CU5 <br/> | Yes <br/> | All, except In-place eDiscovery/Archiving, OWA access (see table below) <br/> |
-| Mixed 2013 SP1/2010 SP3 <br/> | 2013 SP1 <br/> | Yes <br/> | Only manually configured free/busy <br/> |
-| 2010 SP3 <br/> | 2010 SP3 <br/> | No <br/> | None <br/> |
-| 2007 <br/> | 2013 CU5 <br/> | Yes <br/> | Only free/busy <br/> |
-| 2007 <br/> | 2013 SP1 or 2010 SP3No <br/> | N/A <br/> | Not supported <br/> |
-| 2003 <br/> | 2013 SP1/CU5 <br/> | N/A <br/> | Not supported <br/> |
-| 2003 <br/> | 2010 SP3 <br/> | No <br/> | None <br/> |
-
-
+ New with Exchange 2013 Cumulative Update 5 (CU5), full-featured hybrid deployments between on-premises Exchange 2013 organizations and Office 365 services are now supported. Leveraging new improvements in the Hybrid Configuration wizard, Exchange 2013 CU5 supports the following hybrid features between your on-premises and Exchange Online organizations:
+
+- Secure mail routing between on-premises and Exchange Online organizations.
+- Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @contoso.com SMTP domain.
+- A unified global address list (GAL), also called a "shared address book."
+- Free/busy and calendar sharing between on-premises and Exchange Online organizations.
+- Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.
+- A single Office Outlook Web App URL for both the on-premises and Exchange Online organizations.
+- The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.
+- Centralized mailbox management using the on-premises Exchange admin center (EAC).
+- MailTips, HD photo support for Outlook contacts, and multi-mailbox search between on-premises and Exchange Online organizations.
+- Cloud-based message archiving for on-premises Exchange mailboxes.
+
+For organizations running older or mixed versions of Exchange Server, some hybrid features aren't fully supported for Office 365 tenants hosted by 21Vianet. Use the following table to learn more about hybrid feature support in different Exchange deployment scenarios:
+
+|On-Premises Exchange Version|Exchange Hybrid Server Version|Hybrid Configuration Wizard Supported?|Supported Hybrid Features|
+|||||
+|2016|N/A|Yes|All|
+|2013 CU5|N/A|Yes|All|
+|2013 SP1|2013 CU5|Yes|All|
+|2013 SP1|2013 SP1|Yes|All|
+|Mixed 2013 SP1/2010 SP3|2013 CU5|Yes|All, except In-place eDiscovery/Archiving, OWA access (see table below)|
+|Mixed 2013 SP1/2010 SP3|2013 SP1|Yes|Only manually configured free/busy|
+|2010 SP3|2010 SP3|No|None|
+|2007|2013 CU5|Yes|Only free/busy|
+|2007|2013 SP1 or 2010 SP3No|N/A|Not supported|
+|2003|2013 SP1/CU5|N/A|Not supported|
+|2003|2010 SP3|No|None|
+ > [!IMPORTANT]
-> Delegate calendar access, when a user or set of users is provided access to another user's calendar, isn't supported in hybrid deployments with Office 365 tenants hosted by 21Vianet.
-
+> Delegate calendar access, when a user or set of users is provided access to another user's calendar, isn't supported in hybrid deployments with Office 365 tenants hosted by 21Vianet.
+ Additionally, some Exchange messaging policy and compliance features aren't fully supported in hybrid deployments with Office 365 tenants hosted by 21Vianet. These features include: -- [Messaging Records Management (MRM)](/exchange/security-and-compliance/messaging-records-management/messaging-records-management) -- [In-Place eDiscovery](/exchange/security-and-compliance/in-place-ediscovery/in-place-ediscovery) -- [In-Place Hold](/exchange/security-and-compliance/in-place-and-litigation-holds)
+- [Messaging Records Management (MRM)](/exchange/security-and-compliance/messaging-records-management/messaging-records-management)
+- [In-Place eDiscovery](/exchange/security-and-compliance/in-place-ediscovery/in-place-ediscovery)
+- [In-Place Hold](/exchange/security-and-compliance/in-place-and-litigation-holds)
- [In-Place Archiving](/exchange/in-place-archiving-in-exchange-2013-exchange-2013-help) - [Mailbox auditing](/exchange/security-and-compliance/exchange-auditing-reports/exchange-auditing-reports)-- Accessing online archives with [Outlook Web App (OWA)](/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/outlook-on-the-web)
+- Accessing online archives with [Outlook Web App (OWA)](/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/outlook-on-the-web)
+
+Use the following table to learn more about feature support in different Exchange deployment scenarios:
-Use the following table to learn more about feature support in different Exchange deployment scenarios:
+|On-Premises Exchange Version|MRM (split archive)|OWA access (split archive)|In-Place eDiscovery|Mailbox Auditing|In-Place Hold/Archiving|
+|||||||
+|All 2013 CU5|Supported|Not supported|Supported|Supported|Supported|
+|All 2010 SP3|Not supported|Not supported|Supported<sup>1</sup>|Supported|Supported|
+|At least one pre-2013 CU5 server|Supported<sup>2</sup>|Not supported|Not supported|Supported|Supported|
-|**On-Premises Exchange Version**|**MRM (split archive)**|**OWA access (split archive)**|**In-Place eDiscovery**|**Mailbox Auditing**|**In-Place Hold/Archiving**|
-|:--|:--|:--|:--|:--|:--|
-| All 2013 CU5 <br/> | Supported <br/> | Not supported <br/> | Supported <br/> | Supported <br/> | Supported <br/> |
-| All 2010 SP3 <br/> | Not supported <br/> | Not supported <br/> | Supported<sup>1</sup> <br/> | Supported <br/> | Supported <br/> |
-| At least one pre-2013 CU5 server <br/> | Supported<sup>2</sup> <br/> | Not supported <br/> | Not supported <br/> | Supported <br/> | Supported <br/> |
-|||
+<sup>1</sup> Separate searches are required for on-premises and Exchange Online mailboxes.
-<sup>1</sup> Separate searches are required for on-premises and Exchange Online mailboxes. <br/> <sup>2</sup> MRM move-to-archive policies can be used for mailboxes located on an Exchange 2013 CU5 or greater server.
+<sup>2</sup> MRM move-to-archive policies can be used for mailboxes located on an Exchange 2013 CU5 or greater server.
+
+To learn more about configuring a hybrid deployment with Office 365 tenants hosted by 21Vianet, see the following topics:
-To learn more about configuring a hybrid deployment with Office 365 tenants hosted by 21Vianet, see the following topics:
- [Hybrid Deployment Prerequisites](/exchange/hybrid-deployment-prerequisites)-- [Certificate Requirements for Hybrid Deployments](/exchange/certificate-requirements)
+- [Certificate Requirements for Hybrid Deployments](/exchange/certificate-requirements)
- [Create a Hybrid Deployment with the Hybrid Configuration Wizard](/exchange/hybrid-deployment/deploy-hybrid) > [!IMPORTANT]
-> The [Exchange Server Deployment Assistant](https://go.microsoft.com/fwlink/?LinkId=506768) is a free web-based tool that helps you configure a hybrid deployment between your on-premises organization and Office 365, or to migrate completely to Office 365. The tool asks you a small set of simple questions and then, based on your answers, creates a customized checklist with instructions to configure your hybrid deployment. We strongly recommend using the Deployment Assistant to configure a hybrid deployment. > For organizations not wishing to upgrade to or add Exchange 2013 CU5 servers, Exchange 2013 SP1 organizations can configure shared calendar free/busy sharing between their on-premises and Exchange Online organizations. To configure this hybrid deployment feature, see [Configuring Exchange hybrid deployment features with Office 365 operated by 21Vianet](https://support.microsoft.com/office/26e7cc26-c980-4cc5-a082-c333de544b6d).
+> The [Exchange Server Deployment Assistant](https://go.microsoft.com/fwlink/?LinkId=506768) is a free web-based tool that helps you configure a hybrid deployment between your on-premises organization and Office 365, or to migrate completely to Office 365. The tool asks you a small set of simple questions and then, based on your answers, creates a customized checklist with instructions to configure your hybrid deployment. We strongly recommend using the Deployment Assistant to configure a hybrid deployment. > For organizations not wishing to upgrade to or add Exchange 2013 CU5 servers, Exchange 2013 SP1 organizations can configure shared calendar free/busy sharing between their on-premises and Exchange Online organizations. To configure this hybrid deployment feature, see [Configuring Exchange hybrid deployment features with Office 365 operated by 21Vianet](https://support.microsoft.com/office/26e7cc26-c980-4cc5-a082-c333de544b6d).
|Function|Availability|
-|:--|:--|
-|Coexistence and Free/Busy Sharing|Sharing calendar free/busy information between two or more on-premises Exchange organizations or sharing between two 21Vianet Office 365 tenants isn't supported. This feature is coming soon! |
-|Calendar sharing|Exchange 2013 SP1 and greater supports manually configuring Internet calendar sharing with other on-premises Exchange or Exchange Online organizations. For more details about configuring this feature manually, see [Enable Internet Calendar Publishing](/exchange/enable-internet-calendar-publishing-exchange-2013-help). |
-Sharing Exchange contact data on Apple mobile devices to the Apple iCloud. |This setting/feature is enabled by default. Administrators should turn this feature off to help prevent users from sharing Exchange data outside of your organization. |
-|Exchange Hosted Email Encryption |Not available. |
-|Office 365 Message Encryption |Coming soon. |
-
+|||
+|Coexistence and Free/Busy Sharing|Sharing calendar free/busy information between two or more on-premises Exchange organizations or sharing between two 21Vianet Office 365 tenants isn't supported. This feature is coming soon!|
+|Calendar sharing|Exchange 2013 SP1 and greater supports manually configuring Internet calendar sharing with other on-premises Exchange or Exchange Online organizations. For more details about configuring this feature manually, see [Enable Internet Calendar Publishing](/exchange/enable-internet-calendar-publishing-exchange-2013-help).|
+Sharing Exchange contact data on Apple mobile devices to the Apple iCloud.|This setting/feature is enabled by default. Administrators should turn this feature off to help prevent users from sharing Exchange data outside of your organization.|
+|Exchange Hosted Email Encryption|Not available.|
+|Office 365 Message Encryption|Coming soon.|
+ ## Office |Function|Availability|
-|:--|:--|
-|Open an Office application from the **File** \> **Open in**… button <br/> |Available. The ability to do so while roaming is coming soon. <br/> |
-|Save to OneDrive for Business while signed in with a Microsoft account <br/> |To keep your data within your country, you cannot save a document to your organization site (OneDrive for Business) when you are signed in to Office with a Microsoft account. <br/> |
-|Ability to translate text or pages <br/> |This feature is available, but off by default. Administrators do have the ability to turn it on, but will get a warning message indicating that it could make data accessible outside of your country. <br/> |
-
+|||
+|Open an Office application from the **File** \> **Open in**... button|Available. The ability to do so while roaming is coming soon.|
+|Save to OneDrive for Business while signed in with a Microsoft account|To keep your data within your country, you cannot save a document to your organization site (OneDrive for Business) when you are signed in to Office with a Microsoft account.|
+|Ability to translate text or pages|This feature is available, but off by default. Administrators do have the ability to turn it on, but will get a warning message indicating that it could make data accessible outside of your country.|
+ ## Office client |Function|Availability|
-|:--|:--|
-|Manage account (from within the Office client) <br/> |This feature, and others like it that are intended to go to your Office 365 portal, currently point to the worldwide Office 365 portal, and you cannot sign in with your Office 365 operated by 21Vianet account. This is a known issue that is being fixed. In the meantime, you can use the URL https://portal.partner.microsoftonline.cn/ to sign into your account and manage settings from there. For more information, see [Manage your Microsoft 365 Apps for enterprise account for Office 365 operated by 21Vianet](https://support.microsoft.com/office/fbe473d3-69de-4d0c-aecb-b9c2d0d45bc8). <br/> |
-
+|||
+|Manage account (from within the Office client)|This feature, and others like it that are intended to go to your Office 365 portal, currently point to the worldwide Office 365 portal, and you cannot sign in with your Office 365 operated by 21Vianet account. This is a known issue that is being fixed. In the meantime, you can use the URL <https://portal.partner.microsoftonline.cn/> to sign into your account and manage settings from there. For more information, see [Manage your Microsoft 365 Apps for enterprise account for Office 365 operated by 21Vianet](https://support.microsoft.com/office/fbe473d3-69de-4d0c-aecb-b9c2d0d45bc8).|
+ ## OneNote |Function|Availability|
-|:--|:--|
-|Insert and playback online video <br/> |Not available. <br/> |
-|Research pane integration to Bing services <br/> |Not available. <br/> |
-|Accessibility checker <br/> |Not available. <br/> |
-|Class notebook <br/> |Not available. <br/> |
-|Forms <br/> |Not available. <br/> |
-|Immersive reader <br/> |Not available. <br/> |
-|Insert online picture <br/> |Not available. <br/> |
-|Meeting details <br/> |Not available. <br/> |
-|Researcher <br/> |Not available. <br/> |
-|Stickers <br/> |Not available. <br/> |
-|Live Search (ability to search in online notebooks that are not opened in the client) <br/> |Not available. <br/> |
-|Integration with Mac and iOS platform smart look up service <br/> |Not available. <br/> |
-|Share notebook experience and sharing notification <br/> |Not available. <br/> |
-
+|||
+|Insert and playback online video|Not available.|
+|Research pane integration to Bing services|Not available.|
+|Accessibility checker|Not available.|
+|Class notebook|Not available.|
+|Forms|Not available.|
+|Immersive reader|Not available.|
+|Insert online picture|Not available.|
+|Meeting details|Not available.|
+|Researcher|Not available.|
+|Stickers|Not available.|
+|Live Search (ability to search in online notebooks that are not opened in the client)|Not available.|
+|Integration with Mac and iOS platform smart look up service|Not available.|
+|Share notebook experience and sharing notification|Not available.|
+ ## Skype for Business |Function|Availability|
-|:--|:--|
-|Domain providers to support Skype for Business <br/> |You will need to register your domain with a Chinese-specific domain provider that supports SRV records. For more information on how to register domains, see [Find your domain registrar or DNS hosting provider](../get-help-with-domains/find-your-domain-registrar.md). <br/> |
-|Dial-in conferencing (the ability to add telephone access to meetings for users who can't get to a computer) <br/> |You may see options in Skype for Business and in the Skype for Business Admin Center for Dial-in conferencing and providers, but these features are not yet available. They are coming soon. <br/> |
-|Skype for Business desktop help <br/> |You can find help for Skype for Business desktop [here](https://support.microsoft.com/office/6ae5853c-f0fd-4710-aecf-f46def8377ad). However, desktop help is not available from the product unless you are using Office Click-To-Run. <br/> |
-|Lync 2010 <br/> |Not available. <br/> |
-|Ability to join a meeting from your calendar when you're using a Samsung-based device with Google Chrome <br/> |Coming soon. In the meantime, you can open Skype for Business, go to the Meetings view, and join the meeting from there. <br/> |
-|Desk Phone Devices like Polycom, Ares, and Tanjay <br/> |Not available. <br/> |
-|Syndication partners <br/> |Not available. <br/> |
-|Voice features, such as voice mail, ability to make and receive calls from PSTN numbers, call transferring, call forwarding <br/> |Not available. These features require syndication partners. <br/> |
-|Archiving, or ability to tag a user and archive that user's emails and IMs in Exchange <br/> |Not available. <br/> |
-|Skype for Business Web client (LWA) browser support for Firefox 29 <br/> |Not available, but you can use an older version of Firefox. <br/> |
-|Unified Contact Store (UCS) <br/> |The ability for users to keep all of their Skype for Business contact information in Microsoft Exchange Server 2013 is disabled. <br/> |
-| Conferencing devices: <br/> Polycom CX5100 Unified Conference Station <br/> Logitech ConferenceCam CC3000e <br/> Polycom CX7000 <br/> Polycom CX3000 <br/> Logitech BCC950 ConferenceCam <br/> Polycom CX5000 HD <br/> |Not available. <br/> |
-
+|||
+|Domain providers to support Skype for Business|You will need to register your domain with a Chinese-specific domain provider that supports SRV records. For more information on how to register domains, see [Find your domain registrar or DNS hosting provider](../get-help-with-domains/find-your-domain-registrar.md).|
+|Dial-in conferencing (the ability to add telephone access to meetings for users who can't get to a computer)|You may see options in Skype for Business and in the Skype for Business Admin Center for Dial-in conferencing and providers, but these features are not yet available. They are coming soon.|
+|Skype for Business desktop help|You can find help for Skype for Business desktop [here](https://support.microsoft.com/office/6ae5853c-f0fd-4710-aecf-f46def8377ad). However, desktop help is not available from the product unless you are using Office Click-To-Run.|
+|Lync 2010|Not available.|
+|Ability to join a meeting from your calendar when you're using a Samsung-based device with Google Chrome|Coming soon. In the meantime, you can open Skype for Business, go to the Meetings view, and join the meeting from there.|
+|Desk Phone Devices like Polycom, Ares, and Tanjay|Not available.|
+|Syndication partners|Not available.|
+|Voice features, such as voice mail, ability to make and receive calls from PSTN numbers, call transferring, call forwarding|Not available. These features require syndication partners.|
+|Archiving, or ability to tag a user and archive that user's emails and IMs in Exchange|Not available.|
+|Skype for Business Web client (LWA) browser support for Firefox 29|Not available, but you can use an older version of Firefox.|
+|Unified Contact Store (UCS)|The ability for users to keep all of their Skype for Business contact information in Microsoft Exchange Server 2013 is disabled.|
+|Conferencing devices: <br/> Polycom CX5100 Unified Conference Station <br/> Logitech ConferenceCam CC3000e <br/> Polycom CX7000 <br/> Polycom CX3000 <br/> Logitech BCC950 ConferenceCam <br/> Polycom CX5000 HD|Not available.|
+ ## Data Subject Requests for GDPR GDPR grants individuals (or, data subjects) certain rights in connection with the processing of their personal data, including the right to correct inaccurate data, erase data or restrict its processing, receive their data and fulfill a request to transmit their data to another controller. The Tenant Administrator role for Office 365 operated by 21Vianet can request data on behalf of a data subject in the following ways:
-
+ - Using the Azure Active Directory Admin Center, a Tenant Administrator can permanently delete a data subject from Azure Active Directory and related services.
-
+ - System generated logs for Microsoft services operated by 21Vianet can be exported by Tenant Administrators using the Data Log Export.
-
+ For details and instructions, see [Data Subject Requests (DSR) for GDPR](https://www.trustcenter.cn/privacy/gdpr-office365.mdl). ## Related content
admin Customize Your Organization Theme https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-your-organization-theme.md
You can add or update a default theme that applies to everyone within your org.
All organization themes can be customized using the following tabs.
-|**Tab**|**What can you do?**|
-|:--|:--|
-|[General](#general-modify-a-theme) <br/> |Modify a theme name and assign to up to five groups (if applicable). <br/> |
-|[Logos](#logos-specify-your-theme-logos) <br/> |Add your organization logo, including alternate logo for dark theme. <br/> |
-|[Colors](#colors-choose-theme-colors) <br/> |Customize a color scheme by specifying navigation bar, accent, text and icon colors. <br/> |
+|Tab|What can you do?|
+|||
+|[General](#general-modify-a-theme)|Modify a theme name and assign to up to five groups (if applicable).|
+|[Logos](#logos-specify-your-theme-logos)|Add your organization logo, including alternate logo for dark theme.|
+|[Colors](#colors-choose-theme-colors)|Customize a color scheme by specifying navigation bar, accent, text and icon colors.|
## General: Modify a theme
On the **Colors** page, you can set the default colors and choose which logo sho
### My organization already has a theme for all employees. How will this change?
-The default theme will continue to be shown to all employees. Adding a new group theme will only be made available to the Microsoft 365 groups associated with that theme.
+The default theme will continue to be shown to all employees. Adding a new group theme will only be made available to the Microsoft 365 groups associated with that theme.
-### Why don’t I see group themes in the Admin Center?
+### Why donΓÇÖt I see group themes in the Admin Center?
-Only global admins can customize company themes. Global readers have read-only access.
+Only global admins can customize company themes. Global readers have read-only access.
### How many different themes can I set up for my organization?
Up to five themes can be created. A default theme and four group themes.
### Can I use security groups or distribution groups instead of Microsoft 365 Groups?
-No, new group themes must be mapped to one or more Microsoft 365 groups and not security groups or distribution groups.
+No, new group themes must be mapped to one or more Microsoft 365 groups and not security groups or distribution groups.
> [!NOTE] > You can convert [distribution groups to Microsoft 365 groups](../manage/upgrade-distribution-lists.md) in Outlook.
-### Can I manually assign a theme independent of Microsoft 365 Groups? 
+### Can I manually assign a theme independent of Microsoft 365 Groups?
-No, new group themes must be mapped to one or more Microsoft 365 groups. Users who are members of the Microsoft 365 group will get the theme applied to their group. You can [create and add new members to a Microsoft 365 Group](../create-groups/create-groups.md) by going to the **Settings** > **Groups** in the admin center.
+No, new group themes must be mapped to one or more Microsoft 365 groups. Users who are members of the Microsoft 365 group will get the theme applied to their group. You can [create and add new members to a Microsoft 365 Group](../create-groups/create-groups.md) by going to the **Settings** > **Groups** in the admin center.
### What happens if a user is assigned to multiple group themes? Users who are assigned to multiple group themes will be shown the default theme.
-### Why canΓÇÖt I delete the default theme?ΓÇ»
+### Why canΓÇÖt I delete the default theme?
The default theme can only be deleted once all group themes are deleted. Make sure you delete all group themes before you try to delete the group theme.
-### Why am I receiving an error message every time I upload a logo URL. 
+### Why am I receiving an error message every time I upload a logo URL.
-Make sure the logo you’re using is specified as a publicly addressable URL. Follow these steps for [uploading logos to Azure Blob Storage](/azure/storage/blobs/storage-upload-process-images?tabs=dotnet) or the [Office 365 Content Delivery Network with SharePoint Online](../../enterprise/use-microsoft-365-cdn-with-spo.md).
+Make sure the logo youΓÇÖre using is specified as a publicly addressable URL. Follow these steps for [uploading logos to Azure Blob Storage](/azure/storage/blobs/storage-upload-process-images?tabs=dotnet) or the [Office 365 Content Delivery Network with SharePoint Online](../../enterprise/use-microsoft-365-cdn-with-spo.md).
-### Why am I receiving the message “Doesn’t meet minimum color contrast ratio of 4.5:1”?
+### Why am I receiving the message ΓÇ£DoesnΓÇÖt meet minimum color contrast ratio of 4.5:1ΓÇ¥?
The recommended contrast ratio between text, icon or button color and background color is 4.5:1. You can override this recommendation and still save your theme as this is not a requirement.
admin Migrate Data Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/migrate-data-business-standard.md
Follow the steps in this article to move your OneDrive, Outlook and Teams data t
## Move files to OneDrive for business
-This section describes how to move the files stored in your Microsoft 365 personal account to your Microsoft 365 business account. With both OneDrive accounts synced to your device, you can easily drag and drop the files between two OneDrive folders.
+This section describes how to move the files stored in your Microsoft 365 personal account to your Microsoft 365 business account. With both OneDrive accounts synced to your device, you can easily drag and drop the files between two OneDrive folders.
-1. Select the OneDrive white cloud icon in the Windows notification area and make sure your OneDrive personal account is synced to your device.
+1. Select the OneDrive white cloud icon in the Windows notification area and make sure your OneDrive personal account is synced to your device.
:::image type="content" source="../../media/ssu-onedrive-icons.png" alt-text="Screenshot: Select white cloud icon in the Windows notification area":::
This section describes how to move the files stored in your Microsoft 365 person
:::image type="content" source="../../media/ssu-onedrive-help-settings.png" alt-text="Screenshot: Select Help & Settings to add an account":::
-3. In **Settings**, select **Account** > **Add an account**.
+3. In **Settings**, select **Account** > **Add an account**.
-4. When OneDrive Setup starts, enter your new business account, and then select **Sign in**.
+4. When OneDrive Setup starts, enter your new business account, and then select **Sign in**.
:::image type="content" source="../../media/ssu-setup-onedrive.png" alt-text="Screenshot: Enter your email address on the OneDrive set up page"::: > [!NOTE]
- > If you haven't set up OneDrive with your current Microsoft 365 personal account before, follow the steps above to set up your personal account on your device and sync your files before moving to the next steps.
+ > If you haven't set up OneDrive with your current Microsoft 365 personal account before, follow the steps above to set up your personal account on your device and sync your files before moving to the next steps.
### Drag and drop files in OneDrive
-With both your Microsoft 365 personal and business accounts synced to your device, you can now move your files from your personal OneDrive folder to your new business OneDrive folder.
+With both your Microsoft 365 personal and business accounts synced to your device, you can now move your files from your personal OneDrive folder to your new business OneDrive folder.
1. In File Explorer, open your synced OneDrive folder that contains your files.
-2. Select and drag the files you want from your OneDrive personal folder to your new OneDrive business folder.
+2. Select and drag the files you want from your OneDrive personal folder to your new OneDrive business folder.
:::image type="content" source="../../media/ssu-onedrive-files-to-work-folder.png" alt-text="Screenshot: Drag and drop files to you new OneDrive for business folder":::
-### Notes about moving files from OneDrive personal to OneDrive for work
+### Notes about moving files from OneDrive personal to OneDrive for work
- If you’re moving a large number of files, we recommend that you move files in batches of no more than 100 files each. -- Files you move from OneDrive personal to OneDrive for work are recognized as new files, and as a result, these files don’t retain metadata details such as Modified and Modified By.
+- Files you move from OneDrive personal to OneDrive for work are recognized as new files, and as a result, these files donΓÇÖt retain metadata details such as Modified and Modified By.
-- If you shared files in OneDrive before, you'll need to share these files again in your new OneDrive for work after you move them. Also, once you share these files, we recommend that you delete the original files from OneDrive. This way, people won’t be able to refer to out-of-date copies of files you’d shared with them earlier.
+- If you shared files in OneDrive before, you'll need to share these files again in your new OneDrive for work after you move them. Also, once you share these files, we recommend that you delete the original files from OneDrive. This way, people wonΓÇÖt be able to refer to out-of-date copies of files youΓÇÖd shared with them earlier.
## Step: Set up Outlook for email
admin Signup Teams Business Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-teams-business-subscription.md
If you choose to use a domain you already own, you can use it for your email add
### How does recurring billing work?
-When Recurring billing is on, your subscription will continue to be billed each month (or year, depending on your billing plan) on the day you subscribed. You can turn it off or back on again in the admin center if your subscription is active. Learn more atΓÇ»[Turn Recurring billing off or on](../../commerce/subscriptions/renew-your-subscription.md#turn-recurring-billing-off-or-on).
+When Recurring billing is on, your subscription will continue to be billed each month (or year, depending on your billing plan) on the day you subscribed. You can turn it off or back on again in the admin center if your subscription is active. Learn more at [Turn Recurring billing off or on](../../commerce/subscriptions/renew-your-subscription.md#turn-recurring-billing-off-or-on).
### What do I do if I want to change my business name?
-Contact our small business support experts who can help you change your business name. Learn more atΓÇ»[Get support](../get-help-support.md).
+Contact our small business support experts who can help you change your business name. Learn more at [Get support](../get-help-support.md).
compliance Add Custodians To Case https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-custodians-to-case.md
To add custodians to a case, you must be a member of the eDiscovery Manager role
1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and sign in with a user account that has been assigned the appropriate eDiscovery permissions.
-2. In the left navigation pane of the Microsoft 365 compliance center, select **eDiscovery** > **Advanced eDiscovery**, and select the [**Cases**](https://go.microsoft.com/fwlink/p/?linkid=2173764) tab.
+2. In the left navigation pane of the Microsoft 365 compliance center, select **eDiscovery** > **Advanced eDiscovery**, and select the [**Cases**](https://go.microsoft.com/fwlink/p/?linkid=2173764) tab.
3. Select the case that you want to add custodians to.
compliance Apply Retention Labels Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md
The following query contains typical keywords to help identify documents or emai
(resume AND staff AND employee AND salary AND recruitment AND candidate) ```
-Note that this final example uses the best practice of always including operators between keywords. A space between keywords (or two property:value expressions) is the same as using AND. By always adding operators, it's easier to see that this example query will identify only content that contains all these keywords, instead of content that contains any of the keywords. If your intention is to identify content that contains any of the keywords, specify OR instead of AND. As this example shows, when you always specify the operators, it's easier to correctly interpret the query.
+Note that this final example uses the best practice of always including operators between keywords. A space between keywords (or two property:value expressions) is the same as using AND. By always adding operators, it's easier to see that this example query will identify only content that contains all these keywords, instead of content that contains any of the keywords. If your intention is to identify content that contains any of the keywords, specify OR instead of AND. As this example shows, when you always specify the operators, it's easier to correctly interpret the query.
##### Microsoft Teams meeting recordings
compliance Archive 17A 4 Blackberry Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-blackberry-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for BlackBerry data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **BlackBerry DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **BlackBerry DataParser**.
2. On the **BlackBerry DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Bloomberg Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-bloomberg-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Bloomberg data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Bloomberg DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Bloomberg DataParser**.
2. On the **Bloomberg DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Cisco Jabber Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-cisco-jabber-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Cisco Jabber data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Cisco Jabber DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Cisco Jabber DataParser**.
2. On the **Cisco Jabber DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Factset Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-factset-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for FactSet data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **FactSet DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **FactSet DataParser**.
2. On the **FactSet DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Fuze Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-fuze-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Fuze data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Fuze DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Fuze DataParser**.
2. On the **Fuze DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Fxconnect Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-fxconnect-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for FX Connect data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **FX Connect DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **FX Connect DataParser**.
2. On the **FX Connect DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Ice Im Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-ice-im-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for ICE Connect Chat data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **ICE DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **ICE DataParser**.
2. On the **ICE DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Investedge Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-investedge-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for InvestEdge data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **InvestEdge DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **InvestEdge DataParser**.
2. On the **InvestEdge DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Liveperson Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-liveperson-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for LivePerson Conversational Cloud data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **LivePerson Conversational Cloud DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **LivePerson Conversational Cloud DataParser**.
2. On the **LivePerson Conversational Cloud DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Quip Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-quip-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Quip data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Quip DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Quip DataParser**.
2. On the **Quip DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Refinitiv Messenger Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-refinitiv-messenger-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Refinitiv Eikon Messenger data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Refinitiv Eikon Messenger DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Refinitiv Eikon Messenger DataParser**.
2. On the **Refinitiv Eikon Messenger DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Servicenow Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-servicenow-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for ServiceNow data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **ServiceNow DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **ServiceNow DataParser**.
2. On the **ServiceNow DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Skype For Business Server Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-skype-for-business-server-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Skype for Business Server data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Skype for Business Server DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Skype for Business Server DataParser**.
2. On the **Skype for Business Server DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Slack Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-slack-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Slack data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Slack DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Slack DataParser**.
2. On the **Slack DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Sql Database Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-sql-database-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for SQL data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **SQL DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **SQL DataParser**.
2. On the **SQL DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Symphony Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-symphony-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Symphony data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Symphony DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Symphony DataParser**.
2. On the **Symphony DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Webex Teams Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-webex-teams-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Cisco Webex data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Cisco Webex DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Cisco Webex DataParser**.
2. On the **Cisco Webex DataParser** product description page, click **Add connector**.
compliance Archive 17A 4 Zoom Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-zoom-data.md
The following overview explains the process of using a data connector to archive
The first step is to access to the Data connectors page in the Microsoft 365 compliance center and create a 17a-4 connector for Zoom data.
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Zoom DataParser**.
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Zoom DataParser**.
2. On the **Zoom DataParser** product description page, click **Add connector**.
compliance Archive Ciscojabberonoracle Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ciscojabberonoracle-data.md
The following overview explains the process of using a connector to archive the
- Create a Merge1 account for Microsoft connectors. To do this, contact [Veritas Customer Support](https://www.veritas.com/content/support/en_US). You need to sign into this account when you create the connector in Step 1. -- The user who creates the Cisco Jabber on Oracle connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
+- The user who creates the Cisco Jabber on Oracle connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
compliance Archive Data From Celltrustsl2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-data-from-celltrustsl2.md
CellTrust's SL2 platform captures communication data from multiple sources. SL2
The first step is to create a data connector in the Microsoft 365 compliance center.
-1. Go to <https://compliance.microsoft.com> and click **Data connectors** on the left navigation pane.
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** on the left navigation pane.
2. On the **Overview** tab, click **Filter** and select **By CellTrust**, and then apply the filter.
compliance Archive Ringcentral Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ringcentral-data.md
The following overview explains the process of using a connector to archive the
- Create a RingCentral application to fetch data from your RingCentral account. For step-by step instructions about creating the application, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20RingCentral%20User%20Guide.pdf). -- The user who creates the RingCentral connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
+- The user who creates the RingCentral connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
compliance Archive Rogers Network Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-rogers-network-archiver-data.md
After you've completed the prerequisites described in the previous section, you
5. After the connector is created, you can close the pop-up window and go to the next page.
-6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then click **Next**.
+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then click **Next**.
-7. Review your settings, and then click **Finish** to create the connector.
+7. Review your settings, and then click **Finish** to create the connector.
-8. Go to the Connectors tab in **Data connectors** page to see the progress of the import process for the new connector.
+8. Go to the Connectors tab in **Data connectors** page to see the progress of the import process for the new connector.
## Known issues
compliance Archive Salesforcechatter Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-salesforcechatter-data.md
description: "Admins can set up a connector to import and archive Salesforce Cha
# Set up a connector to archive Salesforce Chatter data
-Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Salesforce Chatter platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [Salesforce Chatter](http://globanet.com/chatter/) connector that captures items from the third-party data source and imports those items to Microsoft 365. The connector converts the content such as chats, attachments, and posts from Salesforce Chatter to an email message format and then imports those items to the userΓÇÖs mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Salesforce Chatter platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [Salesforce Chatter](http://globanet.com/chatter/) connector that captures items from the third-party data source and imports those items to Microsoft 365. The connector converts the content such as chats, attachments, and posts from Salesforce Chatter to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Salesforce Chatter data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels. Using a Salesforce Chatter connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
- Create a Salesforce application and acquire a token at [https://salesforce.com](https://salesforce.com). You'll need to log into the Salesforce account as an admin and get a user personal token to import data. Also, triggers need to be published on the Chatter site to capture updates, deletes, and edits. These triggers will create a post on a channel, and Merge1 will capture the information from the channel. For step-by-step instructions about how to create the application and acquire the token, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20SalesForce%20Chatter%20User%20Guide%20.pdf). -- The user who creates the Salesforce Chatter connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
+- The user who creates the Salesforce Chatter connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
After you click **Save & Finish,** the **User mapping** page in the connector wi
To map users and complete the connector setup in the Microsoft 365 compliance center, follow these steps:
-1. On the **Map Salesforce Chatter users to Microsoft 365 users** page, enable automatic user mapping. The Salesforce Chatter items include a property called *Email*, which contains email addresses for users in your organization. If the connector can associate this address with a Microsoft 365 user, the items are imported to that userΓÇÖs mailbox.
+1. On the **Map Salesforce Chatter users to Microsoft 365 users** page, enable automatic user mapping. The Salesforce Chatter items include a property called *Email*, which contains email addresses for users in your organization. If the connector can associate this address with a Microsoft 365 user, the items are imported to that user's mailbox.
2. click **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.
compliance Archive Servicenow Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-servicenow-data.md
The following overview explains the process of using a connector to archive the
- Create a ServiceNow application to fetch data from your ServiceNow account. For step-by step instructions about creating the application, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20ServiceNow%20User%20Guide%20.pdf). -- The user who creates the ServiceNow connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
+- The user who creates the ServiceNow connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
compliance Archive Signal Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-signal-archiver-data.md
After Signal Archiver connector data is stored in user mailboxes, you can apply
## Overview of archiving Signal communications data
-The following overview explains the process of using a connector to archive  Signal communication data in Microsoft 365.
+The following overview explains the process of using a connector to archive Signal communication data in Microsoft 365.
![Signal communications archiving workflow.](../media/SignalConnectorWorkflow.png)
The following overview explains the process of using a connector to archive  Si
4. The connector imports the mobile communication items to the mailbox of a specific user. A new folder named Signal Archiver will be created in the specific user's mailbox and the items will be imported to it. The connector does the mapping by using the value of the *User's Email address* property. Every email message contains this property, which is populated with the email address of every participant of the email message.
- In addition to automatic user mapping using the value of the *User's Email address* property, you can also define a custom mapping by uploading a CSV mapping file. This mapping file should contain User's mobile Number and the corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every email item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's mobile number, the connector will use the User ΓÇÿs email address property of the email item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *user's email address* property of the email item, the item won't be imported.
+ In addition to automatic user mapping using the value of the *User's Email address* property, you can also define a custom mapping by uploading a CSV mapping file. This mapping file should contain User's mobile Number and the corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every email item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's mobile number, the connector will use the User's email address property of the email item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *user's email address* property of the email item, the item won't be imported.
## Before you set up a connector
After you've completed the prerequisites described in the previous section, you
5. After the connector is created, you can close the pop-up window and go to the next page.
-6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then click **Next**.
+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then click **Next**.
-7. Review your settings, and then click **Finish** to create the connector.
+7. Review your settings, and then click **Finish** to create the connector.
-8. Go to the Connectors tab in **Data connectors** page to see the progress of the import process for the new connector.
+8. Go to the Connectors tab in **Data connectors** page to see the progress of the import process for the new connector.
## Known issues
compliance Archive Skypeforbusiness Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-skypeforbusiness-data.md
description: "Learn how to set up and use a connector in the Microsoft 365 compl
# Set up a connector to archive Skype for Business data
-Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Skype for Business platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [Skype for Business](https://www.veritas.com/en/au/insights/merge1/skype-for-business) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content such as messages between users, persistent chats, and conference messages from Skype for Business to an email message format and then imports those items to the userΓÇÖs mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Skype for Business platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [Skype for Business](https://www.veritas.com/en/au/insights/merge1/skype-for-business) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content such as messages between users, persistent chats, and conference messages from Skype for Business to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Skype for Business data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels. Using a Skype for Business connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
- Create a Merge1 account for Microsoft connectors. To do this, contact [Veritas Customer Support](https://www.veritas.com/form/requestacall/ms-connectors-contact.html). You need to sign into this account when you create the connector in Step 1. -- The user who creates the Skype for Business connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
+- The user who creates the Skype for Business connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
After you click **Save & Finish**, the **User mapping** page in the connector wi
To map users and complete the connector setup in the Microsoft 365 compliance center, follow these steps:
-1. On the **Map Skype for Business users to Microsoft 365 users** page, enable automatic user mapping. The Skype for Business items include a property called *Email*, which contains email addresses for users in your organization. If the connector can associate this address with a Microsoft 365 user, the items are imported to that userΓÇÖs mailbox.
+1. On the **Map Skype for Business users to Microsoft 365 users** page, enable automatic user mapping. The Skype for Business items include a property called *Email*, which contains email addresses for users in your organization. If the connector can associate this address with a Microsoft 365 user, the items are imported to that user's mailbox.
2. Click **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.
compliance Archive Slack Data Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-slack-data-microsoft.md
The following overview explains the process of using a Microsoft data connector
## Step 1: Create a Slack eDiscovery connector
-1. Go to <https://compliance.microsoft.com> and click **Data connectors** on the left navigation pane.
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** on the left navigation pane.
2. On the **Overview** tab, click **Filter** and select **By Microsoft**, and then apply the filter.
compliance Archive Telegram Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-telegram-archiver-data.md
After Telegram Archiver connector data is stored in user mailboxes, you can appl
## Overview of archiving Telegram communications data
-The following overview explains the process of using a connector to archive  Telegram communications data in Microsoft 365.
+The following overview explains the process of using a connector to archive Telegram communications data in Microsoft 365.
![Telegram communications archiving workflow.](../media/TelegramConnectorWorkflow.png)
The following overview explains the process of using a connector to archive  Te
4. The connector imports the mobile communication items to the mailbox of a specific user. A new folder named Telegram Archiver will be created in the specific user's mailbox and the items will be imported to it. The connector does this mapping by using the value of the *User's Email address* property. Every email message contains this property, which is populated with the email address of every participant of the email message.
-> In addition to automatic user mapping using the value of the *User's Email address* property, you can also define a custom mapping by uploading a CSV mapping file. This mapping file should contain User's mobile Number and the corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every email item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's mobile number, the connector will use the User ΓÇÿs email address property of the email item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *user's email address* property of the email item, the item won't be imported.
+> In addition to automatic user mapping using the value of the *User's Email address* property, you can also define a custom mapping by uploading a CSV mapping file. This mapping file should contain User's mobile Number and the corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every email item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's mobile number, the connector will use the User's email address property of the email item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *user's email address* property of the email item, the item won't be imported.
## Before you set up a connector
After you've completed the prerequisites described in the previous section, you
5. After the connector is created, you can close the pop-up window and go to the next page.
-6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then click **Next**.
+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then click **Next**.
-7. Review your settings, and then click **Finish** to create the connector.
+7. Review your settings, and then click **Finish** to create the connector.
-8. Go to the Connectors tab in **Data connectors** page to see the progress of the import process for the new connector.
+8. Go to the Connectors tab in **Data connectors** page to see the progress of the import process for the new connector.
## Known issues
compliance Archive Veritas Twitter Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-veritas-twitter-data.md
The following overview explains the process of using a connector to archive Twit
- Create a Twitter application at <https://developer.twitter.com> to fetch data from your Twitter account. For step-by step instructions about creating the application, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Twitter%20User%20Guide.pdf). -- The user who creates the YouTube connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
+- The user who creates the YouTube connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
compliance Archive Youtube Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-youtube-data.md
The following overview explains the process of using a connector to archive the
- Create a YouTube application to fetch data from your YouTube account. For step-by step instructions about creating the application, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20YouTube%20User%20Guide.pdf). -- The user who creates the YouTube connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
+- The user who creates the YouTube connector in Step 1 (and completes it in Step 3) must be assigned the Data Connector Admin role. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. This role is added by default to multiple role groups. For a list of these role groups, see the "Roles in the security and compliance centers" section in [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center). Alternatively, an admin in your organization can create a custom role group, assign the Data Connector Admin role, and then add the appropriate users as members. For instructions, see the "Create a custom role group" section in [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md#create-a-custom-role-group).
## Step 1: Set up the YouTube connector
After you click **Save & Finish,** the **User mapping** page in the connector wi
To map users and complete the connector setup in the Microsoft 365 compliance center, follow these steps:
-1. On the **Map YouTube users to Microsoft 365 users** page, enable automatic user mapping. The YouTube items include a property called *Email*, which contains email addresses for users in your organization. If the connector can associate this address with a Microsoft 365 user, the items are imported to that userΓÇÖs mailbox.
+1. On the **Map YouTube users to Microsoft 365 users** page, enable automatic user mapping. The YouTube items include a property called *Email*, which contains email addresses for users in your organization. If the connector can associate this address with a Microsoft 365 user, the items are imported to that user's mailbox.
2. Click **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.
compliance Classifier Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md
These appear in the **Microsoft 365 compliance center** > **Data classification*
Pre-trained classifiers can scan content in these languages:
-ΓÇó Chinese (Simplified)
-ΓÇó English
-ΓÇó French
-ΓÇó German
-ΓÇó Italian
-ΓÇó Japanese
-ΓÇó Portuguese
-ΓÇó Spanish
+- Chinese (Simplified)
+- English
+- French
+- German
+- Italian
+- Japanese
+- Portuguese
+- Spanish
### Custom classifiers
compliance Compliance Easy Trials Compliance Manager Assessment Playbook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessment-playbook.md
description: "Microsoft Compliance Manager premium assessments trial playbook."
Welcome to the Microsoft Compliance Manager premium assessment trial playbook.
-This playbook will help you make the most of your 90-day free trial by teaching you how to use the comprehensive set of premium assessment templates (add-on).ΓÇï
+This playbook will help you make the most of your 90-day free trial by teaching you how to use the comprehensive set of premium assessment templates (add-on).
Using Microsoft recommendations, you'll quickly see how the premium assessment templates can help your organization assess risks and efficiently respond to global, regional and industrial regulatory requirements.
Using Microsoft recommendations, you'll quickly see how the premium assessment t
Our [Compliance Manager overview page](compliance-manager.md) is the best first stop for a comprehensive review of what Compliance Manager is and how it works. You may also want to jump right to key sections of our documentation using the links below:
-1. [Understand your compliance scoreΓÇï](compliance-manager.md#understanding-your-compliance-score)
-1. [Overview of key elements: controls, assessments, templates, and improvement actionsΓÇï](compliance-manager.md#key-elements-controls-assessments-templates-improvement-actions)
-1. [Understand the Compliance Manager dashboardΓÇï](compliance-manager-setup.md#understand-the-compliance-manager-dashboard)
-1. [Filter your dashboard viewΓÇï](compliance-manager-setup.md#filtering-your-dashboard-view)
-1. [Learn about improvement actionsΓÇï](compliance-manager-setup.md#improvement-actions-page)
-1. [Understand assessmentsΓÇï](compliance-manager.md#assessments)
+1. [Understand your compliance score](compliance-manager.md#understanding-your-compliance-score)
+1. [Overview of key elements: controls, assessments, templates, and improvement actions](compliance-manager.md#key-elements-controls-assessments-templates-improvement-actions)
+1. [Understand the Compliance Manager dashboard](compliance-manager-setup.md#understand-the-compliance-manager-dashboard)
+1. [Filter your dashboard view](compliance-manager-setup.md#filtering-your-dashboard-view)
+1. [Learn about improvement actions](compliance-manager-setup.md#improvement-actions-page)
+1. [Understand assessments](compliance-manager.md#assessments)
1. [Do a quick scan of your environment using the Microsoft Compliance Configuration Manager](compliance-manager-mcca.md) ## Step 2: Configure Compliance Manager Start working with assessments and taking improvement actions to implement controls and improve your compliance score.
-1. [Choose a pre-built template to create and manage your first assessmentΓÇï](compliance-manager-assessments.md)
-1. [Understand how to use templates for building assessmentsΓÇï](compliance-manager-templates.md)
-1. [Perform implementation and testing work on improvement actions to complete controls in your assessmentsΓÇï](compliance-manager-improvement-actions.md)
+1. [Choose a pre-built template to create and manage your first assessment](compliance-manager-assessments.md)
+1. [Understand how to use templates for building assessments](compliance-manager-templates.md)
+1. [Perform implementation and testing work on improvement actions to complete controls in your assessments](compliance-manager-improvement-actions.md)
1. [Better understand how different actions impact your compliance score](compliance-score-calculation.md) ## Step 3: Review included assessment templates
After starting the premium assessment trial, you will see a summary on the dashb
## Additional resources
-**Microsoft Docs**: Get detailed information on how Compliance Manager premium assessments work and how to best implement them for your organization. Visit [Docs](compliance-manager-templates.md).ΓÇï
+**Microsoft Docs**: Get detailed information on how Compliance Manager premium assessments work and how to best implement them for your organization. Visit [Docs](compliance-manager-templates.md).
**How to videos**: Check out the following videos to learn more: -- [Create assessments and monitor your progress with Compliance ManagerΓÇï](https://techcommunity.microsoft.com/t5/video-hub/create-assessments-and-monitor-your-progress-with-compliance/ba-p/1687992?search-action-id=375363186777&search-result-uid=1687992)-- [Extend and customize assessments to suit your needs in Compliance ManagerΓÇï](https://techcommunity.microsoft.com/t5/video-hub/extend-and-customize-assessments-to-suit-your-needs-in/ba-p/1687991?search-action-id=375363186777&search-result-uid=1687991)
+- [Create assessments and monitor your progress with Compliance Manager](https://techcommunity.microsoft.com/t5/video-hub/create-assessments-and-monitor-your-progress-with-compliance/ba-p/1687992?search-action-id=375363186777&search-result-uid=1687992)
+- [Extend and customize assessments to suit your needs in Compliance Manager](https://techcommunity.microsoft.com/t5/video-hub/extend-and-customize-assessments-to-suit-your-needs-in/ba-p/1687991?search-action-id=375363186777&search-result-uid=1687991)
**Purchase premium assessments**: Get information on available plans and pricing. [Visit Microsoft 365 admin center - Purchase services](https://admin.microsoft.com/#/catalog/offer-details/compliance-manager-premium-assessment-add-on/46E9BF2A-3C8D-4A69-A7E7-3DA04687636D)
compliance Compliance Easy Trials Compliance Playbook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials-compliance-playbook.md
Communication compliance helps you intelligently identify communication violatio
> Trial best practice: Day 1 [Assign all compliance users to the Communication Compliance role group](communication-compliance-configure.md#step-1-required-enable-permissions-for-communication-compliance).+ ### Step 2: [Enable the audit logΓÇï](communication-compliance-configure.md#step-2-required-enable-the-audit-log) > [!TIP]
Trainable classifiers are tools that recognize various types of content, based o
### More information: Auto-apply retention labels + disposition review
-**Apply labels automatically to retain what you need…**
+**Apply labels automatically to retain what you need...**
Retention labels can be automatically applied to content when it contains: - [Specific types of sensitive information](apply-retention-labels-automatically.md#auto-apply-labels-to-content-with-specific-types-of-sensitive-information) - [Specific keywords or searchable properties that match a query you create](apply-retention-labels-automatically.md#auto-apply-labels-to-content-with-keywords-or-searchable-properties) - [A match for trainable classifiers](apply-retention-labels-automatically.md#auto-apply-labels-to-content-by-using-trainable-classifiers)
-**…then dispose of it safely at the end.**
+**...then dispose of it safely at the end.**
When a disposition review is triggered at the end of the retention period, the reviewers you choose receive an email notification that they have content to review.
compliance Compliance Manager Assessments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-assessments.md
audience: Admin
ms.localizationpriority: medium-+ - M365-security-compliance - m365solution-compliancemanager - m365initiative-compliance
+search.appverid:
- MOE150 - MET150 description: "Build assessments in Microsoft Compliance Manager to help you meet the requirements of regulations and certifications that are important to your organization."
description: "Build assessments in Microsoft Compliance Manager to help you meet
## Introduction to assessments
-Compliance Manager helps you create assessments that evaluate your compliance with industry and regional regulations that apply to your organization. Assessments are built upon the framework of assessment templates, which contain the necessary controls, improvement actions, and, where applicable, Microsoft actions for completing the assessment. Setting up the most relevant assessments for your organization can help you implement policies and operational procedures to limit your compliance risk.
+Compliance Manager helps you create assessments that evaluate your compliance with industry and regional regulations that apply to your organization. Assessments are built upon the framework of assessment templates, which contain the necessary controls, improvement actions, and, where applicable, Microsoft actions for completing the assessment. Setting up the most relevant assessments for your organization can help you implement policies and operational procedures to limit your compliance risk.
All of your assessments are listed on the assessments tab of Compliance Manager. Learn more about [how to filter your view of your assessments and interpret status states](compliance-manager-setup.md#assessments-page).
All of your assessments are listed on the assessments tab of Compliance Manager.
To get you started, Microsoft provides a **default** assessment in Compliance Manager for the **Microsoft 365 data protection baseline**. This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance. This baseline draws elements primarily from NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) and ISO (International Organization for Standardization), as well as from FedRAMP (Federal Risk and Authorization Management Program) and GDPR (General Data Protection Regulation of the European Union).
-This assessment is used to calculate your initial compliance score the first time you come to Compliance Manager, before you configure any other assessments. Compliance Manager collects initial signals from your Microsoft 365 solutions. YouΓÇÖll see at a glance how your organization is performing relative to key data protection standards and regulations, and see suggested improvement actions to take.
+This assessment is used to calculate your initial compliance score the first time you come to Compliance Manager, before you configure any other assessments. Compliance Manager collects initial signals from your Microsoft 365 solutions. You'll see at a glance how your organization is performing relative to key data protection standards and regulations, and see suggested improvement actions to take.
Compliance Manager becomes more helpful as you build and manage your own assessments to meet your organization's particular needs. ## Understand groups before creating assessments
-When you create an assessment, youΓÇÖll need to assign it to a group. Groups are containers that allow you to organize assessments in a way that is logical to you, such as by year or regulation, or based on your organization's divisions or geographies. This is why we recommend planning a grouping strategy before you create assessments.
+When you create an assessment, you'll need to assign it to a group. Groups are containers that allow you to organize assessments in a way that is logical to you, such as by year or regulation, or based on your organization's divisions or geographies. This is why we recommend planning a grouping strategy before you create assessments.
Below are examples of two groups and their underlying assessments:
You can create a group while creating a new assessment. Groups can't be created
## Understand templates before creating assessments
-Assessment templates contain the controls and action recommendations for assessments, based on certifications for different privacy regulations and standards. Your organizationΓÇÖs available templates may include one or more templates that were included as part of your licensing agreement, along with any additional premium templates that you have purchased.
+Assessment templates contain the controls and action recommendations for assessments, based on certifications for different privacy regulations and standards. Your organization's available templates may include one or more templates that were included as part of your licensing agreement, along with any additional premium templates that you have purchased.
Each template, whether included or premium, exists in two versions: one for use with Microsoft 365 (or other Microsoft products as available), and a universal version that can be tailored to assess other products that you use. You can choose the appropriate template type for the product you want to assess.
To create an assessment, you'll use a guided process to select a template and de
#### Create assessments based on recommendations for your org type
-Compliance Manager can indicate which assessments may be most relevant to your organization. When you provide basic information about your organization's industry and locations, we'll recommend which templates to use from our library of over 300 templates. Simply choose among the recommended templates for quick setup of multiple assessments all at once.
+Compliance Manager can indicate which assessments may be most relevant to your organization. When you provide basic information about your organization's industry and locations, we'll recommend which templates to use from our library of over 300 templates. Simply choose among the recommended templates for quick setup of multiple assessments all at once.
To create one or more assessments based on our recommendations, select **Add Recommended Assessments** from your **Assessments** page and follow these steps:
- - Select one or more industries that identify your organization, then select **Next**
- - Select one or more regions for your organization's location, then select **Next**
- - On the **Choose assessment** screen, select the dropdown arrow next to **Recommended templates** to see the list of assessments we think apply to your organization. Check the boxes next to the templates you want to use for creating assessments, then select **Next**.
- - Review your final selections and select **Add Recommended Assessments** to create your new assessments.
+
+- Select one or more industries that identify your organization, then select **Next**
+- Select one or more regions for your organization's location, then select **Next**
+- On the **Choose assessment** screen, select the dropdown arrow next to **Recommended templates** to see the list of assessments we think apply to your organization. Check the boxes next to the templates you want to use for creating assessments, then select **Next**.
+- Review your final selections and select **Add Recommended Assessments** to create your new assessments.
#### Create an assessment using a guided process
To create one or more assessments based on our recommendations, select **Add Rec
4. **Product, name, and group:** Set these properties to identify your assessment, choose which product it will be evaluating, and assign it to a group.
- - **Product**: Select the product you want your assessment to apply to. If you are using a Microsoft template, such as one designed for Microsoft 365, this field will be populated for you to indicate the appropriate product and cannot be changed. If youΓÇÖre using a universal template, select whether youΓÇÖre creating this assessment for a new product or a custom product you have already defined in Compliance Manager. If you choose a new product, enter its name. Note that you cannot select a pre-defined Microsoft product when using a universal template.
- - **Assessment name**: Enter a name for your assessment in the **Assessment name** field. Assessment names must be unique within groups. If the name of your assessment matches the name of another assessment in any given group, youΓÇÖll receive an error asking you to create a different name.
+ - **Product**: Select the product you want your assessment to apply to. If you are using a Microsoft template, such as one designed for Microsoft 365, this field will be populated for you to indicate the appropriate product and cannot be changed. If you're using a universal template, select whether you're creating this assessment for a new product or a custom product you have already defined in Compliance Manager. If you choose a new product, enter its name. Note that you cannot select a pre-defined Microsoft product when using a universal template.
+ - **Assessment name**: Enter a name for your assessment in the **Assessment name** field. Assessment names must be unique within groups. If the name of your assessment matches the name of another assessment in any given group, you'll receive an error asking you to create a different name.
- **Group**: Assign your assessment to a group. You can either:
- - Select **Use existing group** to assign it to a group youΓÇÖve already created; or
+ - Select **Use existing group** to assign it to a group you've already created; or
- Select **Create new group** to create a new group and assign this assessment to it: - Determine a name for your group and enter it in the field beneath the radio button. - You can **copy data from an existing group**, such as implementation and testing details and documents, by selecting the appropriate boxes.
The controls tab displays detailed information for each control mapped to the as
Beneath the chart, a table lists detailed information about each control within the assessment. Controls are grouped by control family. Expand each family name to reveal the individual controls it contains. The information listed for each control includes: - **Control title**-- **Status**: reflects the test status of the improvement actions within the control
- - **Passed** - all improvement actions have a test status of ΓÇ£passed,ΓÇ¥ or at least one is passed and the rest are ΓÇ£out of scopeΓÇ¥
- - **Failed** - at least one improvement action has a test status of ΓÇ£failedΓÇ¥
- - **None** - all improvement actions have not been tested
- - **Out of scope** - all improvement actions are out of scope for this assessment
- - **In progress** - improvement actions have a status other than the ones listed above, which could include ΓÇ£in progress,ΓÇ¥ ΓÇ£partial credit,ΓÇ¥ or ΓÇ£undetectedΓÇ¥
-- **Control ID**: the controlΓÇÖs identification number, assigned by its corresponding regulation, standard, or policy-- **Points achieved**: the number of points earned by completing actions, out of the total number of achievable points
+- **Status**: reflects the test status of the improvement actions within the control
+ - **Passed** - all improvement actions have a test status of "passed," or at least one is passed and the rest are "out of scope"
+ - **Failed** - at least one improvement action has a test status of "failed"
+ - **None** - all improvement actions have not been tested
+ - **Out of scope** - all improvement actions are out of scope for this assessment
+ - **In progress** - improvement actions have a status other than the ones listed above, which could include "in progress," "partial credit," or "undetected"
+- **Control ID**: the control's identification number, assigned by its corresponding regulation, standard, or policy
+- **Points achieved**: the number of points earned by completing actions, out of the total number of achievable points
- **Your actions**: the number of your actions completed out of the total number of actions to be done - **Microsoft actions**: the number of actions completed by Microsoft
-To view a controlΓÇÖs details, select it from its row in the table. The control details page shows a graph indicating the test status of the actions within that control. A table below the graph shows key improvement actions for that control.
+To view a control's details, select it from its row in the table. The control details page shows a graph indicating the test status of the actions within that control. A table below the graph shows key improvement actions for that control.
-Select an improvement action from the list to drill into the improvement actionΓÇÖs details page. The details page shows test status and implementation notes, and launch into the recommended solution.
+Select an improvement action from the list to drill into the improvement action's details page. The details page shows test status and implementation notes, and launch into the recommended solution.
### Your improvement actions tab
Select an improvement action to view its details page, and select the **Launch n
### Microsoft actions tab
-The Microsoft actions tab appears for assessments based on templates that support Microsoft products. It lists all the actions in the assessment that are managed by Microsoft. The list shows key action details, including: test status, points that contribute to your overall compliance score, associated regulations and standards, applicable solution, action type, and control family. Select an improvement action to view its details page.
+The Microsoft actions tab appears for assessments based on templates that support Microsoft products. It lists all the actions in the assessment that are managed by Microsoft. The list shows key action details, including: test status, points that contribute to your overall compliance score, associated regulations and standards, applicable solution, action type, and control family. Select an improvement action to view its details page.
Learn more about [how controls and improvement actions are tracked and scored.](compliance-score-calculation.md) ## Accept updates to assessments
-When an update is available for an assessment, youΓÇÖll see a notification and have the option to accept the update or defer it for a later time.
+When an update is available for an assessment, you'll see a notification and have the option to accept the update or defer it for a later time.
Updates are available for assessments based on Microsoft templates, such as those designed for use with Microsoft 365. If your organization is using universal templates for assessing other products, inheritance may not be supported. For more information, see [Extend assessment templates](compliance-manager-templates-extend.md).
If Microsoft updates a Compliance Manager template that you extended, your asses
Custom assessments that you create do not receive any template updates from Microsoft. Custom assessments can receive improvement action updates, but any Microsoft updates to control mapping between assessments and improvement actions don't apply to custom templates. > [!NOTE]
-> Updates to assessments apply only at the group level. If you have two assessments built from the same template that exist in two different groups, each assessment will have a pending update notification, and youΓÇÖll need to accept the update to each assessment in its respective group individually.
+> Updates to assessments apply only at the group level. If you have two assessments built from the same template that exist in two different groups, each assessment will have a pending update notification, and you'll need to accept the update to each assessment in its respective group individually.
-#### Where youΓÇÖll see assessment update notifications
+#### Where you'll see assessment update notifications
The assessment details page also shows a **Pending update** label next to the assessment with an update. Select that assessment to get to its details page.
Selecting the **Updated template** link will download an Excel file containing c
To accept the update and make the changes to your assessment, select **Accept update**. Accepted changes are permanent.
-If you select **Cancel**, the update won't be applied to the assessment. However, youΓÇÖll continue to see the **Pending update** notification until you accept the update.
+If you select **Cancel**, the update won't be applied to the assessment. However, you'll continue to see the **Pending update** notification until you accept the update.
**Why we recommend accepting updates**
Accepting updates helps ensure you have the most updated guidance on using solut
**Why you might want to defer an update**
-If youΓÇÖre in the middle of completing an assessment, you may want to ensure youΓÇÖve finished work on it before you accept an update to the assessment that could disrupt control mapping. You can defer the update for a later time by selecting **Cancel** on the review update flyout pane.
+If you're in the middle of completing an assessment, you may want to ensure you've finished work on it before you accept an update to the assessment that could disrupt control mapping. You can defer the update for a later time by selecting **Cancel** on the review update flyout pane.
## Export an assessment report
Deleting an assessment removes it from the list on your assessments page. Note t
To delete an assessment, follow the steps below:
-1. From your **assessments** page, select the assessment you wish to delete to open that assessmentΓÇÖs details page.
+1. From your **assessments** page, select the assessment you wish to delete to open that assessment's details page.
2. Select **Delete assessment** in the upper-right corner of your screen.
-3. A window will appear asking you to confirm that you want to permanently delete the assessment. Select **Delete assessment** to close the window. YouΓÇÖll get a confirmation window that your assessment was deleted from Compliance Manager.
+3. A window will appear asking you to confirm that you want to permanently delete the assessment. Select **Delete assessment** to close the window. You'll get a confirmation window that your assessment was deleted from Compliance Manager.
> [!NOTE] > You can't delete all of your assessments. Organizations need at least one assessment for Compliance Manager to function properly. If the assessment you want to delete is the only one, add another assessment before deleting the other assessment.
compliance Compliance Manager Templates List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-list.md
The templates listed below may be purchased by your organization.
- [Australian Information Security Registered Assessor Program (IRAP) Version 3](/compliance/regulatory/offering-ccsl-irap-australia) - [Australian Prudential Regulation Authority CPS](/compliance/regulatory/offering-apra-australia) - Victorian Protective Data Security Standards V2.0 (VPDSS 2.0) -- Information Management Standard for Australian Government - National Archives of Australia (NAA)
+- Information Management Standard for Australian Government - National Archives of Australia (NAA)
- China - Personal Information Security Specification - Cybersecurity Law of the People's Republic of China - Hong Kong - Personal Data (Privacy) Ordinance
compliance Compliance Manager Templates Modify https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-modify.md
description: "Understand how to modify assessment templates in Microsoft Complia
# Modify assessment templates in Microsoft Compliance Manager
-When working with assessments in Compliance Manager, you may want to modify an assessment template that youΓÇÖve created. The process is similar to the [template creation](compliance-manager-templates-create.md) process in that youΓÇÖll upload a formatted Excel file with your template data.
+When working with assessments in Compliance Manager, you may want to modify an assessment template that you've created. The process is similar to the [template creation](compliance-manager-templates-create.md) process in that you'll upload a formatted Excel file with your template data.
-However, there are details to be aware of as you format your file with changes to existing template data. **We recommend you review these instructions carefully to ensure you donΓÇÖt overwrite any existing data that you want to retain.**
+However, there are details to be aware of as you format your file with changes to existing template data. **We recommend you review these instructions carefully to ensure you don't overwrite any existing data that you want to retain.**
To learn more about the format of this spreadsheet, see [Format your template data with Excel](compliance-manager-templates-format-excel.md). ## Format your Excel file to modify an existing template
-From your **assessment templates** page, select the template you want to modify, which will bring up its details page. Then select **Export to Excel**. An Excel file with all your template data will download. Save the file to your local machine.
+From your **assessment templates** page, select the template you want to modify, which will bring up its details page. Then select **Export to Excel**. An Excel file with all your template data will download. Save the file to your local machine.
To work with this file, jump to a section below to quickly find the instructions you need: - [Edit the main template attributes](#edit-the-main-template-attributes) - [Add an improvement action](#add-an-improvement-action)-- [Edit an improvement actionΓÇÖs information](#edit-an-improvement-actions-information)-- [Change an improvement actionΓÇÖs name](#change-an-improvement-actions-name)
+- [Edit an improvement action's information](#edit-an-improvement-actions-information)
+- [Change an improvement action's name](#change-an-improvement-actions-name)
- [Remove an improvement action](#remove-an-improvement-action) - [Remove a control](#remove-a-control)
You can change any improvement action's information *except for its title*. You
You cannot edit the **actionTitle** (column A) because if you do, Compliance Manager considers this to be a new improvement action. If you want to change an improvement action's name, see the instructions immediately below.
-### Change an improvement actionΓÇÖs name
+### Change an improvement action's name
If you want to change the name of an improvement action, you have to explicitly designate in the spreadsheet that you are replacing an existing name with a new name. Follow these steps:
When you import your spreadsheet back into the template, your control will be re
After your Excel file is completed and saved, follow these steps.
-1. Open the assessment template page again and select your template. At your templateΓÇÖs details page, select **Modify template** to initiate the modification wizard.
+1. Open the assessment template page again and select your template. At your template's details page, select **Modify template** to initiate the modification wizard.
2. At the **Upload file** screen, select **Browse** to find and upload your Excel file. 3. If there are no problems with your file, the next screen shows the name of the file uploaded. Select **Next** to continue (if you need to change the file, select **Upload a different file**).
- - If thereΓÇÖs a problem with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix your file and upload it again. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields.
+ - If there's a problem with your file, an error message at the top explains what's wrong. You'll need to fix your file and upload it again. Errors will result if your spreadsheet is formatted improperly, or if there's invalid information in certain fields.
4. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Next**. 5. The last screen confirms that the template has been modified. Select **Done** to exit the wizard.
-Your template will now include the changes you made. Any assessments that use this modified template will now show pending updates, and youΓÇÖll need to accept the updates to the assessments to reflect the changes made in the template. Learn more about [updates to assessments](compliance-manager-assessments.md#accept-updates-to-assessments).
+Your template will now include the changes you made. Any assessments that use this modified template will now show pending updates, and you'll need to accept the updates to the assessments to reflect the changes made in the template. Learn more about [updates to assessments](compliance-manager-assessments.md#accept-updates-to-assessments).
> [!NOTE]
-> If you use Compliance Manager in a language other than English, youΓÇÖll notice that some text appears in English when you export a template to Excel. The titles of actions (both your improvement actions and, where applicable, Microsoft actions) must be in English to be recognized by controls. If you make changes to an action title, be sure to write it in English so that the file imports correctly.
+> If you use Compliance Manager in a language other than English, you'll notice that some text appears in English when you export a template to Excel. The titles of actions (both your improvement actions and, where applicable, Microsoft actions) must be in English to be recognized by controls. If you make changes to an action title, be sure to write it in English so that the file imports correctly.
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
A template is a framework of controls for creating an assessment in Compliance M
We refer to templates by the same name as their underlying certification or regulation, such as the EU GDPR template and the ISO/IEC 27701:2019 template.
-Compliance Manger can be used to assess different types of products. All templates apart from the baseline come in at least one version that applies to a pre-defined product, such as Microsoft 365, and a universal version that can be tailored to suit other products. Assessments from universal templates are more generalized but offer expanded versatility, since they can help you easily track your organization's compliance across multiple products.
+Compliance Manger can be used to assess different types of products. All templates apart from the baseline come in at least one version that applies to a pre-defined product, such as Microsoft 365, and a universal version that can be tailored to suit other products. Assessments from universal templates are more generalized but offer expanded versatility, since they can help you easily track your organization's compliance across multiple products.
Note that US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers cannot currently use universal templates.
If your organization is under a GCC or DOD license, choose the appropriate trial
Templates will display an activation status as either active or inactive: - A template is considered **active** once you create an assessment from that template.-- A template is considered **inactive** if your organization isnΓÇÖt using it for an assessment.
+- A template is considered **inactive** if your organization isn't using it for an assessment.
If you link any assessments to a purchased premium template, that template will be active for one year. Your purchase will automatically renew unless you cancel.
To create your own new template for custom assessments in Compliance Manager, yo
## Modify an assessment template
-When working with assessments in Compliance Manager, you may want to modify an assessment template that youΓÇÖve created. The process is similar to the template creation process in that youΓÇÖll upload a formatted Excel file with your template data. To learn more about how to make changes and how to preserve data you still want to maintain, see [Modify an assessment template](compliance-manager-templates-modify.md).
+When working with assessments in Compliance Manager, you may want to modify an assessment template that you've created. The process is similar to the template creation process in that you'll upload a formatted Excel file with your template data. To learn more about how to make changes and how to preserve data you still want to maintain, see [Modify an assessment template](compliance-manager-templates-modify.md).
## Extend an assessment template
-Compliance Manager offers the option to add your own controls and improvement actions to an existing template. This process is called extending a template. To extend a template, you will use special instructions for adding to template data, depending on whether youΓÇÖre extending Microsoft assessment templates or universal assessment templates. To learn more, see [Extend an assessment template](compliance-manager-templates-extend.md).
+Compliance Manager offers the option to add your own controls and improvement actions to an existing template. This process is called extending a template. To extend a template, you will use special instructions for adding to template data, depending on whether you're extending Microsoft assessment templates or universal assessment templates. To learn more, see [Extend an assessment template](compliance-manager-templates-extend.md).
## Format assessment template data in Excel
When creating, modifying, or extending assessment templates in Compliance Manage
## Export a template
-You can export an Excel file that contains all of a templateΓÇÖs data. YouΓÇÖll need to export a template in order to modify it, since this will be the Excel file you edit and upload in the [modification process](compliance-manager-templates-modify.md). You can also export a template for reference if you want to use data from it while constructing a new custom template.
+You can export an Excel file that contains all of a template's data. You'll need to export a template in order to modify it, since this will be the Excel file you edit and upload in the [modification process](compliance-manager-templates-modify.md). You can also export a template for reference if you want to use data from it while constructing a new custom template.
To export your template, go to your template details page and select the **Export to Excel** button.
-Note that when exporting a template you extended from a Compliance Manager template, the exported file will only contain the attributes you added to the template. The exported file wonΓÇÖt include the original template data provided by Microsoft. To get such a report, see the instructions for [exporting an assessment report](compliance-manager-assessments.md#export-an-assessment-report).
+Note that when exporting a template you extended from a Compliance Manager template, the exported file will only contain the attributes you added to the template. The exported file won't include the original template data provided by Microsoft. To get such a report, see the instructions for [exporting an assessment report](compliance-manager-assessments.md#export-an-assessment-report).
compliance Create A Custom Sensitive Information Type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type.md
audience: Admin Previously updated : Last updated : ms.localizationpriority: medium-+ - M365-security-compliance
+search.appverid:
- MOE150 - MET150 description: "Learn how to create, modify, remove, and test custom sensitive information types in the Compliance Center."
There are two ways to create a new sensitive information type:
## Before you begin - You should be familiar with sensitive information types and what they are composed of. See, [Learn about sensitive information types](sensitive-information-type-learn-about.md). It is critical to understand the roles of:
- - [regular expressions](https://www.boost.org/doc/libs/1_68_0/libs/regex/doc/html/) - Microsoft 365 sensitive information types uses the Boost.RegEx 5.1.3 engine
- - keyword lists - you can create your own as you define your sensitive information type or choose from existing keyword lists
- - [keyword dictionary](create-a-keyword-dictionary.md)
- - [Sensitive information type functions](sit-functions.md)
- - [confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels)
-
-- You must have Global admin or Compliance admin permissions to create, test, and deploy a custom sensitive information type through the UI. See [About admin roles](/office365/admin/add-users/about-admin-roles) in Office 365.
+ - [regular expressions](https://www.boost.org/doc/libs/1_68_0/libs/regex/doc/html/) - Microsoft 365 sensitive information types uses the Boost.RegEx 5.1.3 engine
+ - keyword lists - you can create your own as you define your sensitive information type or choose from existing keyword lists
+ - [keyword dictionary](create-a-keyword-dictionary.md)
+ - [Sensitive information type functions](sit-functions.md)
+ - [confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels)
-- Your organization must have a subscription, such as Office 365 Enterprise, that includes Data Loss Prevention (DLP). See [Messaging Policy and Compliance ServiceDescription](/office365/servicedescriptions/exchange-online-protection-service-description/messaging-policy-and-compliance-servicedesc).
+- You must have Global admin or Compliance admin permissions to create, test, and deploy a custom sensitive information type through the UI. See [About admin roles](/office365/admin/add-users/about-admin-roles) in Office 365.
+- Your organization must have a subscription, such as Office 365 Enterprise, that includes Data Loss Prevention (DLP). See [Messaging Policy and Compliance ServiceDescription](/office365/servicedescriptions/exchange-online-protection-service-description/messaging-policy-and-compliance-servicedesc).
> [!IMPORTANT] > Microsoft Customer Service & Support can't assist with creating custom classifications or regular expression patterns. Support engineers can provide limited support for the feature, such as, providing sample regular expression patterns for testing purposes, or assisting with troubleshooting an existing regular expression pattern that's not triggering as expected, but can't provide assurances that any custom content-matching development will fulfill your requirements or obligations. ## Create a custom sensitive information type
-Use this procedure to create a new sensitive information type that you fully define.
+Use this procedure to create a new sensitive information type that you fully define.
1. In the Compliance Center, go to **Data classification** \> **Sensitive info types** and choose **Create sensitive info type**.
Use this procedure to create a new sensitive information type that you fully def
6. Fill in a value for **Character proximity**.
-7. (Optional) Add supporting elements if you have any. Supporting elements can be a regular expression with an optional validator, a keyword list, a keyword dictionary or one of the pre-defined functions. Supporting elements can have their own **Character proximity** configuration.
+7. (Optional) Add supporting elements if you have any. Supporting elements can be a regular expression with an optional validator, a keyword list, a keyword dictionary or one of the pre-defined functions. Supporting elements can have their own **Character proximity** configuration.
8. (Optional) Add any [**additional checks**](sit-regex-validators-additional-checks.md#sensitive-information-type-additional-checks) from the list of available checks.
Use this procedure to create a new sensitive information type that you fully def
### Copy and modify a sensitive information type
-Use this procedure to create a new sensitive information type that is based on an existing sensitive information type.
+Use this procedure to create a new sensitive information type that is based on an existing sensitive information type.
> [!NOTE] > These SITs can't be copied:
+>
> - Canada driver's license number > - EU driver's license number > - EU national identification number
Use this procedure to create a new sensitive information type that is based on a
> - U.S. driver's license number You can also create custom sensitive information types by using PowerShell and Exact Data Match capabilities. To learn more about those methods, see:+ - [Create a custom sensitive information type in Security & Compliance Center PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md) - [Learn about exact data match based sensitive information types](sit-learn-about-exact-data-match-based-sits.md#learn-about-exact-data-match-based-sensitive-information-types)
You can also create custom sensitive information types by using PowerShell and E
2. In the flyout, choose **Copy**.
-3. Choose **Refresh** in the list of sensitive information types and either browse or search for the copy you just made. Partial sting searches work, so you could just search for `copy` and search would return all the sensitive information types with the word `copy` in the name.
+3. Choose **Refresh** in the list of sensitive information types and either browse or search for the copy you just made. Partial sting searches work, so you could just search for `copy` and search would return all the sensitive information types with the word `copy` in the name.
4. Fill in values for **Name** and **Description** and choose **Next**.
-5. Choose your sensitive information type copy and choose **Edit**.
+5. Choose your sensitive information type copy and choose **Edit**.
6. Give your new sensitive information type a new **Name** and **Description**.
You can test any sensitive information type in the list. We suggest that you tes
To ensure high performance and lower latency, there are limitations in custom SITs configurations. |Limit|Value|
-|--|--|
+|||
|maximum number of custom SITs created through the Compliance center| 500 | |maximum length of regular expression| 1024 characters| |maximum length for a given term in a keyword list| 50 characters|
To ensure high performance and lower latency, there are limitations in custom SI
|maximum size of a keyword dictionary (post compression)| 1MB (~1,000,000 characters)| |maximum number of keyword dictionary based SITs in a tenant|50 |
-> [!NOTE]
+> [!NOTE]
> If you have a business need to create more than 500 custom SITs, please raise a support ticket. ### Instance count supported values for SIT
The SIT instance count limit applies when SITs are used in these solutions:
For a scanned item to satisfy rule criteria, the number of unique instances of a SIT in any single item must fall between the min and max values. This is called the **Instance count**. - **Min** field: the lower limit (minimum number) of unique instances of a SIT that must be found in an item to trigger a match. The min field supports values of:
- - 1 to 500
+ - 1 to 500
- **Max** field: the upper limit on the number of unique instances of a SIT that can be found in an item and still trigger a match. The max field supports values of:
- - 1 to 500 - Use this when you want to set a specific upper limit that is 500 or less on the number of instances of a SIT in an item.
- - Any - Use `Any` when you want the unique instance count criteria to be satisfied when an undefined number of unique instances of a SIT are found in a scanned item and that number of unique instances meets or exceeds the minimum number of unique instances value. In other words, the unique instance count criteria are met as long as the min value is met.
+ - 1 to 500 - Use this when you want to set a specific upper limit that is 500 or less on the number of instances of a SIT in an item.
+ - Any - Use `Any` when you want the unique instance count criteria to be satisfied when an undefined number of unique instances of a SIT are found in a scanned item and that number of unique instances meets or exceeds the minimum number of unique instances value. In other words, the unique instance count criteria are met as long as the min value is met.
For example, if you want the rule to trigger a match when at least 500 unique instances of a SIT are found in a single item, set the **min** value to `500` and the **max** value to `Any`. > [!NOTE] > Microsoft 365 Information Protection supports double byte character set languages for:
+>
> - Chinese (simplified) > - Chinese (traditional) > - Korean > - Japanese >
->This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
+> This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
> [!TIP]
-> To detect patterns containing Chinese/Japanese characters and single byte characters or to detect patterns containing Chinese/Japanese and English, define two variants of the keyword or regex.
+> To detect patterns containing Chinese/Japanese characters and single byte characters or to detect patterns containing Chinese/Japanese and English, define two variants of the keyword or regex.
+>
> - For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020". >
-> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), it is recommended to create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.
-> - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the it you should create two keyword lists.
-> 1. Highly confidential
-> 2. 機密性が高い, 机密的document and 机密的 document
+> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), it is recommended to create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.
+>
+> - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the it you should create two keyword lists.
+> 1. Highly confidential
+> 2. 機密性が高い, 机密的document and 机密的 document
> > While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters like one would escape a hyphen or period in a regex. Here is a sample regex for reference:
-> - (?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4})
+>
+> `(?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4})`
> > Double-byte special characters should not be used in the keyword.
->
+>
> We recommend using a string match instead of a word match in a keyword list.
compliance Create A Dlp Policy From A Template https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-dlp-policy-from-a-template.md
Here are the different statuses and what they mean.
|Status|Explanation| |||
-|**Turning on…**|The policy is being deployed to the content sources that it includes. The policy is not yet enforced on all sources.|
+|**Turning on...**|The policy is being deployed to the content sources that it includes. The policy is not yet enforced on all sources.|
|**Testing, with notifications**|The policy is in test mode. The actions in a rule are not applied, but policy matches are collected and can be viewed by using the DLP reports. Notifications about policy matches are sent to the specified recipients.| |**Testing, without notifications**|The policy is in test mode. The actions in a rule are not applied, but policy matches are collected and can be viewed by using the DLP reports. Notifications about policy matches are not sent to the specified recipients.| |**On**|The policy is active and enforced. The policy was successfully deployed to all its content sources.|
compliance Create A Keyword Dictionary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-keyword-dictionary.md
Paste the identity into your custom sensitive information type's XML and upload
> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), it is recommended to create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only. > > - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the it you should create two keyword lists.
-> 1. Highly confidential
-> 2. 機密性が高い, 机密的document and 机密的 document
+> 1. Highly confidential
+> 2. 機密性が高い, 机密的document and 机密的 document
> > While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters like one would escape a hyphen or period in a regex. Here is a sample regex for reference: >
-> - `(?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4}`
+> - `(?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4}`
> > We recommend using a string match instead of a word match in a keyword list.
compliance Create Info Mgmt Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-info-mgmt-policies.md
Adding an information management policy to a content type makes it easy to assoc
3. The **Start a workflow** option is available only if you are defining a policy for a list, library, or content type that already has a workflow associated with it. You will then be given a choice of workflows to choose from.
- 4. In the **Recurrence** section, select **Repeat this stage's action…**, and then enter how often you want the action to reoccur.
+ 4. In the **Recurrence** section, select **Repeat this stage's action...**, and then enter how often you want the action to reoccur.
> [!NOTE] > This option is only available if the action you selected can be repeated. For example, you cannot set recurrence for the action **Permanently Delete**.
You need at least the Manage Lists permission to change the information manageme
5. On the Edit Policy page, under **Library Based Retention Schedule**, enter a brief description for the policy you are creating.
-6. Choose **Add a retention stage…**
+6. Choose **Add a retention stage...**
Note that under Records, you can choose to define different retention policies for records by selecting the Define different retention stages for records option.
You need at least the Manage Lists permission to change the information manageme
8. The **Start a workflow** option is available only if you are defining a policy for a list, library, or content type that already has a workflow associated with it. You will then be given a choice of workflows to choose from.
-9. Under **Recurrence**, choose **Repeat this stage's action…** and enter how often you want the action to reoccur.
+9. Under **Recurrence**, choose **Repeat this stage's action...** and enter how often you want the action to reoccur.
> [!NOTE] > This option is only available if the action you selected can be repeated. For example, you cannot set recurrence for the action **Permanently Delete**.
compliance Customer Key Availability Key Roll https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-availability-key-roll.md
search.appverid:
- MET150 - M365-security-compliance
-description: "Learn how to roll the customer root keys stored in Azure Key Vault that are used with the Customer Key. Services include Exchange Online, Skype for Business, SharePoint Online, OneDrive for Business, and Teams files."
+description: "Learn how to roll the customer root keys stored in Azure Key Vault that are used with the Customer Key. Services include Exchange Online, Skype for Business, SharePoint Online, OneDrive for Business, and Teams files."
# Roll or rotate a Customer Key or an availability key
description: "Learn how to roll the customer root keys stored in Azure Key Vault
Microsoft does not expose direct control of the availability key to customers. For example, you can only roll (rotate) the keys that you own in Azure Key Vault. Microsoft 365 rolls the availability keys on an internally-defined schedule. There is no customer-facing, service-level agreement (SLA) for these key rolls. Microsoft 365 rotates the availability key using Microsoft 365 service code in an automated, non-manual process. Microsoft administrators may initiate the roll process. The key is rolled using automated mechanisms without direct access to the key store. Access to the availability key secret store is not provisioned to Microsoft administrators. Availability key rolling leverages the same mechanism used to initially generate the key. For more information about the availability key, see [Understand the availability key](customer-key-availability-key-understand.md). > [!IMPORTANT]
-> Exchange Online and Skype for Business availability keys can be effectively rolled by customers creating a new DEP, since a unique availability key is generated for each DEP you create. Availability keys for SharePoint Online, OneDrive for Business, and Teams files exist at the forest level and are shared across DEPs and customers, which means rolling only occurs at a Microsoft internally defined schedule. To mitigate the risk of not rolling the availability key each time a new DEP is created, SharePoint, OneDrive, and Teams roll the tenant intermediate key (TIK), the key wrapped by the customer root keys and availability key, each time a new DEP is created.
+> Exchange Online and Skype for Business availability keys can be effectively rolled by customers creating a new DEP, since a unique availability key is generated for each DEP you create. Availability keys for SharePoint Online, OneDrive for Business, and Teams files exist at the forest level and are shared across DEPs and customers, which means rolling only occurs at a Microsoft internally defined schedule. To mitigate the risk of not rolling the availability key each time a new DEP is created, SharePoint, OneDrive, and Teams roll the tenant intermediate key (TIK), the key wrapped by the customer root keys and availability key, each time a new DEP is created.
## Request a new version of each existing root key you want to roll
To instruct Customer Key to use the new key to encrypt mailboxes, run the Set-Da
2. To check the value for the DataEncryptionPolicyID property for the mailbox, use the steps in [Determine the DEP assigned to a mailbox](customer-key-manage.md#determine-the-dep-assigned-to-a-mailbox). The value for this property changes once the service applies the updated key.
-## Update the keys for SharePoint Online, OneDrive for Business, and Teams files
+## Update the keys for SharePoint Online, OneDrive for Business, and Teams files
SharePoint Online only allows you to roll one key at a time. If you want to roll both keys in a key vault, wait for the first operation to complete. Microsoft recommends that you stagger your operations to avoid this issue. When you roll either of the Azure Key Vault keys associated with a DEP used with SharePoint Online and OneDrive for Business, you must update the DEP to point to the new key. This does not rotate the availability key.
SharePoint Online only allows you to roll one key at a time. If you want to roll
## Related articles -- [Service encryption with Customer Key for Office 365](customer-key-overview.md)
+- [Service encryption with Customer Key for Office 365](customer-key-overview.md)
-- [Set up Customer Key for Office 365](customer-key-set-up.md)
+- [Set up Customer Key for Office 365](customer-key-set-up.md)
-- [Manage Customer Key for Office 365](customer-key-manage.md)
+- [Manage Customer Key for Office 365](customer-key-manage.md)
-- [Learn about the availability key](customer-key-availability-key-understand.md)
+- [Learn about the availability key](customer-key-availability-key-understand.md)
compliance Customer Key Availability Key Understand https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-availability-key-understand.md
Storage and control of the availability key are deliberately different from Azur
- The availability key provides a recovery, "break-glass" capability if control over both Azure Key Vault keys is lost. - The separation of logical controls and secure storage locations provides defense-in-depth and protects against the loss of all keys, and your data, from a single attack or point of failure.-- The availability key provides a high-availability capability if Microsoft 365 services are unable to reach keys hosted in Azure Key Vault due to transient errors. This rule only applies to Exchange Online and Skype for Business service encryption. SharePoint Online, OneDrive for Business, and Teams files never use the availability key unless you explicitly instruct Microsoft to initiate the recovery process.
+- The availability key provides a high-availability capability if Microsoft 365 services are unable to reach keys hosted in Azure Key Vault due to transient errors. This rule only applies to Exchange Online and Skype for Business service encryption. SharePoint Online, OneDrive for Business, and Teams files never use the availability key unless you explicitly instruct Microsoft to initiate the recovery process.
Sharing the responsibility to protect your data, using various protections and processes for key management, ultimately reduces the risk that all keys (and therefore your data) will be permanently lost or destroyed. Microsoft provides you with sole authority over the disablement or destruction of the availability key when you leave the service. By design, no one at Microsoft has access to the availability key: it is only accessible by Microsoft 365 service code.
In addition to the recovery capability, Exchange Online and Skype for Business u
Automated systems in Exchange Online and Skype for Business may use the availability key during transient errors to support automated back-end services such as anti-virus, e-discovery, data loss prevention, mailbox moves, and data indexing.
-### SharePoint Online, OneDrive for Business, and Teams files uses
+### SharePoint Online, OneDrive for Business, and Teams files uses
-For SharePoint Online, OneDrive for Business, and Teams files, the availability key is NEVER used outside of the recovery capability and customers must explicitly instruct Microsoft to initiate use of the availability key during a recovery scenario. Automated service operations solely rely on your Customer Keys in Azure Key vault. For in-depth information about how the key hierarchy works for these services, see [How SharePoint Online, OneDrive for Business, and Teams files use the availability key](#how-sharepoint-online-onedrive-for-business-and-teams-files-use-the-availability-key).
+For SharePoint Online, OneDrive for Business, and Teams files, the availability key is NEVER used outside of the recovery capability and customers must explicitly instruct Microsoft to initiate use of the availability key during a recovery scenario. Automated service operations solely rely on your Customer Keys in Azure Key vault. For in-depth information about how the key hierarchy works for these services, see [How SharePoint Online, OneDrive for Business, and Teams files use the availability key](#how-sharepoint-online-onedrive-for-business-and-teams-files-use-the-availability-key).
## Availability key security
Microsoft shares the responsibility of data protection with you by instantiating
Microsoft protects availability keys in access-controlled, internal secret stores like the customer-facing Azure Key Vault. We implement access controls to prevent Microsoft administrators from directly accessing the secrets contained within. Secret Store operations, including key rotation and deletion, occur through automated commands that never involve direct access to the availability key. Secret store management operations are limited to specific engineers and require privilege escalation through an internal tool, Lockbox. Privilege escalation requires manager approval and justification prior to being granted. Lockbox ensures access is time bound with automatic access revocation upon time expiration or engineer log out.
-**Exchange Online and Skype for Business** availability keys are stored in an Exchange Online Active Directory secret store. Availability keys are securely stored inside tenant specific containers within the Active Directory Domain Controller. This secure storage location is separate and isolated from the SharePoint Online, OneDrive for Business, and Teams files secret store.
+**Exchange Online and Skype for Business** availability keys are stored in an Exchange Online Active Directory secret store. Availability keys are securely stored inside tenant specific containers within the Active Directory Domain Controller. This secure storage location is separate and isolated from the SharePoint Online, OneDrive for Business, and Teams files secret store.
-**SharePoint Online, OneDrive for Business, and Teams files** availability keys are stored in an internal secret store managed by the service team. This secured, secrets storage service has front-end servers with application endpoints and a SQL Database as the back end. Availability keys are stored in the SQL Database and are wrapped (encrypted) by secret store encryption keys that use a combination of AES-256 and HMAC to encrypt the availability key at rest. The secret store encryption keys are stored in a logically isolated component of the same SQL Database and are further encrypted with RSA-2048 keys contained in certificates managed by the Microsoft certificate authority (CA). These certificates are stored in the secret store front-end servers that perform operations against the database.
+**SharePoint Online, OneDrive for Business, and Teams files** availability keys are stored in an internal secret store managed by the service team. This secured, secrets storage service has front-end servers with application endpoints and a SQL Database as the back end. Availability keys are stored in the SQL Database and are wrapped (encrypted) by secret store encryption keys that use a combination of AES-256 and HMAC to encrypt the availability key at rest. The secret store encryption keys are stored in a logically isolated component of the same SQL Database and are further encrypted with RSA-2048 keys contained in certificates managed by the Microsoft certificate authority (CA). These certificates are stored in the secret store front-end servers that perform operations against the database.
### Defense-in-depth
To encrypt your data with new Customer Keys, create new keys in Azure Key Vault,
This re-encryption process can take up to 72 hours. This is the standard duration when you change a DEP.
-### Recovery procedure for SharePoint Online, OneDrive for Business, and Teams files
+### Recovery procedure for SharePoint Online, OneDrive for Business, and Teams files
-For SharePoint Online, OneDrive for Business, and Teams files, the availability key is NEVER used outside of the recovery capability. You must explicitly instruct Microsoft to initiate use of the availability key during a recovery scenario. To initiate the recovery process, contact Microsoft to activate the availability key. Once activated, the availability key is automatically used to decrypt your data allowing you to encrypt the data with a newly-created DEP associated to new Customer Keys.
+For SharePoint Online, OneDrive for Business, and Teams files, the availability key is NEVER used outside of the recovery capability. You must explicitly instruct Microsoft to initiate use of the availability key during a recovery scenario. To initiate the recovery process, contact Microsoft to activate the availability key. Once activated, the availability key is automatically used to decrypt your data allowing you to encrypt the data with a newly-created DEP associated to new Customer Keys.
This operation is proportional to the number of sites in your organization. Once you call Microsoft to use the availability key, you should be fully online within about four hours.
In case you lose access to your customer keys, Microsoft 365 also encrypts the T
For availability and scale reasons, decrypted TIKs are cached in a time-limited memory cache. Two hours before a TIK cache is set to expire, Microsoft 365 attempts to decrypt each TIK. Decrypting the TIKs extends the lifetime of the cache. If TIK decryption fails for a significant amount of time, Microsoft 365 generates an alert to notify engineering prior to the cache expiration. Only if the customer calls Microsoft will Microsoft 365 initiate the recovery operation, which involves decrypting the TIK with the availability key stored in Microsoft's secret store and onboarding the tenant again using the decrypted TIK and a new set of customer-supplied Azure Key Vault keys.
-As of today, Customer Key is involved in the encryption and decryption chain of SharePoint Online file data stored in the Azure blob store, but not SharePoint Online list items or metadata stored in the SQL Database. Microsoft 365 does not use the availability key for Exchange Online, Skype for Business, SharePoint Online, OneDrive for Business, and Teams files other than the case described above, which is customer-initiated. Human access to customer data is protected by Customer Lockbox.
+As of today, Customer Key is involved in the encryption and decryption chain of SharePoint Online file data stored in the Azure blob store, but not SharePoint Online list items or metadata stored in the SQL Database. Microsoft 365 does not use the availability key for Exchange Online, Skype for Business, SharePoint Online, OneDrive for Business, and Teams files other than the case described above, which is customer-initiated. Human access to customer data is protected by Customer Lockbox.
## Availability key triggers
Microsoft 365 triggers the availability key only in specific circumstances. Thes
### Triggers for SharePoint Online, OneDrive for Business, and Teams files
-For SharePoint Online, OneDrive for Business, and Teams files, the availability key is NEVER used outside of the recovery capability and customers must explicitly instruct Microsoft to initiate use of the availability key during a recovery scenario.
+For SharePoint Online, OneDrive for Business, and Teams files, the availability key is NEVER used outside of the recovery capability and customers must explicitly instruct Microsoft to initiate use of the availability key during a recovery scenario.
## Audit logs and the availability key
Microsoft 365 uses the availability key to wrap the tier of keys lower in the ke
## Related articles -- [Service encryption with Customer Key](customer-key-overview.md)
+- [Service encryption with Customer Key](customer-key-overview.md)
-- [Set up Customer Key](customer-key-set-up.md)
+- [Set up Customer Key](customer-key-set-up.md)
-- [Manage Customer Key](customer-key-manage.md)
+- [Manage Customer Key](customer-key-manage.md)
-- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
+- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
compliance Customer Key Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-manage.md
To create a DEP, you need to remotely connect to SharePoint Online by using Wind
Example: ```powershell
- Register-SPODataEncryptionPolicy -PrimaryKeyVaultName 'stageRG3vault' -PrimaryKeyName 'SPKey3' -PrimaryKeyVersion 'f635a23bd4a44b9996ff6aadd88d42ba' -SecondaryKeyVaultName 'stageRG5vault' -SecondaryKeyName 'SPKey5' -SecondaryKeyVersion '2b3e8f1d754f438dacdec1f0945f251aΓÇÖ
+ Register-SPODataEncryptionPolicy -PrimaryKeyVaultName 'stageRG3vault' -PrimaryKeyName 'SPKey3' -PrimaryKeyVersion 'f635a23bd4a44b9996ff6aadd88d42ba' -SecondaryKeyVaultName 'stageRG5vault' -SecondaryKeyName 'SPKey5' -SecondaryKeyVersion '2b3e8f1d754f438dacdec1f0945f251a'
``` When you register the DEP, encryption begins on the data in the geo. Encryption can take some time. For more information on using this parameter, see [Register-SPODataEncryptionPolicy](/powershell/module/sharepoint-online/register-spodataencryptionpolicy?preserve-view=true&view=sharepoint-ps).
Use the Get-MailboxStatistics cmdlet to determine if a mailbox is encrypted.
Get-MailboxStatistics -Identity <GeneralMailboxOrMailUserIdParameter> | fl IsEncrypted ```
-The IsEncrypted property returns a value of **true** if the mailbox is encrypted and a value of **false** if the mailbox isn't encrypted. The time to complete mailbox moves depends on the number of mailboxes to which you assign a DEP for the first time, and the size of the mailboxes. If the mailboxes haven't been encrypted after a week from the time you assigned the DEP, contact Microsoft.
+The IsEncrypted property returns a value of **true** if the mailbox is encrypted and a value of **false** if the mailbox isn't encrypted. The time to complete mailbox moves depends on the number of mailboxes to which you assign a DEP for the first time, and the size of the mailboxes. If the mailboxes haven't been encrypted after a week from the time you assigned the DEP, contact Microsoft.
The New-MoveRequest cmdlet is no longer available for local mailbox moves. Refer to [this announcement](https://techcommunity.microsoft.com/t5/exchange-team-blog/disabling-new-moverequest-for-local-mailbox-moves/bc-p/1332141) for additional information.
-### Verify encryption completes for SharePoint Online, OneDrive for Business, and Teams files
+### Verify encryption completes for SharePoint Online, OneDrive for Business, and Teams files
Check on the status of encryption by running the Get-SPODataEncryptionPolicy cmdlet as follows:
If you need to revert to Microsoft-managed keys, you can. When you offboard, you
> [!IMPORTANT] > Offboarding is not the same as a data purge. A data purge permanently crypto-deletes your organization's data from Microsoft 365, offboarding does not. You can't perform a data purge for a multiple workload policy.
-If you decide not to use Customer Key for assigning multi-workload DEPs anymore then you'll need to reach out to Microsoft support with a request to ΓÇ£offboardΓÇ¥ from Customer Key. Ask the support team to file a service request against Microsoft 365 Customer Key team. Reach out to m365-ck@service.microsoft.com if you have any questions.
+If you decide not to use Customer Key for assigning multi-workload DEPs anymore then you'll need to reach out to Microsoft support with a request to "offboard" from Customer Key. Ask the support team to file a service request against Microsoft 365 Customer Key team. Reach out to m365-ck@service.microsoft.com if you have any questions.
If you do not want to encrypt individual mailboxes using mailbox level DEPs anymore, then you can unassign mailbox level DEPs from all your mailboxes.
To initiate the data purge path, complete these steps:
Set-DataEncryptionPolicy <Policy ID> -PermanentDataPurgeRequested -PermanentDataPurgeReason <Reason> -PermanentDataPurgeContact <ContactName> ```
- If the command fails, ensure that you've removed the Exchange Online permissions from both keys in Azure Key Vault as specified earlier in this task. Once you've set the PermanentDataPurgeRequested switch using the Set-DataEncryptionPolicy cmdlet, you'll no longer be able to assign this DEP to mailboxes.
+ If the command fails, ensure that you've removed the Exchange Online permissions from both keys in Azure Key Vault as specified earlier in this task. Once you've set the PermanentDataPurgeRequested switch using the Set-DataEncryptionPolicy cmdlet, you'll no longer be able to assign this DEP to mailboxes.
4. Contact Microsoft support and request the Data Purge eDocument.
To initiate the data purge path, complete these steps:
Once Microsoft receives the legal document, Microsoft runs cmdlets to trigger the data purge which first deletes the policy, marks the mailboxes for permanent deletion, then deletes the availability key. Once the data purge process completes, the data has been purged, is inaccessible to Exchange Online, and is not recoverable.
-### Revoke your Customer Keys and the availability key for SharePoint Online, OneDrive for Business, and Teams files
+### Revoke your Customer Keys and the availability key for SharePoint Online, OneDrive for Business, and Teams files
-To initiate the data purge path for SharePoint Online, OneDrive for Business, and Teams files, complete these steps:
+To initiate the data purge path for SharePoint Online, OneDrive for Business, and Teams files, complete these steps:
1. Revoke Azure Key Vault access. All key vault admins must agree to revoke access.
To initiate the data purge path for SharePoint Online, OneDrive for Business
## Related articles -- [Service encryption with Customer Key](customer-key-overview.md)
+- [Service encryption with Customer Key](customer-key-overview.md)
-- [Learn about the availability key](customer-key-availability-key-understand.md)
+- [Learn about the availability key](customer-key-availability-key-understand.md)
-- [Set up Customer Key](customer-key-set-up.md)
+- [Set up Customer Key](customer-key-set-up.md)
-- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
+- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
- [Customer Lockbox](customer-lockbox-requests.md)
compliance Customer Key Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-overview.md
description: "In this article, you will learn about how service encryption works
# Service encryption with Customer Key
-Microsoft 365 provides baseline, volume-level encryption enabled through BitLocker and Distributed Key Manager (DKM). Microsoft 365 offers an added layer of encryption for your content. This content includes data from Exchange Online, Skype for Business, SharePoint Online, OneDrive for Business, and Microsoft Teams.
+Microsoft 365 provides baseline, volume-level encryption enabled through BitLocker and Distributed Key Manager (DKM). Microsoft 365 offers an added layer of encryption for your content. This content includes data from Exchange Online, Skype for Business, SharePoint Online, OneDrive for Business, and Microsoft Teams.
## How service encryption, BitLocker, and Customer Key work together
The key hierarchy used for DEPs that encrypt data for multiple Microsoft 365 wor
## Related articles -- [Set up Customer Key](customer-key-set-up.md)
+- [Set up Customer Key](customer-key-set-up.md)
-- [Manage Customer Key](customer-key-manage.md)
+- [Manage Customer Key](customer-key-manage.md)
-- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
+- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
-- [Learn about the availability key](customer-key-availability-key-understand.md)
+- [Learn about the availability key](customer-key-availability-key-understand.md)
- [Customer Lockbox](customer-lockbox-requests.md)
compliance Customer Key Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-set-up.md
Once you've completed the steps in this article, you're ready to create and assi
## Related articles -- [Service encryption with Customer Key](customer-key-overview.md)
+- [Service encryption with Customer Key](customer-key-overview.md)
-- [Manage Customer Key](customer-key-manage.md)
+- [Manage Customer Key](customer-key-manage.md)
-- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
+- [Roll or rotate a Customer Key or an availability key](customer-key-availability-key-roll.md)
-- [Learn about the availability key](customer-key-availability-key-understand.md)
+- [Learn about the availability key](customer-key-availability-key-understand.md)
- [Service Encryption](office-365-service-encryption.md)
compliance Customer Lockbox Requests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-lockbox-requests.md
description: "Learn about Customer Lockbox requests that allow you to control ho
This article provides deployment and configuration guidance for Customer Lockbox. Customer Lockbox supports requests to access data in Exchange Online, SharePoint Online, OneDrive for Business, and Teams. To recommend support for other services, submit a request at [Feedback Portal](https://feedbackportal.microsoft.com).
-To see the options for licensing your users to benefit from Microsoft 365 compliance offerings, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+To see the options for licensing your users to benefit from Microsoft 365 compliance offerings, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process that Microsoft uses to ensure only authorized requests allow access to your content. To learn more about Microsoft's workflow process, see [Privileged access management in Microsoft 365](privileged-access-management-solution-overview.md).
Customer Lockbox is currently supported in Exchange Online, SharePoint Online, O
### Is Customer Lockbox available to all customers?
-Customer Lockbox is included with the Microsoft 365 or Office 365 E5 subscriptions and can be added to other plans with an Information Protection and Compliance or an Advanced Compliance add-on subscription. See [Plans and pricing](https://products.office.com/business/office-365-enterprise-e5-business-software) for more information.
+Customer Lockbox is included with the Microsoft 365 or Office 365 E5 subscriptions and can be added to other plans with an Information Protection and Compliance or an Advanced Compliance add-on subscription. See [Plans and pricing](https://products.office.com/business/office-365-enterprise-e5-business-software) for more information.
### What is customer content?
compliance Data Classification Content Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-content-explorer.md
A [DLP policy](dlp-learn-about-dlp.md) can help protect sensitive information, w
### Sensitivity labels
-A [sensitivity label](sensitivity-labels.md) is simply a tag that indicates the value of the item to your organization. It can be applied manually, or automatically. Once applied it gets embedded in the document and will follow it everywhere it goes. A sensitivity label enables various protective behaviors, such as mandatory watermarking or encryption.
+A [sensitivity label](sensitivity-labels.md) is simply a tag that indicates the value of the item to your organization. It can be applied manually, or automatically. Once applied, the label gets embedded in the document and will follow the document everywhere it goes. A sensitivity label enables various protective behaviors, such as mandatory watermarking or encryption.
Sensitivity labels must be enabled for files that are in SharePoint and OneDrive in order for the corresponding data to surface in the data classification page. For more information, see [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md).
compliance Data Spillage Scenariosearch And Purge https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-spillage-scenariosearch-and-purge.md
description: "Use eDiscovery and search tools to manage and respond to a data sp
# eDiscovery solution series: Data spillage scenario - Search and purge
- **What is data spillage and why should you care?** Data spillage is when a confidential document is released into an untrusted environment. When a data spillage incident is detected, it's important to quickly assess the size and locations of the spillage, examine user activities around it,  and then permanently purge the spilled data from the system.
+ **What is data spillage and why should you care?** Data spillage is when a confidential document is released into an untrusted environment. When a data spillage incident is detected, it's important to quickly assess the size and locations of the spillage, examine user activities around it, and then permanently purge the spilled data from the system.
## Data spillage scenario
compliance Device Onboarding Offboarding Macos Jamfpro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro.md
audience: ITPro
ms.localizationpriority: medium--- M365-security-compliance +
+- M365-security-compliance
search.appverid:-- MET150
+- MET150
description: Learn how to onboard and offboard macOS devices into Microsoft 365 Compliance solutions using JAMF Pro (preview)
You can use JAMF Pro to onboard macOS devices into Microsoft 365 compliance solu
## Before you begin - Make sure your [macOS devices are managed through JAMF pro](https://www.jamf.com/resources/product-documentation/jamf-pro-installation-guide-for-mac/) and are associated with an identity (Azure AD joined UPN) through JAMF Connect or Intune.-- Install the v95+ Edge browser on your macOS devices
+- Install the v95+ Edge browser on your macOS devices
## Onboard devices into Microsoft 365 Compliance solutions using JAMF Pro 1. You'll need these files for this procedure.
-|File needed for |Source |
-|||
-|Onboarding package |Downloaded from the compliance portal **Onboarding package**, file name *DeviceComplianceOnboarding.plist* |
-|accessibility |[accessibility.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/accessibility.mobileconfig)|
-full disk access |[fulldisk.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/fulldisk.mobileconfig)|
+|File needed for|Source|
+|||
+|Onboarding package|Downloaded from the compliance portal **Onboarding package**, file name *DeviceComplianceOnboarding.plist*|
+|accessibility|[accessibility.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/accessibility.mobileconfig)|
+full disk access|[fulldisk.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/fulldisk.mobileconfig)|
|Network filter| [netfilter.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/netfilter.mobileconfig)
-|System extensions |[sysext.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/sysext.mobileconfig)
-|MDE preference |[schema.json](https://github.com/microsoft/mdatp-xplat/blob/master/macos/settings/data_loss_prevention/schema.json)|
+|System extensions|[sysext.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/sysext.mobileconfig)
+|MDE preference|[schema.json](https://github.com/microsoft/mdatp-xplat/blob/master/macos/settings/data_loss_prevention/schema.json)|
|MAU preference|[com.microsoft.autoupdate2.plist](https://github.com/microsoft/mdatp-xplat/blob/master/macos/settings/microsoft_auto_update/com.microsoft.autoupdate2.plist)|
-|Installation package |downloaded from the compliance portal **Installation package**, file name *\*wdav.pkg*\* |
+|Installation package|downloaded from the compliance portal **Installation package**, file name *\*wdav.pkg*\*|
> [!TIP] > You can download the *.mobileconfig* files individually or in [single combined file](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/combined/mdatp-nokext.mobileconfig) that contains:
+>
> - accessibility.mobileconfig > - fulldisk.mobileconfig > - netfilter.mobileconfig
Onboarding a macOS device into Compliance solutions is a multiphase process.
### Get the device onboarding package 1. In **Compliance center** open **Settings** > **Device Onboarding** and choose **Onboarding**.
-
+ 1. For **Select operating system to start onboarding process** choose **macOS**
-
+ 1. For **Deployment method** choose **Mobile Device Management/Microsoft Intune**
-
+ 1. Choose **Download onboarding package**
-
+ 1. Extract the contents of the device onboarding package. In the JAMF folder, you should see the *DeviceComplainceOnboarding.plist* file. ### Create a JAMF Pro configuration profile for the onboarding package
Onboarding a macOS device into Compliance solutions is a multiphase process.
1. Choose **Save**. 1. Under **Preference Domain Properties** choose these settings
- - Features
+ - Features
- Use System Extensions: `enabled` - required for network extensions on Catalina - Use Data Loss Prevention: `enabled` - Antivirus engine > Passive mode: `true|false`. Use `true`if deploying DLP only. Use `false` or do not assign a value if deploying DLP and Microsoft Defender for Endpoint (MDE).
Onboarding a macOS device into Compliance solutions is a multiphase process.
1. Choose the groups to deploy this configuration profile to.
-1. Choose **Save**.
-
+1. Choose **Save**.
### Create and deploy a configuration profile for Microsoft AutoUpdate (MAU)
Onboarding a macOS device into Compliance solutions is a multiphase process.
1. Choose **Done**. - ### Create and deploy a configuration profile for Grant full disk access 1. Use the **fulldisk.mobileconfig** file.
Onboarding a macOS device into Compliance solutions is a multiphase process.
### Configure Network extension
-1. Use the **netfilter.mobileconfig** file that you downloaded from GitHub.
+1. Use the **netfilter.mobileconfig** file that you downloaded from GitHub.
-2. Upload to JAMF as described in [Deploying Custom Configuration Profiles using Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
+2. Upload to JAMF as described in [Deploying Custom Configuration Profiles using Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
### Grant accessibility access to DLP 1. Use the **accessibility.mobileconfig** file that you downloaded from GitHub.
-2. Upload to JAMF as described in [Deploying Custom Configuration Profiles using Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
+2. Upload to JAMF as described in [Deploying Custom Configuration Profiles using Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
### Get the installation package 1. In **Compliance center** open **Settings** > **Device Onboarding** and choose **Onboarding**.
-
+ 1. For **Select operating system to start onboarding process** choose **macOS**
-
+ 1. For **Deployment method** choose **Mobile Device Management/Microsoft Intune**
-
-1. Choose **Download installation package**. This will give you the *wdav.pkg* file.
+1. Choose **Download installation package**. This will give you the *wdav.pkg* file.
### Deploy the installation package
Onboarding a macOS device into Compliance solutions is a multiphase process.
1. Choose **Add**.
-1. Choose **Save**.
+1. Choose **Save**.
1. Choose the **Scope** tab.
Onboarding a macOS device into Compliance solutions is a multiphase process.
1. Choose **Done**.
-### Check the macOS device
+### Check the macOS device
1. Restart the macOS device.
compliance Device Onboarding Sccm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-sccm.md
For each device, you can set a configuration value to state whether samples can
You can set a compliance rule for configuration item in Configuration Manager to change the sample share setting on a device.
-This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted devices to make sure theyΓÇÖre complaint.
+This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted devices to make sure they're complaint.
The configuration is set through the following registry key entry:
-```
-Path: ΓÇ£HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat ProtectionΓÇ¥
+```text
+Path: "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection"
Name: "AllowSampleCollection" Value: 0 or 1 ```
-Where:<br>
-Key type is a D-WORD. <br>
+
+Where:
+
+Key type is a D-WORD.
+ Possible values are:+ - 0 - doesn't allow sample sharing from this device - 1 - allows sharing of all file types from this device
-The default value in case the registry key doesnΓÇÖt exist is 1.
+The default value in case the registry key doesn't exist is 1.
For more information about System Center Configuration Manager Compliance, see [Introduction to compliance settings in System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682139(v=technet.10)). ## Other recommended configuration settings+ After onboarding devices to the service, it's important to take advantage of the included threat protection capabilities by enabling them with the following recommended configuration settings. ### Device collection configuration
-If you're using Endpoint Configuration Manager, version 2002 or later, you can choose to broaden the deployment to include servers or down-level clients.
+If you're using Endpoint Configuration Manager, version 2002 or later, you can choose to broaden the deployment to include servers or down-level clients.
### Next generation protection configuration
Configure all available rules to Audit.
Prior to enabling network protection in audit or block mode, ensure that you've installed the antimalware platform update, which can be obtained from the [support page](https://support.microsoft.com/en-us/help/4560203/windows-defender-anti-malware-platform-binaries-are-missing). - **Controlled folder access** Enable the feature in audit mode for at least 30 days. After this period, review detections and create a list of applications that are allowed to write to protected directories. For more information, see [Evaluate controlled folder access](/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access). - ## Offboard devices using Configuration Manager For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package, you will be notified of the packages expiry date and it will also be included in the package name.
If you use Microsoft Endpoint Configuration Manager current branch, see [Create
> [!IMPORTANT] > Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months. - ## Monitor device configuration If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Microsoft Defender for Endpoint dashboard in the Configuration Manager console. For more information, see [Microsoft Defender Advanced Threat Protection - Monitor](/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
You can set a compliance rule for configuration item in System Center 2012 R2 Co
This rule should be a *non-remediating* compliance rule configuration item that monitors the value of a registry key on targeted devices. Monitor the following registry key entry:+
+```text
+Path: "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status"
+Name: "OnboardingState"
+Value: "1"
```
-Path: ΓÇ£HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\StatusΓÇ¥
-Name: ΓÇ£OnboardingStateΓÇ¥
-Value: ΓÇ£1ΓÇ¥
-```
+ For more information, see [Introduction to compliance settings in System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682139(v=technet.10)). ## Related topics+ - [Onboard Windows 10 and Windows 11 devices using Group Policy](device-onboarding-gp.md) - [Onboard Windows 10 and Windows 11 devices using Mobile Device Management tools](device-onboarding-mdm.md) - [Onboard Windows 10 and Windows 11 devices using a local script](device-onboarding-script.md) - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](device-onboarding-vdi.md) - [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
compliance Device Onboarding Vdi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-vdi.md
As a best practice, we recommend using offline servicing tools to patch golden i
For example, you can use the below commands to install an update while the image remains offline:
-```console
+```DOS
DISM /Mount-image /ImageFile:"D:\Win10-1909.vhdx" /index:1 /MountDir:"C:\Temp\OfflineServicing" DISM /Image:"C:\Temp\OfflineServicing" /Add-Package /Packagepath:"C:\temp\patch\windows10.0-kb4541338-x64.msu" DISM /Unmount-Image /MountDir:"C:\Temp\OfflineServicing" /commit
If offline servicing is not a viable option for your non-persistent VDI environm
2. Ensure the sensor is stopped by running the command below in a CMD window:
- ```console
+ ```DOS
sc query sense ```
If offline servicing is not a viable option for your non-persistent VDI environm
4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot:
- ```console
+ ```DOS
PsExec.exe -s cmd.exe cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber" del *.* /f /s /q
- REG DELETE ΓÇ£HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection" /v senseGuid /f
+ REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection" /v senseGuid /f
exit ```
compliance Differences Between Estimated And Actual Ediscovery Search Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/differences-between-estimated-and-actual-ediscovery-search-results.md
description: "Understand why estimated and actual search results may vary in sea
# Differences between estimated and actual eDiscovery search results
-This topic applies to searches that you can run using one of the following Microsoft 365 eDiscovery tools:
+This article applies to searches that you can run using one of the following Microsoft 365 eDiscovery tools:
- Content search - Core eDiscovery
Here are some reasons for these differences:
- **The way results are estimated**. An estimate of the search results is just that, an estimate (and not an actual count) of the items that meet the search query criteria. To compile the estimate of Exchange items, a list of the message IDs that meet the search criteria is requested from the Exchange database by the eDiscovery tool you're using. But when you export the search results, the search is rerun and the actual messages are retrieved from the Exchange database. So these differences might result because of how the estimated number of items and the actual number of items are determined. -- **Changes that happen between the time when estimating and exporting search results**. When you export search results, the search is restarted to collect that most recent items in the search index that meet the search criteria. It's possible there are additional items were created, sent, or received that meet the search criteria in the time between when the estimated search results were collected and when the search results were exported. It's also possible that items that were in the search index when the search results were estimated are no longer there because they were purged from the content location before the search results are exported. One way to mitigate this issue is to specify a date range for an eDiscovery search. Another way is to place a hold on content locations so that items are preserved and can't be purged.
+- **Changes that happen between the time when estimating and exporting search results**. When you export search results, the search is restarted to collect that most recent items in the search index that meet the search criteria. It's possible there are additional items were created, sent, or received that meet the search criteria in the time between when the estimated search results were collected and when the search results were exported. It's also possible that items that were in the search index when the search results were estimated are no longer there because they were purged from the content location before the search results are exported. One way to mitigate this issue is to specify a date range for an eDiscovery search. Another way is to place a hold on content locations so that items are preserved and can't be purged.
- Although rare, even in the case when a hold is applied, maintenance of built-in calendar items (which aren't editable by the user, but are included in many search results) may be removed from time to time. This periodic removal of calendar items will result in fewer items that are exported.
+ Here are other issues that can result is differences between estimated and exported search results:
+
+ - In increase in items when using a date query. This is typically cause by the following two things:
+
+ - Hold versioning in SharePoint. If a document is deleted from a site that's on hold and document versioning is enabled, all versions of the deleted document will be preserved.
+
+ - Calendar items. Accept and reject messages and recurring meetings will automatically continue creating new items in the background with old dates.
+
+ - With holds, there can be cases where the same item is preserved in a user's primary mailbox and in their archive mailbox. This can happen when a user manually moves an item to their archive.
+
+ - Although rare, even in the case when a hold is applied, maintenance of built-in calendar items (which aren't editable by the user, but are included in many search results) may be removed from time to time. This periodic removal of calendar items will result in fewer items that are exported.
- **Unindexed items**. Items that are unindexed for search can cause differences between estimated and actual search results. You can include unindexed items when you export the search results. If you include unindexed items when exporting search results, there might be more items that are exported. This will cause a difference between the estimated and exported search results.
Here are some reasons for these differences:
- **Document versions in SharePoint and OneDrive**. When searching SharePoint sites and OneDrive accounts, multiple versions of a document aren't included in the count of estimated search results. But you have the option to include all document versions when you export the search results. If you include document versions when exporting search results, the actual number (and total size) of the exported items will be increased. -- **SharePoint folders**. If the name of folders in SharePoint matches a search query, the search estimate will include a count of those folders (but not the items in those folders). When you export the search results, the items in folder are exported but the actual folder is not exported. The result is that the number of exported items will be more than the number of estimated search results. If a folder is empty, then the number of actual search results exported will be reduced by one item, because the actual folder isn't exported.
+- **SharePoint folders**. If folders in SharePoint match a search query, for example, searching by date, the search estimate will include a count of those folders with the last modified date range (but not the items in those folders). When you export the search results, the items in folder are exported but the actual folder isn't exported. The result is that the number of exported items will be more than the number of estimated search results. If a folder is empty, then the number of actual search results exported will be reduced by one item, because the actual folder isn't exported.
> [!NOTE] > When running a query-based search, you can exclude SharePoint folders by adding the following condition to the query: `NOT(ContentType:folder)`. - **SharePoint lists**. If the name of a SharePoint list matches a search query, the search estimate will include a count of all the items in the list. When you export the search results, the list (and the list items) is exported as a single CSV file. This will reduce the actual number of items actually exported. If the list contains attachments, the attachments will be exported as separate documents, which will also increase the number of items exported.
+ > [!NOTE]
+ > When running a query-based search, you can exclude SharePoint lists by adding the following condition to the query: `NOT(ContentType:list)`.
+ - **Raw file formats versus exported file formats**. For Exchange items, the estimated size of the search results is calculated by using the raw Exchange message sizes. However, email messages are exported in a PST file or as individual messages (which are formatted as EML files). Both of these export options use a different file format than raw Exchange messages, which results in the total exported file size being different than the estimated file size. - **De-duplication of Exchange items during export**. For Exchange items, de-duplication reduces the number of items that are exported. You have the option to de-duplicate the search results when you export them. For Exchange messages, this means that only a single instance of a message is exported, even though that message might be found in multiple mailboxes. The estimated search results include every instance of a message. So if you choose the de-duplication option when exporting search results, the actual number of items that are exported might be considerably less than the estimated number of items.
compliance Dlp Conditions And Exceptions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-conditions-and-exceptions.md
Conditions and exceptions in DLP policies identify sensitive items that the poli
- Exceptions define what to exclude. - Actions define what happens as a consequence of condition or exception being met
-Most conditions and exceptions have one property that supports one or more values. For example, if the DLP policy is being applied to Exchange emails, the **The sender** is condition requires the sender of the message. Some conditions have two properties. For example, the **A message header includes any of these words** condition requires one property to specify the message header field, and a second property to specify the text to look for in the header field. Some conditions or exceptions donΓÇÖt have any properties. For example, the **Attachment is password protected** condition simply looks for attachments in messages that are password protected.
+Most conditions and exceptions have one property that supports one or more values. For example, if the DLP policy is being applied to Exchange emails, the **The sender** is condition requires the sender of the message. Some conditions have two properties. For example, the **A message header includes any of these words** condition requires one property to specify the message header field, and a second property to specify the text to look for in the header field. Some conditions or exceptions don't have any properties. For example, the **Attachment is password protected** condition simply looks for attachments in messages that are password protected.
Actions typically require additional properties. For example, when the DLP policy rule redirects a message, you need to specify where the message is redirected to. <!-- Some actions have multiple properties that are available or required. For example, when the rule adds a header field to the message header, you need to specify both the name and value of the header. When the rule adds a disclaimer to messages, you need to specify the disclaimer text, but you can also specify where to insert the text, or what to do if the disclaimer can't be added to the message. Typically, you can configure multiple actions in a rule, but some actions are exclusive. For example, one rule can't reject and redirect the same message.-->
If you use the sender address as a condition or exception the actual field where
At the tenant level, you can configure a sender address location to be used across all rules, unless overridden by a single rule. To set tenant DLP policy configuration to evaluate the sender address from the Envelope across all rules, you can run the following command: ```PowerShell
-Set-PolicyConfig ΓÇôSenderAddressLocation Envelope
+Set-PolicyConfig -SenderAddressLocation Envelope
```
-To configure the sender address location at a DLP rule level, the parameter is _SenderAddressLocation_. The available values are:
+To configure the sender address location at a DLP rule level, the parameter is *SenderAddressLocation*. The available values are:
- **Header**: Only examine senders in the message headers (for example, the **From**, **Sender**, or **Reply-To** fields). This is the default value. - **Envelope**: Only examine senders from the message envelope (the **MAIL FROM** value that was used in the SMTP transmission, which is typically stored in the **Return-Path** field). - **Header or envelope** (`HeaderOrEnvelope`) Examine senders in the message header and the message envelope.
-<br>
|condition or exception in DLP|condition/exception parameters in Microsoft 365 PowerShell|property type|description| |||||
-|Sender is|condition: *From* <br/> exception: *ExceptIfFrom*|Addresses|Messages that are sent by the specified mailboxes, mail users, mail contacts, or Microsoft 365 groups in the organization.|
-|The sender is a member of |_FromMemberOf_ <br/> _ExceptIfFromMemberOf_|Addresses|Messages that are sent by a member of the specified distribution group, mail-enabled security group, or Microsoft 365 group.|
-|Sender IP address is|condition: *SenderIPRanges*<br/> exception: *ExceptIfSenderIPRanges*|IPAddressRanges|Messages where the sender's IP address matches the specified IP address, or falls within the specified IP address range.|
-|Sender address contains words|condition: *FromAddressContainsWords* <br/> exception: *ExceptIfFromAddressContainsWords*|Words|Messages that contain the specified words in the sender's email address.|
-|Sender address matches patterns|condition: *FromAddressMatchesPatterns* <br/> exception: *ExceptFromAddressMatchesPatterns*|Patterns|Messages where the sender's email address contains text patterns that match the specified regular expressions.|
-|Sender domain is|condition: *SenderDomainIs* <br/> exception: *ExceptIfSenderDomainIs*|DomainName|Messages where the domain of the sender's email address matches the specified value. If you need to find sender domains that *contain* the specified domain (for example, any subdomain of a domain), use **The sender address matches**(*FromAddressMatchesPatterns*) condition and specify the domain by using the syntax: '\.domain\.com$'.|
-|Sender scope|condition: *FromScope* <br/> exception: *ExceptIfFromScope*|UserScopeFrom|Messages that are sent by either internal or external senders.|
-|The sender's specified properties include any of these words|condition: *SenderADAttributeContainsWords* <br/> exception: *ExceptIfSenderADAttributeContainsWords*|First property: `ADAttribute` <p> Second property: `Words`|Messages where the specified Active Directory attribute of the sender contains any of the specified words.|
-|The sender's specified properties match these text patterns|condition: *SenderADAttributeMatchesPatterns* <br/> exception: *ExceptIfSenderADAttributeMatchesPatterns*|First property: `ADAttribute` <p> Second property: `Patterns`|Messages where the specified Active Directory attribute of the sender contains text patterns that match the specified regular expressions.|
-|
+|Sender is|condition: *From* <br/><br/> exception: *ExceptIfFrom*|Addresses|Messages that are sent by the specified mailboxes, mail users, mail contacts, or Microsoft 365 groups in the organization.|
+|The sender is a member of |*FromMemberOf* <br/><br/> *ExceptIfFromMemberOf*|Addresses|Messages that are sent by a member of the specified distribution group, mail-enabled security group, or Microsoft 365 group.|
+|Sender IP address is|condition: *SenderIPRanges*<br/><br/> exception: *ExceptIfSenderIPRanges*|IPAddressRanges|Messages where the sender's IP address matches the specified IP address, or falls within the specified IP address range.|
+|Sender address contains words|condition: *FromAddressContainsWords* <br/><br/> exception: *ExceptIfFromAddressContainsWords*|Words|Messages that contain the specified words in the sender's email address.|
+|Sender address matches patterns|condition: *FromAddressMatchesPatterns* <br/><br/> exception: *ExceptFromAddressMatchesPatterns*|Patterns|Messages where the sender's email address contains text patterns that match the specified regular expressions.|
+|Sender domain is|condition: *SenderDomainIs* <br/><br/> exception: *ExceptIfSenderDomainIs*|DomainName|Messages where the domain of the sender's email address matches the specified value. If you need to find sender domains that *contain* the specified domain (for example, any subdomain of a domain), use **The sender address matches**(*FromAddressMatchesPatterns*) condition and specify the domain by using the syntax: '\.domain\.com$'.|
+|Sender scope|condition: *FromScope* <br/><br/> exception: *ExceptIfFromScope*|UserScopeFrom|Messages that are sent by either internal or external senders.|
+|The sender's specified properties include any of these words|condition: *SenderADAttributeContainsWords* <br/><br/> exception: *ExceptIfSenderADAttributeContainsWords*|First property: `ADAttribute` <br/><br/> Second property: `Words`|Messages where the specified Active Directory attribute of the sender contains any of the specified words.|
+|The sender's specified properties match these text patterns|condition: *SenderADAttributeMatchesPatterns* <br/><br/> exception: *ExceptIfSenderADAttributeMatchesPatterns*|First property: `ADAttribute` <br/><br/> Second property: `Patterns`|Messages where the specified Active Directory attribute of the sender contains text patterns that match the specified regular expressions.|
### Recipients
-<br>
-
-****
- |condition or exception in DLP|condition/exception parameters in Microsoft 365 PowerShell|property type|description| |||||
-|Recipient is|condition: *SentTo* <br/> exception: *ExceptIfSentTo*|Addresses|Messages where one of the recipients is the specified mailbox, mail user, or mail contact in the organization. The recipients can be in the **To**, **Cc**, or **Bcc** fields of the message.|
-|Recipient domain is|condition: *RecipientDomainIs* <br/> exception: *ExceptIfRecipientDomainIs*|DomainName|Messages where the domain of the recipient's email address matches the specified value.|
-|Recipient address contains words|condition: *AnyOfRecipientAddressContainsWords* <br/> exception: *ExceptIfAnyOfRecipientAddressContainsWords*|Words|Messages that contain the specified words in the recipient's email address. <br/>**Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
-|Recipient address matches patterns|condition: *AnyOfRecipientAddressMatchesPatterns* <br/> exception: *ExceptIfAnyOfRecipientAddressMatchesPatterns*|Patterns|Messages where a recipient's email address contains text patterns that match the specified regular expressions. <br/> **Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
-|Sent to member of|condition: *SentToMemberOf* <br/> exception: *ExceptIfSentToMemberOf*|Addresses|Messages that contain recipients who are members of the specified distribution group, mail-enabled security group, or Microsoft 365 group. The group can be in the **To**, **Cc**, or **Bcc** fields of the message.|
-|The recipient's specified properties include any of these words |_RecipientADAttributeContainsWords_ <br/> _ExceptIfRecipientADAttributeContainsWords_|First property: `ADAttribute` <p> Second property: `Words`|Messages where the specified Active Directory attribute of a recipient contains any of the specified words. <p> Note that the **Country** attribute requires the two-letter country code value (for example, DE for Germany).|
-|The recipient's specified properties match these text patterns |_RecipientADAttributeMatchesPatterns_ <br/> _ExceptIfRecipientADAttributeMatchesPatterns_|First property: `ADAttribute` <p> Second property: `Patterns`|Messages where the specified Active Directory attribute of a recipient contains text patterns that match the specified regular expressions.|
-|
+|Recipient is|condition: *SentTo* <br/><br/> exception: *ExceptIfSentTo*|Addresses|Messages where one of the recipients is the specified mailbox, mail user, or mail contact in the organization. The recipients can be in the **To**, **Cc**, or **Bcc** fields of the message.|
+|Recipient domain is|condition: *RecipientDomainIs* <br/><br/> exception: *ExceptIfRecipientDomainIs*|DomainName|Messages where the domain of the recipient's email address matches the specified value.|
+|Recipient address contains words|condition: *AnyOfRecipientAddressContainsWords* <br/><br/> exception: *ExceptIfAnyOfRecipientAddressContainsWords*|Words|Messages that contain the specified words in the recipient's email address. <br/><br/>**Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
+|Recipient address matches patterns|condition: *AnyOfRecipientAddressMatchesPatterns* <br/><br/> exception: *ExceptIfAnyOfRecipientAddressMatchesPatterns*|Patterns|Messages where a recipient's email address contains text patterns that match the specified regular expressions. <br/><br/> **Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
+|Sent to member of|condition: *SentToMemberOf* <br/><br/> exception: *ExceptIfSentToMemberOf*|Addresses|Messages that contain recipients who are members of the specified distribution group, mail-enabled security group, or Microsoft 365 group. The group can be in the **To**, **Cc**, or **Bcc** fields of the message.|
+|The recipient's specified properties include any of these words |*RecipientADAttributeContainsWords* <br/><br/> *ExceptIfRecipientADAttributeContainsWords*|First property: `ADAttribute` <br/><br/> Second property: `Words`|Messages where the specified Active Directory attribute of a recipient contains any of the specified words. <br/><br/> Note that the **Country** attribute requires the two-letter country code value (for example, DE for Germany).|
+|The recipient's specified properties match these text patterns |*RecipientADAttributeMatchesPatterns* <br/><br/> *ExceptIfRecipientADAttributeMatchesPatterns*|First property: `ADAttribute` <br/><br/> Second property: `Patterns`|Messages where the specified Active Directory attribute of a recipient contains text patterns that match the specified regular expressions.|
### Message subject or body
-<br>
-
-****
- |condition or exception in DLP|condition/exception parameters in Microsoft 365 PowerShell|property type|description| |||||
-|Subject contains words or phrases|condition: *SubjectContainsWords* <br/> exception: *ExceptIf SubjectContainsWords*|Words|Messages that have the specified words in the Subject field.|
-|Subject matches patterns|condition: *SubjectMatchesPatterns* <br/> exception: *ExceptIf SubjectMatchesPatterns*|Patterns|Messages where the Subject field contain text patterns that match the specified regular expressions.|
-|Content contains|condition: *ContentContainsSensitiveInformation* <br/> exception *ExceptIfContentContainsSensitiveInformation*|SensitiveInformationTypes|Messages or documents that contain sensitive information as defined by data loss prevention (DLP) policies.|
-|Subject or Body matches pattern|condition: *SubjectOrBodyMatchesPatterns* <br/> exception: *ExceptIfSubjectOrBodyMatchesPatterns*|Patterns|Messages where the subject field or message body contains text patterns that match the specified regular expressions.|
-|Subject or Body contains words|condition: *SubjectOrBodyContainsWords* <br/> exception: *ExceptIfSubjectOrBodyContainsWords*|Words|Messages that have the specified words in the subject field or message body|
-|
+|Subject contains words or phrases|condition: *SubjectContainsWords* <br/><br/> exception: *ExceptIf SubjectContainsWords*|Words|Messages that have the specified words in the Subject field.|
+|Subject matches patterns|condition: *SubjectMatchesPatterns* <br/><br/> exception: *ExceptIf SubjectMatchesPatterns*|Patterns|Messages where the Subject field contain text patterns that match the specified regular expressions.|
+|Content contains|condition: *ContentContainsSensitiveInformation* <br/><br/> exception *ExceptIfContentContainsSensitiveInformation*|SensitiveInformationTypes|Messages or documents that contain sensitive information as defined by data loss prevention (DLP) policies.|
+|Subject or Body matches pattern|condition: *SubjectOrBodyMatchesPatterns* <br/><br/> exception: *ExceptIfSubjectOrBodyMatchesPatterns*|Patterns|Messages where the subject field or message body contains text patterns that match the specified regular expressions.|
+|Subject or Body contains words|condition: *SubjectOrBodyContainsWords* <br/><br/> exception: *ExceptIfSubjectOrBodyContainsWords*|Words|Messages that have the specified words in the subject field or message body|
### Attachments
-<br>
-
-****
- |condition or exception in DLP|condition/exception parameters in Microsoft 365 PowerShell|property type|description| |||||
-|Attachment is password protected|condition: *DocumentIsPasswordProtected* <br/> exception: *ExceptIfDocumentIsPasswordProtected*|none|Messages where an attachment is password protected (and therefore can't be scanned). Password detection only works for Office documents, .zip files, and .7z files.|
-|AttachmentΓÇÖs file extension is|condition: *ContentExtensionMatchesWords* <br/> exception: *ExceptIfContentExtensionMatchesWords*|Words|Messages where an attachment's file extension matches any of the specified words.|
-|Any email attachmentΓÇÖs content could not be scanned|condition: *DocumentIsUnsupported* <br/>exception: *ExceptIf DocumentIsUnsupported*|n/a|Messages where an attachment isn't natively recognized by Exchange Online.|
-|Any email attachmentΓÇÖs content didnΓÇÖt complete scanning|condition: *ProcessingLimitExceeded* <br/> exception: *ExceptIfProcessingLimitExceeded*|n/a|Messages where the rules engine couldn't complete the scanning of the attachments. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned.|
-|Document name contains words|condition: *DocumentNameMatchesWords* <br/> exception: *ExceptIfDocumentNameMatchesWords*|Words|Messages where an attachment's file name matches any of the specified words.|
-|Document name matches patterns|condition: *DocumentNameMatchesPatterns* <br/> exception: *ExceptIfDocumentNameMatchesPatterns*|Patterns|Messages where an attachment's file name contains text patterns that match the specified regular expressions.|
-|Document property is|condition: *ContentPropertyContainsWords* <br/> exception: *ExceptIfContentPropertyContainsWords*|Words|Messages or documents where an attachment's file extension matches any of the specified words.|
-|Document size equals or is greater than|condition: *DocumentSizeOver* <br/> exception: *ExceptIfDocumentSizeOver*|Size|Messages where any attachment is greater than or equal to the specified value.|
-|Any attachment's content includes any of these words|condition: *DocumentContainsWords* <br/> exception: *ExceptIfDocumentContainsWords*|`Words`|Messages where an attachment contains the specified words.|
-|Any attachments content matches these text patterns|condition: *DocumentMatchesPatterns* <br/> exception: *ExceptIfDocumentMatchesPatterns*|`Patterns`|Messages where an attachment contains text patterns that match the specified regular expressions.|
-|
+|Attachment is password protected|condition: *DocumentIsPasswordProtected* <br/><br/> exception: *ExceptIfDocumentIsPasswordProtected*|none|Messages where an attachment is password protected (and therefore can't be scanned). Password detection only works for Office documents, .zip files, and .7z files.|
+|Attachment's file extension is|condition: *ContentExtensionMatchesWords* <br/><br/> exception: *ExceptIfContentExtensionMatchesWords*|Words|Messages where an attachment's file extension matches any of the specified words.|
+|Any email attachment's content could not be scanned|condition: *DocumentIsUnsupported* <br/><br/>exception: *ExceptIf DocumentIsUnsupported*|n/a|Messages where an attachment isn't natively recognized by Exchange Online.|
+|Any email attachment's content didn't complete scanning|condition: *ProcessingLimitExceeded* <br/><br/> exception: *ExceptIfProcessingLimitExceeded*|n/a|Messages where the rules engine couldn't complete the scanning of the attachments. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned.|
+|Document name contains words|condition: *DocumentNameMatchesWords* <br/><br/> exception: *ExceptIfDocumentNameMatchesWords*|Words|Messages where an attachment's file name matches any of the specified words.|
+|Document name matches patterns|condition: *DocumentNameMatchesPatterns* <br/><br/> exception: *ExceptIfDocumentNameMatchesPatterns*|Patterns|Messages where an attachment's file name contains text patterns that match the specified regular expressions.|
+|Document property is|condition: *ContentPropertyContainsWords* <br/><br/> exception: *ExceptIfContentPropertyContainsWords*|Words|Messages or documents where an attachment's file extension matches any of the specified words.|
+|Document size equals or is greater than|condition: *DocumentSizeOver* <br/><br/> exception: *ExceptIfDocumentSizeOver*|Size|Messages where any attachment is greater than or equal to the specified value.|
+|Any attachment's content includes any of these words|condition: *DocumentContainsWords* <br/><br/> exception: *ExceptIfDocumentContainsWords*|`Words`|Messages where an attachment contains the specified words.|
+|Any attachments content matches these text patterns|condition: *DocumentMatchesPatterns* <br/><br/> exception: *ExceptIfDocumentMatchesPatterns*|`Patterns`|Messages where an attachment contains text patterns that match the specified regular expressions.|
### Message Headers
-<br>
-
-****
- |condition or exception in DLP|condition/exception parameters in Microsoft 365 PowerShell|property type|description| |||||
-|Header contains words or phrases|condition: *HeaderContainsWords* <br/> exception: *ExceptIfHeaderContainsWords*|Hash Table|Messages that contain the specified header field, and the value of that header field contains the specified words.|
-|Header matches patterns|condition: *HeaderMatchesPatterns* <br/> exception: *ExceptIfHeaderMatchesPatterns*|Hash Table|Messages that contain the specified header field, and the value of that header field contains the specified regular expressions.|
+|Header contains words or phrases|condition: *HeaderContainsWords* <br/><br/> exception: *ExceptIfHeaderContainsWords*|Hash Table|Messages that contain the specified header field, and the value of that header field contains the specified words.|
+|Header matches patterns|condition: *HeaderMatchesPatterns* <br/><br/> exception: *ExceptIfHeaderMatchesPatterns*|Hash Table|Messages that contain the specified header field, and the value of that header field contains the specified regular expressions.|
### Message properties
-<br>
-
-****
- |condition or exception in DLP|condition/exception parameters in Microsoft 365 PowerShell|property type|description| |||||
-|With importance|condition: *WithImportance* <br/> exception: *ExceptIfWithImportance*|Importance|Messages that are marked with the specified importance level.|
-|Content character set contains words|condition: *ContentCharacterSetContainsWords* <br/> *ExceptIfContentCharacterSetContainsWords*|CharacterSets|Messages that have any of the specified character set names.|
-|Has sender override|condition: *HasSenderOverride* <br/> exception: *ExceptIfHasSenderOverride*|n/a|Messages where the sender has chosen to override a data loss prevention (DLP) policy. For more information about DLP policies see [Learn about data loss prevention](./dlp-learn-about-dlp.md)|
-|Message type matches|condition: *MessageTypeMatches* <br/> exception: *ExceptIfMessageTypeMatches*|MessageType|Messages of the specified type. **Note**: The available message types are Automatic reply, Auto-forward, Encrypted (S/MIME), Calendaring, Permission controlled (rights management), Voicemail, Signed, Read receipt, and Approval request. |
-|The message size is greater than or equal to|condition: *MessageSizeOver* <br/> exception: *ExceptIfMessageSizeOver*|`Size`|Messages where the total size (message plus attachments) is greater than or equal to the specified value. **Note**: Message size limits on mailboxes are evaluated before mail flow rules. A message that's too large for a mailbox will be rejected before a rule with this condition is able to act on the message.|
-|
+|With importance|condition: *WithImportance* <br/><br/> exception: *ExceptIfWithImportance*|Importance|Messages that are marked with the specified importance level.|
+|Content character set contains words|condition: *ContentCharacterSetContainsWords* <br/><br/> *ExceptIfContentCharacterSetContainsWords*|CharacterSets|Messages that have any of the specified character set names.|
+|Has sender override|condition: *HasSenderOverride* <br/><br/> exception: *ExceptIfHasSenderOverride*|n/a|Messages where the sender has chosen to override a data loss prevention (DLP) policy. For more information about DLP policies see [Learn about data loss prevention](./dlp-learn-about-dlp.md)|
+|Message type matches|condition: *MessageTypeMatches* <br/><br/> exception: *ExceptIfMessageTypeMatches*|MessageType|Messages of the specified type. **Note**: The available message types are Automatic reply, Auto-forward, Encrypted (S/MIME), Calendaring, Permission controlled (rights management), Voicemail, Signed, Read receipt, and Approval request. |
+|The message size is greater than or equal to|condition: *MessageSizeOver* <br/><br/> exception: *ExceptIfMessageSizeOver*|`Size`|Messages where the total size (message plus attachments) is greater than or equal to the specified value. **Note**: Message size limits on mailboxes are evaluated before mail flow rules. A message that's too large for a mailbox will be rejected before a rule with this condition is able to act on the message.|
## Actions for DLP policies This table describes the actions that are available in DLP.
-<br>
-
-****
- |action in DLP|action parameters in Microsoft 365 PowerShell|property type|description| |||||
-|Set header|SetHeader|First property: *Header Name* </br> Second property: *Header Value*|The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. This parameter uses the syntax "HeaderName:HeaderValue". You can specify multiple header name and value pairs separated by commas|
-|Remove header|RemoveHeader|First property: *MessageHeaderField*</br> Second property: *String*|The RemoveHeader parameter specifies an action for the DLP rule that removes a header field from the message header. This parameter uses the syntax ΓÇ£HeaderNameΓÇ¥ or "HeaderName:HeaderValue".You can specify multiple header names or header name and value pairs separated by commas|
+|Set header|SetHeader|First property: *Header Name* <br/><br/> Second property: *Header Value*|The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. This parameter uses the syntax "HeaderName:HeaderValue". You can specify multiple header name and value pairs separated by commas|
+|Remove header|RemoveHeader|First property: *MessageHeaderField*<br/><br/> Second property: *String*|The RemoveHeader parameter specifies an action for the DLP rule that removes a header field from the message header. This parameter uses the syntax "HeaderName" or "HeaderName:HeaderValue".You can specify multiple header names or header name and value pairs separated by commas|
|Redirect the message to specific users|*RedirectMessageTo*|Addresses|Redirects the message to the specified recipients. The message isn't delivered to the original recipients, and no notification is sent to the sender or the original recipients.|
-|Forward the message for approval to senderΓÇÖs manager|Moderate|First property: *ModerateMessageByManager*</br> Second property: *Boolean*|The Moderate parameter specifies an action for the DLP rule that sends the email message to a moderator. This parameter uses the syntax: @{ModerateMessageByManager = <$true \|$false>;|
-|Forward the message for approval to specific approvers|Moderate|First property: *ModerateMessageByUser*</br>Second property: *Addresses*|The Moderate parameter specifies an action for the DLP rule that sends the email message to a moderator. This parameter uses the syntax: @{ ModerateMessageByUser = @("emailaddress1","emailaddress2",..."emailaddressN")}|
-|Add recipient|AddRecipients|First property: *Field*</br>Second property: *Addresses*|Adds one or more recipients to the To/Cc/Bcc field of the message. This parameter uses the syntax: @{<AddToRecipients \|CopyTo \|BlindCopyTo> = "emailaddress"}|
-|Add the senderΓÇÖs manager as recipient|AddRecipients|First property: *AddedManagerAction*</br>Second property: *Field*|Adds the sender's manager to the message as the specified recipient type (To, Cc, Bcc), or redirects the message to the sender's manager without notifying the sender or the recipient. This action only works if the sender's Manager attribute is defined in Active Directory. This parameter uses the syntax: @{AddManagerAsRecipientType = "<To \|Cc \|Bcc>"}|
-Prepend subject|PrependSubject|String|Adds the specified text to the beginning of the Subject field of the message. Consider using a space or a colon (:) as the last character of the specified text to differentiate it from the original subject text.</br>To prevent the same string from being added to messages that already contain the text in the subject (for example, replies), add the "The subject contains words" (ExceptIfSubjectContainsWords) exception to the rule.|
-|Apply HTML disclaimer|ApplyHtmlDisclaimer|First property: *Text*</br>Second property: *Location*</br>Third property: *Fallback action*|Applies the specified HTML disclaimer to the required location of the message.</br>This parameter uses the syntax: @{ Text = ΓÇ£ ΓÇ¥ ; Location = <Append \|Prepend>; FallbackAction = <Wrap \|Ignore \|Reject> }|
+|Forward the message for approval to sender's manager|Moderate|First property: *ModerateMessageByManager*<br/><br/> Second property: *Boolean*|The Moderate parameter specifies an action for the DLP rule that sends the email message to a moderator. This parameter uses the syntax: @{ModerateMessageByManager = <$true \|$false>;|
+|Forward the message for approval to specific approvers|Moderate|First property: *ModerateMessageByUser*<br/><br/>Second property: *Addresses*|The Moderate parameter specifies an action for the DLP rule that sends the email message to a moderator. This parameter uses the syntax: @{ ModerateMessageByUser = @("emailaddress1","emailaddress2",..."emailaddressN")}|
+|Add recipient|AddRecipients|First property: *Field*<br/><br/>Second property: *Addresses*|Adds one or more recipients to the To/Cc/Bcc field of the message. This parameter uses the syntax: @{<AddToRecipients \<CopyTo \| BlindCopyTo\> = "emailaddress"}|
+|Add the sender's manager as recipient|AddRecipients|First property: *AddedManagerAction*<br/><br/>Second property: *Field*|Adds the sender's manager to the message as the specified recipient type (To, Cc, Bcc), or redirects the message to the sender's manager without notifying the sender or the recipient. This action only works if the sender's Manager attribute is defined in Active Directory. This parameter uses the syntax: @{AddManagerAsRecipientType = "\<To \| Cc \| Bcc\>"}|
+Prepend subject|PrependSubject|String|Adds the specified text to the beginning of the Subject field of the message. Consider using a space or a colon (:) as the last character of the specified text to differentiate it from the original subject text.<br/><br/>To prevent the same string from being added to messages that already contain the text in the subject (for example, replies), add the "The subject contains words" (ExceptIfSubjectContainsWords) exception to the rule.|
+|Apply HTML disclaimer|ApplyHtmlDisclaimer|First property: *Text*<br/><br/>Second property: *Location*<br/><br/>Third property: *Fallback action*|Applies the specified HTML disclaimer to the required location of the message.<br/><br/>This parameter uses the syntax: @{ Text = " " ; Location = \<Append \| Prepend\>; FallbackAction = \<Wrap \| Ignore \| Reject\> }|
|Remove Office 365 Message Encryption and rights protection|RemoveRMSTemplate|n/a|Removes Office 365 encryption applied on an email|
-|Deliver the message to the hosted quarantine |_Quarantine_|n/a| This action is currently in **public preview**. During this phase, emails quarantined by DLP policies will show policy type as ExchangeTransportRule.</br> Delivers the message to the quarantine in EOP. For more information, see [Quarantined email messages in EOP](/microsoft-365/security/office-365-security/quarantine-email-messages).|
-|
-
-<!--|Modify Subject|ModifySubject|PswsHashTable | Remove text from the subject line that matches a specific pattern and replace it with different text. See the example below. You can: </br>- **Replace** all matches in the subject with the replacement text </br>- **Append** to remove all matches in the subject and inserts the replacement text at the end of the subject. </br>- **Prepend** to remove all matches and inserts the replacement text at the beginning of the subject. See ModifySubject parameter in, /powershell/module/exchange/new-dlpcompliancerule|-->
+|Deliver the message to the hosted quarantine |*Quarantine*|n/a| This action is currently in **public preview**. During this phase, emails quarantined by DLP policies will show policy type as ExchangeTransportRule.<br/><br/> Delivers the message to the quarantine in EOP. For more information, see [Quarantined email messages in EOP](/microsoft-365/security/office-365-security/quarantine-email-messages).|
+<!--|Modify Subject|ModifySubject|PswsHashTable | Remove text from the subject line that matches a specific pattern and replace it with different text. See the example below. You can: <br/><br/>- **Replace** all matches in the subject with the replacement text <br/><br/>- **Append** to remove all matches in the subject and inserts the replacement text at the end of the subject. <br/><br/>- **Prepend** to remove all matches and inserts the replacement text at the beginning of the subject. See ModifySubject parameter in, /powershell/module/exchange/new-dlpcompliancerule|-->
compliance Dlp Migrate Exo Policy To Unified Dlp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-migrate-exo-policy-to-unified-dlp.md
f1.keywords:
Previously updated : Last updated : audience: ITPro f1_keywords: - 'ms.o365.cc.DLPLandingPage' ms.localizationpriority: medium-+ - M365-security-compliance - SPO_Content
+search.appverid:
- MET150 description: "Learn how to plan for and migrate your Exchange online data loss prevention policies into Microsoft 365 DLP."
description: "Learn how to plan for and migrate your Exchange online data loss p
The migration wizard works by reading the configuration of your DLP policies in Exchange and then creating duplicate policies in the Compliance center. By default the wizard creates the new versions of the policies in **Test** mode, so you can see what impact they'd have in your environment without enforcing any of the actions. Once you're ready to fully transition to the Compliance center versions, ***you must***: 1. Deactivate or delete the source policy in the Exchange Admin Center (EAC).
-1. Edit the Compliance center version of the policy and change its status from **Test** to **Enforce**.
+1. Edit the Compliance center version of the policy and change its status from **Test** to **Enforce**.
> [!WARNING] > If you do not delete or deactivate the source policy in the EAC before you set the Compliance center version to **Enforce** both sets of policies will be attempting to enforce actions and you will receive duplicate events. ***This is an unsupported configuration.*** - The migration wizard only migrates EXO policies and associated mail flow rules. Standalone Exchange mail flow rules aren't migrated. ## Migration workflow
-There are four phases to migrating DLP policies from Exchange into the Unified DLP management console in the Compliance center.
+There are four phases to migrating DLP policies from Exchange into the Unified DLP management console in the Compliance center.
1. Prepare for migration 1. Evaluate and compare your Exchange Online (EXO) DLP policies and your Compliance Center DLP policies for duplicate functionality.
There are four phases to migrating DLP policies from Exchange into the Unified D
### Licensing and versions
-Before you get started with migrating DLP policies, you should confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1) and any add-ons.
+Before you get started with migrating DLP policies, you should confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1) and any add-ons.
To access and use the policy migration wizard, you must have one of these subscriptions or add-ons
To access and use the policy migration wizard, you must have one of these subscr
For a detailed list of DLP licensing requirements, see [Microsoft 365 Licensing guidance for security & compliance, data loss prevention](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection) - ### Permissions The account that you use to run the migration wizard must have access to both the Exchange Admin Console DLP page and to the Unified DLP console in the Compliance center.
The account that you use to run the migration wizard must have access to both th
1. [Create, Test, and Tune a DLP policy](create-test-tune-dlp-policy.md) 1. Evaluate your Exchange DLP and Compliance center policies by asking these questions: -
-|Question |Action | Migration procedure|
-||||
-|Is the policy still needed? |If not, delete or deactivate it |don't migrate|
-|Does it overlap with any other Exchange or Compliance center DLP policies? |If yes, can you consolidate the overlapping policies? |- If it overlaps with another Exchange policy, manually create the consolidated DLP policy in the Exchange Admin center, then use the migration wizard. </br> - If it overlaps with an existing Compliance Center policy, you can modify the existing Compliance center policy to match, don't migrate the Exchange version|
-|Is the Exchange DLP policy tightly scoped and does it have well-defined conditions, actions, inclusions, and exclusions? |If yes, it is a good candidate to migrate with the wizard, make note of the policy so that you remember to come back to delete it later | migrate with the wizard|
+|Question|Action|Migration procedure|
+||||
+|Is the policy still needed?|If not, delete or deactivate it|don't migrate|
+|Does it overlap with any other Exchange or Compliance center DLP policies?|If yes, can you consolidate the overlapping policies?|- If it overlaps with another Exchange policy, manually create the consolidated DLP policy in the Exchange Admin center, then use the migration wizard. </br> - If it overlaps with an existing Compliance Center policy, you can modify the existing Compliance center policy to match, don't migrate the Exchange version|
+|Is the Exchange DLP policy tightly scoped and does it have well-defined conditions, actions, inclusions, and exclusions?|If yes, it is a good candidate to migrate with the wizard, make note of the policy so that you remember to come back to delete it later|migrate with the wizard|
## Migration
After you have evaluated all your Exchange and Compliance center DLP policies fo
6. Select the mode you want the new Compliance center policy created in, **Active**, **Test**, or **Disabled**. The default is **Test**. Select **Next**. 7. If desired, you can create more policies that are based on the Exchange DLP policies for other unified DLP locations. This will result in one new unified DLP policy for the migrated Exchange policy and one new unified DLP policy for any other locations that you pick here.
-> [!IMPORTANT]
-> Any Exchange DLP policy conditions and actions that are not supported by other DLP locations, like Devices, SharePoint, OneDrive, On-premises, MCAS or Teams chat and channel messages will be dropped from the additional policy. Also, there is pre-work that must be done for the other locations. See:
->- [Learn about Microsoft 365 Endpoint data loss prevention](endpoint-dlp-learn-about.md#learn-about-microsoft-365-endpoint-data-loss-prevention)
->- [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md#get-started-with-endpoint-data-loss-prevention)
->- [Using Endpoint data loss prevention](endpoint-dlp-using.md#using-endpoint-data-loss-prevention)
->- [Learn about the Microsoft 365 data loss prevention on-premises scanner](dlp-on-premises-scanner-learn.md#learn-about-the-microsoft-365-data-loss-prevention-on-premises-scanner)
->- [Get started with the data loss prevention on-premises scanner](dlp-on-premises-scanner-get-started.md#get-started-with-the-data-loss-prevention-on-premises-scanner)
->- [Use the Microsoft 365 data loss prevention on-premises scanner](dlp-on-premises-scanner-use.md#use-the-microsoft-365-data-loss-prevention-on-premises-scanner)
->- [Use data loss prevention policies for non-Microsoft cloud apps](dlp-use-policies-non-microsoft-cloud-apps.md#use-data-loss-prevention-policies-for-non-microsoft-cloud-apps)
-
+ > [!IMPORTANT]
+ > Any Exchange DLP policy conditions and actions that are not supported by other DLP locations, like Devices, SharePoint, OneDrive, On-premises, MCAS or Teams chat and channel messages will be dropped from the additional policy. Also, there is pre-work that must be done for the other locations. See:
+ >
+ > - [Learn about Microsoft 365 Endpoint data loss prevention](endpoint-dlp-learn-about.md#learn-about-microsoft-365-endpoint-data-loss-prevention)
+ > - [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md#get-started-with-endpoint-data-loss-prevention)
+ > - [Using Endpoint data loss prevention](endpoint-dlp-using.md#using-endpoint-data-loss-prevention)
+ > - [Learn about the Microsoft 365 data loss prevention on-premises scanner](dlp-on-premises-scanner-learn.md#learn-about-the-microsoft-365-data-loss-prevention-on-premises-scanner)
+ > - [Get started with the data loss prevention on-premises scanner](dlp-on-premises-scanner-get-started.md#get-started-with-the-data-loss-prevention-on-premises-scanner)
+ > - [Use the Microsoft 365 data loss prevention on-premises scanner](dlp-on-premises-scanner-use.md#use-the-microsoft-365-data-loss-prevention-on-premises-scanner)
+ > - [Use data loss prevention policies for non-Microsoft cloud apps](dlp-use-policies-non-microsoft-cloud-apps.md#use-data-loss-prevention-policies-for-non-microsoft-cloud-apps)
+ 8. Review the migration wizard session settings. Select **Next**.
-9. Review the migration report. Pay attention to any failures involving Exchange mailflow rules. You can fix them and remigrate the associated policies.
+9. Review the migration report. Pay attention to any failures involving Exchange mail flow rules. You can fix them and remigrate the associated policies.
-The migrated policies will now appear in the list of DLP policies in the Compliance center DLP console.
+The migrated policies will now appear in the list of DLP policies in the Compliance center DLP console.
## Common errors and mitigation
-|Error message |Reason | Mitigation/Recommended steps|
-||||
-|A compliance policy with name `<Name of the policy>` already exists in scenario(s) `Dlp`. |It is likely that this policy migration was done earlier and then reattempted in the same session |Refresh the session to update the list of policies available for migration. All previously migrated policies should be in the `Already migrated` state.|
-|A compliance policy with name `<Name of the policy>` already exists in scenario(s) `Hold`. |A retention policy with the same name exists in the same tenant. |- Rename the DLP policy in EAC to a different name. </br> - Retry the migration for the impacted policy. |
-|`DLP-group@contoso.com` canΓÇÖt be used as a value for the Shared By condition because itΓÇÖs a distribution group or mail-enabled security group. Use Shared by Member of predicate to detect activities by members of certain groups. |Transport rules allow groups to be used in the `sender is` condition but unified DLP does not allow it. | Update the transport rule to remove all group email addresses from the `sender is` condition and add the group to the `sender is a member of` condition if necessary. Retry the migration for the impacted policy|
-|Could not find recipient `DLP-group@contoso.com`. If newly created, retry the operation after sometime. If deleted or expired please reset with valid values and try again. |It is likely that the group address used in `sender is a member of` or `recipient is a member of` condition is expired or invalid. | - Remove/replace all the invalid group email addresses in the transport rule in Exchange admin center. </br> - Retry the migration for the impacted policy.|
-|The value specified in `FromMemberOf` predicate must be mail enabled security group. |Transport rules allow individual users to be used in the `sender is a member of` condition but unified DLP does not allow it. | - Update the transport rule to remove all individual user email addresses from the `sender is a member of` condition and add the users to the `sender is` condition if necessary. </br> - Retry the migration for the impacted policy.|
-|The value specified in `SentToMemberOf` predicate must be mail enabled security group. |Transport rules allow individual users to be used under the `recipient is a member of` condition but unified DLP does not allow it. | - Update the transport rule to remove all individual user email addresses from the `recipient is a member of` condition and add the users to the `recipient is` condition if necessary. </br> - Retry the migration for the impacted policy.|
-|Using the `<Name of condition>` parameter is supported only for Exchange. Either remove this parameter or turn on only Exchange location. | It is likely that another policy with the same name exists in Compliance center with other locations like SPO/ODB/Teams for which the mentioned condition is not supported. | Rename the DLP policy in Exchange admin center and retry the migration.|
+
+|Error message|Reason|Mitigation/Recommended steps|
+||||
+|A compliance policy with name `<Name of the policy>` already exists in scenario(s) `Dlp`.|It is likely that this policy migration was done earlier and then reattempted in the same session|Refresh the session to update the list of policies available for migration. All previously migrated policies should be in the `Already migrated` state.|
+|A compliance policy with name `<Name of the policy>` already exists in scenario(s) `Hold`.|A retention policy with the same name exists in the same tenant.|- Rename the DLP policy in EAC to a different name. </br> - Retry the migration for the impacted policy.|
+|`DLP-group@contoso.com` can't be used as a value for the Shared By condition because it's a distribution group or mail-enabled security group. Use Shared by Member of predicate to detect activities by members of certain groups.|Transport rules allow groups to be used in the `sender is` condition but unified DLP does not allow it.|Update the transport rule to remove all group email addresses from the `sender is` condition and add the group to the `sender is a member of` condition if necessary. Retry the migration for the impacted policy|
+|Could not find recipient `DLP-group@contoso.com`. If newly created, retry the operation after sometime. If deleted or expired please reset with valid values and try again.|It is likely that the group address used in `sender is a member of` or `recipient is a member of` condition is expired or invalid.|- Remove/replace all the invalid group email addresses in the transport rule in Exchange admin center. </br> - Retry the migration for the impacted policy.|
+|The value specified in `FromMemberOf` predicate must be mail enabled security group.|Transport rules allow individual users to be used in the `sender is a member of` condition but unified DLP does not allow it.|- Update the transport rule to remove all individual user email addresses from the `sender is a member of` condition and add the users to the `sender is` condition if necessary. </br> - Retry the migration for the impacted policy.|
+|The value specified in `SentToMemberOf` predicate must be mail enabled security group.|Transport rules allow individual users to be used under the `recipient is a member of` condition but unified DLP does not allow it.|- Update the transport rule to remove all individual user email addresses from the `recipient is a member of` condition and add the users to the `recipient is` condition if necessary. </br> - Retry the migration for the impacted policy.|
+|Using the `<Name of condition>` parameter is supported only for Exchange. Either remove this parameter or turn on only Exchange location.|It is likely that another policy with the same name exists in Compliance center with other locations like SPO/ODB/Teams for which the mentioned condition is not supported.|Rename the DLP policy in Exchange admin center and retry the migration.|
## Testing and validation <!--PRATEEK AND AAKASH TO PROVIDE A LIST OF SUPPORTED PREDICATES AND KNOWN ISSUES BEFORE PUBLISHING-->
To ensure that the migrated policies behave as expected, you can export the repo
1. Connect to [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). 2. Export the [EAC DLP report](/powershell/module/exchange/get-maildetaildlppolicyreport). You can copy this cmdlet and insert the appropriate values:
-```powershell
-Get-MailDetailDlpPolicyReport -StartDate <dd/mm/yyyy -EndDate <dd/mm/yyyy> -PageSize 5000 | select Date, MessageId, DlpPolicy, TransportRule -Unique | Export-CSV <"C:\path\filename.csv">
-```
+ ```powershell
+ Get-MailDetailDlpPolicyReport -StartDate <dd/mm/yyyy -EndDate <dd/mm/yyyy> -PageSize 5000 | select Date, MessageId, DlpPolicy, TransportRule -Unique | Export-CSV <"C:\path\filename.csv">
+ ```
3. Export the [Unified DLP report](/powershell/module/exchange/get-dlpdetailreport). You can copy this cmdlet and insert the appropriate values:
-```powershell
-Get-DlpDetailReport -StartDate <dd/mm/yyyy> -EndDate <dd/mm/yyyy> -PageSize 5000 | select Date, Location, DlpCompliancePolicy, DlpComplianceRule -Unique | Export-CSV <"C:\path\filename.csv">
-```
+ ```powershell
+ Get-DlpDetailReport -StartDate <dd/mm/yyyy> -EndDate <dd/mm/yyyy> -PageSize 5000 | select Date, Location, DlpCompliancePolicy, DlpComplianceRule -Unique | Export-CSV <"C:\path\filename.csv">
+ ```
## Activate your migrated policies
compliance Dlp Policy Design https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-design.md
f1.keywords:
Previously updated : Last updated : audience: ITPro ms.localizationpriority: medium-+ - M365-security-compliance
+search.appverid:
- MET150 description: "Learn how to design a data loss prevention (DLP) policy"
If you are new to Microsoft 365 DLP, it's helpful to work through these articles
- [Learn about data loss prevention](dlp-learn-about-dlp.md#learn-about-data-loss-prevention) - this article introduces you to the data loss prevention discipline and Microsoft's implementation of DLP - [Plan for data loss prevention (DLP)](dlp-overview-plan-for-dlp.md#plan-for-data-loss-prevention-dlp) - by working through this article you will:
- - [Identify stakeholders](dlp-overview-plan-for-dlp.md#identify-stakeholders)
- - [Describe the categories of sensitive information to protect](dlp-overview-plan-for-dlp.md#describe-the-categories-of-sensitive-information-to-protect)
- - [Set goals and strategy](dlp-overview-plan-for-dlp.md#set-goals-and-strategy)
+ - [Identify stakeholders](dlp-overview-plan-for-dlp.md#identify-stakeholders)
+ - [Describe the categories of sensitive information to protect](dlp-overview-plan-for-dlp.md#describe-the-categories-of-sensitive-information-to-protect)
+ - [Set goals and strategy](dlp-overview-plan-for-dlp.md#set-goals-and-strategy)
- [Data Loss Prevention policy reference](dlp-policy-reference.md#data-loss-prevention-policy-reference) - this article introduces all the components of a DLP policy and how each one influences the behavior of a policy ## Policy design overview
-[Designing a policy](#policy-design-process) is mostly about clearly [defining your business needs, documenting them in a policy intent statement](#define-intent-for-the-policy) and then [mapping those needs to policy configuration](#map-business-needs-to-policy-configuration). You'll use the decisions you made in your planning phase to inform some of your policy design decisions.
+[Designing a policy](#policy-design-process) is mostly about clearly [defining your business needs, documenting them in a policy intent statement](#define-intent-for-the-policy) and then [mapping those needs to policy configuration](#map-business-needs-to-policy-configuration). You'll use the decisions you made in your planning phase to inform some of your policy design decisions.
-### Define intent for the policy
+### Define intent for the policy
-You should be able to summarize the business intent for every policy you have in a single statement. Developing this statement will drive conversations in your organization and, when fully fleshed out, this statement directly links the policy to a business purpose and provides a roadmap for policy design. The steps in the [Plan for data loss prevention (DLP)](dlp-overview-plan-for-dlp.md#overview-of-planning-process) article will help you get started on your policy intent statement.
+You should be able to summarize the business intent for every policy you have in a single statement. Developing this statement will drive conversations in your organization and, when fully fleshed out, this statement directly links the policy to a business purpose and provides a roadmap for policy design. The steps in the [Plan for data loss prevention (DLP)](dlp-overview-plan-for-dlp.md#overview-of-planning-process) article will help you get started on your policy intent statement.
Remember from [DLP policy configuration overview](dlp-learn-about-dlp.md#dlp-policy-configuration-overview) that all DLP policies require that you: - Choose what you want to monitor - Choose where you want to monitor - Choose the conditions that must be matched for a policy to be applied to an item-- Choose the action to take when the policy conditions are met
+- Choose the action to take when the policy conditions are met
-For example, here's a fictitious first draft of an intent statement that provides answers to all four questions:
+For example, here's a fictitious first draft of an intent statement that provides answers to all four questions:
-*"We are a U.S. based organization, and we need to detect Office documents that contain sensitive health care information covered by HIPPA that are stored in OneDrive/SharePoint and protect against that information being shared in Teams chat and channel messages and restrict everyone from sharing them with unauthorized third parties".*
+*"We are a U.S. based organization, and we need to detect Office documents that contain sensitive health care information covered by HIPPA that are stored in OneDrive/SharePoint and protect against that information being shared in Teams chat and channel messages and restrict everyone from sharing them with unauthorized third parties".*
As you develop a policy design, you'll likely modify and extend the statement.
As you develop a policy design, you'll likely modify and extend the statement.
Let's break the example draft statement down and map it to DLP policy configuration points.
-|Statement |Configuration question answered and configuration mapping |
-|||
-| "We are a U.S. based organization, and we need to detect Office documents that contain sensitive health care information covered by HIPPA... |- **What to monitor**: Office docs, use the [U.S. Health Insurance Act (HIPAA)](what-the-dlp-policy-templates-include.md#us-health-insurance-act-hipaa) template </br>- **Conditions for a match**: (preconfigured but editable) - item contains U.S. SSN and Drug Enforcement Agency (DEA) number, International Classification of Diseases (ICD-9-CM), International Classification of Diseases (ICD-10-CM), content is shared with people outside my organization </br> - drives conversations to clarify the triggering threshold for detection like [confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels), and [instance count](dlp-policy-reference.md#content-contains) (called leakage tolerance).|
-|...that are stored in OneDrive/SharePoint and protect against that information being shared Teams chat and channel messages... |- **Where to monitor**: [Location scoping](dlp-policy-reference.md#locations) by including or excluding OneDrive and SharePoint sites and Teams chat/channel accounts or distribution groups. |
-|...and restrict everyone from sharing those items with unauthorized third parties." | - **Actions to take**: [You add](dlp-policy-reference.md#actions) *Restrict access or encrypt the content in Microsoft 365 locations* </br> - drives conversation on what actions to take when a policy is triggered including protective actions like sharing restrictions, awareness actions like notifications and alerts, and user empowerment actions like allow user overrides of a blocking action |
+|Statement|Configuration question answered and configuration mapping|
+|||
+|"We are a U.S. based organization, and we need to detect Office documents that contain sensitive health care information covered by HIPPA...|- **What to monitor**: Office docs, use the [U.S. Health Insurance Act (HIPAA)](what-the-dlp-policy-templates-include.md#us-health-insurance-act-hipaa) template </br>- **Conditions for a match**: (preconfigured but editable) - item contains U.S. SSN and Drug Enforcement Agency (DEA) number, International Classification of Diseases (ICD-9-CM), International Classification of Diseases (ICD-10-CM), content is shared with people outside my organization </br> - drives conversations to clarify the triggering threshold for detection like [confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels), and [instance count](dlp-policy-reference.md#content-contains) (called leakage tolerance).|
+|...that are stored in OneDrive/SharePoint and protect against that information being shared Teams chat and channel messages...|- **Where to monitor**: [Location scoping](dlp-policy-reference.md#locations) by including or excluding OneDrive and SharePoint sites and Teams chat/channel accounts or distribution groups.|
+|...and restrict everyone from sharing those items with unauthorized third parties."|- **Actions to take**: [You add](dlp-policy-reference.md#actions) *Restrict access or encrypt the content in Microsoft 365 locations* </br> - drives conversation on what actions to take when a policy is triggered including protective actions like sharing restrictions, awareness actions like notifications and alerts, and user empowerment actions like allow user overrides of a blocking action|
This example doesn't cover all the configuration points of a DLP policy, it would need to be expanded. But it should get you thinking in the right direction as you develop your own DLP policy intent statements.
This example doesn't cover all the configuration points of a DLP policy, it woul
## Policy Design Process
-1. Complete the steps in:
- 1. [Plan for data loss prevention (DLP)](dlp-overview-plan-for-dlp.md#plan-for-data-loss-prevention-dlp) - by working through this article you will:
- 1. [Identify your stakeholders](dlp-overview-plan-for-dlp.md#identify-stakeholders)
- 1. [Describe the categories of sensitive information to protect](dlp-overview-plan-for-dlp.md#describe-the-categories-of-sensitive-information-to-protect)
- 1. [Set goals and strategy](dlp-overview-plan-for-dlp.md#set-goals-and-strategy)
- 1. [Define your policy deployment plan](dlp-overview-plan-for-dlp.md#policy-deployment)
+1. Complete the steps in [Plan for data loss prevention (DLP)](dlp-overview-plan-for-dlp.md#plan-for-data-loss-prevention-dlp) - by working through this article you will:
+ 1. [Identify your stakeholders](dlp-overview-plan-for-dlp.md#identify-stakeholders)
+ 1. [Describe the categories of sensitive information to protect](dlp-overview-plan-for-dlp.md#describe-the-categories-of-sensitive-information-to-protect)
+ 1. [Set goals and strategy](dlp-overview-plan-for-dlp.md#set-goals-and-strategy)
+ 1. [Define your policy deployment plan](dlp-overview-plan-for-dlp.md#policy-deployment)
-1. Familiarize yourself with [Data Loss Prevention policy reference](dlp-policy-reference.md#data-loss-prevention-policy-reference) so that you understand all the components of a DLP policy and how each one influences the behavior of a policy.
+2. Familiarize yourself with [Data Loss Prevention policy reference](dlp-policy-reference.md#data-loss-prevention-policy-reference) so that you understand all the components of a DLP policy and how each one influences the behavior of a policy.
-1. Familiarize yourself with [What the DLP policy templates include](what-the-dlp-policy-templates-include.md#what-the-dlp-policy-templates-include).
+3. Familiarize yourself with [What the DLP policy templates include](what-the-dlp-policy-templates-include.md#what-the-dlp-policy-templates-include).
-1. Develop your policy intent statement with your key stakeholders. Refer to the example earlier in this article.
+4. Develop your policy intent statement with your key stakeholders. Refer to the example earlier in this article.
-1. Determine how this policy fits into your overall DLP policy strategy.
+5. Determine how this policy fits into your overall DLP policy strategy.
-> [!IMPORTANT]
-> Policies can't be renamed once they are created. If you must rename a policy, you will have to create a new one with the desired name and retire the old one. So decide on the naming structure that all your policies will use now.
+ > [!IMPORTANT]
+ > Policies can't be renamed once they are created. If you must rename a policy, you will have to create a new one with the desired name and retire the old one. So decide on the naming structure that all your policies will use now.
6. Map the items in your policy intent statement to configuration options. 7. Decide which policy template you will start from, predefined or custom.
-8. Go through the template and assemble all information required before you create the policy. It's likely that you will find that there are some configuration points that aren't covered in your policy intent statement. That's ok. Go back to your stakeholders to iron out the requirements for any missing configuration points.
+8. Go through the template and assemble all information required before you create the policy. It's likely that you will find that there are some configuration points that aren't covered in your policy intent statement. That's ok. Go back to your stakeholders to iron out the requirements for any missing configuration points.
9. Document the configuration of all the policy settings and review them with your stakeholders. You can re-use your policy intent statement mapping to configuration points, which is now fully fleshed out.
This example doesn't cover all the configuration points of a DLP policy, it woul
<!--## Policy design examples
-|Customer business needs description | approach |
-|||
-|**Contoso Bank** is in a highly regulated industry and has many different types of sensitive items in many different locations. </br> - knows which types of sensitive information are top priority. </br> - must minimize business disruption as policies are rolled out. </br> - has IT resources and can hire experts to help plan, design deploy </br> - has a premier support contract with Microsoft| - Take the time to understand what regulations they must comply with and how they are going to comply. </br> -Take the time to understand the better together value of the Microsoft 365 Information Protection stack </br> - Develop sensitivity labeling scheme for prioritized items and apply </br> - Involve business process owners </br>- Design/code policies, deploy in test mode, train users </br>- repeat|
-|**TailSpin Toys** doesnΓÇÖt know what they have or where it is, and have little to no resource depth. They use Teams, OneDrive for Business and Exchange extensively. |- Start with simple policies on the prioritized locations. </br>- Monitor what gets identified </br>- Apply sensitivity labels accordingly </br>- Refine policies, train users |
-|**Fabrikam** is a small startup and wants to protect its intellectual property, and must move quickly. They are willing to dedicate some resources, but can't afford to hire outside experts. </br>- Sensitive items are all in Microsoft 365 OneDrive for Business/SharePoint </br>- Adoption of OneDrive for Business and SharePoint is slow, employees/shadow IT use DropBox and Google drive to share/store items </br>- Employees value speed of work over data protection discipline </br>- Customer splurged and bought all 18 employees new Windows 10 devices |- Take advantage of the default DLP policy in Teams </br>- Use restricted by default setting for SharePoint items </br>- Deploy policies that prevent external sharing </br>- Deploy policies to prioritized locations </br>- Deploy policies to Windows 10 devices </br>- Block uploads to non-OneDrive for Business cloud storage |
-
+|Customer business needs description|approach|
+|||
+|**Contoso Bank** is in a highly regulated industry and has many different types of sensitive items in many different locations. </br> - knows which types of sensitive information are top priority. </br> - must minimize business disruption as policies are rolled out. </br> - has IT resources and can hire experts to help plan, design deploy </br> - has a premier support contract with Microsoft|- Take the time to understand what regulations they must comply with and how they are going to comply. </br> -Take the time to understand the better together value of the Microsoft 365 Information Protection stack </br> - Develop sensitivity labeling scheme for prioritized items and apply </br> - Involve business process owners </br>- Design/code policies, deploy in test mode, train users </br>- repeat|
+|**TailSpin Toys** doesnΓÇÖt know what they have or where it is, and have little to no resource depth. They use Teams, OneDrive for Business and Exchange extensively.|- Start with simple policies on the prioritized locations. </br>- Monitor what gets identified </br>- Apply sensitivity labels accordingly </br>- Refine policies, train users|
+|**Fabrikam** is a small startup and wants to protect its intellectual property, and must move quickly. They are willing to dedicate some resources, but can't afford to hire outside experts. </br>- Sensitive items are all in Microsoft 365 OneDrive for Business/SharePoint </br>- Adoption of OneDrive for Business and SharePoint is slow, employees/shadow IT use DropBox and Google drive to share/store items </br>- Employees value speed of work over data protection discipline </br>- Customer splurged and bought all 18 employees new Windows 10 devices|- Take advantage of the default DLP policy in Teams </br>- Use restricted by default setting for SharePoint items </br>- Deploy policies that prevent external sharing </br>- Deploy policies to prioritized locations </br>- Deploy policies to Windows 10 devices </br>- Block uploads to non-OneDrive for Business cloud storage|
1. For example: 1. Identify your volume thresholds that your company deems to be low-risk (leakage tolerance), perhaps from unintentional sharing and is an opportunity to educate users and the threshold that is concerning or high-risk for your company that may need immediate attention. - example volume: ΓÇ£Low riskΓÇ¥ for Contoso is 1 credit card number, perhaps it was a personal card that was shared carelessly - example volume: ΓÇ£High riskΓÇ¥ for Contoso is 2 or more credit card numbers. It doesnΓÇÖt feel like a common scenario that an employee would engage in accidentally --
-ΓÇô For each of the sensitive information types listed out, list out **who should have access to that data when itΓÇÖs generated** and **what type of activities should be allowable with that data**
-
+ΓÇô For each of the sensitive information types listed out, list out **who should have access to that data when itΓÇÖs generated** and **what type of activities should be allowable with that data**
<!--(Perhaps this is where we can provide some basic categories, templates, activities and actions that are supported by Microsoft. Some of these items are not discoverable until you are deeper within a policy creation flow. If we provide, we should time stamp it for ΓÇ£last updatedΓÇ¥ or ΓÇ£as of xx/xx/xxxΓÇ¥)
-ΓÇô (Show table with parent-child relationships between categories, templates and sensitive info types that Microsoft supports) Should be gathered from GA Compliance environment-->
+ΓÇô (Show table with parent-child relationships between categories, templates and sensitive info types that Microsoft supports) Should be gathered from GA Compliance environment-->
<!-- - > [!TIP] The more locations you include ensures broader application of the policy and more consistent coverage. If you include locations that are mostly used for internal collaboration, the responsiveness of collaboration may be impacted. - - whether the protective actions you need are supported throught the associated location or if you need to compromise to extend coverage
- - also usefule for identifying the most restrictive actions available
+ - also usefule for identifying the most restrictive actions available
- (we shouldn't mention here that the "content contains" condition is the primary staple for a DLP policy and should be utilized as a starting point for policy creation. The other workload-specific conditions can be ustilized as an extended or granular control of company's DLP policy. Useful for when "too much" data is being restricted and known sensitive data typically falls under certain conditions.) - (We can mention here that their quantitative goal such as "protect X% of data across all locations while maintaining x productivity" can be monitored throught alerts or reports. If protection is too high of working against their established goals, they can come back to policy and tweak their conditions/actions)-- Finally, you should have a union of what, hwo and when to be covered which will easily map to generating a live policy via Microsoft DLP. --
+- Finally, you should have a union of what, hwo and when to be covered which will easily map to generating a live policy via Microsoft DLP.
+-
5. At this stage you should asses how you should start this policy. ***LINK OUT TO DEPLOYING A POLICY COVERED IN THE PLANNING TOPIC TOO*** - Test: your company is very large, conservative or the actions established are pretty restrictive - Test w/ notifications: same as above, but you get to test out investigation cadence or volume
Here are some examples of more detailed policy intent statement to configuration
*We are a national healthcare provider based in the U.S. We need to protect our patientΓÇÖs personal information and prevent it from egressing outside of our companyΓÇÖs borders. We want to limit access to our patientΓÇÖs personal information to only authorized personnel, like our physicians and billing department from our on-premises devices. We've determined that any single instance of any of each information type in any item is not a data risk, but it is a risk when two or more occur in a single item. We have a Microsoft 365 E5 subscription and want to protect all locations and first party apps that are available to us because we canΓÇÖt afford to have any data leaks. If an event occurs or is prevented, we want to alert our compliance admin and educate our end-users where necessary.*
-|Statement |Configuration question answered and configuration mapping |
-|||
-| We are a national healthcare provider based in the U.S. We need to protect our patientΓÇÖs personal information...|- **What to monitor**: All available item types, use the [U.S. Health Insurance Act (HIPAA)](what-the-dlp-policy-templates-include.md#us-health-insurance-act-hipaa) template. </br>- **Conditions for a match**: (preconfigured but editable) - item contains full names, physical addresses, driver's license number, U.S. SSN
-| ...and prevent it from egressing outside of our companyΓÇÖs borders... |- **Actions to take**: Block anyone outside the organization from accessing items, block unintentional sharing by internal users with anyone outside the org.|
-|...We want to limit access to our patientΓÇÖs personal information to only authorized personnel, like our physicians and billing department from our on-premises devices...| - **Actions to take**: - Block access to items, block all activities (upload to cloud, copy to clipboard, copy to USB, copy to network share, access by restricted app, print, copy/move via Bluetooth, copy/move via remote desktop) from Windows devices. </br> - **Where to monitor**: in all Microsoft 365 locations
-| ...We've determined that any single instance of any of each information type in any item is not a data risk, but it is a risk when two or more occur in a single item....| - **Conditions for a match**: (preconfigured but editable) any single item contains more than one of these or any two or more of these: Full Name, U.S. Social Security Number, Drug Enforcement Agency (DEA) number, International Classification of Diseases (ICD-9-CM), International Classification of Diseases (ICD-10-CM), Physical Address, U.S. driver's license number. For example, two instanced of Full Name or one instance of a U.S. Social Security Number along with one instance of Drug Enforcement Agency (DEA) number will trigger a match.
+|Statement|Configuration question answered and configuration mapping|
+|||
+|We are a national healthcare provider based in the U.S. We need to protect our patientΓÇÖs personal information...|- **What to monitor**: All available item types, use the [U.S. Health Insurance Act (HIPAA)](what-the-dlp-policy-templates-include.md#us-health-insurance-act-hipaa) template. </br>- **Conditions for a match**: (preconfigured but editable) - item contains full names, physical addresses, driver's license number, U.S. SSN
+|...and prevent it from egressing outside of our companyΓÇÖs borders...|- **Actions to take**: Block anyone outside the organization from accessing items, block unintentional sharing by internal users with anyone outside the org.|
+|...We want to limit access to our patientΓÇÖs personal information to only authorized personnel, like our physicians and billing department from our on-premises devices...|- **Actions to take**: - Block access to items, block all activities (upload to cloud, copy to clipboard, copy to USB, copy to network share, access by restricted app, print, copy/move via Bluetooth, copy/move via remote desktop) from Windows devices. </br> - **Where to monitor**: in all Microsoft 365 locations
+|...We've determined that any single instance of any of each information type in any item is not a data risk, but it is a risk when two or more occur in a single item....|- **Conditions for a match**: (preconfigured but editable) any single item contains more than one of these or any two or more of these: Full Name, U.S. Social Security Number, Drug Enforcement Agency (DEA) number, International Classification of Diseases (ICD-9-CM), International Classification of Diseases (ICD-10-CM), Physical Address, U.S. driver's license number. For example, two instanced of Full Name or one instance of a U.S. Social Security Number along with one instance of Drug Enforcement Agency (DEA) number will trigger a match.
, content is shared with people outside my organization </br> - drives conversations to clarify the triggering threshold for detection like [confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels), and [instance count](dlp-policy-reference.md#content-contains) (called leakage tolerance).|
-|...that are stored in OneDrive/SharePoint and protect against that information being shared Teams chat and channel messages... |- **Where to monitor**: [Location scoping](dlp-policy-reference.md#locations) by including or excluding OneDrive and SharePoint sites and Teams chat/channel accounts or distribution groups. |
-|...and restrict everyone from sharing those items with unauthorized third parties." | - **Actions to take**: [You add](dlp-policy-reference.md#actions) *Restrict access or encrypt the content in Microsoft 365 locations* </br> - drives conversation on what actions to take when a policy is triggered including protective actions like sharing restrictions, awareness actions like notifications and alerts, and user empowerment actions like allow user overrides of a blocking action |
+|...that are stored in OneDrive/SharePoint and protect against that information being shared Teams chat and channel messages...|- **Where to monitor**: [Location scoping](dlp-policy-reference.md#locations) by including or excluding OneDrive and SharePoint sites and Teams chat/channel accounts or distribution groups.|
+|...and restrict everyone from sharing those items with unauthorized third parties."|- **Actions to take**: [You add](dlp-policy-reference.md#actions) *Restrict access or encrypt the content in Microsoft 365 locations* </br> - drives conversation on what actions to take when a policy is triggered including protective actions like sharing restrictions, awareness actions like notifications and alerts, and user empowerment actions like allow user overrides of a blocking action|
--> - ## See Also - [Learn about data loss prevention](dlp-learn-about-dlp.md#learn-about-data-loss-prevention)
compliance Exchange Online Uses Tls To Secure Email Connections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections.md
The certificate information used by Exchange Online is described in the followin
| Attribute | Value | |:--|:--|
-|Certificate authority root issuer|DigiCert CA ΓÇô 1|
+|Certificate authority root issuer|DigiCert CA - 1|
|Certificate name|mail.protection.outlook.com| |Organization|Microsoft Corporation| |Organization unit|www.digicert.com|
compliance How Smtp Dane Works https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/how-smtp-dane-works.md
description: "Learn how SMTP DNS-based Authentication of Named Entities (DANE) w
# How SMTP DNS-based Authentication of Named Entities (DANE) works
-The SMTP protocol is the main protocol used to transfer messages between mail servers and is, by default, not secure. The Transport Layer Security (TLS) protocol was introduced years ago to support encrypted transmission of messages over SMTP. ItΓÇÖs commonly used opportunistically rather than as a requirement, leaving much email traffic in clear text, vulnerable to interception by nefarious actors. Furthermore, SMTP determines the IP addresses of destination servers through the public DNS infrastructure, which is susceptible to spoofing and Man-in-the-Middle (MITM) attacks. This has led to many new standards being created to increase security for sending and receiving email, one of those is DNS-based Authentication of Named Entities (DANE).
-
-DANE for SMTP [RFC 7672](https://tools.ietf.org/html/rfc7672) uses the presence of a Transport Layer Security Authentication (TLSA) record in a domain's DNS record set to signal a domain and its mail server(s) support DANE. If there is no TLSA record present, DNS resolution for mail flow will work as usual without any DANE checks being attempted. The TLSA record securely signals TLS support and publishes the DANE policy for the domain. So, sending mail servers can successfully authenticate legitimate receiving mail servers using SMTP DANE. This makes it resistant to downgrade and MITM attacks. DANE has direct dependencies on DNSSEC, which works by digitally signing records for DNS lookups using public key cryptography. DNSSEC checks occur on recursive DNS resolvers, the DNS servers that make DNS queries for clients. DNSSEC ensures that DNS records arenΓÇÖt tampered with and are authentic.
+The SMTP protocol is the main protocol used to transfer messages between mail servers and is, by default, not secure. The Transport Layer Security (TLS) protocol was introduced years ago to support encrypted transmission of messages over SMTP. It's commonly used opportunistically rather than as a requirement, leaving much email traffic in clear text, vulnerable to interception by nefarious actors. Furthermore, SMTP determines the IP addresses of destination servers through the public DNS infrastructure, which is susceptible to spoofing and Man-in-the-Middle (MITM) attacks. This has led to many new standards being created to increase security for sending and receiving email, one of those is DNS-based Authentication of Named Entities (DANE).
-Once the MX, A/AAAA and DNSSEC-related resource records for a domain are returned to the DNS recursive resolver as DNSSEC authentic, the sending mail server will ask for the TLSA record corresponding to the MX host entry or entries. If the TLSA record is present and proven authentic using another DNSSEC check, the DNS recursive resolver will return the TLSA record to the sending mail server.
+DANE for SMTP [RFC 7672](https://tools.ietf.org/html/rfc7672) uses the presence of a Transport Layer Security Authentication (TLSA) record in a domain's DNS record set to signal a domain and its mail server(s) support DANE. If there is no TLSA record present, DNS resolution for mail flow will work as usual without any DANE checks being attempted. The TLSA record securely signals TLS support and publishes the DANE policy for the domain. So, sending mail servers can successfully authenticate legitimate receiving mail servers using SMTP DANE. This makes it resistant to downgrade and MITM attacks. DANE has direct dependencies on DNSSEC, which works by digitally signing records for DNS lookups using public key cryptography. DNSSEC checks occur on recursive DNS resolvers, the DNS servers that make DNS queries for clients. DNSSEC ensures that DNS records aren't tampered with and are authentic.
-After receiving the authentic TLSA record, the sending mail server establishes an SMTP connection to the MX host associated with the authentic TLSA record. The sending mail server will try to set up TLS and compare the server's TLS certificate with the data in the TLSA record to validate that the destination mail server connected to the sender is the legitimate receiving mail server. The message will be transmitted (using TLS) if authentication succeeds. When authentication fails or if TLS isnΓÇÖt supported by the destination server, Exchange Online will retry the entire validation process beginning with a DNS query for the same destination domain again after 15 minutes, then 15 minutes after that, then every hour for the next 24 hours. If authentication continues to fail after 24 hours of retrying, the message will expire and an NDR with error details will be generated and sent to the sender.
+Once the MX, A/AAAA and DNSSEC-related resource records for a domain are returned to the DNS recursive resolver as DNSSEC authentic, the sending mail server will ask for the TLSA record corresponding to the MX host entry or entries. If the TLSA record is present and proven authentic using another DNSSEC check, the DNS recursive resolver will return the TLSA record to the sending mail server.
+
+After receiving the authentic TLSA record, the sending mail server establishes an SMTP connection to the MX host associated with the authentic TLSA record. The sending mail server will try to set up TLS and compare the server's TLS certificate with the data in the TLSA record to validate that the destination mail server connected to the sender is the legitimate receiving mail server. The message will be transmitted (using TLS) if authentication succeeds. When authentication fails or if TLS isn't supported by the destination server, Exchange Online will retry the entire validation process beginning with a DNS query for the same destination domain again after 15 minutes, then 15 minutes after that, then every hour for the next 24 hours. If authentication continues to fail after 24 hours of retrying, the message will expire and an NDR with error details will be generated and sent to the sender.
## What are the components of DANE? ### TLSA Resource Record
-The TLS Authentication (TLSA) record is used to associate a serverΓÇÖs X.509 certificate or public key value with the domain name that contains the record. TLSA records can only be trusted if DNSSEC is enabled on your domain. If youΓÇÖre using a DNS provider to host your domain, this may be a setting offered when configuring a domain with them. To learn more about DNSSEC zone signing, visit this link: [Overview of DNSSEC | Microsoft Docs](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj200221(v=ws.11)).
-
+The TLS Authentication (TLSA) record is used to associate a server's X.509 certificate or public key value with the domain name that contains the record. TLSA records can only be trusted if DNSSEC is enabled on your domain. If you're using a DNS provider to host your domain, this may be a setting offered when configuring a domain with them. To learn more about DNSSEC zone signing, visit this link: [Overview of DNSSEC | Microsoft Docs](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj200221(v=ws.11)).
+ Example TLSA record:
-
+ :::image type="content" source="../media/compliance-trial/example-TLSA-record.png" alt-text="Example TLSA record" lightbox="../media/compliance-trial/example-TLSA-record.png":::
-There are four configurable fields unique to the TLSA record type:
+There are four configurable fields unique to the TLSA record type:
-**Certificate Usage Field**: Specifies how the sending email server should verify the destination email serverΓÇÖs certificate.
+**Certificate Usage Field**: Specifies how the sending email server should verify the destination email server's certificate.
-|Value |Acronym |Description |
-||||
-|0<sup>1</sup> |PKIX-TA |Certificate used is the trust-anchor Public CA from the X.509 trust-chain. |
-|1<sup>1</sup> |PKIX-EE |Certificate checked is the destination server; DNSSEC checks must verify its authenticity. |
-|2 |DANE-TA |Use serverΓÇÖs private key from the X.509 tree that must be validated by a trust anchor in the chain of trust. The TLSA record specifies the trust anchor to be used for validating the TLS certificates for the domain. |
-|3 |DANE-EE |Only match against the destination serverΓÇÖs certificate. |
+|Value|Acronym|Description|
+||||
+|0<sup>1</sup>|PKIX-TA|Certificate used is the trust-anchor Public CA from the X.509 trust-chain.|
+|1<sup>1</sup>|PKIX-EE|Certificate checked is the destination server; DNSSEC checks must verify its authenticity.|
+|2|DANE-TA|Use server's private key from the X.509 tree that must be validated by a trust anchor in the chain of trust. The TLSA record specifies the trust anchor to be used for validating the TLS certificates for the domain.|
+|3|DANE-EE|Only match against the destination server's certificate.|
-<sup>1</sup> Exchange Online follows RFC implementation guidance that Certificate Usage Field values of 0 or 1 shouldnΓÇÖt be used when DANE is implemented with SMTP. When a TLSA record that has a Certificate Usage field value of 0 or 1 is returned to Exchange Online, Exchange Online will treat it as not usable. If all TLSA records are found unusable, Exchange Online wonΓÇÖt perform the DANE validation steps for 0 or 1 when sending the email. Instead, because of the presence of a TLSA record, Exchange Online will enforce the use of TLS for sending the email, sending the email if the destination email server supports TLS or dropping the email and generating an NDR if the destination email server doesnΓÇÖt support TLS.
+<sup>1</sup> Exchange Online follows RFC implementation guidance that Certificate Usage Field values of 0 or 1 shouldn't be used when DANE is implemented with SMTP. When a TLSA record that has a Certificate Usage field value of 0 or 1 is returned to Exchange Online, Exchange Online will treat it as not usable. If all TLSA records are found unusable, Exchange Online won't perform the DANE validation steps for 0 or 1 when sending the email. Instead, because of the presence of a TLSA record, Exchange Online will enforce the use of TLS for sending the email, sending the email if the destination email server supports TLS or dropping the email and generating an NDR if the destination email server doesn't support TLS.
-In the example TLSA record, the Certificate Usage Field is set to ‘3’, so the Certificate Association Data (‘abc123…xyz789’) would be matched against the destination server’s certificate only.
+In the example TLSA record, the Certificate Usage Field is set to '3', so the Certificate Association Data ('abc123...xyz789') would be matched against the destination server's certificate only.
-**Selector field**: Indicates which parts of the destination serverΓÇÖs certificate should be checked.
+**Selector field**: Indicates which parts of the destination server's certificate should be checked.
-|Value |Acronym |Description |
-||||
-|0 |Cert |Use full certificate. |
-|1 |SPKI (Subject Public Key Info) |Use certificateΓÇÖs public key and the algorithm with which the public key is identified to use. |
+|Value|Acronym|Description|
+||||
+|0|Cert|Use full certificate.|
+|1|SPKI (Subject Public Key Info)|Use certificate's public key and the algorithm with which the public key is identified to use.|
-In the example TLSA record, the Selector Field is set to ΓÇÿ1ΓÇÖ so the Certificate Association Data would be matched using the destination server certificateΓÇÖs public key and the algorithm with which the public key is identified to use.
+In the example TLSA record, the Selector Field is set to '1' so the Certificate Association Data would be matched using the destination server certificate's public key and the algorithm with which the public key is identified to use.
-**Matching Type Field**: Indicates the format the certificate will be represented in the TLSA record.
+**Matching Type Field**: Indicates the format the certificate will be represented in the TLSA record.
-|Value |Acronym |Description |
-||||
-|0 |Full |The data in the TSLA record is the full certificate or SPKI. |
-|1 |SHA-256 |The data in the TSLA record is a SHA-256 hash of either the certificate or the SPKI. |
-|2 |SHA-512 |The data in the TSLA record is a SHA-512 hash of either the certificate or the SPKI. |
+|Value|Acronym|Description|
+||||
+|0|Full|The data in the TSLA record is the full certificate or SPKI.|
+|1|SHA-256|The data in the TSLA record is a SHA-256 hash of either the certificate or the SPKI.|
+|2|SHA-512|The data in the TSLA record is a SHA-512 hash of either the certificate or the SPKI.|
-In the example TLSA record, the Matching Type Field is set to ΓÇÿ1ΓÇÖ so the Certificate Association Data is a SHA-256 hash of the Subject Public Key Info from the destination server certificate
+In the example TLSA record, the Matching Type Field is set to '1' so the Certificate Association Data is a SHA-256 hash of the Subject Public Key Info from the destination server certificate
**Certificate Association Data**: Specifies the certificate data that is used for matching against the destination server certificate. This data depends on the Selector Field value and the Matching Type Value.
-In the example TLSA record, the Certificate Association data is set to ‘abc123…xyz789’. Since the Selector Field value in the example is set to '1’, it would reference the destination server certificate’s public key and the algorithm that is identified to be used with it. And since the Matching Type field value in the example is set to ‘1’, it would reference the SHA-256 hash of the Subject Public Key Info from the destination server certificate.
+In the example TLSA record, the Certificate Association data is set to 'abc123..xyz789'. Since the Selector Field value in the example is set to '1', it would reference the destination server certificate's public key and the algorithm that is identified to be used with it. And since the Matching Type field value in the example is set to '1', it would reference the SHA-256 hash of the Subject Public Key Info from the destination server certificate.
## How can Exchange Online customers use SMTP DANE Outbound?
-As an Exchange Online customer, there isn't anything you need to do to configure this enhanced email security for your outbound email. This is something we have built for you and it is on by default for all Exchange Online customers and is used when the destination domain advertises support for DANE. To reap the benefits of sending email with DNSSEC and DANE checks, communicate to your business partners with whom you exchange email that they need to implement DNSSEC and DANE so they can receive email using these standards.
+As an Exchange Online customer, there isn't anything you need to do to configure this enhanced email security for your outbound email. This is something we have built for you and it is on by default for all Exchange Online customers and is used when the destination domain advertises support for DANE. To reap the benefits of sending email with DNSSEC and DANE checks, communicate to your business partners with whom you exchange email that they need to implement DNSSEC and DANE so they can receive email using these standards.
## How can Exchange Online customers use SMTP DANE inbound?
-Currently, inbound SMTP DANE isnΓÇÖt supported for Exchange Online. Support is anticipated to be released at the end of 2022.
+Currently, inbound SMTP DANE isn't supported for Exchange Online. Support is anticipated to be released at the end of 2022.
## What is the recommended TLSA record configuration?
-Per RFC implementation guidance for SMTP DANE, a TLSA record composed of the Certificate Usage field set to 3, the Selector field set to 1, and the Matching Type field set to 1 is recommended.
+Per RFC implementation guidance for SMTP DANE, a TLSA record composed of the Certificate Usage field set to 3, the Selector field set to 1, and the Matching Type field set to 1 is recommended.
-## Exchange Online Mail Flow with SMTP DANE
+## Exchange Online Mail Flow with SMTP DANE
-The mail flow process for Exchange Online with SMTP DANE, shown in the flow chart below, validates domain and resource record security through DNSSEC, TLS support on the destination mail server, and that the destination mail serverΓÇÖs certificate matches what is expected based on its associated TLSA record.
+The mail flow process for Exchange Online with SMTP DANE, shown in the flow chart below, validates domain and resource record security through DNSSEC, TLS support on the destination mail server, and that the destination mail server's certificate matches what is expected based on its associated TLSA record.
There are only two scenarios where an SMTP DANE failure will result in the email being blocked: -- The destination domain signaled DNSSEC support but one or more records were returned as inauthentic.
+- The destination domain signaled DNSSEC support but one or more records were returned as inauthentic.
-- All MX records for the destination domain have TLSA records and none of the destination serverΓÇÖs certificates match what was expected per the TSLA record data, or a TLS connection isnΓÇÖt supported by the destination server.
+- All MX records for the destination domain have TLSA records and none of the destination server's certificates match what was expected per the TSLA record data, or a TLS connection isn't supported by the destination server.
:::image type="content" source="../media/compliance-trial/mail-flow-smtp-dane.png" alt-text="Exchange online mail flow with SMTP DANE" lightbox="../media/compliance-trial/mail-flow-smtp-dane.png":::
-## Related Technologies
+## Related Technologies
-|Technology |Additional Information |
-|||
-|**Mail Transfer Agent ΓÇô Strict Transport Security (MTA-STS)** helps thwart downgrade and Man-in-the-Middle attacks by providing a mechanism for setting domain policies that specify whether the destination email server supports TLS and what to do when TLS canΓÇÖt be negotiated, for example stop the transmission. |More information about Exchange OnlineΓÇÖs upcoming support for inbound and outbound MTA-STS will be published later this year. [Exchange Online Transport News from Microsoft Ignite 2020 - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-transport-news-from-microsoft-ignite-2020/ba-p/1687699)<br /><br />[rfc8461 (ietf.org)](https://datatracker.ietf.org/doc/html/rfc8461) |
-|**Sender Policy Framework (SPF)** uses IP information to ensure that destination email systems trust messages sent from your custom domain. | [How Sender Policy Framework (SPF) prevents spoofing - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing) |
-|**DomainKeys Identified Mail (DKIM)** uses X.509 certificate information to ensure that destination email systems trust messages sent outbound from your custom domain. | [How to use DKIM for email in your custom domain - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email) |
-|**Domain-based Message Authentication, Reporting, and Conformance (DMARC)** works with Sender Policy Framework and DomainKeys Identified Mail to authenticate mail senders and ensure that destination email systems trust messages sent from your domain. | [Use DMARC to validate email, setup steps - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email) |
+|Technology|Additional Information|
+|||
+|**Mail Transfer Agent - Strict Transport Security (MTA-STS)** helps thwart downgrade and Man-in-the-Middle attacks by providing a mechanism for setting domain policies that specify whether the destination email server supports TLS and what to do when TLS can't be negotiated, for example stop the transmission.|More information about Exchange Online's upcoming support for inbound and outbound MTA-STS will be published later this year. <br/><br/> [Exchange Online Transport News from Microsoft Ignite 2020 - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-transport-news-from-microsoft-ignite-2020/ba-p/1687699) <br/><br/> [rfc8461 (ietf.org)](https://datatracker.ietf.org/doc/html/rfc8461)|
+|**Sender Policy Framework (SPF)** uses IP information to ensure that destination email systems trust messages sent from your custom domain.|[How Sender Policy Framework (SPF) prevents spoofing - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing)|
+|**DomainKeys Identified Mail (DKIM)** uses X.509 certificate information to ensure that destination email systems trust messages sent outbound from your custom domain.|[How to use DKIM for email in your custom domain - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email)|
+|**Domain-based Message Authentication, Reporting, and Conformance (DMARC)** works with Sender Policy Framework and DomainKeys Identified Mail to authenticate mail senders and ensure that destination email systems trust messages sent from your domain.|[Use DMARC to validate email, setup steps - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email)|
## Troubleshooting Sending Emails with SMTP DANE Currently, there are four error codes for DANE when sending emails with Exchange Online. Microsoft is actively updating this error code list. The errors will be visible in:
-1. The Exchange Admin Center portal through the Message Trace Details view.
-2. NDRs generated when a message isnΓÇÖt sent due to a DANE or DNSSEC failure.
-3. Remote Connectivity Analyzer tool [Microsoft Remote Connectivity Analyzer](https://testconnectivity.microsoft.com/tests/o365).
-|NDR Code |Description |
-|||
-|5.7.321 |starttls-not-supported: Destination mail server must support TLS to receive mail. |
-|5.7.322 |certificate-expired: Destination mail server's certificate is expired. |
-|5.7.323 |tlsa-invalid: The domain failed DANE validation. |
-|5.7.324 |dnssec-invalid: Destination domain returned invalid DNSSEC records. |
+1. The Exchange Admin Center portal through the Message Trace Details view.
+2. NDRs generated when a message isn't sent due to a DANE or DNSSEC failure.
+3. Remote Connectivity Analyzer tool [Microsoft Remote Connectivity Analyzer](https://testconnectivity.microsoft.com/tests/o365).
+
+|NDR Code|Description|
+|||
+|5.7.321|starttls-not-supported: Destination mail server must support TLS to receive mail.|
+|5.7.322|certificate-expired: Destination mail server's certificate is expired.|
+|5.7.323|tlsa-invalid: The domain failed DANE validation.|
+|5.7.324|dnssec-invalid: Destination domain returned invalid DNSSEC records.|
### Troubleshooting 5.7.321 starttls-not-supported This usually indicates an issue with the destination mail server. After receiving the message:
-1. Check that the destination email address was entered correctly.
-2. Alert the destination email administrator that you received this error code so they can determine if the destination server is configured correctly to receive messages using TLS.
-3. Retry sending the email and review the Message Trace Details for the message in the Exchange Admin Center portal.
+
+1. Check that the destination email address was entered correctly.
+2. Alert the destination email administrator that you received this error code so they can determine if the destination server is configured correctly to receive messages using TLS.
+3. Retry sending the email and review the Message Trace Details for the message in the Exchange Admin Center portal.
### Troubleshooting 5.7.322 certificate-expired A valid X.509 certificate that hasn't expired must be presented to the sending email server. X.509 certificates must be renewed after their expiration, commonly annually. After receiving the message:
-1. Alert the destination email administrator that you received this error code and provide the error code string.
-2. Allow time for the destination server certificate to be renewed and the TLSA record to be updated to reference the new certificate. Then, retry sending the email and review the Message Trace Details for the message in the Exchange Admin Center portal.
+1. Alert the destination email administrator that you received this error code and provide the error code string.
+2. Allow time for the destination server certificate to be renewed and the TLSA record to be updated to reference the new certificate. Then, retry sending the email and review the Message Trace Details for the message in the Exchange Admin Center portal.
### Troubleshooting 5.7.323 tlsa-invalid This error code is related to a TLSA record misconfiguration and can only be generated after a DNSSEC-authentic TLSA record has been returned. There are many scenarios during the DANE validation that occur after the record has been returned that can result in the code being generated. Microsoft is actively working on the scenarios that are covered by this error code, so that each scenario has a specific code. Currently, one or more of these scenarios could cause the generation of the error code:
-1. The destination mail server's certificate doesnΓÇÖt match with what is expected per the authentic TLSA record.
-2. Authentic TLSA record is misconfigured.
-3. The destination domain is being attacked.
-4. Any other DANE failure.
+1. The destination mail server's certificate doesn't match with what is expected per the authentic TLSA record.
+2. Authentic TLSA record is misconfigured.
+3. The destination domain is being attacked.
+4. Any other DANE failure.
After receiving the message:
After receiving the message:
### Troubleshooting 5.7.324 dnssec-invalid
-This error code is generated when the destination domain indicated it was DNSSEC-authentic but Exchange Online wasnΓÇÖt able to verify it as DNSSEC-authentic.
+This error code is generated when the destination domain indicated it was DNSSEC-authentic but Exchange Online wasn't able to verify it as DNSSEC-authentic.
After receiving the message: 1. Alert the destination email administrator that you received this error code and provide them the error code string.
-2. Allow time for the destination email admin to review their domainΓÇÖs DNSSEC configuration. Then, retry sending the email and review the Message Trace Details for the message in the Exchange Admin Center portal.
+2. Allow time for the destination email admin to review their domain's DNSSEC configuration. Then, retry sending the email and review the Message Trace Details for the message in the Exchange Admin Center portal.
## Troubleshooting Receiving Emails with SMTP DANE
-Currently, there are two methods an admin of a receiving domain can use to validate and troubleshoot their DNSSEC and DANE configuration to receive email from Exchange Online using these standards.
+Currently, there are two methods an admin of a receiving domain can use to validate and troubleshoot their DNSSEC and DANE configuration to receive email from Exchange Online using these standards.
-1. Adopt SMTP TLS-RPT (Transport Layer Security Reporting) introduced in [RFC8460](https://datatracker.ietf.org/doc/html/rfc8460)
+1. Adopt SMTP TLS-RPT (Transport Layer Security Reporting) introduced in [RFC8460](https://datatracker.ietf.org/doc/html/rfc8460)
2. Use the Remote Connectivity Analyzer tool [Microsoft Remote Connectivity Analyzer](https://testconnectivity.microsoft.com/tests/o365)
-TLS-RPT [https://datatracker.ietf.org/doc/html/rfc8460](https://datatracker.ietf.org/doc/html/rfc8460) is a reporting mechanism for senders to provide details to destination domain administrators about DANE and MTA-STS successes and failures with those respective destination domains. To receive TLS-RPT reports, you only need to add a TXT record in your domain's DNS records that includes the email address or URI you would like the reports to be sent to. Exchange Online will send TLS-RPT reports in JSON format.
+TLS-RPT [https://datatracker.ietf.org/doc/html/rfc8460](https://datatracker.ietf.org/doc/html/rfc8460) is a reporting mechanism for senders to provide details to destination domain administrators about DANE and MTA-STS successes and failures with those respective destination domains. To receive TLS-RPT reports, you only need to add a TXT record in your domain's DNS records that includes the email address or URI you would like the reports to be sent to. Exchange Online will send TLS-RPT reports in JSON format.
Example record: :::image type="content" source="../media/compliance-trial/example-record.png" alt-text="Example record" lightbox="../media/compliance-trial/example-record.png":::
-The second method is to use the Remote Connectivity Analyzer [Microsoft Remote Connectivity Analyzer](https://testconnectivity.microsoft.com/tests/o365), which can do the same DNSSEC and DANE checks against your DNS configuration that Exchange Online will do when sending email outside the service. This is the most direct way of troubleshooting errors in your configuration to receive email from Exchange Online using these standards.
+The second method is to use the Remote Connectivity Analyzer [Microsoft Remote Connectivity Analyzer](https://testconnectivity.microsoft.com/tests/o365), which can do the same DNSSEC and DANE checks against your DNS configuration that Exchange Online will do when sending email outside the service. This is the most direct way of troubleshooting errors in your configuration to receive email from Exchange Online using these standards.
When troubleshooting, the below error codes may be generated:
-|NDR Code |Description |
-|||
-|4/5.7.321 |starttls-not-supported: Destination mail server must support TLS to receive mail. |
-|4/5.7.322 |certificate-expired: Destination mail server's certificate has expired. |
-|4/5.7.323 |tlsa-invalid: The domain failed DANE validation. |
-|4/5.7.324 |dnssec-invalid: Destination domain returned invalid DNSSEC records. |
+|NDR Code|Description|
+|||
+|4/5.7.321|starttls-not-supported: Destination mail server must support TLS to receive mail.|
+|4/5.7.322|certificate-expired: Destination mail server's certificate has expired.|
+|4/5.7.323|tlsa-invalid: The domain failed DANE validation.|
+|4/5.7.324|dnssec-invalid: Destination domain returned invalid DNSSEC records.|
### Troubleshooting 5.7.321 starttls-not-supported > [!NOTE] > These steps are for email administrators troubleshooting receiving email from Exchange Online using SMTP DANE.
-This usually indicates an issue with the destination mail server. The mail server that the Remote Connectivity Analyzer is testing connecting with. There are generally two scenarios that generate this code:
+This usually indicates an issue with the destination mail server. The mail server that the Remote Connectivity Analyzer is testing connecting with. There are generally two scenarios that generate this code:
+
+1. The destination mail server doesn't support secure communication at all, and plain, non-encrypted communication must be used.
+2. The destination server is configured improperly and ignores the STARTTLS command.
-1. The destination mail server doesnΓÇÖt support secure communication at all, and plain, non-encrypted communication must be used.
-2. The destination server is configured improperly and ignores the STARTTLS command.
-
After receiving the message: 1. Check the email address. 2. Locate the IP address that is associated with the error statement so you can identify the mail server the statement is associated with.
-3. Check your mail serverΓÇÖs setting to make sure itΓÇÖs configured to listen for SMTP traffic (commonly ports 25 and 587).
+3. Check your mail server's setting to make sure it's configured to listen for SMTP traffic (commonly ports 25 and 587).
4. Wait a few minutes, then retry the test with the Remote Connectivity Analyzer tool. 5. If it still fails, then try removing the TLSA record and run the test with the Remote Connectivity Analyzer tool again.
-6. If there are no failures, this may indicate the mail server youΓÇÖre using to receive mail doesnΓÇÖt support STARTTLS and you may need to upgrade to one that does in order to use DANE.
+6. If there are no failures, this may indicate the mail server you're using to receive mail doesn't support STARTTLS and you may need to upgrade to one that does in order to use DANE.
### Troubleshooting 5.7.322 certificate-expired > [!NOTE] > These steps are for email administrators troubleshooting receiving email from Exchange Online using SMTP DANE.
-A valid X.509 certificate that hasnΓÇÖt expired must be presented to the sending email server. X.509 certificates must be renewed after their expiration, commonly annually. After receiving the message:
+A valid X.509 certificate that hasn't expired must be presented to the sending email server. X.509 certificates must be renewed after their expiration, commonly annually. After receiving the message:
-1. Check the IP that is associated with the error statement, so you can identify the mail server itΓÇÖs associated with. Locate the expired certificate on the email server you identified.
+1. Check the IP that is associated with the error statement, so you can identify the mail server it's associated with. Locate the expired certificate on the email server you identified.
2. Log in to your certificate provider's website. 3. Select the expired certificate and follow the instructions to renew and to pay for the renewal. 4. After your provider has verified the purchase, you may download a new certificate. 5. Install the renewed certificate into its associated mail server.
-6. Update the mail serverΓÇÖs associated TLSA record with the new certificateΓÇÖs data.
+6. Update the mail server's associated TLSA record with the new certificate's data.
7. After waiting an appropriate amount of time, retry the test with the Remote Connectivity Analyzer tool. ### Troubleshooting 5.7.323 tlsa-invalid
A valid X.509 certificate that hasnΓÇÖt expired must be presented to the sending
This error code is related to a TLSA record misconfiguration and can only be generated after a DNSSEC-authentic TSLA record has been returned. But, there are many scenarios during the DANE validation that occur after the record has been returned that can result in the code being generated. Microsoft is actively working on the scenarios that are covered by this error code, so that each scenario has a specific code. Currently, one or more of these scenarios could cause the generation of the error code: 1. Authentic TLSA record is misconfigured.
-2. The certificate isnΓÇÖt yet time valid/configured for a future time window.
+2. The certificate isn't yet time valid/configured for a future time window.
3. Destination domain is being attacked. 4. Any other DANE failure. After receiving the message:
-1. Check the IP that is associated with the error statement to identify the mail server itΓÇÖs associated with.
-2. Identify the TLSA record that is associated with the identified mail server.
-3. Verify the configuration of the TLSA record to ensure that it signals the sender to perform the preferred DANE checks and that the correct certificate data has been included in the TLSA record.
- 1. If you have to make any updates to the record for discrepancies, then wait a few minutes then rerun the test with the Remote Connectivity Analyzer tool.
+1. Check the IP that is associated with the error statement to identify the mail server it's associated with.
+2. Identify the TLSA record that is associated with the identified mail server.
+3. Verify the configuration of the TLSA record to ensure that it signals the sender to perform the preferred DANE checks and that the correct certificate data has been included in the TLSA record.
+ 1. If you have to make any updates to the record for discrepancies, then wait a few minutes then rerun the test with the Remote Connectivity Analyzer tool.
4. Locate the certificate on the identified mail server.
-5. Check the time window for which the certificate is valid. If itΓÇÖs set to start validity at a future date, it needs to be renewed for the current date.
+5. Check the time window for which the certificate is valid. If it's set to start validity at a future date, it needs to be renewed for the current date.
1. Log in to your certificate provider's website. 2. Select the expired certificate and follow the instructions to renew and to pay for the renewal. 3. After your provider has verified the purchase, you may download a new certificate.
After receiving the message:
> [!NOTE] > These steps are for email administrators troubleshooting receiving email from Exchange Online using SMTP DANE.
-This error code is generated when the destination domain indicated itΓÇÖs DNSSEC-authentic but Exchange Online isnΓÇÖt able to verify it as DNSSEC-authentic. This section wonΓÇÖt be comprehensive for troubleshooting DNSSEC issues and focuses on scenarios where domains previously passed DNSSEC authentication but not now.
+This error code is generated when the destination domain indicated it's DNSSEC-authentic but Exchange Online isn't able to verify it as DNSSEC-authentic. This section won't be comprehensive for troubleshooting DNSSEC issues and focuses on scenarios where domains previously passed DNSSEC authentication but not now.
After receiving the message:
-1. If youΓÇÖre using a DNS provider, for example GoDaddy, alert your DNS provider of the error so they can work on the troubleshooting and configuration change.
-2. If youΓÇÖre managing your own DNSSEC infrastructure, there are many DNSSEC misconfigurations that may generate this error message. Some common problems to check for if your zone was previously passing DNSSEC authentication:
- 1. Broken trust chain, when the parent zone holds a set of DS records that point to something that doesnΓÇÖt exist in the child zone. This results in the child zone being marked as bogus by validating resolvers.
- - Resolve by reviewing the child domains RRSIG key IDs and ensuring that they match with the key IDs in the DS records published in the parent zone.
- 2. RRSIG resource record for the domain isnΓÇÖt time valid, it has either expired or its validity period hasnΓÇÖt begun.
- - Resolve by generating new signatures for the domain using valid timespans.
+1. If you're using a DNS provider, for example GoDaddy, alert your DNS provider of the error so they can work on the troubleshooting and configuration change.
+2. If you're managing your own DNSSEC infrastructure, there are many DNSSEC misconfigurations that may generate this error message. Some common problems to check for if your zone was previously passing DNSSEC authentication:
+ 1. Broken trust chain, when the parent zone holds a set of DS records that point to something that doesn't exist in the child zone. This results in the child zone being marked as bogus by validating resolvers.
+ - Resolve by reviewing the child domains RRSIG key IDs and ensuring that they match with the key IDs in the DS records published in the parent zone.
+ 2. RRSIG resource record for the domain isn't time valid, it has either expired or its validity period hasn't begun.
+ - Resolve by generating new signatures for the domain using valid timespans.
## Frequently Asked Questions ### As an Exchange Online customer, can I opt out of using DNSSEC and/or DANE?
-We strongly believe DNSSEC and DANE will significantly increase the security position of our service and benefit all of our customers. WeΓÇÖve worked diligently over the last year to reduce the risk and severity of the potential impact this deployment might have for M365 customers. WeΓÇÖll be actively monitoring and tracking the deployment to ensure negative impact is minimized as it rolls out. Because of this, tenant-level exceptions or opt-out wonΓÇÖt be available.
-If you experience any issues related to the enablement of DNSSEC and/or DANE, the different methods for investigating failures noted in this document will help you identify the source of the error. In most cases, the issue will be with the external destination party and youΓÇÖll need to communicate to these business partners that they need to correctly configure DNSSEC and DANE in order to receive email from Exchange Online using these standards.
+We strongly believe DNSSEC and DANE will significantly increase the security position of our service and benefit all of our customers. We've worked diligently over the last year to reduce the risk and severity of the potential impact this deployment might have for M365 customers. We'll be actively monitoring and tracking the deployment to ensure negative impact is minimized as it rolls out. Because of this, tenant-level exceptions or opt-out won't be available.
+If you experience any issues related to the enablement of DNSSEC and/or DANE, the different methods for investigating failures noted in this document will help you identify the source of the error. In most cases, the issue will be with the external destination party and you'll need to communicate to these business partners that they need to correctly configure DNSSEC and DANE in order to receive email from Exchange Online using these standards.
### How does DNSSEC relate to DANE?
-DNSSEC adds a layer of trust into DNS resolution by leveraging the public key infrastructure to ensure the records returned in response to a DNS query are authentic. DANE ensures that the receiving mail server is the legitimate and expected mail server for the authentic MX record.
+DNSSEC adds a layer of trust into DNS resolution by leveraging the public key infrastructure to ensure the records returned in response to a DNS query are authentic. DANE ensures that the receiving mail server is the legitimate and expected mail server for the authentic MX record.
### What is the difference between MTA-STS and DANE for SMTP?
-DANE and MTA-STS serve the same purpose, but DANE requires DNSSEC for DNS authentication while MTA-STS relies on certificate authorities.
+DANE and MTA-STS serve the same purpose, but DANE requires DNSSEC for DNS authentication while MTA-STS relies on certificate authorities.
### Why isn't Opportunistic TLS sufficient?
-Opportunistic TLS will encrypt communication between two endpoints if both agree to support it. However, even if TLS encrypts the transmission, a domain could be spoofed during DNS resolution such that it points to a malicious actor's endpoint instead of the real endpoint for the domain. This is a gap in email security that is addressed by implementing MTA-STS and/or SMTP DANE with DNSSEC.
+Opportunistic TLS will encrypt communication between two endpoints if both agree to support it. However, even if TLS encrypts the transmission, a domain could be spoofed during DNS resolution such that it points to a malicious actor's endpoint instead of the real endpoint for the domain. This is a gap in email security that is addressed by implementing MTA-STS and/or SMTP DANE with DNSSEC.
### Why isn't DNSSEC sufficient?
-DNSSEC isnΓÇÖt fully resistant to Man-in-the-Middle attacks and downgrade (from TLS to clear text) attacks for mail flow scenarios. The addition of MTA-STS and DANE along with DNSSEC provides a comprehensive security method to thwart both MITM and downgrade attacks.
+DNSSEC isn't fully resistant to Man-in-the-Middle attacks and downgrade (from TLS to clear text) attacks for mail flow scenarios. The addition of MTA-STS and DANE along with DNSSEC provides a comprehensive security method to thwart both MITM and downgrade attacks.
-## Additional Links
+## Additional Links
[Find and fix issues after adding your domain or DNS records](/microsoft-365/admin/get-help-with-domains/find-and-fix-issues)
-[Overview of DNSSEC | Microsoft Docs ](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj200221(v=ws.11))
+[Overview of DNSSEC | Microsoft Docs](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj200221(v=ws.11))
[Use DMARC to validate email, setup steps - Office 365 | Microsoft Docs](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email)
DNSSEC isnΓÇÖt fully resistant to Man-in-the-Middle attacks and downgrade (from
[Exchange Online Transport News from Microsoft Ignite 2020 - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-transport-news-from-microsoft-ignite-2020/ba-p/1687699)
-[rfc8461 (ietf.org)](https://datatracker.ietf.org/doc/html/rfc8461)
+[rfc8461 (ietf.org)](https://datatracker.ietf.org/doc/html/rfc8461)
compliance Import Hr Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-hr-data.md
Here's an example of a CSV file for job level changes data.
```text EmailAddress,EffectiveDate,OldLevel,NewLevel
-sarad@contoso.com,2019-04-23T15:18:02.4675041+05:30,Level 61 ΓÇô Sr. Manager,Level 60- Manager
-pillar@contoso.com,2019-04-23T15:18:02.4675041+05:30,Level 62 ΓÇô Director,Level 60- Sr. Manager
+sarad@contoso.com,2019-04-23T15:18:02.4675041+05:30,Level 61 - Sr. Manager,Level 60- Manager
+pillar@contoso.com,2019-04-23T15:18:02.4675041+05:30,Level 62 - Director,Level 60- Sr. Manager
``` The following table describes each column in the CSV file for job level changes data.
compliance Insider Risk Management Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-activities.md
The **User activity** chart is one of the most powerful tools for internal risk
- The **risk activity category**. For example, *Email(s) with attachments sent outside the organization* or *File(s) downloaded from SharePoint Online*. - **Risk score** for the alert. This score is the numerical score for the alert risk severity level. - Number of events associated with the alert. Links to each file or email associated with the risk activity are also available.
-3. **Filters and sorting (preview)**:
+3. **Filters and sorting (preview)**:
- **Risk category**: Filter activities by the following risk categories: *Activities with risk scores > 15 (unless in a sequence)* and *Sequence activities*. - **Activity Type**: Filter activities by the following types: *Access*, *Deletion*, *Collection*, *Exfiltration*, *Infiltration*, *Obfuscation*, and *Security*. - **Sort by**: List the timeline activities by *Date occurred* or *Risk score*.
The **User activity** chart is one of the most powerful tools for internal risk
- **Number of events associated with each alert in the sequence**. Links to each file or email associated with each risk activity are also available. - **Show activities in sequence**. Displays sequence as a highlight line on the bubble chart and expands the alert details to display all related alerts in the sequence.
-4. **Risk activity legend**: Across the bottom of the user activity chart, a color-coded legend helps you quickly determine risk category for each alert.
-5. **Risk activity chronology**: The full chronology of all risk alerts associated with the case are listed, including all the details available in the corresponding alert bubble.
-6. **Case actions**: Options for resolving the case are on the case action toolbar. When viewing in a case, you can resolve a case, send an email notice to the user, or escalate the case for a data or user investigation.
+5. **Risk activity legend**: Across the bottom of the user activity chart, a color-coded legend helps you quickly determine risk category for each alert.
+6. **Risk activity chronology**: The full chronology of all risk alerts associated with the case are listed, including all the details available in the corresponding alert bubble.
+7. **Case actions**: Options for resolving the case are on the case action toolbar. When viewing in a case, you can resolve a case, send an email notice to the user, or escalate the case for a data or user investigation.
## Activity explorer
To filter alerts on the Activity explorer for column information, select the Fil
Use the Activity scope and Risk insight filters to display and sort activities and insights for the following areas. - **Activity scope filters**: Filters all scored activities for the user.
- - All scored activity for this user
- - Only scored activity in this alert
+ - All scored activity for this user
+ - Only scored activity in this alert
- **Risk factor filters**: Filters for risk factor activity applicable for all policies assigning risk scores This includes all activity for all policies for in-scope users.
- - Unusual activity
- - Includes events with priority content
- - Includes events with unallowed domain
- - Sequence activities
- - Cumulative exfiltration activities
- - Health record access activities
+ - Unusual activity
+ - Includes events with priority content
+ - Includes events with unallowed domain
+ - Sequence activities
+ - Cumulative exfiltration activities
+ - Health record access activities
![Insider risk management activity explorer overview.](../media/insider-risk-activity-explorer.png)
As insider risk management alerts age, their value to minimize risky activity di
To help minimize the number of older items that provide limited current value, the following retention and limits apply for insider risk management alerts, cases, and user activity reports:
-|**Item**|**Retention/Limit**|
-|:-|:|
-| Alerts with Needs review status | 120 days from alert creation, then automatically deleted |
-| Active cases (and associated artifacts) | Indefinite retention, never expire |
-| Resolved cases (and associated artifacts) | 120 days from case resolution, then automatically deleted |
-| Maximum number of active cases | 100 |
-| User activities reports | 120 days from activity detection, then automatically deleted |
+|Item|Retention/Limit|
+|||
+|Alerts with Needs review status|120 days from alert creation, then automatically deleted|
+|Active cases (and associated artifacts)|Indefinite retention, never expire|
+|Resolved cases (and associated artifacts)|120 days from case resolution, then automatically deleted|
+|Maximum number of active cases|100|
+|User activities reports|120 days from activity detection, then automatically deleted|
## Get help managing your insider risk alert queue
compliance Insider Risk Management Browser Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-browser-support.md
Before adding the Microsoft DLP Chrome extension to the list of force installed
- OMA-URI: *./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallForcelist* - Data type: *String*
- - Value: *\<enabled/\>\<data id=”ExtensionInstallForcelistDesc” value=”1&\#xF000; echcggldkblhodogklpincgchnpgcdco;https://clients2.google.com/service/update2/crx″/\>*
+ - Value: *\<enabled/\>\<data id="ExtensionInstallForcelistDesc" value="1&\#xF000; echcggldkblhodogklpincgchnpgcdco;https://clients2.google.com/service/update2/crx"/\>*
9. Select **Create**.
compliance Insider Risk Management Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-configure.md
Depending on how you wish to manage insider risk management policies and alerts,
You'll choose from these role group options and solution actions when working with insider risk management:
-|**Actions**|**Insider Risk Management**|**Insider Risk Management Admin**|**Insider Risk Management Analysts**|**Insider Risk Management Investigators**|**Insider Risk Management Auditors**|
-|:-|:--|:--|:--|:-|:--|
-| Configure policies and settings | Yes | Yes | No | No | No |
-| Access analytics insights | Yes | Yes | Yes | No | No |
-| Access & investigate alerts | Yes | No | Yes | Yes | No |
-| Access & investigate cases | Yes | No | Yes | Yes | No |
-| Access & view the Content Explorer | Yes | No | No | Yes | No |
-| Configure notice templates | Yes | No | Yes | Yes | No |
-| View & export audit logs | Yes | No | No | No | Yes |
-
->[!IMPORTANT]
->Make sure you always have at least one user in the *Insider Risk Management* or *Insider Risk Management Admin* role groups (depending on the option you choose) so that your insider risk management configuration doesn't get in to a 'zero administrator' scenario if specific users leave your organization.
+|Actions|Insider Risk Management|Insider Risk Management Admin|Insider Risk Management Analysts|Insider Risk Management Investigators|Insider Risk Management Auditors|
+|||||||
+|Configure policies and settings|Yes|Yes|No|No|No|
+|Access analytics insights|Yes|Yes|Yes|No|No|
+|Access & investigate alerts|Yes|No|Yes|Yes|No|
+|Access & investigate cases|Yes|No|Yes|Yes|No|
+|Access & view the Content Explorer|Yes|No|No|Yes|No|
+|Configure notice templates|Yes|No|Yes|Yes|No|
+|View & export audit logs|Yes|No|No|No|Yes|
+
+> [!IMPORTANT]
+> Make sure you always have at least one user in the *Insider Risk Management* or *Insider Risk Management Admin* role groups (depending on the option you choose) so that your insider risk management configuration doesn't get in to a 'zero administrator' scenario if specific users leave your organization.
Members of the following roles can assign users to insider risk management role groups and have the same solution permissions included with the *Insider Risk Management Admin* role group:
DLP policies help identify users to activate risk scoring in insider risk manage
> [!IMPORTANT] >Make sure you've completed the following: >
->- You understand and properly configure the in-scope users in both the DLP and insider risk management policies to produce the policy coverage you expect.
->- Make sure the **Incident reports** setting in the DLP policy for insider risk management used with these templates are configured for *High* severity level alerts. Insider risk management alerts won't be generated from DLP policies with the **Incident reports** field set at *Low* or *Medium*.
+> - You understand and properly configure the in-scope users in both the DLP and insider risk management policies to produce the policy coverage you expect.
+> - Make sure the **Incident reports** setting in the DLP policy for insider risk management used with these templates are configured for *High* severity level alerts. Insider risk management alerts won't be generated from DLP policies with the **Incident reports** field set at *Low* or *Medium*.
A DLP policy is optional when using the following policy templates:
Insider risk management policies include assigned users and define which types o
- **Sensitive info type**: Select **Add sensitive info type** and select the sensitivity types you want to prioritize. For example, *"U.S. Bank Account Number"* and *"Credit Card Number"*. - **Sensitivity labels**: Select **Add sensitivity label** and select the labels you want to prioritize. For example, *"Confidential"* and *"Secret"*.
- >[!NOTE]
- >Users configuring the policy and selecting priority Share Point sites can select SharePoint sites that they have permission to access. If SharePoint sites aren't available for selection in the policy by the current user, another user with the required permissions can select the sites for the policy later or the current user should be given access to the required sites.
+ > [!NOTE]
+ > Users configuring the policy and selecting priority Share Point sites can select SharePoint sites that they have permission to access. If SharePoint sites aren't available for selection in the policy by the current user, another user with the required permissions can select the sites for the policy later or the current user should be given access to the required sites.
12. Select **Next** to continue. 13. If you've selected the *General data leaks* or *Data leaks by priority users* templates, you'll see options on the **Triggers** for this policy page for custom-triggering events and policy indicators. You have the choice to select a DLP policy or indicators for triggering events that bring users assigned to the policy in-scope for activity scoring. If you select the **User matches a data loss prevention (DLP) policy triggering event** option, you must select a DLP policy from the DLP policy dropdown list to enable triggering indicators for the DLP Policy for this insider risk management policy. If you select the **User performs an exfiltration activity triggering event** option, you must select one or more of the listed indicators for the policy triggering event.
- >[!IMPORTANT]
- >If you're unable to select a listed indicator, it's because they aren't enabled for your organization. To make them available to select and assign to the policy, enable the indicators in **Insider risk management** > **Settings** > **Policy indicators**.
+
+ > [!IMPORTANT]
+ > If you're unable to select a listed indicator, it's because they aren't enabled for your organization. To make them available to select and assign to the policy, enable the indicators in **Insider risk management** > **Settings** > **Policy indicators**.
If you've selected other policy templates, custom triggering events aren't supported. The built-in policy triggering events apply and you'll continue to Step 23 without defining policy attributes. 14. Select **Next** to continue.
-15. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.
+15. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.
16. Select **Next** to continue.
-17. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.
+17. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.
18. Select **Next** to continue. 19. On the **Policy indicators** page, you'll see the [indicators](insider-risk-management-settings.md#indicators) that you've defined as available on the **Insider risk settings** > **Indicators** page. Select the indicators you want to apply to the policy.
Insider risk management policies include assigned users and define which types o
If you've selected a *Data theft* or *Data leaks* policy template, select one or more **Sequence detection** methods and a **Cumulative exfiltration detection** method to apply to the policy. 20. Select **Next** to continue.
-21. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.
+21. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.
22. Select **Next** to continue. 23. On the **Review** page, review the settings you've chosen for the policy and any suggestions or warnings for your selections. Select **Edit** to change any of the policy values or select **Submit** to create and activate the policy.
compliance Insider Risk Management Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-policies.md
Depending on the template you choose for an insider risk management policy, the
The following table lists the triggering events and prerequisites for policies created from each insider risk management policy template:
-| **Policy template** | **Triggering events for policies** | **Prerequisites** |
-| : | : | :- |
-| **Data theft by departing users** | Resignation or termination date indicator from HR connector or Azure Active Directory account deletion | (optional) Microsoft 365 HR connector configured for termination and resignation date indicators |
-| **General data leaks** | Data leak policy activity that creates a *High severity* alert or built-in exfiltration event triggers | DLP policy configured for *High severity* alerts <br><br> OR <br><br> Customized triggering indicators |
-| **Data leaks by priority users** | Data leak policy activity that creates a *High severity* alert or built-in exfiltration event triggers | DLP policy configured for *High severity* alerts <br><br> OR <br><br> Customized triggering indicators <br><br> Priority user groups configured in insider risk settings |
-| **Data leaks by disgruntled users** | Performance improvement, poor performance, or job level change indicators from HR connector | Microsoft 365 HR connector configured for disgruntlement indicators |
-| **General security policy violations** | Defense evasion of security controls or unwanted software detected by Microsoft Defender for Endpoint | Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured |
-| **General patient data misuse** | Defense evasion of security controls from EMR systems <br><br> User and patient address matching indicators from HR systems | Healthcare access indicators selected in policy or insider risk settings <br><br> Microsoft 365 HR connector configured for address matching <br><br> Microsoft Healthcare or Epic connector configured |
-| **Security policy violations by departing users** | Resignation or termination date indicators from HR connector or Azure Active Directory account deletion | (optional) Microsoft 365 HR connector configured for termination and resignation date indicators <br><br> Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured |
-| **Security policy violations by priority users** | Defense evasion of security controls or unwanted software detected by Microsoft Defender for Endpoint | Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured <br><br> Priority user groups configured in insider risk settings |
-| **Security policy violations by disgruntled user** | Performance improvement, poor performance, or job level change indicators from HR connector | Microsoft 365 HR connector configured for disgruntlement indicators <br><br> Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured |
+|Policy template|Triggering events for policies|Prerequisites|
+||||
+|**Data theft by departing users**|Resignation or termination date indicator from HR connector or Azure Active Directory account deletion|(optional) Microsoft 365 HR connector configured for termination and resignation date indicators|
+|**General data leaks**|Data leak policy activity that creates a *High severity* alert or built-in exfiltration event triggers|DLP policy configured for *High severity* alerts <br><br> OR <br><br> Customized triggering indicators|
+|**Data leaks by priority users**|Data leak policy activity that creates a *High severity* alert or built-in exfiltration event triggers|DLP policy configured for *High severity* alerts <br><br> OR <br><br> Customized triggering indicators <br><br> Priority user groups configured in insider risk settings|
+|**Data leaks by disgruntled users**|Performance improvement, poor performance, or job level change indicators from HR connector|Microsoft 365 HR connector configured for disgruntlement indicators|
+|**General security policy violations**|Defense evasion of security controls or unwanted software detected by Microsoft Defender for Endpoint|Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured|
+|**General patient data misuse**|Defense evasion of security controls from EMR systems <br><br> User and patient address matching indicators from HR systems|Healthcare access indicators selected in policy or insider risk settings <br><br> Microsoft 365 HR connector configured for address matching <br><br> Microsoft Healthcare or Epic connector configured|
+|**Security policy violations by departing users**|Resignation or termination date indicators from HR connector or Azure Active Directory account deletion|(optional) Microsoft 365 HR connector configured for termination and resignation date indicators <br><br> Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured|
+|**Security policy violations by priority users**|Defense evasion of security controls or unwanted software detected by Microsoft Defender for Endpoint|Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured <br><br> Priority user groups configured in insider risk settings|
+|**Security policy violations by disgruntled user**|Performance improvement, poor performance, or job level change indicators from HR connector|Microsoft 365 HR connector configured for disgruntlement indicators <br><br> Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured|
## Prioritize content in policies
For more details about any recommendations or warnings, select a policy on the *
Use the following table to learn more about recommendations and warning notifications and actions to take to resolve potential issues.
-|**Notification messages**|**Policy templates**|**Causes / Try this action to fix**|
-|:|:-|:|
-| Policy isn't assigning risk scores to activity | All policy templates | You may want to review your policy scope and triggering event configuration so that the policy can assign risk scores to activity <br><br> 1. Review the users that are selected for the policy. If you have few users selected, you may want to select additional users. <br> 2. If you're using an HR connector, check that your HR connector is sending the correct data. <br> 3. If you're using a DLP policy as your triggering event, check your DLP policy configuration to ensure it's configured to be used in this policy. <br> 4. For security violation policies, review the Microsoft Defender for Endpoint alert triage status selected in Insider risk settings > Intelligent detections. Confirm that the alert filter isn't too narrow. |
-| Policy hasn't generated any alerts | All policy templates | You may want to review your policy configuration so that you're analyzing the scoring the activity that you care about. <br><br> 1. Confirm that you've selected indicators that you want to score. The more indicators selected, the more activities are assigned risk scores. <br> 2. Review threshold customization for policy. If the thresholds selected don't align with your organization's risk tolerance, adjust the selections so that alerts are created based on your preferred thresholds. <br> 3. Review the users and groups selected for the policy. Confirm you've selected all of the applicable users and groups. <br> 4. For security violation policies, confirm you've selected the alert triage status that you want to score for Microsoft Defender for Endpoint alerts in Intelligent Detections in settings.|
-| No users or groups are included in this policy | All policy templates | Users or groups aren't assigned to the policy. <br><br> Edit your policy and select users or groups for the policy. |
-| No indicators have been selected for this policy | All policy templates | Indicators haven't been selected for the policy <br><br> Edit your policy and select appropriate policy indicators for the policy. |
-| No priority user groups are included in this policy | - Data leaks by priority users <br> - Security policy violations by priority users | Priority user groups aren't assigned to the policy. <br><br> Configure priority user groups in Insider risk management settings and assign priority user groups to the policy. |
-| No triggering event has been selected for this policy | All policy templates | A triggering event isn't configured for the policy <br><br> Risk scores won't be assigned to user activities until you edit the policy and select a triggering event. |
-| HR connector isn't configured or working as expected | - Data theft by departing user <br> - Security policy violations by departing user <br> - Data leaks by disgruntled users <br> - Security policy violations by disgruntled users | There's an issue with the HR connector. <br><br> 1. If you're using an HR connector, check that your HR connector is sending correct data <br><br> OR <br><br> 2. Select the Azure AD account deleted triggering event. |
-| No devices are onboarded | - Data theft by departing users <br> - General data leaks <br> - Data leaks by disgruntled users <br> - Data Leaks by priority users | Device indicators are selected but there aren't any devices onboarded to the Microsoft 365 <br><br> Check whether devices are onboarded and meet requirements. |
-| HR connector hasn't uploaded data recently | - Data theft by departing user <br> - Security policy violations by departing user <br> - Data leaks by disgruntled users <br> - Security policy violations by disgruntled users | HR connector hasn't imported data in more than 7 days. <br><br> Check that your HR connector is configured correctly and sending data. |
-| We're unable to check the status of your HR connector right now, please check again later | - Data theft by departing user <br> - Security policy violations by departing user <br> - Data leaks by disgruntled users <br> - Security policy violations by disgruntled users | The insider risk management solution is unable to check the status of your HR connector. <br><br> Check that your HR connector is configured correctly and sending data, or come back and check the policy status. |
-| DLP policy isn't selected as the triggering event | - General Data leaks <br> - Data leaks by priority users | A DLP policy hasn't been selected as a triggering event or the selected DLP policy has been deleted. <br><br> Edit the policy and either select an active DLP policy or 'User performs an exfiltration activity' as the triggering event in the policy configuration. |
-| DLP policy used in this policy is turned off | - General Data leaks <br> - Data leaks by priority users | DLP policy used in this policy is turned off. <br><br> 1. Turn the DLP policy assigned to this policy on. <br><br> OR <br><br> 2. Edit this policy and either select a new DLP policy or 'User performs an exfiltration activity' as the triggering event in the policy configuration. |
-| DLP policy doesn't meet requirements | - General Data leaks <br> - Data leaks by priority users | DLP policies used as triggering events must be configured to generate high severity alerts. <br><br> 1. Edit your DLP policy to assign applicable alerts as *High severity*. <br><br> OR <br><br> 2. Edit this policy and select *User performs an exfiltration activity* as the triggering event. |
-| Your organization doesn't have a Microsoft Defender for Endpoint subscription | - General security policy violations <br> - Security policy violations by departing users <br> - Security policy violations by disgruntled users <br> - Security policy violations by priority users | An active Microsoft Defender for Endpoint subscription wasn't detected for your organization. <br><br> Until a Microsoft Defender for Endpoint subscription is added, these policies won't assign risk scores to user activity. |
-| Microsoft Defender for Endpoint alerts aren't being shared with the compliance center | - General security policy violations <br> - Security policy violations by departing users <br> - Security policy violations by disgruntled users <br> - Security policy violations by priority users | Microsoft Defender for Endpoint alerts aren't being shared with the compliance center. <br><br> Configure sharing of Microsoft Defender for Endpoint alerts. |
-| You're approaching the maximum limit of users being actively scored for this policy template. | All policy templates | Each policy template has a maximum number of in-scope users. See the template limit section details. <br><br> Review the users in the Users tab and remove any users who don't need to be scored anymore. |
-| Triggering event is repeatedly occurring for over 15% of users in this policy. | All policy templates | Adjust the triggering event to help reduce how often users are brought into the policy scope. |
+|Notification messages|Policy templates|Causes / Try this action to fix|
+||||
+|Policy isn't assigning risk scores to activity|All policy templates|You may want to review your policy scope and triggering event configuration so that the policy can assign risk scores to activity <br><br> 1. Review the users that are selected for the policy. If you have few users selected, you may want to select additional users. <br> 2. If you're using an HR connector, check that your HR connector is sending the correct data. <br> 3. If you're using a DLP policy as your triggering event, check your DLP policy configuration to ensure it's configured to be used in this policy. <br> 4. For security violation policies, review the Microsoft Defender for Endpoint alert triage status selected in Insider risk settings > Intelligent detections. Confirm that the alert filter isn't too narrow.|
+|Policy hasn't generated any alerts|All policy templates|You may want to review your policy configuration so that you're analyzing the scoring the activity that you care about. <br><br> 1. Confirm that you've selected indicators that you want to score. The more indicators selected, the more activities are assigned risk scores. <br> 2. Review threshold customization for policy. If the thresholds selected don't align with your organization's risk tolerance, adjust the selections so that alerts are created based on your preferred thresholds. <br> 3. Review the users and groups selected for the policy. Confirm you've selected all of the applicable users and groups. <br> 4. For security violation policies, confirm you've selected the alert triage status that you want to score for Microsoft Defender for Endpoint alerts in Intelligent Detections in settings.|
+|No users or groups are included in this policy|All policy templates|Users or groups aren't assigned to the policy. <br><br> Edit your policy and select users or groups for the policy.|
+|No indicators have been selected for this policy|All policy templates|Indicators haven't been selected for the policy <br><br> Edit your policy and select appropriate policy indicators for the policy.|
+|No priority user groups are included in this policy|- Data leaks by priority users <br> - Security policy violations by priority users|Priority user groups aren't assigned to the policy. <br><br> Configure priority user groups in Insider risk management settings and assign priority user groups to the policy.|
+|No triggering event has been selected for this policy|All policy templates|A triggering event isn't configured for the policy <br><br> Risk scores won't be assigned to user activities until you edit the policy and select a triggering event.|
+|HR connector isn't configured or working as expected|- Data theft by departing user <br> - Security policy violations by departing user <br> - Data leaks by disgruntled users <br> - Security policy violations by disgruntled users|There's an issue with the HR connector. <br><br> 1. If you're using an HR connector, check that your HR connector is sending correct data <br><br> OR <br><br> 2. Select the Azure AD account deleted triggering event.|
+|No devices are onboarded|- Data theft by departing users <br> - General data leaks <br> - Data leaks by disgruntled users <br> - Data Leaks by priority users|Device indicators are selected but there aren't any devices onboarded to the Microsoft 365 <br><br> Check whether devices are onboarded and meet requirements.|
+|HR connector hasn't uploaded data recently|- Data theft by departing user <br> - Security policy violations by departing user <br> - Data leaks by disgruntled users <br> - Security policy violations by disgruntled users|HR connector hasn't imported data in more than 7 days. <br><br> Check that your HR connector is configured correctly and sending data.|
+|We're unable to check the status of your HR connector right now, please check again later|- Data theft by departing user <br> - Security policy violations by departing user <br> - Data leaks by disgruntled users <br> - Security policy violations by disgruntled users|The insider risk management solution is unable to check the status of your HR connector. <br><br> Check that your HR connector is configured correctly and sending data, or come back and check the policy status.|
+|DLP policy isn't selected as the triggering event|- General Data leaks <br> - Data leaks by priority users|A DLP policy hasn't been selected as a triggering event or the selected DLP policy has been deleted. <br><br> Edit the policy and either select an active DLP policy or 'User performs an exfiltration activity' as the triggering event in the policy configuration.|
+|DLP policy used in this policy is turned off|- General Data leaks <br> - Data leaks by priority users|DLP policy used in this policy is turned off. <br><br> 1. Turn the DLP policy assigned to this policy on. <br><br> OR <br><br> 2. Edit this policy and either select a new DLP policy or 'User performs an exfiltration activity' as the triggering event in the policy configuration.|
+|DLP policy doesn't meet requirements|- General Data leaks <br> - Data leaks by priority users|DLP policies used as triggering events must be configured to generate high severity alerts. <br><br> 1. Edit your DLP policy to assign applicable alerts as *High severity*. <br><br> OR <br><br> 2. Edit this policy and select *User performs an exfiltration activity* as the triggering event.|
+|Your organization doesn't have a Microsoft Defender for Endpoint subscription|- General security policy violations <br> - Security policy violations by departing users <br> - Security policy violations by disgruntled users <br> - Security policy violations by priority users|An active Microsoft Defender for Endpoint subscription wasn't detected for your organization. <br><br> Until a Microsoft Defender for Endpoint subscription is added, these policies won't assign risk scores to user activity.|
+|Microsoft Defender for Endpoint alerts aren't being shared with the compliance center|- General security policy violations <br> - Security policy violations by departing users <br> - Security policy violations by disgruntled users <br> - Security policy violations by priority users|Microsoft Defender for Endpoint alerts aren't being shared with the compliance center. <br><br> Configure sharing of Microsoft Defender for Endpoint alerts.|
+|You're approaching the maximum limit of users being actively scored for this policy template.|All policy templates|Each policy template has a maximum number of in-scope users. See the template limit section details. <br><br> Review the users in the Users tab and remove any users who don't need to be scored anymore.|
+|Triggering event is repeatedly occurring for over 15% of users in this policy.|All policy templates|Adjust the triggering event to help reduce how often users are brought into the policy scope.|
## Policy template limits
The limit for each policy is calculated based on the total number of unique user
Use the following table to determine the maximum number of in-scope users supported for each policy template:
-|**Policy template**|**Current in-scope user maximum**|
-|:|:--|
-| General data leak | 15,000 |
-| Data leak by disgruntled users | 7,500 |
-| Data leak by priority users | 1,000 |
-| Data theft by departing users | 20,000 |
-| General security policy violations | 1,000 |
-| General patient data misuse | 5,000 |
-| Security policy violation by priority users | 1,000 |
-| Security policy violations by departing users | 15,000 |
-| Security policy violations by disgruntled users | 7,500 |
+|Policy template|Current in-scope user maximum|
+|||
+|General data leak|15,000|
+|Data leak by disgruntled users|7,500|
+|Data leak by priority users|1,000|
+|Data theft by departing users|20,000|
+|General security policy violations|1,000|
+|General patient data misuse|5,000|
+|Security policy violation by priority users|1,000|
+|Security policy violations by departing users|15,000|
+|Security policy violations by disgruntled users|7,500|
## Create a new policy
Complete the following steps to create a new policy:
If you've selected other policy templates, custom triggering events aren't supported. The built-in policy triggering events apply and you'll continue to Step 23 without defining policy attributes. 14. Select **Next** to continue.
-15. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.
+15. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.
16. Select **Next** to continue.
-17. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.
+17. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.
18. Select **Next** to continue. 19. On the **Policy indicators** page, you'll see the [indicators](insider-risk-management-settings.md#indicators) that you've defined as available on the **Insider risk settings** > **Indicators** page. Select the indicators you want to apply to the policy.
Complete the following steps to create a new policy:
If you've selected a *Data theft* or *Data leaks* policy template, select one or more **Sequence detection** methods and a **Cumulative exfiltration detection** method to apply to the policy. 20. Select **Next** to continue.
-21. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.
+21. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.
22. Select **Next** to continue. 23. On the **Review** page, review the settings you've chosen for the policy and any suggestions or warnings for your selections. Select **Edit** to change any of the policy values or select **Submit** to create and activate the policy.
Complete the following steps to manage an existing policy:
If you've selected other policy templates, custom triggering events aren't supported. The built-in policy triggering events apply and you'll continue to Step 23 without defining policy attributes. 14. Select **Next** to continue.
-15. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.
+15. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.
16. Select **Next** to continue.
-17. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.
+17. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.
18. Select **Next** to continue. 19. On the **Policy indicators** page, you'll see the [indicators](insider-risk-management-settings.md#indicators) that you've defined as available on the **Insider risk settings** > **Indicators** page. Select the indicators you want to apply to the policy.
Complete the following steps to manage an existing policy:
If you've selected a *Data theft* or *Data leaks* policy template, select one or more **Sequence detection** methods and a **Cumulative exfiltration detection** method to apply to the policy. 20. Select **Next** to continue.
-21. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.
+21. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.
22. Select **Next** to continue. 23. On the **Review** page, review the settings you've chosen for the policy and any suggestions or warnings for your selections. Select **Edit** to change any of the policy values or select **Submit** to create and activate the policy.
compliance Limits Ediscovery20 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/limits-ediscovery20.md
This article describes the limits in the Advanced eDiscovery solution in Microso
The following table lists the limits for cases and review sets in Advanced eDiscovery.
-| Description of limit | Limit |
-|:--|:--|
-|Total number of documents that can be added to a case (for all review sets in a case). <br/> |3 million <br/> |
-|Total file size per load set. This includes loading non-Office 365 into a review set. <br/> |300 GB <br/> |
-|Total amount of data loaded into all review sets in the organization per day.<br/> |2 TB <br/> |
-|Maximum number of load sets per case. <br/> |200 <br/> |
-|Maximum number of review sets per case. <br/> |20 <br/> |
-|Maximum number of tag groups per case. <br/> |1,000 |
-|Maximum number of unique tags per case. <br/> |1,000<sup>1</sup> |
-|Maximum concurrent jobs in your organization to add content to a review set. These jobs are named **Adding data to a review set** and are displayed on the **Jobs** tab in a case.| 10<sup>2</sup> |
-|Maximum concurrent jobs to add content to a review set per user. These jobs are named **Adding data to a review set** and are displayed on the **Jobs** tab in a case. | 3 |
+|Description of limit|Limit|
+|||
+|Total number of documents that can be added to a case (for all review sets in a case).|3 million|
+|Total file size per load set. This includes loading non-Office 365 into a review set.|300 GB|
+|Total amount of data loaded into all review sets in the organization per day.<br/>|2 TB|
+|Maximum number of load sets per case.|200|
+|Maximum number of review sets per case.|20|
+|Maximum number of tag groups per case.|1,000|
+|Maximum number of unique tags per case.|1,000<sup>1</sup>|
+|Maximum concurrent jobs in your organization to add content to a review set. These jobs are named **Adding data to a review set** and are displayed on the **Jobs** tab in a case.|10<sup>2</sup>|
+|Maximum concurrent jobs to add content to a review set per user. These jobs are named **Adding data to a review set** and are displayed on the **Jobs** tab in a case.|3|
## Hold limits The following table lists the limits for holds associated with an Advanced eDiscovery case.
-| Description of limit | Limit |
-|:--|:--|
-|Maximum number of hold policies for an organization. This limit includes the combined total of hold policies in Core eDiscovery and Advanced eDiscovery cases. <br/> |10,000<sup>3</sup> <br/> |
-|Maximum number of mailboxes in a single case hold. This limit includes the combined total of user mailboxes, and the mailboxes associated with Microsoft 365 Groups, Microsoft Teams, and Yammer Groups. <br/> |1,000 <br/> |
-|Maximum number of sites in a single case hold. This limit includes the combined total of OneDrive for Business sites, SharePoint sites, and the sites associated with Microsoft 365 Groups, Microsoft Teams, and Yammer Groups. <br/> |100 <br/> |
+|Description of limit|Limit|
+|||
+|Maximum number of hold policies for an organization. This limit includes the combined total of hold policies in Core eDiscovery and Advanced eDiscovery cases.|10,000<sup>3</sup>|
+|Maximum number of mailboxes in a single case hold. This limit includes the combined total of user mailboxes, and the mailboxes associated with Microsoft 365 Groups, Microsoft Teams, and Yammer Groups.|1,000|
+|Maximum number of sites in a single case hold. This limit includes the combined total of OneDrive for Business sites, SharePoint sites, and the sites associated with Microsoft 365 Groups, Microsoft Teams, and Yammer Groups.|100|
## Indexing limits The following table lists the indexing limits in Advanced eDiscovery.
-| Description of limit | Limit |
-|:--|:--|
-|Maximum number of characters extracted from a single file. <br/> |10 million<sup>4</sup> <br/> |
-|Maximum size of a single file. <br/> |150 MB<sup>4</sup> <br/> |
-|Maximum depth of embedded items in a document. <br/> |25<sup>4</sup> <br/> |
-|Maximum size of files processed by Optical Character Recognition (OCR). <br/> |24 MB<sup>4</sup> <br/>
+|Description of limit|Limit|
+|||
+|Maximum number of characters extracted from a single file.|10 million<sup>4</sup>|
+|Maximum size of a single file.|150 MB<sup>4</sup>|
+|Maximum depth of embedded items in a document.|25<sup>4</sup>|
+|Maximum size of files processed by Optical Character Recognition (OCR).|24 MB<sup>4</sup> <br/>
## Search limits The limits described in this section are related to using the search tool on the **Searches** tab to collect data for a case. For more information, see [Collect data for a case in Advanced eDiscovery](collecting-data-for-ediscovery.md).
-| Description of limit | Limit |
-|:--|:--|
-|Maximum number of mailboxes or sites that can be searched in a single search. |No limit|
-|Maximum number of searches that can run at the same time. |No limit |
-|Maximum number of searches that a single user can start at the same time. |10 |
-|Maximum number of characters for a search query (including operators and conditions). |10,000<sup>5</sup>|
-|Maximum number of characters for a search query for SharePoint and OneDrive for Business sites (including operators and conditions). |10,000<br>4,000 with Wildcards<sup>5</sup>|
-|Minimum number of alpha characters for prefix wildcards; for example, **one\*** or **set\***.|3 |
-|Maximum variants returned when using prefix wildcard to search for an exact phrase or when using a prefix wildcard and the **NEAR** Boolean operator. |10,000<sup>6</sup>|
-|Maximum number of items per user mailbox that are displayed on preview page for searches. The newest items are displayed. |100|
+|Description of limit|Limit|
+|||
+|Maximum number of mailboxes or sites that can be searched in a single search.|No limit|
+|Maximum number of searches that can run at the same time.|No limit|
+|Maximum number of searches that a single user can start at the same time.|10|
+|Maximum number of characters for a search query (including operators and conditions).|10,000<sup>5</sup>|
+|Maximum number of characters for a search query for SharePoint and OneDrive for Business sites (including operators and conditions).|10,000<br>4,000 with Wildcards<sup>5</sup>|
+|Minimum number of alpha characters for prefix wildcards; for example, **one\*** or **set\***.|3|
+|Maximum variants returned when using prefix wildcard to search for an exact phrase or when using a prefix wildcard and the **NEAR** Boolean operator.|10,000<sup>6</sup>|
+|Maximum number of items per user mailbox that are displayed on preview page for searches. The newest items are displayed.|100|
|Maximum number of items from all mailboxes displayed on preview page for searches.|1,000| |Maximum number of mailboxes that can be previewed for search results. If there are more than 1,000 mailboxes that contain items that match the search query, only the top 1,000 mailboxes with the most results are available for preview.|1,000|
-|Maximum number of items from SharePoint and OneDrive for Business sites displayed on preview page for searches. The newest items are displayed. |200|
+|Maximum number of items from SharePoint and OneDrive for Business sites displayed on preview page for searches. The newest items are displayed.|200|
|Maximum number of SharePoint and OneDrive for Business sites that can be previewed for search results. If there are more than 200 sites that contain items that match the search query, only the top 200 sites with the most results are available for preview.|200|
-|Maximum number of items per public folder mailbox displayed on preview page for searches. |100|
-|Maximum number of items found in all public folder mailbox items displayed on preview page for searches. |200|
+|Maximum number of items per public folder mailbox displayed on preview page for searches.|100|
+|Maximum number of items found in all public folder mailbox items displayed on preview page for searches.|200|
|Maximum number of public folder mailboxes that can be previewed for search results. If there are more than 500 public folder mailboxes that contain items that match the search query, only the top 500 mailboxes with the most results are available for preview.|500| |The maximum size of an item that can be viewed on the sample page of a draft collection.|10,000,000 bytes (approximately 9.5 MB)|
The limits described in this section are related to using the search tool on the
Microsoft collects performance information for searches run by all organizations. While the complexity of the search query can impact search times, the biggest factor that affects how long searches take is the number of mailboxes searched. Although Microsoft doesn't provide a Service Level Agreement for search times, the following table lists average search times for collection searches based on the number of mailboxes included in the search.
-| Number of mailboxes | Average search time |
-|:--|:--|
-|100 <br/> |30 seconds <br/> |
-|1,000 <br/> |45 seconds <br/> |
-|10,000 <br/> |4 minutes <br/> |
-|25,000 <br/> |10 minutes <br/> |
-|50,000 <br/> |20 minutes <br/> |
-|100,000 <br/> |25 minutes <br/> |
+|Number of mailboxes|Average search time|
+|||
+|100|30 seconds|
+|1,000|45 seconds|
+|10,000|4 minutes|
+|25,000|10 minutes|
+|50,000|20 minutes|
+|100,000|25 minutes|
## Viewer limits
-| Description of limit | Limit |
-|:--|:--|
-|Maximum size of Excel file that can be viewed in the native viewer. <br/> |4 MB <br/> |
+|Description of limit|Limit|
+|||
+|Maximum size of Excel file that can be viewed in the native viewer.|4 MB|
## Export limits - Final export out of Review Set The limits described in this section are related to exporting documents out of a review set.
-| Description of limit | Limit |
-|:--|:--|
+|Description of limit|Limit|
+|||
|Maximum size of a single export.|5 million documents or 500 GB, whichever is smaller|
-|Maximum concurrent exports per review set. | 1 |
+|Maximum concurrent exports per review set.|1|
## Review set download limits
-| Description of limit | Limit |
-|:--|:--|
-|Total file size or maximum number of documents downloaded from a review set. <br/> |3 MB or 50 documents<sup>7</sup>|
+|Description of limit|Limit|
+|||
+|Total file size or maximum number of documents downloaded from a review set.|3 MB or 50 documents<sup>7</sup>|
## Notes
The limits described in this section are related to exporting documents out of a
> > <sup>4</sup> Any item that exceeds a single file limit will show up as a processing error. >
-> <sup>5</sup> When searching SharePoint and OneDrive for Business locations, the characters in the URLs of the sites being searched count against this limit. The total number of characters consists of:<br>
+> <sup>5</sup> When searching SharePoint and OneDrive for Business locations, the characters in the URLs of the sites being searched count against this limit. The total number of characters consists of:
+>
> - All characters in both the Users and Filters fields. > - All search permissions filters that apply to the user. > - The characters from any location properties in the search; this includes ExchangeLocation,PublicFolderLocation,SharPointLocation,ExchangeLocationExclusion,PublicFolderLocationExclusion,SharePointLocationExclusion, OneDriveLocationExclusion. > For example, including all SharePoint sites and OneDrive accounts in the search will count as six characters, as the word "ALL" will appear for both the SharePointLocation and OneDriveLocation field. >
-> <sup>6</sup> For non-phrase queries (a keyword value that doesn't use double quotation marks) we use a special prefix index. This tells us that a word occurs in a document, but not where it occurs in the document. To do a phrase query (a keyword value with double quotation marks), we need to compare the position within the document for the words in the phrase. This means that we can't use the prefix index for phrase queries. In this case, we internally expand the query with all possible words that the prefix expands to; for example, **time\*** can expand to **"time OR timer OR times OR timex OR timeboxed OR …"**. The limit of 10,000 is the maximum number of variants the word can expand to, not the number of documents matching the query. There is no upper limit for non-phrase terms.
+> <sup>6</sup> For non-phrase queries (a keyword value that doesn't use double quotation marks) we use a special prefix index. This tells us that a word occurs in a document, but not where it occurs in the document. To do a phrase query (a keyword value with double quotation marks), we need to compare the position within the document for the words in the phrase. This means that we can't use the prefix index for phrase queries. In this case, we internally expand the query with all possible words that the prefix expands to; for example, **time\*** can expand to **"time OR timer OR times OR timex OR timeboxed OR ..."**. The limit of 10,000 is the maximum number of variants the word can expand to, not the number of documents matching the query. There is no upper limit for non-phrase terms.
> > <sup>7</sup> This limit applies to downloading selected documents from a review set. It doesn't apply to exporting documents from a review set. For more information about downloading and exporting documents, see [Export case data in Advanced eDiscovery](exporting-data-ediscover20.md).
compliance Managing Jobs Ediscovery20 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/managing-jobs-ediscovery20.md
description: "Advanced eDiscovery jobs help you track the status of long-running
Here's a list of the jobs (which are typically long-running processes) that are tracked on the **Jobs** tab of a case in Advanced eDiscovery. These jobs are triggered by user actions when using and managing cases.
-| Job type | Description |
-| :-- | :- |
-|Adding data to a review set | A user adds a collection to a review set. This job consists of two sub jobs: </br>ΓÇó **Export** - A list of items in the collection is generated. </br>ΓÇó **Ingestion & Indexing** - The items in the collection that match the search query are copied to an Azure Storage location (in a process called *ingestion*) and then those items in the Azure Storage location are reindexed. This new index is used when querying and analyzing items in the data set. </br></br>For more information, see [Add search results to a review set](add-data-to-review-set.md). |
-|Adding data to another review set | A user adds documents from one review set to a different review set in the same case. For more information, see [Add data to a review set from another review set](add-data-to-review-set-from-another-review-set.md).|
-|Adding non-Microsoft 365 data to a review set | A user uploads non-Microsoft 365 data to a review set. The data is also indexed during this process. For example, files from an on-premises file server or a client computer are uploaded to a review set. For more information, see [Load non-Microsoft 365 data into a review set](load-non-office-365-data-into-a-review-set.md).|
-|Adding remediated data to a review set | Data with processing errors is remediated and loaded back into a review set. For more information, see:</br>ΓÇó [Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md)</br>ΓÇó [Single item error remediation](single-item-error-remediation.md)|
-|Comparing load sets | A user looks at the differences between different load sets in a review set. A load set is an instance of adding data to a review set. For example, if you add the results of two different searches to the same review set, each would represent a load set. |
+|Job type|Description|
+|||
+|Adding data to a review set|A user adds a collection to a review set. This job consists of two sub jobs: <ul><li>**Export** - A list of items in the collection is generated.</li><li>**Ingestion & Indexing** - The items in the collection that match the search query are copied to an Azure Storage location (in a process called *ingestion*) and then those items in the Azure Storage location are reindexed. This new index is used when querying and analyzing items in the data set.</li></ul> </br></br> For more information, see [Add search results to a review set](add-data-to-review-set.md).|
+|Adding data to another review set|A user adds documents from one review set to a different review set in the same case. For more information, see [Add data to a review set from another review set](add-data-to-review-set-from-another-review-set.md).|
+|Adding non-Microsoft 365 data to a review set|A user uploads non-Microsoft 365 data to a review set. The data is also indexed during this process. For example, files from an on-premises file server or a client computer are uploaded to a review set. For more information, see [Load non-Microsoft 365 data into a review set](load-non-office-365-data-into-a-review-set.md).|
+|Adding remediated data to a review set|Data with processing errors is remediated and loaded back into a review set. For more information, see: <ul><li>[Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md)</li><li>[Single item error remediation](single-item-error-remediation.md)</li></ul>|
+|Comparing load sets|A user looks at the differences between different load sets in a review set. A load set is an instance of adding data to a review set. For example, if you add the results of two different searches to the same review set, each would represent a load set.|
|Conversation reconstruction|When a user adds the results of a search to a conversation review set, instant message conversations (also called *threaded conversations*) in services like Microsoft Teams are reconstructed in a PDF file. This job is also triggered when a user clicks **Action > Create conversation PDFs** in a review set. For more information, see [Review conversations in Advanced eDiscovery](conversation-review-sets.md).
-|Converting redacted documents to PDF|After a user annotates a document in a review set and redacts a portion of it, they can choose to convert the redacted document to a PDF file. This ensures that the redacted portion will not be visible if the document is exported for presentation. For more information, see [View documents in a review set](view-documents-in-review-set.md). |
-|Estimating search results | After a user creates and runs or reruns a draft collection, the search tool searches the index for items that match the search query and prepares an estimate that includes the number and total size of all items by the search, and the number of data sources searched. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md). |
-|Preparing data for export | A user exports documents from a review set. When the export process is complete, they can download the exported data to a local computer. For more information, see [Export case data](exporting-data-ediscover20.md). |
-|Preparing for error resolution |When a user selects a file and creates a new error remediation in the Error view on the **Processing** tab of a case, the first step in the process is to upload the file that has the processing error to an Azure Storage location in the Microsoft cloud. This job tracks the progress of the upload process. For more information about the error remediation workflow, see [Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md). |
-|Preparing search preview | After a user creates and runs a new draft collection (or reruns an existing draft collection), the search tool prepares a sample subset of items (that match the search query) that can be previewed. Previewing search results help you determine the effectiveness of the search. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md#view-search-results-and-statistics). |
-|Re-indexing custodian data | When you add a custodian to a case, all partially indexed items in the custodian's selected data sources are reindexed by a process called *Advanced indexing*. This job is also triggered when you click **Update index** on the **Processing** tab of a case, and when you update the index for a specific custodian on the custodian properties flyout page. For more information, see [Advanced indexing of custodian data](indexing-custodian-data.md).
-|Running analytics | A user analyzes data in a review set by running Advanced eDiscovery analytics tools such as near duplicate detection, email threading analysis, and themes analysis. For more information, see [Analyze data in a review set](analyzing-data-in-review-set.md). |
-|Tagging documents | This job is triggered when a user clicks **Start tagging job** in the **Tagging panel** when reviewing documents in a review set. A user can start this job after tagging documents in a review set and then bulk-selecting them in the view document panel. For more information, see [Tag documents in a review set](tagging-documents.md). |
-|||
+|Converting redacted documents to PDF|After a user annotates a document in a review set and redacts a portion of it, they can choose to convert the redacted document to a PDF file. This ensures that the redacted portion will not be visible if the document is exported for presentation. For more information, see [View documents in a review set](view-documents-in-review-set.md).|
+|Estimating search results|After a user creates and runs or reruns a draft collection, the search tool searches the index for items that match the search query and prepares an estimate that includes the number and total size of all items by the search, and the number of data sources searched. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md).|
+|Preparing data for export|A user exports documents from a review set. When the export process is complete, they can download the exported data to a local computer. For more information, see [Export case data](exporting-data-ediscover20.md).|
+|Preparing for error resolution|When a user selects a file and creates a new error remediation in the Error view on the **Processing** tab of a case, the first step in the process is to upload the file that has the processing error to an Azure Storage location in the Microsoft cloud. This job tracks the progress of the upload process. For more information about the error remediation workflow, see [Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md).|
+|Preparing search preview|After a user creates and runs a new draft collection (or reruns an existing draft collection), the search tool prepares a sample subset of items (that match the search query) that can be previewed. Previewing search results help you determine the effectiveness of the search. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md#view-search-results-and-statistics).|
+|Re-indexing custodian data|When you add a custodian to a case, all partially indexed items in the custodian's selected data sources are reindexed by a process called *Advanced indexing*. This job is also triggered when you click **Update index** on the **Processing** tab of a case, and when you update the index for a specific custodian on the custodian properties flyout page. For more information, see [Advanced indexing of custodian data](indexing-custodian-data.md).
+|Running analytics|A user analyzes data in a review set by running Advanced eDiscovery analytics tools such as near duplicate detection, email threading analysis, and themes analysis. For more information, see [Analyze data in a review set](analyzing-data-in-review-set.md).|
+|Tagging documents|This job is triggered when a user clicks **Start tagging job** in the **Tagging panel** when reviewing documents in a review set. A user can start this job after tagging documents in a review set and then bulk-selecting them in the view document panel. For more information, see [Tag documents in a review set](tagging-documents.md).|
## Job status The following table describes the different status states for jobs.
-| Status | Description |
-| :-- | :- |
-| Submitted | A new job was created. The date and time that the job was submitted is displayed in the **Created** column on the **Jobs** tab. |
-| Submission failed | The job submission failed. You should attempt to rerun the action that triggered the job. |
-| In progress | The job is in progress, you can monitor the progress of the job in the **Jobs** tab. |
-| Successful | The job was successfully completed. The date and time that the job completed is displayed in the **Completed** column on the **Jobs** tab. |
-| Partially successful | The job was successful. This status is typically returned when the job didn't find any partially indexed data (also called *unindexed data*) in some of the custodian data sources. |
-| Failed | The job failed. You should attempt to rerun the action that triggered the job. If the job fails a second time, we recommend that you contact Microsoft Support and provide the support information from the job. |
-|||
+|Status|Description|
+|||
+|Submitted|A new job was created. The date and time that the job was submitted is displayed in the **Created** column on the **Jobs** tab.|
+|Submission failed|The job submission failed. You should attempt to rerun the action that triggered the job.|
+|In progress|The job is in progress, you can monitor the progress of the job in the **Jobs** tab.|
+|Successful|The job was successfully completed. The date and time that the job completed is displayed in the **Completed** column on the **Jobs** tab.|
+|Partially successful|The job was successful. This status is typically returned when the job didn't find any partially indexed data (also called *unindexed data*) in some of the custodian data sources.|
+|Failed|The job failed. You should attempt to rerun the action that triggered the job. If the job fails a second time, we recommend that you contact Microsoft Support and provide the support information from the job.|
compliance New Defender Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/new-defender-alert-policies.md
We'll be introducing four new default alert policies related to post-delivery de
The following table lists the new alert policies and the existing alert policies that will be removed. See the [How this will affect your organization](#how-this-will-affect-your-organization) section for details about the rollout.
-| New or existing alert policy | Alert policy name | Alert policy ID|
-|:--|:-|:--|
-| New| **Email messages containing malicious URL removed after delivery** | 8e6ba277-ef39-404e-aaf1-294f6d9a2b88 |
-| New| **Email messages containing malicious file removed after delivery** | 4b1820ec-39dc-45f3-abf6-5ee80df51fd2 |
-| New| **Email messages from a campaign were delivered and later removed** | c8522cbb-9368-4e25-4ee9-08d8d899dfab |
-| New|**Email messages removed after delivery** | b8f6b088-5487-4c70-037c-08d8d71a43fe |
-| Existing (will be removed)| **Email messages containing phish URLs removed after delivery**| EA8169FA-0678-4751-8854-AEBEA7ADECEB |
-| Existing (will be removed)| **Email messages containing malware removed after delivery**| 0179B3F7-3FDA-40C3-8F24-278563978DBB |
-||||
+|New or existing alert policy|Alert policy name|Alert policy ID|
+||||
+|New|**Email messages containing malicious URL removed after delivery**|8e6ba277-ef39-404e-aaf1-294f6d9a2b88|
+|New|**Email messages containing malicious file removed after delivery**|4b1820ec-39dc-45f3-abf6-5ee80df51fd2|
+|New|**Email messages from a campaign were delivered and later removed**|c8522cbb-9368-4e25-4ee9-08d8d899dfab|
+|New|**Email messages removed after delivery**|b8f6b088-5487-4c70-037c-08d8d71a43fe|
+|Existing (will be removed)|**Email messages containing phish URLs removed after delivery**|EA8169FA-0678-4751-8854-AEBEA7ADECEB|
+|Existing (will be removed)|**Email messages containing malware removed after delivery**|0179B3F7-3FDA-40C3-8F24-278563978DBB|
## Alert severity enhancements For the following table identifies the default alert policies whose severity classifications are being modified. We're changing the severity classification for these alert policies to better align with the potential risk and impact on your organization and to help your security teams prioritize the alerts generated by these policies.
-| Alert| Alert policy ID| Old severity| New severity |
-|:-|:|:|:--|
-| **Suspicious email forwarding activity**| BFD48F06-0865-41A6-85FF-ADB746423EBF | Medium| High|
-| **Email reported by user as malware or phish** | B26A5770-0C38-434A-9380-3A3C2C27BBB3 | Informational | Low|
-| **Unusual increase in email reported as phish** | A00D8C62-9320-4EEA-A7E5-966B9AC09558 | High| Medium |
-| **Admin Submission result completed** | AE9B83DD-6039-4EA9-B675-6B0AC3BF4A41 | Low| Informational |
-| **Creation of forwarding/redirect rule** | D59A8FD4-1272-41EE-9408-86F7BCF72479 | Low| Informational |
-| **eDiscovery search started or exported** | 6FDC5710-3998-47F0-AFBB-57CEFD7378A | Meduim | Informational |
-|||||
+|Alert|Alert policy ID|Old severity|New severity|
+|||||
+|**Suspicious email forwarding activity**|BFD48F06-0865-41A6-85FF-ADB746423EBF|Medium|High|
+|**Email reported by user as malware or phish**|B26A5770-0C38-434A-9380-3A3C2C27BBB3|Informational|Low|
+|**Unusual increase in email reported as phish**|A00D8C62-9320-4EEA-A7E5-966B9AC09558|High|Medium|
+|**Admin Submission result completed**|AE9B83DD-6039-4EA9-B675-6B0AC3BF4A41|Low|Informational|
+|**Creation of forwarding/redirect rule**|D59A8FD4-1272-41EE-9408-86F7BCF72479|Low|Informational|
+|**eDiscovery search started or exported**|6FDC5710-3998-47F0-AFBB-57CEFD7378A|Meduim|Informational|
## When will these changes happen The following table identifies when the new alert policies will begin triggering post-delivery alerts. The table also identifies when the two existing alert policies will be removed.
-| Alert policy| Date |
-|:|:--|
-| **Email messages containing malicious URL removed after delivery** (new) | Alerts will start triggering on April 11, 2021|
-| **Email messages containing malicious file removed after delivery** (new) | Alerts will start triggering on April 11, 2021 |
-| **Emails messages from a campaign were delivered and later removed** (new) | Alerts will start triggering on May 28, 2021|
-| **Malicious emails were delivered and later removed** (new) | Alerts will start triggering on May 28, 2021|
-| **Email messages containing phish URLs removed after delivery** (existing, will be removed)| The alert policy was removed in June 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section.|
-| **Email messages containing malware removed after delivery** (existing, will be removed) | The alert policy was removed in June 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section. |
-|||
+|Alert policy|Date|
+|||
+|**Email messages containing malicious URL removed after delivery** (new)|Alerts will start triggering on April 11, 2021|
+|**Email messages containing malicious file removed after delivery** (new)|Alerts will start triggering on April 11, 2021|
+|**Emails messages from a campaign were delivered and later removed** (new)|Alerts will start triggering on May 28, 2021|
+|**Malicious emails were delivered and later removed** (new)|Alerts will start triggering on May 28, 2021|
+|**Email messages containing phish URLs removed after delivery** (existing, will be removed)|The alert policy was removed in June 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section.|
+|**Email messages containing malware removed after delivery** (existing, will be removed)|The alert policy was removed in June 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section.|
The alert severity changes will be rolled out to all organizations by May 14, 2021.
compliance Office 365 Service Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-service-encryption.md
To learn how to set up Customer Key for Microsoft 365 for Exchange Online, Micro
- [Service encryption with Customer Key](customer-key-overview.md) -- [Set up Customer Key](customer-key-set-up.md)
+- [Set up Customer Key](customer-key-set-up.md)
- [Manage Customer Key](customer-key-manage.md)
compliance Ome Sensitive Info Types https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome-sensitive-info-types.md
You may want to update any applicable end-user documentation and training materi
Microsoft 365 audits this activity and makes it available to administrators. The operation is 'New-TransportRule' and a snippet of a sample audit entry from the Audit Log Search in Security & Compliance Center is below: ```text
-*{"CreationTime":"2018-11-28T23:35:01","Id":"a1b2c3d4-daa0-4c4f-a019-03a1234a1b0c","Operation":"New-TransportRule","OrganizationId":"123456-221d-12345 ","RecordType":1,"ResultStatus":"True","UserKey":"Microsoft Operator","UserType":3,"Version":1,"Workload":"Exchange","ClientIP":"123.456.147.68:17584","ObjectId":"","UserId":"Microsoft Operator","ExternalAccess":true,"OrganizationName":"contoso.onmicrosoft.com","OriginatingServer":"CY4PR13MBXXXX (15.20.1382.008)","Parameters": {"Name":"Organization","Value":"123456-221d-12346"{"Name":"ApplyRightsProtectionTemplate","Value":"Encrypt"},{"Name":"Name","Value":"Encrypt outbound sensitive emails (out of box rule)"},{"Name":"MessageContainsDataClassifications"…etc.*
+*{"CreationTime":"2018-11-28T23:35:01","Id":"a1b2c3d4-daa0-4c4f-a019-03a1234a1b0c","Operation":"New-TransportRule","OrganizationId":"123456-221d-12345 ","RecordType":1,"ResultStatus":"True","UserKey":"Microsoft Operator","UserType":3,"Version":1,"Workload":"Exchange","ClientIP":"123.456.147.68:17584","ObjectId":"","UserId":"Microsoft Operator","ExternalAccess":true,"OrganizationName":"contoso.onmicrosoft.com","OriginatingServer":"CY4PR13MBXXXX (15.20.1382.008)","Parameters": {"Name":"Organization","Value":"123456-221d-12346"{"Name":"ApplyRightsProtectionTemplate","Value":"Encrypt"},{"Name":"Name","Value":"Encrypt outbound sensitive emails (out of box rule)"},{"Name":"MessageContainsDataClassifications"...etc.*
``` ## To disable or customize the sensitive information types policy
compliance Prepare Tls 1.2 In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/prepare-tls-1.2-in-office-365.md
Title: Preparing for TLS 1.2 in Office 365 and Office 365 GCC description: How to prepare to use TLS 1.2 for all client-server and browser-server combinations in Office 365 and Office 365 GCC after support for TLS 1.0 and 1.1 is disabled.-+ ms.localizationpriority: medium
+search.appverid:
- MET150 audience: ITPro
appliesto:
## Summary
-To provide the best-in-class encryption to our customers, Microsoft plans to deprecate Transport Layer Security (TLS) versions 1.0 and 1.1 in Office 365 and Office 365 GCC. We understand that the security of your data is important, and we're committed to transparency about changes that may affect your use of the TLS service.
+To provide the best-in-class encryption to our customers, Microsoft plans to deprecate Transport Layer Security (TLS) versions 1.0 and 1.1 in Office 365 and Office 365 GCC. We understand that the security of your data is important, and we're committed to transparency about changes that may affect your use of the TLS service.
-The [Microsoft TLS 1.0 implementation](https://support.microsoft.com/help/3117336/schannel-implementation-of-tls-1-0-in-windows-security-status-update-n) has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for TLS 1.0 and 1.1 in Microsoft Office 365 and Office 365 GCC.
+The [Microsoft TLS 1.0 implementation](https://support.microsoft.com/help/3117336/schannel-implementation-of-tls-1-0-in-windows-security-status-update-n) has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for TLS 1.0 and 1.1 in Microsoft Office 365 and Office 365 GCC.
-For information about how to remove TLS 1.0 and 1.1 dependencies, see the following white paper: [Solving the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266).
+For information about how to remove TLS 1.0 and 1.1 dependencies, see the following white paper: [Solving the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266).
After you upgrade to TLS 1.2, make sure that the cipher suites you're using are supported by Azure Front Door. Microsoft 365 and Azure Front Door have slight differences in cipher suite support. For details, see [What are the current cipher suites supported by Azure Front Door?](/azure/frontdoor/front-door-faq#what-are-the-current-cipher-suites-supported-by-azure-front-door-).
We have already begun deprecation of TLS 1.0 and 1.1 as of January 2020. Any cli
We recommend that all client-server and browser-server combinations use TLS 1.2 (or a later version) in order to maintain connection to Office 365 services. You might have to update certain client-server and browser-server combinations. > [!NOTE]
- > For SMTP Inbound mail flow, after deprecation of TLS 1.0 and 1.1, we will accept only TLS 1.2 connection. However, we will continue accepting SMTP Connection which is unencrypted without any TLS. Although we do not recommend email transmission without any encryption.
+ > For SMTP Inbound mail flow, after deprecation of TLS 1.0 and 1.1, we will accept only TLS 1.2 connection. However, we will continue accepting SMTP Connection which is unencrypted without any TLS. Although we do not recommend email transmission without any encryption.
You'll need to update applications that call Microsoft 365 APIs over TLS 1.0 or TLS 1.1 to use TLS 1.2. .NET 4.5 defaults to TLS 1.1. To update your .NET configuration, see [How to enable Transport Layer Security (TLS) 1.2 on clients](/mem/configmgr/core/plan-design/security/enable-tls-1-2-client).
-The following clients are known to be unable to use TLS 1.2. Update these clients to ensure uninterrupted access to the service.
+The following clients are known to be unable to use TLS 1.2. Update these clients to ensure uninterrupted access to the service.
-- Android 4.3 and earlier versions-- Firefox version 5.0 and earlier versions-- Internet Explorer 8-10 on Windows 7 and earlier versions-- Internet Explorer 10 on Windows Phone 8
+- Android 4.3 and earlier versions
+- Firefox version 5.0 and earlier versions
+- Internet Explorer 8-10 on Windows 7 and earlier versions
+- Internet Explorer 10 on Windows Phone 8
- Safari 6.0.4/OS X10.8.4 and earlier versions ### TLS 1.2 for Microsoft Teams Rooms and Surface Hub
If you are using any on-premises infrastructure for hybrid scenarios or Active D
## References
-The following resources provide guidance to help make sure that your clients are using TLS 1.2 or a later version and to disable TLS 1.0 and 1.1.
+The following resources provide guidance to help make sure that your clients are using TLS 1.2 or a later version and to disable TLS 1.0 and 1.1.
-- For Windows 7 clients that connect to Office 365, make sure that TLS 1.2 is the default secure protocol in WinHTTP in Windows. For more information see [KB 3140245 - Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows](https://support.microsoft.com/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in).
+- For Windows 7 clients that connect to Office 365, make sure that TLS 1.2 is the default secure protocol in WinHTTP in Windows. For more information see [KB 3140245 - Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows](https://support.microsoft.com/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in).
- [TLS cipher suites supported by Office 365](/microsoft-365/compliance/technical-reference-details-about-encryption#tls-cipher-suites-supported-by-office-365) - To start addressing weak TLS use by removing TLS 1.0 and 1.1 dependencies, see [TLS 1.2 support at Microsoft](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/). - [New IIS functionality](https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/) makes it easier to find clients on [Windows Server 2012 R2](https://support.microsoft.com/help/4025335/windows-8-1-windows-server-2012-r2-update-kb4025335) and [Windows Server 2016](https://support.microsoft.com/help/4025334/windows-10-update-kb4025334) that connect to the service by using weak security protocols.-- Get more information about how to [solve the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266).
+- Get more information about how to [solve the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266).
- For general information about our approach to security, go to the [Office 365 Trust Center](https://www.microsoft.com/trustcenter/cloudservices/office365). - To identify the TLS version that is used by SMTP clients, see [SMTP Auth clients insight and report in the Security & Compliance Center](../security/office-365-security/mfi-smtp-auth-clients-report.md). - [Preparing for TLS 1.0/1.1 Deprecation - Office 365 Skype for Business](https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Preparing-for-TLS-1-0-1-1-Deprecation-O365-Skype-for-Business/ba-p/222247)
compliance Preserve Bcc And Expanded Distribution Group Recipients For Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/preserve-bcc-and-expanded-distribution-group-recipients-for-ediscovery.md
description: "In-Place Hold, Litigation Hold, and Microsoft 365 retention polici
# Preserve Bcc and expanded distribution group recipients for eDiscovery
-
+ Litigation holds, eDiscovery holds, and [Microsoft 365 retention policies](./retention.md) (created in the Microsoft 365 compliance center) allow you to preserve mailbox content to meet regulatory compliance and eDiscovery requirements. Information about recipients directly addressed in the To and Cc fields of a message is included in all messages by default. But your organization may require the ability to search for and reproduce details about all recipients of a message. This includes:
-
-- **Recipients addressed using the Bcc field of a message:** Bcc recipients are stored in the message in the sender's mailbox, but not included in headers of the message delivered to recipients.
-
-- **Expanded distribution group recipients:** Recipients who receive the message because they're members of a distribution group to which the message was addressed, either in the To, Cc or Bcc fields.
-
-Exchange Online and Exchange Server 2013 (Cumulative Update 7 and later versions) retain information about Bcc and expanded distribution group recipients. You can search for this information by using an eDiscovery tool in the Microsoft 365 compliance center.
-
+
+- **Recipients addressed using the Bcc field of a message:** Bcc recipients are stored in the message in the sender's mailbox, but not included in headers of the message delivered to recipients.
+
+- **Expanded distribution group recipients:** Recipients who receive the message because they're members of a distribution group to which the message was addressed, either in the To, Cc or Bcc fields.
+
+Exchange Online and Exchange Server 2013 (Cumulative Update 7 and later versions) retain information about Bcc and expanded distribution group recipients. You can search for this information by using an eDiscovery tool in the Microsoft 365 compliance center.
+ ## How Bcc recipients and expanded distribution group recipients are preserved
-As stated earlier, information about Bcc'ed recipients is stored with the message in the sender's mailbox. This information is indexed and available to eDiscovery searches and holds.
-
-Information about expanded distribution group recipients is stored with the message after you place a mailbox on In-Place Hold or Litigation Hold. In Office 365, this information is also stored when a Microsoft 365 retention policy is applied to a mailbox. Distribution group membership is determined at the time the message is sent. The expanded recipients list stored with the message is not impacted by changes to membership of the group after the message is sent.
-
-| Information about… | Is stored in… | Is stored by default? | Is accessible to… |
-|:--|:--|:--|:--|
-|To and Cc recipients <br/> |Message properties in the sender and recipients' mailboxes. <br/> |Yes <br/> |Sender, recipients, and compliance officers <br/> |
-|Bcc recipients <br/> |Message property in the sender's mailbox. <br/> |Yes <br/> |Sender and compliance officers <br/> |
-|Expanded distribution group recipients <br/> |Message properties in the sender's mailbox. <br/> |No. Expanded distribution group recipient information is stored after a mailbox is placed on In-Place Hold or Litigation Hold, or assigned to a Microsoft 365 retention policy. <br/> |Compliance officers <br/> |
-
+As stated earlier, information about Bcc'ed recipients is stored with the message in the sender's mailbox. This information is indexed and available to eDiscovery searches and holds.
+
+Information about expanded distribution group recipients is stored with the message after you place a mailbox on In-Place Hold or Litigation Hold. In Office 365, this information is also stored when a Microsoft 365 retention policy is applied to a mailbox. Distribution group membership is determined at the time the message is sent. The expanded recipients list stored with the message is not impacted by changes to membership of the group after the message is sent.
+
+|Information about...|Is stored in...|Is stored by default?|Is accessible to...|
+|||||
+|To and Cc recipients|Message properties in the sender and recipients' mailboxes.|Yes|Sender, recipients, and compliance officers|
+|Bcc recipients|Message property in the sender's mailbox.|Yes|Sender and compliance officers|
+|Expanded distribution group recipients|Message properties in the sender's mailbox.|No. Expanded distribution group recipient information is stored after a mailbox is placed on In-Place Hold or Litigation Hold, or assigned to a Microsoft 365 retention policy.|Compliance officers|
+ ## Searching for messages sent to Bcc and expanded distribution group recipients When searching for messages sent to a recipient, eDiscovery search results now include messages sent to a distribution group that the recipient is a member of. The following table shows the scenarios where messages sent to Bcc and expanded distribution group recipients are returned in eDiscovery searches.
-
+ Scenario 1: John is a member of the US-Sales distribution group. This table shows eDiscovery search results when Bob sends a message to John directly or indirectly via a distribution group.
-
-| When you search Bob's mailbox for messages sent… | And the message is sent with… | Results include message? |
-|:--|:--|:--|
-|To:John <br/> |John on TO <br/> |Yes <br/> |
-|To:John <br/> |US-Sales on TO <br/> |Yes <br/> |
-|To:US-Sales <br/> |US-Sales on TO <br/> |Yes <br/> |
-|Cc:John <br/> |John on CC <br/> |Yes <br/> |
-|Cc:John <br/> |US-Sales on CC <br/> |Yes <br/> |
-|Cc:US-Sales <br/> |US-Sales on CC <br/> |Yes <br/> |
-
+
+|When you search Bob's mailbox for messages sent...|And the message is sent with...|Results include message?|
+||||
+|To:John|John on TO|Yes|
+|To:John|US-Sales on TO|Yes|
+|To:US-Sales|US-Sales on TO|Yes|
+|Cc:John|John on CC|Yes|
+|Cc:John|US-Sales on CC|Yes|
+|Cc:US-Sales|US-Sales on CC|Yes|
+ Scenario 2: Bob sends an email to John (To/Cc) and Jack (Bcc directly, or indirectly via a distribution group). The table below shows eDiscovery search results.
-
-| When you search… | For messages sent… | Results include message? | Notes |
-|:--|:--|:--|:--|
-|Bob's mailbox <br/> |To/Cc:John <br/> |Yes <br/> |Presents an indication that Jack was Bcc'ed. <br/> |
-|Bob's mailbox <br/> |Bcc:Jack <br/> |Yes <br/> |Presents an indication that Jack was Bcc'ed. <br/> |
-|Bob's mailbox <br/> |Bcc:Jack (via distribution group) <br/> |Yes <br/> |List of members of the Bcc'ed distribution group, expanded when the message was sent, is visible in eDiscovery search preview, export, and logs. <br/> |
-|John's mailbox <br/> |To/Cc:John <br/> |Yes <br/> |No indication of Bcc recipients. <br/> |
-|John's mailbox <br/> |Bcc:Jack (directly or via distribution group) <br/> |No <br/> |Bcc information is not stored in the message delivered to recipients. You must search the sender's mailbox. <br/> |
-|Jack's mailbox <br/> |To/Cc:John (directly or via distribution group) <br/> |Yes <br/> |To/Cc information is included in message delivered to all recipients. <br/> |
-|Jack's mailbox <br/> |Bcc:Jack (directly or via distribution group) <br/> |No <br/> |Bcc information is not stored in the message delivered to recipients. You must search the sender's mailbox. <br/> |
-
+
+|When you search...|For messages sent...|Results include message?|Notes|
+|||||
+|Bob's mailbox|To/Cc:John|Yes|Presents an indication that Jack was Bcc'ed.|
+|Bob's mailbox|Bcc:Jack|Yes|Presents an indication that Jack was Bcc'ed.|
+|Bob's mailbox|Bcc:Jack (via distribution group)|Yes|List of members of the Bcc'ed distribution group, expanded when the message was sent, is visible in eDiscovery search preview, export, and logs.|
+|John's mailbox|To/Cc:John|Yes|No indication of Bcc recipients.|
+|John's mailbox|Bcc:Jack (directly or via distribution group)|No|Bcc information is not stored in the message delivered to recipients. You must search the sender's mailbox.|
+|Jack's mailbox|To/Cc:John (directly or via distribution group)|Yes|To/Cc information is included in message delivered to all recipients.|
+|Jack's mailbox|Bcc:Jack (directly or via distribution group)|No|Bcc information is not stored in the message delivered to recipients. You must search the sender's mailbox.|
+ ## Frequently asked questions **Q. When and where is Bcc recipient information stored?**
-
+ A. Bcc recipient information is preserved by default in the original message in sender's mailbox. If the Bcc recipient is a distribution group, distribution group membership is only expanded if the sender's mailbox is on hold or assigned to a Microsoft 365 retention policy.
-
+ **Q. When and where is the list of expanded distribution group recipients stored?**
-
+ A. Group membership is expanded at the time the message is sent. The list of expanded distribution group members is stored in the original message in the sender's mailbox. The sender's mailbox must be on In-Place Hold, Litigation Hold, or assigned to a Microsoft 365 retention policy.
-
+ **Q. Can the To/Cc recipients see which recipients were Bcc'ed?**
-
+ A. No. This information is not included in message headers, and isn't visible to To/Cc recipients. The sender can see the Bcc field stored in the original message stored in their mailbox. Compliance officers can see this information when searching the sender's mailbox.
-
+ **Q. How can I ensure that expanded distribution group recipients are always preserved?**
-
-A. To ensure that expanded distribution group members are always preserved with a message, [Place all mailboxes on hold](/Exchange/policy-and-compliance/holds/place-all-mailboxes-on-hold) or create an organization-wide Microsoft 365 retention policy.
-
+
+A. To ensure that expanded distribution group members are always preserved with a message, [Place all mailboxes on hold](/Exchange/policy-and-compliance/holds/place-all-mailboxes-on-hold) or create an organization-wide Microsoft 365 retention policy.
+ **Q. Which types of groups are supported?**
-
-A. Distribution groups, mail-enabled security groups, and dynamic distribution groups are supported.
-
+
+A. Distribution groups, mail-enabled security groups, and dynamic distribution groups are supported.
+ **Q. Is there a limit on the number of distribution group recipients that are expanded and stored in the message?**
-
+ A. Up to 10,000 members of a distribution group is preserved.
-
+ **Q. Are nested distribution groups supported?**
-
+ A. Yes, 25 levels of nested distribution groups are expanded.
-
+ **Q. Where is the Bcc and expanded distribution group recipient information visible?**
-
+ A. Bcc and expanded distribution group recipients information is visible to Compliance officers when performing an eDiscovery search. Bcc and expanded distribution group recipients are included in search results copied to a Discovery mailbox or exported to a PST file and in the eDiscovery log included in search results. Bcc recipient information is also available in search preview.
-
+ **Q. What happens if a member of a distribution group is hidden from the organization's global address list (GAL)?**
-
-A. There's no impact. If recipients are hidden from the GAL, they are still included in the list of recipients for the expanded distribution group.
+
+A. There's no impact. If recipients are hidden from the GAL, they are still included in the list of recipients for the expanded distribution group.
compliance Retention Limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-limits.md
f1.keywords:
Previously updated : Last updated : audience: Admin ms.localizationpriority: high-+ - M365-security-compliance - SPO_Content
+search.appverid:
- MOE150 - MET150 hideEdit: true
A single tenant can have a maximum of 10,000 policies (any configuration). This
Within this 10,000 policies limit, there are also some limits on the maximum number of policies for retention per workload: - Exchange (any configuration): 1,800
- - Per mailbox: 25 is the recommended maximum before performance might be impacted; 50 is the supported limit.
+ - Per mailbox: 25 is the recommended maximum before performance might be impacted; 50 is the supported limit.
- SharePoint or OneDrive: (all sites automatically included): 13 - SharePoint or OneDrive (specific locations included or excluded): 2,600
Grouping attributes or properties within a group isn't supported. This means tha
> [!IMPORTANT] > Applicable only if you use [static policy scopes rather than adaptive policy scopes](retention.md#adaptive-or-static-policy-scopes-for-retention).
-If you use static scopes and the optional configuration to include or exclude specific users, specific Microsoft 365 groups, or specific sites, there are some limits per policy to be aware of.
+If you use static scopes and the optional configuration to include or exclude specific users, specific Microsoft 365 groups, or specific sites, there are some limits per policy to be aware of.
Maximum numbers of items per policy for retention for static scopes:
Exchange example:
- **Requirement**: In an organization that has over 40,000 user mailboxes, most users must have their email retained for 7 years but a subset of identified users (425) must have their email retained for only 5 years. -- **Solution**: Create one retention policy for Exchange email with a retention period of 7 years and exclude the subset of users. Then create a second retention policy for Exchange email with a retention period of 5 years and include the subset of users.
-
+- **Solution**: Create one retention policy for Exchange email with a retention period of 7 years and exclude the subset of users. Then create a second retention policy for Exchange email with a retention period of 5 years and include the subset of users.
+ In both cases, the number included and excluded is below the maximum number of specified mailboxes for a single policy, and the subset of users must be explicitly excluded from the first policy because it has a [longer retention period](retention.md#the-principles-of-retention-or-what-takes-precedence) than the second policy. If the subset of users required a longer retention policy, you wouldn't need to exclude them from the first policy.
-
+ With this solution, if anybody new joins the organization, their mailbox is automatically included in the first policy for 7 years and there is no impact to the maximum numbers supported. However, new users that require the 5-year retention period add to the include and exclude numbers, and this limit would be reached at 1,000. SharePoint example:
SharePoint example:
- **Requirement**: An organization has several thousand SharePoint sites but only 2,000 sites require a retention period of 10 years, and 8,000 sites require a retention period of 4 years. - **Solution**: Create 20 retention policies for SharePoint with a retention period of 10 years that includes 100 specific sites, and create 80 retention policies for SharePoint with a retention period of 4 years that includes 100 specific sites.
-
+ Because you don't need to retain all SharePoint sites, you must create retention policies that specify the specific sites. Because a retention policy doesn't support more than 100 specified sites, you must create multiple policies for the two retention periods. These retention policies have the maximum number of included sites, so the next new site that needs retaining would require a new retention policy, irrespective of the retention period. ## Maximum number of items for disposition
SharePoint example:
For the [disposition of content](disposition.md), there are some limits to be aware of: - Maximum numbers per tenant:
-
- - 16,000,000 items in either of the following disposition review states: pending disposition or approved disposition
-
- - 16,000,000 items marked as records automatically disposed (no disposition review)
+ - 16,000,000 items in either of the following disposition review states: pending disposition or approved disposition
+ - 16,000,000 items marked as records automatically disposed (no disposition review)
- Maximum numbers for each retention label:
-
- - 1,000,000 items pending disposition per stage for each retention label
-
- - Proof of disposition for up to seven years after the item was disposed, with a limit of 1,000,000 items per retention label for that period.
-
- If you need proof of disposition higher than this limit of 1,000,000 for items that are marked as records, contact [Microsoft Support](../admin/get-help-support.md).
+ - 1,000,000 items pending disposition per stage for each retention label
+ - Proof of disposition for up to seven years after the item was disposed, with a limit of 1,000,000 items per retention label for that period.
+
+ If you need proof of disposition higher than this limit of 1,000,000 for items that are marked as records, contact [Microsoft Support](../admin/get-help-support.md).
compliance Retention Preservation Lock https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-preservation-lock.md
All policies for retention and with any configuration support Preservation Lock.
3. To place a Preservation Lock on your policy, run the [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy) cmdlet with the name of the policy, and the *RestrictiveRetention* parameter set to true: ```powershell
- Set-RetentionCompliancePolicy -Identity "<Name of Policy>" ΓÇôRestrictiveRetention $true
+ Set-RetentionCompliancePolicy -Identity "<Name of Policy>" -RestrictiveRetention $true
``` For example:
compliance Retention Regulatory Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-regulatory-requirements.md
Applicable workloads: SharePoint, OneDrive, Teams, Exchange, and Skype for Busin
Released November 2020, this report has been produced in partnership with Cohasset Associates, Inc. (Cohasset) to assess the capabilities of Microsoft 365 services for recording, storing, and managing requirements for electronic records, as specified by: -- Securities and Exchange Commission (SEC) in 17 CFR § 240.17a-4(f), which regulates exchange members, brokers or dealers.
+- Securities and Exchange Commission (SEC) in 17 CFR § 240.17a-4(f), which regulates exchange members, brokers or dealers.
- Financial Industry Regulatory Authority (FINRA) Rule 4511(c), which defers to the format and media requirements of SEC Rule 17a-4(f). -- The principles-based electronic records requirements of the Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d).
+- The principles-based electronic records requirements of the Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d).
The opinion from Cohasset is that when compliance features are properly configured and carefully applied and managed as described in their report, the assessed Microsoft 365 services meet the five requirements related to the recording and non-rewriteable, non-erasable storage of electronic records.
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
f1.keywords:
Previously updated : Last updated : audience: Admin ms.localizationpriority: high-+ - M365-security-compliance - SPO_Content - m365initiative-compliance
+search.appverid:
- MOE150 - MET150 description: Learn about retention policies and retention labels that help you to retain what you need and delete what you don't.
description: Learn about retention policies and retention labels that help you t
> [!NOTE] > If you're seeing messages about retention policies in Teams or have questions about retention labels in your apps, contact your IT department for information about how they have been configured for you. In the meantime, you might find the following articles helpful:
-> - [Teams messages about retention policies](https://support.microsoft.com/office/teams-messages-about-retention-policies-c151fa2f-1558-4cf9-8e51-854e925b483b)
+>
+> - [Teams messages about retention policies](https://support.microsoft.com/office/teams-messages-about-retention-policies-c151fa2f-1558-4cf9-8e51-854e925b483b)
> - [Apply retention labels to files in SharePoint or OneDrive](https://support.microsoft.com/office/apply-retention-labels-to-files-in-sharepoint-or-onedrive-11a6835b-ec9f-40db-8aca-6f5ef18132df) > > The information on this page is for IT administrators who can create retention policies and retention labels for compliance reasons.
Use the following sections to learn more about how retention policies and retent
## How retention settings work with content in place When content has retention settings assigned to it, that content remains in its original location. Most of the time, people continue to work with their documents or mail as if nothing's changed. But if they edit or delete content that's included in the retention policy, a copy of the content is automatically retained.
-
+ - For SharePoint and OneDrive sites: The copy is retained in the **Preservation Hold** library. -- For Exchange mailboxes: The copy is retained in the **Recoverable Items** folder.
+- For Exchange mailboxes: The copy is retained in the **Recoverable Items** folder.
- For Teams and Yammer messages: The copy is retained in a hidden folder named **SubstrateHolds** as a subfolder in the Exchange **Recoverable Items** folder. > [!NOTE] > Because the Preservation Hold library is included in the site's storage quota, you might need to increase your storage when you use retention settings for SharePoint and Microsoft 365 groups.
->
+>
These secure locations and the retained content are not visible to most people. In most cases, people do not even need to know that their content is subject to retention settings. For more detailed information about how retention settings work for different workloads, see the following articles:
To assign your retention settings to content, use **retention policies** and **r
Use a retention policy to assign the same retention settings for content at a site or mailbox level, and use a retention label to assign retention settings at an item level (folder, document, email).
-For example, if all documents in a SharePoint site should be retained for 5 years, it's more efficient to do this with a retention policy than apply the same retention label to all documents in that site. However, if some documents in that site should be retained for 5 years and others retained for 10 years, a retention policy wouldn't be able to do this. When you need to specify retention settings at the item level, use retention labels.
+For example, if all documents in a SharePoint site should be retained for 5 years, it's more efficient to do this with a retention policy than apply the same retention label to all documents in that site. However, if some documents in that site should be retained for 5 years and others retained for 10 years, a retention policy wouldn't be able to do this. When you need to specify retention settings at the item level, use retention labels.
+
+Unlike retention policies, retention settings from retention labels travel with the content if it's moved to a different location within your Microsoft 365 tenant. In addition, retention labels have the following capabilities that retention policies don't support:
-Unlike retention policies, retention settings from retention labels travel with the content if itΓÇÖs moved to a different location within your Microsoft 365 tenant. In addition, retention labels have the following capabilities that retention policies don't support:
-
- Options to start the retention period from when the content was labeled or based on an event, in addition to the age of the content or when it was last modified. - Use [trainable classifiers](classifier-learn-about.md) to identify content to label. - Apply a default label for SharePoint documents. -- Support [disposition review](./disposition.md) to review the content before it's permanently deleted.
+- Support [disposition review](./disposition.md) to review the content before it's permanently deleted.
-- Mark the content as a [record](records-management.md#records) as part of the label settings, and always have [proof of disposition](disposition.md#disposition-of-records) when content is deleted at the end of its retention period.
+- Mark the content as a [record](records-management.md#records) as part of the label settings, and always have [proof of disposition](disposition.md#disposition-of-records) when content is deleted at the end of its retention period.
### Retention policies Retention policies can be applied to the following locations:+ - Exchange email - SharePoint site - OneDrive accounts
Items inherit the retention settings from their container specified in the reten
### Retention labels Use retention labels for different types of content that require different retention settings. For example:
-
-- Tax forms that need to be retained for a minimum period of time.
-
-- Press materials that need to be permanently deleted when they reach a specific age.
-
-- Competitive research that needs to be retained for a specific period and then permanently deleted.
-
-- Work visas that must be marked as a record so that they can't be edited or deleted.
-
+
+- Tax forms that need to be retained for a minimum period of time.
+
+- Press materials that need to be permanently deleted when they reach a specific age.
+
+- Competitive research that needs to be retained for a specific period and then permanently deleted.
+
+- Work visas that must be marked as a record so that they can't be edited or deleted.
+ In all these cases, retention labels let you apply retention settings for governance control at the item level (document or email).
-
+ With retention labels, you can:
-
-- **Enable people in your organization to apply a retention label manually** to content in Outlook and Outlook on the web, OneDrive, SharePoint, and Microsoft 365 groups. Users often know best what type of content they're working with, so they can classify it and have the appropriate retention settings applied.
-
-- **Apply retention labels to content automatically** if it matches specific conditions, that include cloud attachments that are shared in email or Teams, or when the content contains:
- - Specific types of sensitive information.
- - Specific keywords that match a query you create.
- - Pattern matches for a trainable classifier.
+
+- **Enable people in your organization to apply a retention label manually** to content in Outlook and Outlook on the web, OneDrive, SharePoint, and Microsoft 365 groups. Users often know best what type of content they're working with, so they can classify it and have the appropriate retention settings applied.
+
+- **Apply retention labels to content automatically** if it matches specific conditions, that include cloud attachments that are shared in email or Teams, or when the content contains:
+ - Specific types of sensitive information.
+ - Specific keywords that match a query you create.
+ - Pattern matches for a trainable classifier.
- **Start the retention period from when the content was labeled** for documents in SharePoint sites and OneDrive accounts, and for email items.
Retention labels, unlike [sensitivity labels](sensitivity-labels.md), do not per
#### Classifying content without applying any actions Although the main purpose of retention labels is to retain or delete content, you can also use retention labels without turning on any retention or other actions. In this case, you can use a retention label simply as a text label, without enforcing any actions.
-
+ For example, you can create and apply a retention label named "Review later" with no actions, and then use that label to find that content later.
-
+ ![Label settings to classify-only.](../media/retention-label-retentionoff.png) #### Using a retention label as a condition in a DLP policy
You can also create one or more **auto-apply retention label policies**, each wi
#### Retention label policies and locations Retention labels can be published to different locations, depending on what the retention label does.
-
-| If the retention label is… | Then the label policy can be applied to… |
+
+| If the retention label is... | Then the label policy can be applied to... |
|:--|:--| |Published to admins and end users |Exchange, SharePoint, OneDrive, Microsoft 365 Groups | |Auto-applied based on sensitive information types or trainable classifiers |Exchange, SharePoint, OneDrive |
An email or document can have only a single retention label applied to it at a t
For standard retention labels (they don't mark items as a [record or regulatory record](records-management.md#records)): -- Admins and end users can manually change or remove an existing retention label that's applied on content.
+- Admins and end users can manually change or remove an existing retention label that's applied on content.
+
+- When content already has a retention label applied, the existing label won't be automatically removed or replaced by another retention label with one possible exception: The existing label was applied as a default label. When you use a default label, there are some scenarios when it can be replaced by another default label, or automatically removed.
+
+ For more information about the label behavior when it's applied by using a default label:
-- When content already has a retention label applied, the existing label won't be automatically removed or replaced by another retention label with one possible exception: The existing label was applied as a default label. When you use a default label, there are some scenarios when it can be replaced by another default label, or automatically removed.
-
- For more information about the label behavior when it's applied by using a default label:
- - Default label for SharePoint: [Label behavior when you use a default label for SharePoint](create-apply-retention-labels.md#label-behavior-when-you-use-a-default-label-for-sharepoint)
- - Default label for Outlook: [Applying a default retention label to an Outlook folder](create-apply-retention-labels.md#applying-a-default-retention-label-to-an-outlook-folder)
+ - Default label for SharePoint: [Label behavior when you use a default label for SharePoint](create-apply-retention-labels.md#label-behavior-when-you-use-a-default-label-for-sharepoint)
+ - Default label for Outlook: [Applying a default retention label to an Outlook folder](create-apply-retention-labels.md#applying-a-default-retention-label-to-an-outlook-folder)
- If there are multiple auto-apply label policies that could apply a retention label, and content meets the conditions of multiple policies, the retention label for the oldest auto-apply label policy (by date created) is applied.
You can then drill down into details by using [content explorer](data-classifica
After retention labels are applied to content, either by users or auto-applied, you can use content search to find all items that have a specific retention label applied. When you create a content search, choose the **Retention label** condition, and then enter the complete retention label name or part of the label name and use a wildcard. For more information, see [Keyword queries and search conditions for Content Search](keyword-queries-and-search-conditions.md).
-
-![Retention label condition.](../media/retention-label-condition.png)
+![Retention label condition.](../media/retention-label-condition.png)
## Compare capabilities for retention policies and retention labels
Often, the policies will take effect and labels will be visible quicker than 7 d
When you create a retention policy or retention label policy, you must choose between adaptive and static to define the scope of the policy. - An **adaptive scope** uses a query that you specify, so the membership isn't static but dynamic by running daily against the attributes or properties that you specify for the selected locations. You can use multiple adaptive scopes with a single policy.
-
+ Example: Emails and OneDrive documents for executives require a longer retention period than standard users. You create a retention policy with an adaptive scope that uses the Azure AD attribute job title of "Executive", and then select the Exchange email and OneDrive accounts locations for the policy. There's no need to specify email addresses or OneDrive URLs for these users because the adaptive scope automatically retrieves these values. For new executives, there's no need to reconfigure the retention policy because these new users with their corresponding values for email and OneDrive are automatically picked up. - A **static scope** doesn't use queries and is limited in configuration in that it can apply to all instances for a specified location, or use inclusion and exclusions for specific instances for that location. These three choices are sometimes referred to as "org-wide", "includes", and "excludes" respectively.
-
+ Example: Emails and OneDrive documents for executives require a longer retention period than standard users. You create a retention policy with a static scope that selects the Exchange email and OneDrive accounts locations for the policy. For the Exchange email location, you're able to identify a group that contains just the executives, so you specify this group for the retention policy, and the group membership with the respective email addresses is retrieved when the policy is created. For the OneDrive accounts location, you must identify and then specify individual OneDrive URLs for each executive. For new executives, you must reconfigure the retention policy to add the new email addresses and OneDrive URLs. You must also update the OneDrive URLs anytime there is a change in an executive's UPN.
-
+ OneDrive URLs are particularly challenging to reliably specify because by default, these URLs aren't created until the user accesses their OneDrive for the first time. And if a user's UPN changes, which you might not know about, their OneDrive URL automatically changes. Advantages of using adaptive scopes:
Advantages of using adaptive scopes:
- Query-based membership provides resilience against business changes that might not be reliably reflected in group membership or external processes that rely on cross-department communication. - A single retention policy can include locations for both Microsoft Teams and Yammer, whereas when you use a static scope, these locations require their own retention policy.
-
+ - You can apply specific retention settings to just inactive mailboxes. This configuration isn't possible with a static scope because at the time the policy is assigned, static scopes don't support the specific inclusion of recipients with inactive mailboxes. Advantages of using static scopes: - Simpler configuration if you want all instances automatically selected for a workload.
-
+ For "includes" and "excludes", this choice can be a simpler configuration initially if the numbers of instances that you have to specify are low and do not change. However, when these number of instances start to increase and you have frequent changes in your organization that require you to reconfigure your policies, adaptive scopes can be simpler to configure and much easier to maintain. -- The **Skype for Business** and **Exchange public folders** locations don't support adaptive scopes. For those locations, you must use a static scope.
+- The **Skype for Business** and **Exchange public folders** locations don't support adaptive scopes. For those locations, you must use a static scope.
For configuration information, see [Configuring adaptive scopes](retention-settings.md#configuration-information-for-adaptive-scopes).
Before explaining each principle in more detail, it's important to understand th
To apply the principles in action with a series of Yes and No questions, you can also use the [retention flowchart](retention-flowchart.md). Explanation for the four different principles:
-
+ 1. **Retention wins over deletion.** Content won't be permanently deleted when it also has retention settings to retain it. While this principle ensures that content is preserved for compliance reasons, the delete process can still be initiated (user-initiated or system-initiated) and consequently, might remove the content from users' main view. However, permanent deletion is suspended. For more information about how and where content is retained, use the following links for each workload:
-
+ - [How retention works for SharePoint and OneDrive](retention-policies-sharepoint.md#how-retention-works-for-sharepoint-and-onedrive) - [How retention works with Microsoft Teams](retention-policies-teams.md#how-retention-works-with-microsoft-teams) - [How retention works with Yammer](retention-policies-yammer.md#how-retention-works-with-yammer) - [How retention works for Exchange](retention-policies-exchange.md#how-retention-works-for-exchange)
-
+ **Example for this first principle**: An email message is subject to a retention policy for Exchange that is configured to delete items three years after they are created, and it also has a retention label applied that is configured to retain items five years after they are created.
-
+ The email message is retained for five years because this retention action takes precedence over deletion. The email message is permanently deleted at the end of the five years because of the delete action that was suspended while the retention action was in effect. 2. **The longest retention period wins.** If content is subject to multiple retention settings that retain content for different periods of time, the content will be retained until the end of the longest retention period for the item.
-
+ > [!NOTE] > It's possible for a retention period of 5 years in a retention policy or label wins over a retention period of 7 years in a retention policy or label, because the 5-year period is configured to start based on when the file is last modified, and the 7-year period is configured to start from when the file is created.
-
+ **Example for this second principle**: Documents in the Marketing SharePoint site are subject to two retention policies. The first retention policy is configured for all SharePoint sites to retain items for five years after they are created. The second retention policy is configured for specific SharePoint sites to retain items for ten years after they are created.
-
+ Documents in this Marketing SharePoint site are retained for ten years because that's the longest retention period for the item.
-3. **Explicit wins over implicit for deletions.** With conflicts now resolved for retention, only conflicts for deletions remain:
-
+3. **Explicit wins over implicit for deletions.** With conflicts now resolved for retention, only conflicts for deletions remain:
+ 1. A retention label (however it was applied) provides explicit retention in comparison with retention policies, because the retention settings are applied to an individual item rather than implicitly assigned from a container. This means that a delete action from a retention label always takes precedence over a delete action from any retention policy.
-
+ **Example for this third principle (label)**: A document is subject to two retention policies that have a delete action of five years and ten years respectively, and also a retention label that has a delete action of seven years.
-
+ The document is permanently deleted after seven years because the delete action from the retention label takes precedence.
-
+ 2. When you have retention policies only: If a retention policy for a location uses an adaptive scope or a static scope that includes specific instances (such as specific users for Exchange email) that retention policy takes precedence over a static scope that is configured for all instances for the same location.
-
+ A static scope that is configured for all instances for a location is sometimes referred to as an "org-wide policy". For example, **Exchange email** and the default setting of **All recipients**. Or, **SharePoint sites** and the default setting of **All sites**. When retention policies aren't org-wide but have been configured with an adaptive scope or a static scope that includes specific instances, they have equal precedence at this level.
-
+ **Example 1 for this third principle (policies)**: An email message is subject to two retention policies. The first retention policy is unscoped and deletes items after ten years. The second retention policy is scoped to specific mailboxes and deletes items after five years.
-
+ The email message is permanently deleted after five years because the deletion action from the scoped retention policy takes precedence over the org-wide retention policy.
-
+ **Example 2 for this third principle (policies)**: A document in a user's OneDrive account is subject to two retention policies. The first retention policy is scoped to include this user's OneDrive account and has a delete action after 10 years. The second retention policy is scoped to include this user's OneDrive account and has a delete action after seven years.
-
+ When this document will be permanently deleted can't be determined at this level because both retention policies are scoped to include specific instances. 4. **The shortest deletion period wins.** Applicable to determine when items will be deleted from retention policies and the outcome couldn't be resolved from the previous level: Content is permanently deleted at the end of the shortest retention period for the item.
-
+ > [!NOTE] > It's possible that a retention policy that has a retention period of 7 years wins over a retention policy of 5 years because the first policy is configured to start the retention period based on when the file is created, and the second retention policy from when the file is last modified.
-
+ **Example for this fourth principle**: A document in a user's OneDrive account is subject to two retention policies. The first retention policy is scoped to include this user's OneDrive account and has a delete action of 10 years after the file is created. The second retention policy is scoped to include this user's OneDrive account and has a delete action of seven years after the file is created.
-
+ This document will be permanently deleted after seven years because that's the shortest retention period for the item from these two scoped retention policies. Items subject to eDiscovery hold also fall under the first principle of retention; they cannot be permanently deleted by any retention policy or retention label. When that hold is released, the principles of retention continue to apply to them. For example, they could then be subject to an unexpired retention period or a delete action.
Items subject to eDiscovery hold also fall under the first principle of retentio
The following examples are more complex to illustrate the principles of retention when different retain and delete actions are combined. To make the examples easier to follow, all retention policies and labels use the default setting of starting the retention period when the item is created so the end of the retention period is the same for the item. 1. An item has the following retention settings applied to it:
-
+ - A retention policy for delete-only after five years - A retention policy that retains for three years and then deletes - A retention label that retains-only for seven years
-
+ **Outcome**: The item is retained for seven years because retention takes precedence over deletion and seven years is the longest retention period for the item. At the end of this retention period, the item is permanently deleted because of the delete action from the retention policies.
-
- Although the two retention policies have different dates for the delete actions, the earliest that the item can be permanently deleted is at the end of the longest retention period, which is longer than both deletion dates.
-2. An item has the following retention settings applied to it:
-
+ Although the two retention policies have different dates for the delete actions, the earliest that the item can be permanently deleted is at the end of the longest retention period, which is longer than both deletion dates.
+
+2. An item has the following retention settings applied to it:
+ - An org-wide retention policy that deletes-only after ten years - A retention policy scoped with specific instances that retains for five years and then deletes - A retention label that retains for three years and then deletes
-
+ **Outcome**: The item is retained for five years because that's the longest retention period for the item. At the end of that retention period, the item is permanently deleted because of the delete action of three years from the retention label. Deletion from retention labels takes precedence over deletion from all retention policies. In this example, all conflicts are resolved by the third level. ## Use Preservation Lock to restrict changes to policies
-Some organizations might need to comply with rules defined by regulatory bodies such as the Securities and Exchange Commission (SEC) Rule 17a-4, which requires that after a policy for retention is turned on, it cannot be turned off or made less restrictive.
+Some organizations might need to comply with rules defined by regulatory bodies such as the Securities and Exchange Commission (SEC) Rule 17a-4, which requires that after a policy for retention is turned on, it cannot be turned off or made less restrictive.
Preservation Lock ensures your organization can meet such regulatory requirements because it locks a retention policy or retention label policy so that no oneΓÇöincluding an administratorΓÇöcan turn off the policy, delete the policy, or make it less restrictive.
-
+ You apply Preservation Lock after the retention policy or retention label policy is created. For more information and instructions, see [Use Preservation Lock to restrict changes to retention policies and retention label policies](retention-preservation-lock.md). ## Releasing a policy for retention Providing your policies for retention don't have a Preservation Lock, you can delete your policies at any time, which effectively turns off the retention settings for a retention policy, and retention labels can no longer be applied from retention label policies. Any previously applied retention labels remain with their configured retention settings and for these labels, you can still update the retention period when it's not based on when items were labeled.
-You can also keep a policy, but change the location status to off, or disable the policy. Another option is to reconfigure the policy so it no longer includes specific users, sites, groups, and so on.
+You can also keep a policy, but change the location status to off, or disable the policy. Another option is to reconfigure the policy so it no longer includes specific users, sites, groups, and so on.
Additional information for specific locations: - **SharePoint sites and OneDrive accounts:**
-
+ When you release a retention policy for SharePoint sites and OneDrive accounts, any content that's subject to retention from the policy continues to be retained for 30 days to prevent inadvertent data loss. During this 30-day grace period deleted files are still retained (files continue to be added to the Preservation Hold library), but the timer job that periodically cleans up the Preservation Hold library is suspended for these files so you can restore them if necessary.
-
+ An exception to this 30-day grace period is when you update the policy to exclude one or more sites for SharePoint or accounts for OneDrive; in this case, the timer job deletes files for these locations in the Preservation Hold library without the 30-day delay.
-
+ For more information about the Preservation Hold library, see [How retention works for SharePoint and OneDrive](retention-policies-sharepoint.md#how-retention-works-for-sharepoint-and-onedrive).
-
+ Because of the behavior during the grace period, if you re-enable the policy or change the location status back to on within 30 days, the policy resumes without any permanent data loss during this time. - **Exchange email and Microsoft 365 Groups**
-
- When you release a retention policy for mailboxes that are [inactive](inactive-mailboxes-in-office-365.md) at the time the policy is released:
-
- - If the retention policy is explicitly applied to a mailbox, the retention settings no longer apply. With no retention settings applied, an inactive mailbox becomes eligible for automatic deletion in the usual way.
-
- An explicit retention policy requires either an adaptive policy scope, or a static policy scope with an include configuration that specified an active mailbox at the time the policy was applied and later became inactive
-
- - If the retention policy is implicitly applied to a mailbox and the configured retention action is to retain, the retention policy continues to apply and an inactive mailbox never becomes eligible for automatic deletion. When the retain action no longer applies because the retention period has expired, the Exchange admin can now [manually delete the inactive mailbox](delete-an-inactive-mailbox.md)
-
- An implicit retention policy requires a static policy scope with the **All recipients** (for Exchange email) or **All groups** (for Microsoft 365 Groups) configuration.
-
+
+ When you release a retention policy for mailboxes that are [inactive](inactive-mailboxes-in-office-365.md) at the time the policy is released:
+
+ - If the retention policy is explicitly applied to a mailbox, the retention settings no longer apply. With no retention settings applied, an inactive mailbox becomes eligible for automatic deletion in the usual way.
+
+ An explicit retention policy requires either an adaptive policy scope, or a static policy scope with an include configuration that specified an active mailbox at the time the policy was applied and later became inactive
+
+ - If the retention policy is implicitly applied to a mailbox and the configured retention action is to retain, the retention policy continues to apply and an inactive mailbox never becomes eligible for automatic deletion. When the retain action no longer applies because the retention period has expired, the Exchange admin can now [manually delete the inactive mailbox](delete-an-inactive-mailbox.md)
+
+ An implicit retention policy requires a static policy scope with the **All recipients** (for Exchange email) or **All groups** (for Microsoft 365 Groups) configuration.
+ For more information about inactive mailboxes that have retention policies applied, see [Inactive mailboxes and Microsoft 365 retention](inactive-mailboxes-in-office-365.md#inactive-mailboxes-and-microsoft-365-retention). ## Auditing retention configuration and actions
For the full list of auditing events, see [Retention policy and retention label
Retention actions that are logged as auditing events are available only for retention labels and not for retention policies: - When a retention label is applied, changed, or removed from an item in SharePoint or OneDrive:
- - From **File and page activities**, select **Changed retention label for a file**
+ - From **File and page activities**, select **Changed retention label for a file**
- When a labeled item in SharePoint is marked as a record, and it is unlocked or locked by a user:
- - From **File and page activities**, select **Changed record status to unlocked** and **Changed record status to locked**
+ - From **File and page activities**, select **Changed record status to unlocked** and **Changed record status to locked**
- When a retention label that marks content as a record or regulatory record is applied to an item in Exchange:
- - From **Exchange mailbox activities**, select **Labeled message as a record**
+ - From **Exchange mailbox activities**, select **Labeled message as a record**
- When a labeled item in SharePoint, OneDrive, or Exchange is marked as a record or regulatory record, and it is permanently deleted:
- - From **File and page activities**, select **Deleted file marked as a record**
+ - From **File and page activities**, select **Deleted file marked as a record**
- When a disposition reviewer takes action for an item that's reached the end of its retention period:
- - From **Disposition review activities**, select **Approved disposal**, **Extended retention period**, **Relabeled item**, or **Added reviewers**
+ - From **Disposition review activities**, select **Approved disposal**, **Extended retention period**, **Relabeled item**, or **Added reviewers**
## PowerShell cmdlets for retention policies and retention labels
To use the retention cmdlets, you must first [connect to the Office 365 Security
- [Set-RetentionComplianceRule](/powershell/module/exchange/set-retentioncompliancerule) - ## When to use retention policies and retention labels or eDiscovery holds Although retention settings and [holds that you create with an eDiscovery case](create-ediscovery-holds.md) can both prevent data from being permanently deleted, they are designed for different scenarios. To help you understand the differences and decide which to use, use the following guidance:
If content is subject to both retention settings and an eDiscovery hold, preserv
If you are using older eDiscovery tools to preserve data, see the following resources: -- Exchange:
- - [In-Place Hold and Litigation Hold](/exchange/security-and-compliance/in-place-and-litigation-holds)
- - [How to identify the type of hold placed on an Exchange Online mailbox](./identify-a-hold-on-an-exchange-online-mailbox.md)
+- Exchange:
+ - [In-Place Hold and Litigation Hold](/exchange/security-and-compliance/in-place-and-litigation-holds)
+ - [How to identify the type of hold placed on an Exchange Online mailbox](./identify-a-hold-on-an-exchange-online-mailbox.md)
-- SharePoint and OneDrive:
- - [Add content to a case and place sources on hold in the eDiscovery Center](/SharePoint/governance/add-content-to-a-case-and-place-sources-on-hold-in-the-ediscovery-center)
+- SharePoint and OneDrive:
+ - [Add content to a case and place sources on hold in the eDiscovery Center](/SharePoint/governance/add-content-to-a-case-and-place-sources-on-hold-in-the-ediscovery-center)
- [Retirement of legacy eDiscovery tools](legacy-ediscovery-retirement.md)
If you currently use these older features, they will continue to work side by si
**Older features from Exchange Online:** - [Retention tags and retention policies](/exchange/security-and-compliance/messaging-records-management/retention-tags-and-policies), also known as [messaging records management (MRM)](/exchange/security-and-compliance/messaging-records-management/messaging-records-management) (deletion only)
-
- However, if you use the following MRM features, be aware that they aren't currently supported by Microsoft 365 retention policies:
-
- - An archive policy for [archive mailboxes](enable-archive-mailboxes.md) to automatically move emails from a user's primary mailbox to their archive mailbox after a specified period of time. An archive policy (with any settings) can be used in conjunction with a Microsoft 365 retention policy that applies to a user's primary and archive mailbox.
-
- - Retention policies applied by an admin to specific folders within a mailbox. A Microsoft 365 retention policy applies to all folders in the mailbox. However, an admin can configure different retention settings by using retention labels that a user can apply to folders in Outlook as a [default retention label](create-apply-retention-labels.md#applying-a-default-retention-label-to-an-outlook-folder).
+
+ However, if you use the following MRM features, be aware that they aren't currently supported by Microsoft 365 retention policies:
+
+ - An archive policy for [archive mailboxes](enable-archive-mailboxes.md) to automatically move emails from a user's primary mailbox to their archive mailbox after a specified period of time. An archive policy (with any settings) can be used in conjunction with a Microsoft 365 retention policy that applies to a user's primary and archive mailbox.
+
+ - Retention policies applied by an admin to specific folders within a mailbox. A Microsoft 365 retention policy applies to all folders in the mailbox. However, an admin can configure different retention settings by using retention labels that a user can apply to folders in Outlook as a [default retention label](create-apply-retention-labels.md#applying-a-default-retention-label-to-an-outlook-folder).
- [Litigation hold](create-a-litigation-hold.md) (retention only)
-
- Although Litigation holds are still supported, we recommend you use Microsoft 365 retention or eDiscovery holds, [as appropriate](#when-to-use-retention-policies-and-retention-labels-or-ediscovery-holds).
+
+ Although Litigation holds are still supported, we recommend you use Microsoft 365 retention or eDiscovery holds, [as appropriate](#when-to-use-retention-policies-and-retention-labels-or-ediscovery-holds).
**Older features from SharePoint and OneDrive:** - [Document deletion policies](https://support.office.com/article/Create-a-document-deletion-policy-in-SharePoint-Server-2016-4fe26e19-4849-4eb9-a044-840ab47458ff) (deletion only)
-
-- [Configuring in place records management](https://support.office.com/article/7707a878-780c-4be6-9cb0-9718ecde050a) (retention only)
-
+
+- [Configuring in place records management](https://support.office.com/article/7707a878-780c-4be6-9cb0-9718ecde050a) (retention only)
+ - [Use policies for site closure and deletion](https://support.microsoft.com/en-us/office/use-policies-for-site-closure-and-deletion-a8280d82-27fd-48c5-9adf-8a5431208ba5) (deletion only)
-
+ - [Information management policies](intro-to-info-mgmt-policies.md) (deletion only)
-
-If you have configured SharePoint sites for content type policies or information management policies to retain content for a list or library, those policies are ignored while a retention policy is in effect.
+
+If you have configured SharePoint sites for content type policies or information management policies to retain content for a list or library, those policies are ignored while a retention policy is in effect.
## Related information - [SharePoint Online Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits)-- [Limits and specifications for Microsoft Teams](/microsoftteams/limits-specifications-teams)
+- [Limits and specifications for Microsoft Teams](/microsoftteams/limits-specifications-teams)
- [Resources to help you meet regulatory requirements for information governance and records management](retention-regulatory-requirements.md) ## Configuration guidance
compliance Revoke Ome Encrypted Mail https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/revoke-ome-encrypted-mail.md
To verify whether you can revoke a particular email message by using Windows Pow
```console Subject IsRevocable - --
- "Test message" True
+ "Test message" True
``` ### Step 3. Revoke the mail
compliance Search The Audit Log In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance.md
The following table describes the configuration activities for [retention polici
|Friendly name|Operation|Description| |:--|:--|:--|
-| Changed adaptive scope membership |ApplicableAdaptiveScopeChange |Users, sites, or groups were added to or removed from the adaptive scope. These changes are the results of running the scopeΓÇÖs query. Because the changes are system-initiated, the reported user displays as a GUID rather than a user account.|
+| Changed adaptive scope membership |ApplicableAdaptiveScopeChange |Users, sites, or groups were added to or removed from the adaptive scope. These changes are the results of running the scope's query. Because the changes are system-initiated, the reported user displays as a GUID rather than a user account.|
| Configured settings for a retention policy |NewRetentionComplianceRule |Administrator configured the retention settings for a new retention policy. Retention settings include how long items are retained, and what happens to items when the retention period expires (such as deleting items, retaining items, or retaining and then deleting them). This activity also corresponds to running the [New-RetentionComplianceRule](/powershell/module/exchange/new-retentioncompliancerule) cmdlet.| | Created adaptive scope |NewAdaptiveScope |Administrator created an adaptive scope.| | Created retention label |NewComplianceTag |Administrator created a new retention label.|
compliance Sensitive Information Type Entity Definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
Title: "Sensitive information type entity definitions" f1.keywords:+ - CSH
audience: Admin
search.appverid: MET150 f1_keywords:+ - 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation' ms.localizationpriority: medium + - M365-security-compliance hideEdit: true feedback_system: None
This article lists all sensitive information type entity definitions. Each defin
> [!NOTE] > Mapping of confidence level (high/medium/low) with accuracy number (numeric value of 1 to 100)
+>
> - Low confidence: 65 or below > - Medium confidence: 75 > - High confidence: 85 - ## ABA routing number ### Format
nine digits that may be in a formatted or unformatted pattern
- an optional hyphen - a digit - ### Checksum Yes
Yes
### Definition A policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_aba_routing finds content that matches the pattern. - A keyword from Keyword_ABA_Routing is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_aba_routing finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_aba_routing -- aba number
+- aba number
- aba# - aba - abarouting#
A DLP policy has low confidence that it's detected this type of sensitive inform
- americanbankassociationroutingnumber - bankrouting# - bankroutingnumber-- routing #-- routing no-- routing number-- routing transit number
+- routing #
+- routing no
+- routing number
+- routing transit number
- routing# - RTN - ## All full names All full names is a bundled named entity. It detects full names for people from all supported countries/regions, which include Australia, China, Japan, U.S., and countries in the EU. Use this SIT to detect all possible matches of full names.
No.
This named entity SIT matches personal names that a human would identify as a name with high confidence. For example, if a string is found consisting of a given name and is followed by a family name then a match is made with high confidence. It uses three primary resources: -- A dictionary of given names.-- A dictionary of family names.-- Patterns of how names are formed.
+- A dictionary of given names.
+- A dictionary of family names.
+- Patterns of how names are formed.
The three resources are different for each country. The strings *Olivia Wilson* would trigger a match. Common given/family names are given a higher confidence than rarer names. However, the pattern also allows partial matches. If a given name from the dictionary is found and it's followed by a family name that isn't in the dictionary, then a partial match is triggered. For example, *Tomas Richard* would trigger a partial match. Partial matches are given lower confidence.
In addition, patterns that a human would see as indicative of names are also mat
- Swedish - Turkish - ## All medical terms and conditions All medical terms and conditions is a bundled named entity that detects medical terms and medical conditions. It detects English terms only. Use this SIT to detect all possible matches of medical terms and conditions.
This bundled named entity matches text that mentions medical conditions that are
This bundled named entity SIT contains these individual SITs. -- Blood test terms
+- Blood test terms
- Types of medication - Diseases - Generic medication names
This bundled named entity SIT contains these individual SITs.
- Surgical procedures - Brand medication names - ## All Physical Addresses All physical addresses is a bundled entity SIT, which detects patterns related to physical addresses from all supported countries/regions.
No
The matching of street addresses is designed to match strings that a human would identify as a street address. To do this, it uses several primary resources: -- A dictionary of settlements, counties and regions.-- A dictionary of street suffixes, like Road, Street, or Avenue.-- Patterns of postal codes.-- Patterns of address formats.
+- A dictionary of settlements, counties and regions.
+- A dictionary of street suffixes, like Road, Street, or Avenue.
+- Patterns of postal codes.
+- Patterns of address formats.
The resources are different for each country. The primary resources are the patterns of address formats that are used in a given country. Different formats are chosen to make sure that as many addresses as possible are matched. These formats allow flexibility, for example, an address may omit the postal code or omit a town name or have a street with no street suffix. In all cases, such matches are used to increase the confidence of the match.
This bundled named entity SIT contains these individual SITs:
- Swedish - Turkish - ## Argentina national identity (DNI) number ### Format
Eight digits with or without periods
### Pattern Eight digits:+ - two digits - an optional period - three digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_argentina_national_id finds content that matches the pattern. - A keyword from Keyword_argentina_national_id is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- registro nacional de las personas - rnp - ## Argentina Unique Tax Identification Key (CUIT/CUIL) ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 11 digits with a dash:+ - two digits in 20, 23, 24, 27, 30, 33 or 34 - a hyphen (-) - eight digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern. - A keyword from `Keyword_Argentina_Unique_Tax_Key` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_Argentina_Unique_Tax_Key -- Clave Unica de Identificacion Tributaria
+- Clave Unica de Identificacion Tributaria
- CUIT-- unique code of labour identification -- Clave Única de Identificación Tributaria-- unique labour identification code
+- unique code of labour identification
+- Clave Única de Identificación Tributaria
+- unique labour identification code
- CUIL-- Unique Tax Identification Key-- Unique Labour Identification Key-- Unique Key of Labour Identification-- Unique Work Identification Code-- Unique Code of Work Identification-- Unique Work Identification Key-- Unique Key of Work Identification-- Unique Code of Tax Identification-- Unique Key of Tax Identification-- Unique Labor Identification Code-- Unique Code of Labor Identification-- Unique Labor Identification Key-- Unique Key of Labor Identification-- tax ID
+- Unique Tax Identification Key
+- Unique Labour Identification Key
+- Unique Key of Labour Identification
+- Unique Work Identification Code
+- Unique Code of Work Identification
+- Unique Work Identification Key
+- Unique Key of Work Identification
+- Unique Code of Tax Identification
+- Unique Key of Tax Identification
+- Unique Labor Identification Code
+- Unique Code of Labor Identification
+- Unique Labor Identification Key
+- Unique Key of Labor Identification
+- tax ID
- taxID# - taxId - taxidnumber-- tax number-- tax no-- tax #
+- tax number
+- tax no
+- tax #
- tax#-- taxpayer ID-- taxpayer number-- taxpayer no-- taxpayer #
+- taxpayer ID
+- taxpayer number
+- taxpayer no
+- taxpayer #
- taxpayer#-- tax identity-- tax identification-- Número de Identificación Fiscal-- número de contribuyente-
+- tax identity
+- tax identification
+- N├║mero de Identificaci├│n Fiscal
+- n├║mero de contribuyente
## Australia bank account number
six to 10 digits with or without a bank state branch number
Account number is 6 to 10 digits. Australia bank state branch number:+ - three digits - a hyphen - three digits
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_australia_bank_account_number finds content that matches the pattern. - A keyword from Keyword_australia_bank_account_number is found. - The regular expression Regex_australia_bank_account_number_bsb finds content that matches the pattern. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_australia_bank_account_number finds content that matches the pattern. - A keyword from Keyword_australia_bank_account_number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- full names - iaea - ## Australia business number This sensitive information type is only available for use in:
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_australian_business_number finds content that matches the pattern. - A keyword from Keywords_australian_business_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_australian_business_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_australia_business_number -- australia business no-- business number
+- australia business no
+- business number
- abn# - businessid#-- business id
+- business id
- abn - businessno# - ## Australia company number This sensitive information type is only available for use in:
nine digits with delimiters:
- a space - three digits - ### Checksum Yes
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Australian_Company_Number finds content that matches the pattern. - A keyword from Keyword_Australian_Company_Number is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Australian_Company_Number finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_australia_company_number - acn-- australia company no-- australia company no#-- australia company number-- australian company no-- australian company no#-- australian company number-
+- australia company no
+- australia company no#
+- australia company number
+- australian company no
+- australian company no#
+- australian company number
## Australia driver's license number
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_australia_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_australia_drivers_license_number is found. - No keyword from Keyword_australia_drivers_license_number_exclusions is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Driver's License# - Driver's Licenses# - ## Australia medical account number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10-11 digits:+ - First digit is in the range 2-6 - Ninth digit is a check digit - Tenth digit is the issue digit
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_australian_medical_account_number finds content that matches the pattern. - A keyword from Keyword_Australia_Medical_Account_Number is found. - The checksum passes. - ```xml <!-- Australia Medical Account Number --> <Entity id="104a99a0-3d3b-4542-a40d-ab0b9e1efe63" recommendedConfidence="85" patternsProximity="300">
A DLP policy has high confidence that it's detected this type of sensitive infor
- local service - medicare - ## Australia passport number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_australia_passport_number` finds content that matches the pattern. - A keyword from `Keyword_australia_passport_number` is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_australia_passport_number` finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_australia_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers-- passport details-- immigration and citizenship-- commonwealth of australia-- department of immigration-- national identity card-- travel document-- issuing authority-
+- passport numbers
+- passport details
+- immigration and citizenship
+- commonwealth of australia
+- department of immigration
+- national identity card
+- travel document
+- issuing authority
-## Australia physical addresses
+## Australia physical addresses
Unbundled named entity, detects patterns related to physical address from Australia. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT. ### Confidence level medium - ## Australia tax file number ### Format
eight to nine digits
### Pattern eight to nine digits typically presented with spaces as follows:+ - three digits - an optional space - three digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_australian_tax_file_number finds content that matches the pattern. - No keyword from Keyword_Australia_Tax_File_Number or Keyword_number_exclusions is found. - The checksum passes.
A DLP policy has high confidence that it's detected this type of sensitive infor
- tax file number - tfn - ## Austria driver's license number ### Format
No
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The regular expression `Regex_austria_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_austria_eu_driver's_license_number` is found.
+- The regular expression `Regex_austria_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_austria_eu_driver's_license_number` is found.
```xml <!-- Austria Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_austria_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- F├╝hrerscheinnummer - F├╝hrerscheinnummern - ## Austria identity card This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
A 24-character combination of letters, digits, and special characters
24 characters: -- 22 letters (not case-sensitive), digits, backslashes, forward slashes, or plus signs
+- 22 letters (not case-sensitive), digits, backslashes, forward slashes, or plus signs
- two letters (not case-sensitive), digits, backslashes, forward slashes, plus signs, or equal signs
Not applicable
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The regular expression `Regex_austria_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_austria_eu_national_id_card` is found.
+- The regular expression `Regex_austria_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_austria_eu_national_id_card` is found.
```xml <!-- Austria Identity Card -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_austria_eu_national_id_card -- identity number-- national id-- personalausweis republik österreich-
+- identity number
+- national id
+- personalausweis republik ├╢sterreich
## Austria passport number
not applicable
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.+
+- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.+
+- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.
```xml <!-- Austria Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_austria_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Austria physical addresses This unbundled named entity detects patterns related to physical address from Austria. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Au
Medium - ## Austria social security number ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.-- a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found.+
+- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.
+- a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.+
+- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.
```xml <!-- Austria Social Security Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- versicherungsnummer - zdravstveno zavarovanje - ## Austria tax identification number ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_austria_eu_tax_file_number` is found.+
+- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_austria_eu_tax_file_number` is found.
A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Austria Tax Identification Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
- österreich - st.nr. - steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - tax number - ## Austria value added tax This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Austria_Value_Added_Tax finds content that matches the pattern. - A keyword from Keyword_Austria_Value_Added_Tax is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Austria_Value_Added_Tax finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_austria_value_added_tax -- vat number
+- vat number
- vat#-- austrian vat number-- vat no.
+- austrian vat number
+- vat no.
- vatno#-- value added tax number-- austrian vat
+- value added tax number
+- austrian vat
- mwst - umsatzsteuernummer - mwstnummer - ust.-identifikationsnummer - umsatzsteuer-identifikationsnummer-- vat identification number-- atu number-- uid number-
+- vat identification number
+- atu number
+- uid number
## Azure DocumentDB auth key
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureDocumentDBAuthKey finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
A DLP policy has high confidence that it's detected this type of sensitive infor
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Azure IAAS database connection string and Azure SQL connection string ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
A DLP policy has high confidence that it's detected this type of sensitive infor
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Azure IoT connection string ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureIoTConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
This sensitive information type identifies these keywords by using a regular exp
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Azure publish setting password ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzurePublishSettingPasswords finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern. - ```xml <!--Azure Publish Setting Password--> <Entity id="75f4cc8a-a68e-49e5-89ce-fa8f03d286a5" patternsProximity="300" recommendedConfidence="85">
This sensitive information type identifies these keywords by using a regular exp
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Azure Redis cache connection string ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureRedisCacheConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
A DLP policy has high confidence that it's detected this type of sensitive infor
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Azure SAS ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureSAS finds content that matches the pattern. ```xml
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureServiceBusConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
A DLP policy has high confidence that it's detected this type of sensitive infor
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Azure storage account key ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureStorageAccountKey finds content that matches the pattern. - The regular expression CEP_AzureEmulatorStorageAccountFilter doesn't find content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
A DLP policy has high confidence that it's detected this type of sensitive infor
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Azure Storage account key (generic) ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_AzureStorageAccountKeyGeneric finds content that matches the pattern. ```xml
A DLP policy has high confidence that it's detected this type of sensitive infor
</Entity> ``` - ## Belgium driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_belgium_eu_driver's_license_number` finds content that matches the pattern.+
+- The regular expression `Regex_belgium_eu_driver's_license_number` finds content that matches the pattern.
- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_belgium_eu_driver's_license_number` is found. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_belgium_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- fuehrerschein - fuhrerscheinnummer - fuehrerscheinnummer-- permis de conduire-- numéro permis conduire-
+- permis de conduire
+- numéro permis conduire
## Belgium national number
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 11 digits plus delimiters:+ - six digits and two optional periods in the format YY.MM.DD for date of birth - An optional delimiter from dot, dash, space - three sequential digits (odd for males, even for females)
Yes
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_belgium_national_number finds content that matches the pattern. - A keyword from Keyword_belgium_national_number is found. - The checksum passes. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_belgium_national_number finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_belgium_national_number -- belasting aantal
+- belasting aantal
- bnn# - bnn-- carte d’identité-- identifiant national
+- carte d'identité
+- identifiant national
- identifiantnational# - identificatie - identification
A DLP policy has low confidence that it's detected this type of sensitive inform
- identiteitskaart - identity - inscription-- national number-- national register
+- national number
+- national register
- nationalnumber# - nationalnumber - nif# - nif-- numéro d'assuré-- numéro de registre national-- numéro de sécurité-- numéro d'identification-- numéro d'immatriculation-- numéro national
+- numéro d'assuré
+- numéro de registre national
+- numéro de sécurité
+- numéro d'identification
+- numéro d'immatriculation
+- numéro national
- numéronational#-- personal id number
+- personal id number
- personalausweis - personalidnumber# - registratie - registration - registrationsnumme - registrierung-- social security number
+- social security number
- ssn# - ssn - steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Belgium passport number ### Format
not applicable
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.+
+- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` or `Keywords_belgium_eu_passport_number` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.+
+- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.
```xml <!-- Belgium Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_belgium_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Belgium physical addresses This unbundled named entity detects patterns related to physical addresses from Belgium. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical addresses from
Medium - ## Belgium value added tax number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_belgium_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_belgium_value_added_tax_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_belgium_value_added_tax_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_belgium_value_added_tax_number -- nº tva-- vat number-- vat no-- numéro t.v.a
+- n┬║ tva
+- vat number
+- vat no
+- numéro t.v.a
- umsatzsteuer-identifikationsnummer - umsatzsteuernummer - btw - btw# - vat# - ## Blood test terms This unbundled named entity detects terms related to blood tests, such as *hCG*. It supports English terms only. It is also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
This unbundled named entity detects names of brand medication, such as *Tylenol*
High - ## Brazil CPF number ### Format
High
### Pattern Formatted:+ - three digits - a period - three digits
Formatted:
- two digits that are check digits Unformatted:+ - 11 digits where the last two digits are check digits ### Checksum
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_brazil_cpf finds content that matches the pattern. - A keyword from Keyword_brazil_cpf is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_brazil_cpf finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Inscrição - Receita - ## Brazil legal entity number (CNPJ) ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_brazil_cnpj finds content that matches the pattern. - A keyword from Keyword_brazil_cnpj is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_brazil_cnpj finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Inscrição - Empresa - ## Brazil national identification card (RG) ### Format
Registro de Identidade (RIC) (new format): 11 digits
### Pattern Registro Geral (old format):+ - two digits - a period - three digits
Registro Geral (old format):
- one digit that is a check digit Registro de Identidade (RIC) (new format):+ - 10 digits - a hyphen - one digit that is a check digit
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_brazil_rg finds content that matches the pattern. - A keyword from Keyword_brazil_rg is found. - The checksum passes. - ```xml <!-- Brazil National ID Card (RG) --> <Entity id="486de900-db70-41b3-a886-abdf25af119c" patternsProximity="300" recommendedConfidence="85">
A DLP policy has high confidence that it's detected this type of sensitive infor
- RG (this keyword is case-sensitive) - RIC (this keyword is case-sensitive) - ## Brazil physical addresses This unbundled named entity detects patterns related to physical address from Brazil. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_bulgaria_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_bulgaria_eu_driver's_license_number` is found.+
+- The regular expression `Regex_bulgaria_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_bulgaria_eu_driver's_license_number` is found.
```xml <!-- Bulgaria Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
- driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_bulgaria_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- шофьорска книжка - шофьорски книжки - ## Bulgaria passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.+
+- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.+
+- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.
```xml <!-- Bulgaria Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_bulgaria_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Bulgaria physical addresses This unbundled named entity detects patterns related to physical address from Bulgaria. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
Medium
## Bulgaria uniform civil number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_bulgaria_eu_national_id_card` is found.+
+- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_bulgaria_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.+
+- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Bulgaria Uniform Civil Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- bnn - bucn# - bucn-- edinen grazhdanski nomer
+- edinen grazhdanski nomer
- egn# - egn-- identification number-- national id-- national number
+- identification number
+- national id
+- national number
- nationalnumber# - nationalnumber-- personal id-- personal no-- personal number
+- personal id
+- personal no
+- personal number
- personalidnumber#-- social security number
+- social security number
- ssn# - ssn-- uniform civil id-- uniform civil no-- uniform civil number
+- uniform civil id
+- uniform civil no
+- uniform civil number
- uniformcivilno# - uniformcivilno - uniformcivilnumber# - uniformcivilnumber-- unique citizenship number
+- unique citizenship number
- егн# - егн-- единен граждански номер-- идентификационен номер-- личен номер-- лична идентификация-- лично не-- национален номер-- номер на гражданството-- униформ id-- униформ граждански id-- униформ граждански не-- униформ граждански номер
+- единен граждански номер
+- идентификационен номер
+- личен номер
+- лична идентификация
+- лично не
+- национален номер
+- номер на гражданството
+- униформ id
+- униформ граждански id
+- униформ граждански не
+- униформ граждански номер
- униформгражданскиid# - униформгражданскине.# - ## Canada bank account number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
A Canada Bank Account Number is 7 or 12 digits. A Canada bank account transit number is:+ - five digits - a hyphen - three digits
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_canada_bank_account_number finds content that matches the pattern. - A keyword from Keyword_canada_bank_account_number is found. - The regular expression Regex_canada_bank_account_transit_number finds content that matches the pattern. A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_canada_bank_account_number finds content that matches the pattern. - A keyword from Keyword_canada_bank_account_number is found.
A DLP policy has high confidence that it's detected this type of sensitive infor
- banking information - direct deposit - ## Canada driver's license number ### Format
Varies by province
### Pattern Various patterns covering:+ - Alberta - British Columbia - Manitoba
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_[province_name]_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_[province_name]_drivers_license_name is found. - A keyword from Keyword_canada_drivers_license is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- identification cards# - identification# - ## Canada health service number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_canada_health_service_number finds content that matches the pattern. - A keyword from Keyword_canada_health_service_number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- workers compensation - disability - ## Canada passport number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_canada_passport_number finds content that matches the pattern. - A keyword from Keyword_canada_passport_number or Keyword_passport is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- PasseportNon - Passeportn ┬░ - ## Canada personal health identification number (PHIN) ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_canada_phin finds content that matches the pattern. - At least two keywords from Keyword_canada_phin or Keyword_canada_provinces are found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Prince Edward Island - Canada - ## Canada physical addresses This unbundled named entity detects patterns related to physical address from Canada. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Ca
Medium - ## Canada social insurance number ### Format
nine digits with optional hyphens or spaces
### Pattern Formatted:+ - three digits - a hyphen or space - three digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_canadian_sin finds content that matches the pattern. - At least two of the following patterns: - A keyword from Keyword_sin is found.
A DLP policy has high confidence that it's detected this type of sensitive infor
- The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_unformatted_canadian_sin finds content that matches the pattern. - A keyword from Keyword_sin is found. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Birthday - Date of Birth - ## Chile identity card number ### Format
seven to eight digits plus delimiters a check digit or letter
### Pattern seven to eight digits plus delimiters:+ - one to two digits - an optional period - three digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_chile_id_card finds content that matches the pattern. - A keyword from Keyword_chile_id_card is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_chile_id_card finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_chile_id_card -- cédula de identidad
+- cédula de identidad
- identificación-- national identification-- national identification number-- national id-- número de identificación nacional-- rol único nacional-- rol único tributario
+- national identification
+- national identification number
+- national id
+- n├║mero de identificaci├│n nacional
+- rol ├║nico nacional
+- rol ├║nico tributario
- RUN - RUT-- tarjeta de identificación-- Rol Unico Nacional-- Rol Unico Tributario
+- tarjeta de identificaci├│n
+- Rol Unico Nacional
+- Rol Unico Tributario
- RUN# - RUT# - nationaluniqueroleID#-- nacional identidad-- número identificación-- identidad número-- numero identificacion-- identidad numero-- Chilean identity no.-- Chilean identity number-- Chilean identity #-- Unique Tax Registry-- Unique Tributary Role-- Unique Tax Role-- Unique Tributary Number-- Unique National Number-- Unique National Role-- National unique role-- Chile identity no.-- Chile identity number-- Chile identity #
+- nacional identidad
+- n├║mero identificaci├│n
+- identidad n├║mero
+- numero identificacion
+- identidad numero
+- Chilean identity no.
+- Chilean identity number
+- Chilean identity #
+- Unique Tax Registry
+- Unique Tributary Role
+- Unique Tax Role
+- Unique Tributary Number
+- Unique National Number
+- Unique National Role
+- National unique role
+- Chile identity no.
+- Chile identity number
+- Chile identity #
- R.U.T - R.U.N - ## China resident identity card (PRC) number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 18 digits:+ - six digits that are an address code - eight digits in the form YYYYMMDD, which are the date of birth - three digits that are an order code
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_china_resident_id finds content that matches the pattern. - A keyword from Keyword_china_resident_id is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_china_resident_id finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 居民 身份證 - 鑑定 - ## Credit card number ### Format
Yes, the Luhn check
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_credit_card finds content that matches the pattern. - One of the following is true:
- - A keyword from Keyword_cc_verification is found.
- - A keyword from Keyword_cc_name is found.
- - The function Func_expiration_date finds a date in the right date format.
+ - A keyword from Keyword_cc_verification is found.
+ - A keyword from Keyword_cc_name is found.
+ - The function Func_expiration_date finds a date in the right date format.
- The checksum passes. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_credit_card finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_cc_verification -- card verification-- card identification number
+- card verification
+- card identification number
- cvn - cid - cvc2 - cvv2-- pin block-- security code-- security number-- security no-- issue number-- issue no
+- pin block
+- security code
+- security number
+- security no
+- issue number
+- issue no
- cryptogramme-- numéro de sécurité-- numero de securite
+- numéro de sécurité
+- numero de securite
- kreditkartenprüfnummer - kreditkartenprufnummer - prüfziffer - prufziffer-- sicherheits Kode
+- sicherheits Kode
- sicherheitscode - sicherheitsnummer - verfalldatum-- codice di verifica-- cod. sicurezza-- cod sicurezza-- n autorizzazione
+- codice di verifica
+- cod. sicurezza
+- cod sicurezza
+- n autorizzazione
- código - codigo-- cod. seg-- cod seg-- código de segurança-- codigo de seguranca-- codigo de segurança-- código de seguranca-- cód. segurança-- cod. seguranca-- cod. segurança-- cód. seguranca-- cód segurança-- cod seguranca-- cod segurança-- cód seguranca-- número de verificação-- numero de verificacao
+- cod. seg
+- cod seg
+- código de segurança
+- codigo de seguranca
+- codigo de segurança
+- c├│digo de seguranca
+- cód. segurança
+- cod. seguranca
+- cod. segurança
+- c├│d. seguranca
+- cód segurança
+- cod seguranca
+- cod segurança
+- c├│d seguranca
+- número de verificação
+- numero de verificacao
- ablauf-- gültig bis
+- g├╝ltig bis
- gültigkeitsdatum-- gultig bis
+- gultig bis
- gultigkeitsdatum - scadenza-- data scad-- fecha de expiracion-- fecha de venc
+- data scad
+- fecha de expiracion
+- fecha de venc
- vencimiento-- válido hasta-- valido hasta
+- válido hasta
+- valido hasta
- vto-- data de expiração-- data de expiracao-- data em que expira
+- data de expiração
+- data de expiracao
+- data em que expira
- validade - valor - vencimento - transaction-- transaction number-- reference number
+- transaction number
+- reference number
- セキュリティコード-- セキュリティ コード
+- セキュリティ コード
- セキュリティナンバー-- セキュリティ ナンバー
+- セキュリティ ナンバー
- セキュリティ番号 #### Keyword_cc_name - amex-- american express
+- american express
- americanexpress-- americano espresso
+- americano espresso
- Visa - mastercard-- master card
+- master card
- mc - mastercards-- master cards-- diner's Club-- diners club
+- master cards
+- diner's Club
+- diners club
- dinersclub - discover-- discover card
+- discover card
- discovercard-- discover cards
+- discover cards
- JCB - BrandSmart-- japanese card bureau-- carte blanche
+- japanese card bureau
+- carte blanche
- carteblanche-- credit card
+- credit card
- cc# - cc#:-- expiration date-- exp date-- expiry date-- date d’expiration-- date d'exp-- date expiration-- bank card+
+- expiration date
+- exp date
+- expiry date
+- date d'expiration
+- date d'exp
+- date expiration
+- bank card
- bankcard-- card number-- card num
+- card number
+- card num
- cardnumber - cardnumbers-- card numbers
+- card numbers
- creditcard-- credit cards
+- credit cards
- creditcards - ccn-- card holder
+- card holder
- cardholder-- card holders
+- card holders
- cardholders-- check card
+- check card
- checkcard-- check cards
+- check cards
- checkcards-- debit card
+- debit card
- debitcard-- debit cards
+- debit cards
- debitcards-- atm card
+- atm card
- atmcard-- atm cards
+- atm cards
- atmcards - enroute-- en route-- card type-- Cardmember Acct-- cardmember account
+- en route
+- card type
+- Cardmember Acct
+- cardmember account
- Cardno-- Corporate Card-- Corporate cards-- Type of card-- card account number-- card member account-- Cardmember Acct.-- card no.-- card no-- card number-- carte bancaire-- carte de crédit-- carte de credit-- numéro de carte-- numero de carte-- nº de la carte-- nº de carte
+- Corporate Card
+- Corporate cards
+- Type of card
+- card account number
+- card member account
+- Cardmember Acct.
+- card no.
+- card no
+- card number
+- carte bancaire
+- carte de crédit
+- carte de credit
+- numéro de carte
+- numero de carte
+- n┬║ de la carte
+- n┬║ de carte
- kreditkarte - karte - karteninhaber
A DLP policy has low confidence that it's detected this type of sensitive inform
- kartennummer - kreditkartennummer - kreditkarten-nummer-- carta di credito-- carta credito-- n. carta-- n carta-- nr. carta-- nr carta-- numero carta-- numero della carta-- numero di carta-- tarjeta credito-- tarjeta de credito-- tarjeta crédito-- tarjeta de crédito-- tarjeta de atm-- tarjeta atm-- tarjeta debito-- tarjeta de debito-- tarjeta débito-- tarjeta de débito-- nº de tarjeta-- no. de tarjeta-- no de tarjeta-- numero de tarjeta-- número de tarjeta-- tarjeta no
+- carta di credito
+- carta credito
+- n. carta
+- n carta
+- nr. carta
+- nr carta
+- numero carta
+- numero della carta
+- numero di carta
+- tarjeta credito
+- tarjeta de credito
+- tarjeta crédito
+- tarjeta de crédito
+- tarjeta de atm
+- tarjeta atm
+- tarjeta debito
+- tarjeta de debito
+- tarjeta débito
+- tarjeta de débito
+- n┬║ de tarjeta
+- no. de tarjeta
+- no de tarjeta
+- numero de tarjeta
+- n├║mero de tarjeta
+- tarjeta no
- tarjetahabiente-- cartão de crédito-- cartão de credito-- cartao de crédito-- cartao de credito-- cartão de débito-- cartao de débito-- cartão de debito-- cartao de debito-- débito automático-- debito automatico-- número do cartão-- numero do cartão-- número do cartao-- numero do cartao-- número de cartão-- numero de cartão-- número de cartao-- numero de cartao-- nº do cartão-- nº do cartao-- nº. do cartão-- no do cartão-- no do cartao-- no. do cartão-- no. do cartao
+- cartão de crédito
+- cartão de credito
+- cartao de crédito
+- cartao de credito
+- cartão de débito
+- cartao de débito
+- cartão de debito
+- cartao de debito
+- débito automático
+- debito automatico
+- número do cartão
+- numero do cartão
+- n├║mero do cartao
+- numero do cartao
+- número de cartão
+- numero de cartão
+- n├║mero de cartao
+- numero de cartao
+- nº do cartão
+- n┬║ do cartao
+- nº. do cartão
+- no do cartão
+- no do cartao
+- no. do cartão
+- no. do cartao
- rupay - union pay - unionpay
A DLP policy has low confidence that it's detected this type of sensitive inform
- カード# - アメックス - アメリカンエクスプレス-- アメリカン エクスプレス
+- アメリカン エクスプレス
- Visaカード-- Visa カード
+- Visa カード
- マスターカード-- マスター カード
+- マスター カード
- マスター - ダイナースクラブ-- ダイナース クラブ
+- ダイナース クラブ
- ダイナース - 有効期限 - 期限 - キャッシュカード-- キャッシュ カード
+- キャッシュ カード
- カード名義人 - カードの名義人 - カードの名義-- デビット カード
+- デビット カード
- デビットカード - 中国银联 - 银联 - ## Croatia driver's license number ### Format
No
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The regular expression `Regex_croatia_eu_driver's_license_number` finds content that matches the pattern.
+- The regular expression `Regex_croatia_eu_driver's_license_number` finds content that matches the pattern.
- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_croatia_eu_driver's_license_number` is found. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_croatia_eu_driver's_license_number - voza─ìka dozvola - voza─ìke dozvole - ## Croatia identity card number+ This entity is included in the EU National Identification Number sensitive information type. It's available as a stand-alone sensitive information type entity. ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_croatia_id_card finds content that matches the pattern. - A keyword from Keyword_croatia_id_card is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_croatia_id_card -- majstorski broj građana-- master citizen number-- nacionalni identifikacijski broj-- national identification number
+- majstorski broj gra─æana
+- master citizen number
+- nacionalni identifikacijski broj
+- national identification number
- oib# - oib-- osobna iskaznica-- osobni id-- osobni identifikacijski broj-- personal identification number-- porezni broj-- porezni identifikacijski broj-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- osobna iskaznica
+- osobni id
+- osobni identifikacijski broj
+- personal identification number
+- porezni broj
+- porezni identifikacijski broj
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Croatia passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.+
+- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.+
+- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.
```xml <!-- Croatia Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
</Pattern> </Entity> ```+ ### Keywords #### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_croatia_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 11 digits:+ - 10 digits - final digit is a check digit
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_croatia_oib_number finds content that matches the pattern. - A keyword from Keywords_croatia_eu_tax_file_number is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_croatia_oib_number finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_croatia_oib_number -- majstorski broj građana-- master citizen number-- nacionalni identifikacijski broj-- national identification number
+- majstorski broj gra─æana
+- master citizen number
+- nacionalni identifikacijski broj
+- national identification number
- oib# - oib-- osobna iskaznica-- osobni id-- osobni identifikacijski broj-- personal identification number-- porezni broj-- porezni identifikacijski broj-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- osobna iskaznica
+- osobni id
+- osobni identifikacijski broj
+- personal identification number
+- porezni broj
+- porezni identifikacijski broj
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Croatia physical addresses This unbundled named entity detects patterns related to physical address from Croatia. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Cr
Medium - ## Cyprus drivers license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_cyprus_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_cyprus_eu_driver's_license_number` is found.+
+- The regular expression `Regex_cyprus_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_cyprus_eu_driver's_license_number` is found.
```xml <!-- Cyprus Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_cyprus_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- αριθμό άδειας οδήγησης - άδειες οδήγησης - ## Cyprus identity card This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
not applicable
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_cyprus_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_cyprus_eu_national_id_card` is found.+
+- The regular expression `Regex_cyprus_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_cyprus_eu_national_id_card` is found.
```xml <!-- Cyprus Identity Card -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_cyprus_eu_national_id_card -- id card number-- identity card number-- kimlik karti-- national identification number-- personal id number
+- id card number
+- identity card number
+- kimlik karti
+- national identification number
+- personal id number
- ταυτοτητασ - ## Cyprus passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.+
+- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.
- The regular expression `Regex_cyprus_eu_passport_date` finds date in the format DD/MM/YYYY or a keyword from `Keywords_cyprus_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.+
+- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.
```xml <!-- Cyprus Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_cyprus_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- expires on - issued on - ## Cyprus physical addresses This unbundled named entity detects patterns related to physical address from Cyprus. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Cy
Medium ## Cyprus tax identification number+ This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
not applicable
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_cyprus_eu_tax_file_number` is found.+
+- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_cyprus_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Cyprus Tax Identification Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_cyprus_eu_tax_file_number -- tax id-- tax identification code-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification code
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- taxnumber - tic# - tic-- tin id-- tin no
+- tin id
+- tin no
- tin#-- vergi kimlik kodu-- vergi kimlik numarası-- αριθμός φορολογικού μητρώου-- κωδικός φορολογικού μητρώου-- φορολογική ταυτότητα-- φορολογικού κωδικού-
+- vergi kimlik kodu
+- vergi kimlik numaras─▒
+- αριθμός φορολογικού μητρώου
+- κωδικός φορολογικού μητρώου
+- φορολογική ταυτότητα
+- φορολογικού κωδικού
## Czech driver's license number
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_czech_republic_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_czech_republic_eu_driver's_license_number` is found.+
+- The regular expression `Regex_czech_republic_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_czech_republic_eu_driver's_license_number` is found.
```xml <Entity id="86b40d3b-d8ea-4c36-aab0-ef9416a6769c" patternsProximity="300" recommendedConfidence="75">
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_czech_republic_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- číslo řidičského průkazu - čísla řidičských průkazů - ## Czech passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.+
+- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.+
+- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.
```xml <!-- Czech Republic Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_czech_republic_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Czech personal identity number ### Format nine digits with optional forward slash (old format)+ 10 digits with optional forward slash (new format) ### Pattern nine digits (old format):+ - six digits that represent date of birth - an optional forward slash - three digits 10 digits (new format):+ - six digits that represent date of birth - an optional forward slash - four digits where last digit is a check digit
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_czech_id_card -- birth number-- czech republic id
+- birth number
+- czech republic id
- czechidno#-- daňové číslo-- identifikační číslo-- identity no-- identity number
+- daňové číslo
+- identifikační číslo
+- identity no
+- identity number
- identityno# - identityno-- insurance number-- national identification number
+- insurance number
+- national identification number
- nationalnumber#-- national number-- osobní číslo
+- national number
+- osobní číslo
- personalidnumber#-- personal id number-- personal identification number-- personal number
+- personal id number
+- personal identification number
+- personal number
- pid# - pid-- pojištění číslo
+- pojištění číslo
- rč-- rodne cislo-- rodné číslo
+- rodne cislo
+- rodné číslo
- ssn - ssn#-- social security number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- social security number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin#-- unique identification number-
+- unique identification number
## Czech Republic physical addresses
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_denmark_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_denmark_eu_driver's_license_number` is found.+
+- The regular expression `Regex_denmark_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_denmark_eu_driver's_license_number` is found.
```xml <!-- Denmark Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_denmark_eu_driver's_license_number - k├╕rekort - k├╕rekortnummer - ## Denmark passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.+
+- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.+
+- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.
```xml <!-- Denmark Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_denmark_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Denmark personal identification number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10 digits:+ - six digits in the format DDMMYY, which are the date of birth - an optional space or hyphen - four digits where the final digit is a check digit
Yes
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern. - A keyword from Keyword_denmark_id is found. - The checksum passes. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_denmark_id -- centrale personregister-- civilt registreringssystem
+- centrale personregister
+- civilt registreringssystem
- cpr - cpr#-- gesundheitskarte nummer-- gesundheitsversicherungkarte nummer-- health card-- health insurance card number-- health insurance number-- identification number
+- gesundheitskarte nummer
+- gesundheitsversicherungkarte nummer
+- health card
+- health insurance card number
+- health insurance number
+- identification number
- identifikationsnummer - identifikationsnummer#-- identity number
+- identity number
- krankenkassennummer - nationalid# - nationalnumber#-- national number
+- national number
- personalidnumber# - personalidentityno#-- personal id number
+- personal id number
- personnummer - personnummer# - reisekrankenversicherungskartenummer - rejsesygesikringskort - ssn - ssn#-- skat id-- skat kode-- skat nummer
+- skat id
+- skat kode
+- skat nummer
- skattenummer-- social security number
+- social security number
- sundhedsforsikringskort - sundhedsforsikringsnummer - sundhedskort - sundhedskortnummer - sygesikring - sygesikringkortnummer-- tax code-- travel health insurance card
+- tax code
+- travel health insurance card
- uniqueidentityno#-- tax number-- tax registration number-- tax id-- tax identification number
+- tax number
+- tax registration number
+- tax id
+- tax identification number
- taxid# - taxnumber#-- tax no
+- tax no
- taxno# - taxnumber-- tax identification no
+- tax identification no
- tin# - taxidno# - taxidnumber#-- tax no#-- tin id-- tin no
+- tax no#
+- tin id
+- tin no
- cpr.nr - cprnr - cprnummer
A DLP policy has low confidence that it's detected this type of sensitive inform
- sygesikringsnr - sygesikringsnummer - ## Denmark physical addresses This unbundled named entity detects patterns related to physical address from Denmark. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from De
Medium - ## Diseases This unbundled named entity detects text that matches disease names, such as *diabetes*. It supports English terms only. It is also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
This unbundled named entity detects text that matches disease names, such as *di
High - ## Drug Enforcement Agency (DEA) number ### Format
two letters followed by seven digits
### Pattern Pattern must include all of the following:+ - one letter (not case-sensitive) from this set of possible letters: A/B/F/G/M/P/R, which is a registrant code - one letter (not case-sensitive), which is the first letter of the registrant's last name or digit '9' - seven digits, the last of which is the check digit
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_dea_number finds content that matches the pattern. - A keyword from `Keyword_dea_number` is found - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_dea_number finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- drug enforcement administration - drug enforcement agency - ## Estonia driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_estonia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_estonia_eu_driver's_license_number` is found.+
+- The regular expression `Regex_estonia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_estonia_eu_driver's_license_number` is found.
```xml <!-- Estonia Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_estonia_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- juhiloa number - juhiluba - ## Estonia passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.+
+- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.+
+- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.
```xml <!-- Estonia Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_estonia_eu_passport_number
dokumendi nr
- date of issue - date of expiry - ## Estonia Personal Identification Code This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_estonia_eu_national_id_card` is found.+
+- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_estonia_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.+
+- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Estonia Personal Identification Code -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- ik - isikukood# - isikukood-- maksu id-- maksukohustuslase identifitseerimisnumber
+- maksu id
+- maksukohustuslase identifitseerimisnumber
- maksunumber-- national identification number-- national number-- personal code-- personal id number-- personal identification code-- personal identification number
+- national identification number
+- national number
+- personal code
+- personal id number
+- personal identification code
+- personal identification number
- personalidnumber#-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Estonia physical addresses This unbundled named entity detects patterns related to physical address from Estonia. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Es
Medium - ## EU debit card number ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_eu_debit_card finds content that matches the pattern. - At least one of the following is true: - A keyword from Keyword_eu_debit_card is found.
A DLP policy has high confidence that it's detected this type of sensitive infor
- vto - válido hasta - ## EU driver's license number These entities are in the EU Driver's License Number and are sensitive information types.
These entities are in the EU Driver's License Number and are sensitive informati
- [Sweden](#sweden-drivers-license-number) - [U.K.](#uk-drivers-license-number) - ## EU national identification number These entities are in the EU National Identification Number and are sensitive information types.
These entities are in the EU National Identification Number and are sensitive in
- [Spain](#spain-dni) - [U.K.](#uk-national-insurance-number-nino) - ## EU passport number These entities are in the EU passport number and are sensitive information types. These entities are in the EU passport number bundle.
These entities are in the EU passport number and are sensitive information types
- [Sweden](#sweden-passport-number) - [U.S./U.K. passport number](#usuk-passport-number) - ## EU social security number or equivalent identification These are the entities that are in the EU Social Security Number or equivalent identification and are sensitive information types.
These are the entities that are in the EU Social Security Number or equivalent i
- [Spain](#spain-social-security-number-ssn) - [Sweden](#sweden-national-id) - ## EU Tax identification number These entities are in the EU Tax identification number sensitive information type.
These entities are in the EU Tax identification number sensitive information typ
- [Sweden](#sweden-tax-identification-number) - [U.K.](#uk-unique-taxpayer-reference-number) - ## Finland driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_finland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_finland_eu_driver's_license_number` is found.+
+- The regular expression `Regex_finland_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_finland_eu_driver's_license_number` is found.
```xml <!-- Finland Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_finland_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- ajokortit - ajokortin numerot - ## Finland european health insurance number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regex Regex_Finland_European_Health_Insurance_Number finds content that matches the pattern. - A keyword from Keyword_Finland_European_Health_Insurance_Number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- ehic# - ehic - finlandehicnumber#-- finska sjukförsäkringskort-- health card-- health insurance card-- health insurance number
+- finska sjukförsäkringskort
+- health card
+- health insurance card
+- health insurance number
- hälsokort - sairaanhoitokortin - sairausvakuutuskortti - sairausvakuutusnumero-- sjukförsäkring nummer
+- sjukförsäkring nummer
- sjukförsäkringskort-- suomen sairausvakuutuskortti
+- suomen sairausvakuutuskortti
- terveyskortti - ## Finland national ID ### Format
six digits plus a character indicating a century plus three digits plus a check
### Pattern Pattern must include all of the following:+ - six digits in the format DDMMYY, which are a date of birth - century marker (either '-', '+' or 'a') - three-digit personal identification number
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - the function Func_finnish_national_id finds content that matches the pattern - a keyword from Keyword_finnish_national_id is found - the checksum passes A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - the function Func_finnish_national_id finds content that matches the pattern - the checksum passes
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Keywords -- ainutlaatuinen henkilökohtainen tunnus-- henkilökohtainen tunnus
+- ainutlaatuinen henkil├╢kohtainen tunnus
+- henkilökohtainen tunnus
- henkilötunnus - henkilötunnusnumero# - henkilötunnusnumero - hetu-- id no-- id number-- identification number-- identiteetti numero-- identity number
+- id no
+- id number
+- identification number
+- identiteetti numero
+- identity number
- idnumber-- kansallinen henkilötunnus-- kansallisen henkilökortin-- national id card-- national id no.-- personal id-- personal identity code
+- kansallinen henkilötunnus
+- kansallisen henkil├╢kortin
+- national id card
+- national id no.
+- personal id
+- personal identity code
- personalidnumber# - personbeteckning - personnummer-- social security number
+- social security number
- sosiaaliturvatunnus-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - tunnistenumero-- tunnus numero
+- tunnus numero
- tunnusluku - tunnusnumero - verokortti
A DLP policy has medium confidence that it's detected this type of sensitive inf
- verotunniste - verotunnus - ## Finland passport number This entity is available in the EU Passport Number sensitive information type and is available as a stand-alone sensitive information type entity.
This entity is available in the EU Passport Number sensitive information type an
combination of nine letters and digits ### Pattern+ combination of nine letters and digits:+ - two letters (not case-sensitive) - seven digits
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_finland_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_finland_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keyword_finland_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Finland physical addresses This unbundled named entity detects patterns related to physical address from Finland. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Fi
Medium - ## France driver's license number This entity is available in the EU Driver's License Number sensitive information type and is available as a stand-alone sensitive information type entity.
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - the function Func_french_drivers_license finds content that matches the pattern. - a keyword from Keyword_french_drivers_license is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-- permis de conduire-- licence number-- license number-- licence numbers-- license numbers-- numéros de licence-
+- dl number
+- permis de conduire
+- licence number
+- license number
+- licence numbers
+- license numbers
+- numéros de licence
## France health insurance number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
This sensitive information type is only available for use in:
- an optional space - a digit - ### Checksum No
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - the regex Regex_France_Health_Insurance_Number finds content that matches the pattern. - a keyword from Keyword_France_Health_Insurance_Number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_France_health_insurance_number -- insurance card-- carte vitale-- carte d'assuré social-
+- insurance card
+- carte vitale
+- carte d'assuré social
## France national id card (CNI)
No
### Definition A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_france_cni finds content that matches the pattern. - A keyword from Keywords_france_eu_national_id_card is found.
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_france_eu_national_id_card -- card number-- carte nationale d’identité-- carte nationale d'idenite no
+- card number
+- carte nationale d'identité
+- carte nationale d'idenite no
- cni# - cni-- compte bancaire-- national identification number-- national identity
+- compte bancaire
+- national identification number
+- national identity
- nationalidno#-- numéro d'assurance maladie-- numéro de carte vitale-
+- numéro d'assurance maladie
+- numéro de carte vitale
## France passport number
nine digits and letters
### Pattern nine digits and letters:+ - two digits - two letters (not case-sensitive) - five digits
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_fr_passport` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_fr_passport` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found. - ```xml <!-- France Passport Number --> <Entity id="3008b884-8c8c-4cd8-a289-99f34fc7ff5d" patternsProximity="300" recommendedConfidence="75">
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_france_eu_passport_number -- numéro de passeport-- passeport n °-- passeport non-- passeport #
+- numéro de passeport
+- passeport n ┬░
+- passeport non
+- passeport #
- passeport# - passeportnon-- passeportn °-- passeport français-- passeport livre-- passeport carte-- numéro passeport-- passeport n°-- n° du passeport-- n° passeport
+- passeportn ┬░
+- passeport français
+- passeport livre
+- passeport carte
+- numéro passeport
+- passeport n┬░
+- n┬░ du passeport
+- n┬░ passeport
#### Keywords_eu_passport_date - date of issue - date of expiry - ## France physical addresses This unbundled named entity detects patterns related to physical address from France. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Fr
Medium - ## France social security number (INSEE) ### Format
Medium
### Pattern Must match one of two patterns:-- 13 digits followed by a space followed by two digits<br/>
-or
+
+- 13 digits followed by a space followed by two digits
+
+ or
+ - 15 consecutive digits ### Checksum
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_french_insee` finds content that matches the pattern. - A keyword from Keyword_fr_insee is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_french_insee or Func_fr_insee finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_fr_insee -- code sécu-- d'identité nationale
+- code sécu
+- d'identité nationale
- insee - fssn#-- le numéro d'identification nationale-- le code de la sécurité sociale-- national id-- national identification-- no d'identité-- no. d'identité-- numéro d'assurance-- numéro d'identité-- numero d'identite-- numéro de sécu-- numéro de sécurité sociale-- no d'identite-- no. d'identite
+- le numéro d'identification nationale
+- le code de la sécurité sociale
+- national id
+- national identification
+- no d'identité
+- no. d'identité
+- numéro d'assurance
+- numéro d'identité
+- numero d'identite
+- numéro de sécu
+- numéro de sécurité sociale
+- no d'identite
+- no. d'identite
- ssn - ssn#-- sécurité sociale-- securité sociale-- securite sociale
+- sécurité sociale
+- securité sociale
+- securite sociale
- socialsecuritynumber-- social security number-- social security code-- social insurance number-
+- social security number
+- social security code
+- social insurance number
## France tax identification number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- A space (optional) - Three check digits - ### Checksum Yes
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_france_eu_tax_file_number` is found.+
+- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_france_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- France Tax Identification Number (numéro SPI.) -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_france_eu_tax_file_number -- numéro d'identification fiscale-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- numéro d'identification fiscale
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## France value added tax number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_france_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_france_value_added_tax_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_france_value_added_tax_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_France_value_added_tax_number -- vat number-- vat no
+- vat number
+- vat no
- vat#-- value added tax-- siren identification no numéro d'identification taxe sur valeur ajoutée-- taxe valeur ajoutée-- taxe sur la valeur ajoutée-- n° tva-- numéro de tva-- numéro d'identification siren-
+- value added tax
+- siren identification no numéro d'identification taxe sur valeur ajoutée
+- taxe valeur ajoutée
+- taxe sur la valeur ajoutée
+- n┬░ tva
+- numéro de tva
+- numéro d'identification siren
## Generic medication names
This unbundled named entity detects names of generic medications, such as *aceta
High - ## Germany driver's license number This sensitive information type entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
combination of 11 digits and letters
### Pattern 11 digits and letters (not case-sensitive):+ - a digit or letter - two digits - six digits or letters
Yes
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_german_drivers_license finds content that matches the pattern. - A keyword from Keyword_german_drivers_license_number is found. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- ausstellungsdatum - ausstellungsort-- ausstellende behöde-- ausstellende behorde-- ausstellende behoerde
+- ausstellende beh├╢de
+- ausstellende behorde
+- ausstellende behoerde
- führerschein - fuhrerschein - fuehrerschein - führerscheinnummer - fuhrerscheinnummer - fuehrerscheinnummer-- führerschein- -- fuhrerschein- -- fuehrerschein- 
+- f├╝hrerschein-
+- fuhrerschein-
+- fuehrerschein-
- f├╝hrerscheinnummernr - fuhrerscheinnummernr - fuehrerscheinnummernr
A DLP policy has medium confidence that it's detected this type of sensitive inf
- n-führerschein - n-fuhrerschein - n-fuehrerschein-- permis de conduire
+- permis de conduire
- driverlic - driverlics - driverlicense - driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
- dlno - ## Germany identity card number ### Format
since 1 November 2010: 9 to 11 characters alphanumeric pattern
- Optional d/D from 1 April 1987 until 31 October 2010:+ - 10 digits ### Checksum
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_german_id_card_with_check` finds content that matches the pattern. - A keyword from `Keyword_germany_id_card` is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_germany_id_card` finds content that matches the pattern (9 characters without check digit issued pre-2010 or 10 digits pattern issued posy 2010). - A keyword from Keyword_germany_id_card is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_german_id_card_with_check` finds content that matches the pattern. - The checksum passes. - ```xml <!-- Germany Identity Card Number -->
- <Entity id="e577372f-c42e-47a0-9d85-bebed1c237d4" patternsProximity="300" recommendedConfidence="75">
+ <Entity id="e577372f-c42e-47a0-9d85-bebed1c237d4" patternsProximity="300" recommendedConfidence="75">
<Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_germany_id_card" />
- <Match idRef="Keyword_germany_id_card" />
+ <IdMatch idRef="Regex_germany_id_card" />
+ <Match idRef="Keyword_germany_id_card" />
</Pattern>
- <Version minEngineVersion="15.20.4545.000">
+ <Version minEngineVersion="15.20.4545.000">
<Pattern confidenceLevel="85"> <IdMatch idRef="Func_german_id_card_with_check" />
- <Match idRef="Keyword_germany_id_card" />
- </Pattern>
+ <Match idRef="Keyword_germany_id_card" />
+ </Pattern>
<Pattern confidenceLevel="65">
- <IdMatch idRef="Func_german_id_card_with_check" />
- </Pattern>
+ <IdMatch idRef="Func_german_id_card_with_check" />
+ </Pattern>
</Version> </Entity> ```
A DLP policy has low confidence that it's detected this type of sensitive inform
- identification - identifikation - identifizierungsnummer-- identity card-- identity number
+- identity card
+- identity number
- id-nummer-- personal id
+- personal id
- personalausweis-- persönliche id nummer-- persönliche identifikationsnummer
+- persönliche id nummer
+- persönliche identifikationsnummer
- persönliche-id-nummer - ## Germany passport number ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_german_passport_checksum` finds content that matches the pattern. - A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_german_passport` finds content that matches the nine characters pattern (without check digit and optional d/D). - A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_german_passport_checksum` finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers-
+- passport numbers
## Germany physical addresses
This unbundled named entity detects patterns related to physical address from Ge
Medium - ## Germany tax identification number ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_germany_eu_tax_file_number` is found.+
+- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_germany_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Germany Tax Identification Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_germany_eu_tax_file_number - identifikationsnummer-- steuer id
+- steuer id
- steueridentifikationsnummer - steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - zinn# - zinn - zinnnummer - ## Germany value added tax number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_germany_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_germany_value_added_tax_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_germany_value_added_tax_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_germany_value_added_tax_number -- vat number-- vat no
+- vat number
+- vat no
- vat#-- vat#  mehrwertsteuer
+- vat# mehrwertsteuer
- mwst-- mehrwertsteuer identifikationsnummer-- mehrwertsteuer nummer-
+- mehrwertsteuer identifikationsnummer
+- mehrwertsteuer nummer
## Greece driver's license number
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_greece_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_greece_eu_driver's_license_number` is found.+
+- The regular expression `Regex_greece_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_greece_eu_driver's_license_number` is found.
```xml <!-- Greece Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_greece_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Άδεια οδήγησης - Δίπλωμα οδήγησης - ## Greece national ID card ### Format
Combination of 7-8 letters and numbers plus a dash
### Pattern Seven letters and numbers (old format):+ - One letter (any letter of the Greek alphabet) - A dash - Six digits Eight letters and numbers (new format):+ - Two letters whose uppercase character occurs in both the Greek and Latin alphabets (ABEZHIKMNOPTYX) - A dash - Six digits
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_greece_id_card finds content that matches the pattern. - A keyword from Keyword_greece_id_card is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_greece_id_card finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_greece_id_card -- greek id-- greek national id-- greek personal id card-- greek police id-- identity card
+- greek id
+- greek national id
+- greek personal id card
+- greek police id
+- identity card
- tautotita - ταυτότητα - ταυτότητας - ## Greece passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.+
+- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.
- The regular expression `Regex_greece_eu_passport_date` finds date in the format DD MMM YY (Example - 28 Aug 19) or a keyword from `Keywords_greece_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.+
+- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.
```xml <!-- Greece Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_greece_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- αριθμούς διαβατηρίου - αριθμός διαβατηριο - ## Greece physical addresses This unbundled named entity detects patterns related to physical address from Greece. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
Medium
## Greece Social Security Number (AMKA) This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_greece_eu_ssn` finds content that matches the pattern.-- A keyword from `Keywords_greece_eu_ssn_or_equivalent` is found.+
+- The function `Func_greece_eu_ssn` finds content that matches the pattern.
+- A keyword from `Keywords_greece_eu_ssn_or_equivalent` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_greece_eu_ssn` finds content that matches the pattern.+
+- The function `Func_greece_eu_ssn` finds content that matches the pattern.
```xml <!-- Greece Social Security Number (AMKA) -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- a.m.k.a. - Αριθμού Μητρώου Κοινωνικής Ασφάλισης - ## Greece tax identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Not applicable
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The regular expression `Regex_greece_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_greece_eu_tax_file_number` is found.
+- The regular expression `Regex_greece_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_greece_eu_tax_file_number` is found.
```xml <!-- Greek Tax Identification Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- afm# - afm-- aφμ|aφμ αριθμός
+- aφμ|aφμ αριθμός
- aφμ-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- tax registry no-- tax registry number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- tax registry no
+- tax registry number
- taxid# - taxidno# - taxidnumber#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- taxnumber# - taxnumber - taxregistryno#-- tin id-- tin no
+- tin id
+- tin no
- tin#-- αριθμός φορολογικού μητρώου-- τον αριθμό φορολογικού μητρώου-- φορολογικού μητρώου νο-
+- αριθμός φορολογικού μητρώου
+- τον αριθμό φορολογικού μητρώου
+- φορολογικού μητρώου νο
## Hong Kong identity card (HKID) number
Combination of 8-9 letters and numbers plus optional parentheses around the fina
### Pattern Combination of 8-9 letters:+ - 1-2 letters (not case-sensitive) - Six digits - optional space
Yes
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_hong_kong_id_card finds content that matches the pattern. - A keyword from Keyword_hong_kong_id_card is found. - The checksum passes. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_hong_kong_id_card finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
- 香港特別行政區非永久性居民身分證 - 香港特別行政區非永久性居民身分証 - ## Hungary driver's license number ### Format
No
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The regular expression `Regex_hungary_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_hungary_eu_driver's_license_number` is found.
+- The regular expression `Regex_hungary_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_hungary_eu_driver's_license_number` is found.
```xml <Entity id="9d31c46b-6e6b-444c-aeb1-6dd7e604bb24" patternsProximity="300" recommendedConfidence="75">
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_hungary_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- vezetői engedély - vezetői engedélyek - ## Hungary passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.+
+- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.
- The regular expression `Regex_hungary_eu_passport_date` finds date in the format DD MMM/MMM YY (Example - 01 MÁR/MAR 12) or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.+
+- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.
```xml <!-- Hungary Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_hungary_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Hungary personal identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_national_id_card` is found.
+- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_hungary_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.
+- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Hungary Personal Identification Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_hungary_eu_national_id_card -- id number-- identification number-- sz ig-- sz. ig.
+- id number
+- identification number
+- sz ig
+- sz. ig.
- sz.ig.-- személyazonosító igazolvány-- személyi igazolvány-
+- személyazonosító igazolvány
+- személyi igazolvány
## Hungary physical addresses
This unbundled named entity detects patterns related to physical address from Hu
Medium - ## Hungary social security number (TAJ) ### Format
Yes
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_ssn_or_equivalent` is found.
+- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.
+- A keyword from `Keywords_hungary_eu_ssn_or_equivalent` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.
+- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.
```xml <!-- Hungarian Social Security Number (TAJ) -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- áfa szám - magyar áfa szám - ## Hungary tax identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_tax_file_number` is found.
+- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_hungary_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.
+- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Hungary Tax Identification Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_hungary_eu_tax_file_number -- adóazonosító szám-- adóhatóság szám
+- adóazonosító szám
+- adóhatóság szám
- adószám-- hungarian tin
+- hungarian tin
- hungatiantin#-- tax authority no-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax authority no
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin#-- vat number-
+- vat number
## Hungary value added tax number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_Hungary_value_added_tax_number - vat-- value added tax number
+- value added tax number
- vat# - vatno# - hungarianvatno#-- tax no.-- value added tax áfa-- közösségi adószám-- általános forgalmi adó szám-- hozzáadottérték adó-- áfa szám-
+- tax no.
+- value added tax áfa
+- közösségi adószám
+- általános forgalmi adó szám
+- hozzáadottérték adó
+- áfa szám
## Iceland physical addresses
This unbundled named entity detects names of impairments listed in the U.S. Disa
High - ## India Driver's License Number ### Format
High
### Pattern 15 letters or digits:+ - two letters indicating state code - optional space or dash - two digits indicating city code
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_india_driving_license` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number_common` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_india_driving_license` finds content that matches the pattern.
+- The regular expression `Regex_india_driving_license` finds content that matches the pattern.
```xml <!-- India Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driver's licenses# - driver's licence# - driver's licences#-- driving licence
+- driving licence
- driving license - dlno# - driv lic
A DLP policy has medium confidence that it's detected this type of sensitive inf
- dlno - dl number -- ## India GST Number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 15 letters or digits:+ - two digits representing valid state code - an optional space or dash-- ten characters representing Permanent Account Number (PAN)
+- ten characters representing Permanent Account Number (PAN)
- one letter or digit - an optional space or dash - one letter 'z' or 'Z'
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_india_gst_number` finds content that matches the pattern. - A keyword from `Keyword_india_gst_number` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_india_gst_number` finds content that matches the pattern.
+- The function `Func_india_gst_number` finds content that matches the pattern.
```xml <!-- India GST number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- goods and services tax - goods and service tax - ## India permanent account number (PAN) ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10 letters or digits:+ - Three letters (not case-sensitive) - A letter in C, P, H, F, A, T, B, L, J, G (not case-sensitive) - A letter
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_india_permanent_account_number finds content that matches the pattern. - A keyword from Keyword_india_permanent_account_number is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression Regex_india_permanent_account_number finds content that matches the pattern.
+- The regular expression Regex_india_permanent_account_number finds content that matches the pattern.
```xml <!-- India Permanent Account Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
### Pattern 12 digits:+ - A digit that is not 0 or 1 - Three digits - An optional space or dash
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_india_aadhaar finds content that matches the pattern. - A keyword from Keyword_india_aadhar is found. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- आधार - uidai - ## India Voter Id Card ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10 letters or digits:+ - three letters - seven digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_india_voter_id_card` finds content that matches the pattern. - A keyword from `Keyword_india_voter_id_card` is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.
+- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.
```xml <!-- India Voter Id Card -->
A DLP policy has low confidence that it's detected this type of sensitive inform
- ECI - election commmision - ## Indonesia identity card (KTP) number ### Format
A DLP policy has low confidence that it's detected this type of sensitive inform
### Pattern 16 digits:+ - Two-digit province code - A period (optional) - Two-digit regency or city code
A DLP policy has high confidence that it's detected this type of sensitive infor
None - ## International classification of diseases (ICD-10-CM) ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - A keyword from Dictionary_icd_10_updated is found. - A keyword from Dictionary_icd_10_codes is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - A keyword from Dictionary_icd_10_ updated is found. ```xml
Any term from the Dictionary_icd_10_updated keyword dictionary, which is based o
Any term from the Dictionary_icd_10_codes keyword dictionary, which is based on the [International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM)](https://go.microsoft.com/fwlink/?linkid=852604). This type looks only for insurance codes, not the description. - ## International classification of diseases (ICD-9-CM) ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - A keyword from Dictionary_icd_9_updated is found. - A keyword from Dictionary_icd_9_codes is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - A keyword from Dictionary_icd_9_updated is found. ```xml
No
### Definition For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_ipv6_address finds content that matches the pattern. - No keyword from Keyword_ipaddress is found. For IPv4, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_ipv4_address finds content that matches the pattern. - A keyword from Keyword_ipaddress is found. For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_ipv6_address finds content that matches the pattern. - No keyword from Keyword_ipaddress is found. ```xml
- <!-- IP Address -->
+ <!-- IP Address -->
<Entity id="1daa4ad5-e2dd-4ca4-a788-54722c09efb2" patternsProximity="300" recommendedConfidence="85"> <Pattern confidenceLevel="85"> <IdMatch idRef="Regex_ipv6_address" />
For IPv6, a DLP policy has high confidence that it's detected this type of sensi
- internet protocol - IP-כתובת ה - ## IP Address v4 ### Format
Complex pattern that accounts for formatted (periods) and unformatted (no period
### Pattern - ### Checksum No
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_ipv4_address` finds content that matches the pattern. - A keyword from `Keyword_ipaddress` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_ipv4_address` finds content that matches the pattern.
+- The regular expression `Regex_ipv4_address` finds content that matches the pattern.
```xml
- <!-- IP Address v4-->
+ <!-- IP Address v4-->
<Entity id="a7dd5e5f-e7f9-4626-a2c6-86a8cb6830d2" patternsProximity="300" recommendedConfidence="75" relaxProximity="true"> <Pattern confidenceLevel="85"> <IdMatch idRef="Regex_ipv4_address" />
A DLP policy has medium confidence that it's detected this type of sensitive inf
- internet protocol - IP-כתובת ה - ## IP Address v6 ### Format
Complex pattern that accounts for formatted IPv6 numbers (which include colons)
### Pattern - ### Checksum No
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_ipv6_address` finds content that matches the pattern. - A keyword from `Keyword_ipaddress` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
+- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
```xml <!-- IP Address v6-->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- internet protocol - IP-כתובת ה - ## Ireland driver's license number ### Format
No
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: -- The regular expression `Regex_ireland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_ireland_eu_driver's_license_number` is found.
+- The regular expression `Regex_ireland_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_ireland_eu_driver's_license_number` is found.
```xml <!-- Ireland Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_ireland_eu_driver's_license_number
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.+
+- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.
- The regular expression `Regex_ireland_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 BEA/MAY 1988) or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.+
+- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.
```xml <!-- Ireland Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_ireland_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Ireland personal public service (PPS) number ### Format Old format (until 31 December 2012):+ - seven digits followed by 1-2 letters New format (1 January 2013 and after):+ - seven digits followed by two letters ### Pattern Old format (until 31 December 2012):+ - seven digits - one to two letters (not case-sensitive) New format (1 January 2013 and after):+ - seven digits - a letter (not case-sensitive) which is an alphabetic check digit-- An optional letter in the range A-I, or ΓÇ£WΓÇ¥
+- An optional letter in the range A-I, or "W"
### Checksum
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_ireland_pps finds content that matches the pattern. - A keyword from Keywords_ireland_eu_national_id_card is found. - The checksum passes. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_ireland_pps finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_ireland_eu_national_id_card -- client identity service-- identification number-- personal id number-- personal public service number-- personal service no-- phearsanta seirbhíse poiblí-- pps no-- pps number-- pps num-- pps service no
+- client identity service
+- identification number
+- personal id number
+- personal public service number
+- personal service no
+- phearsanta seirbhíse poiblí
+- pps no
+- pps number
+- pps num
+- pps service no
- ppsn - ppsno# - ppsno - psp-- public service no
+- public service no
- publicserviceno# - publicserviceno-- revenue and social insurance number-- rsi no-- rsi number
+- revenue and social insurance number
+- rsi no
+- rsi number
- rsin-- seirbhís aitheantais cliant
+- seirbhís aitheantais cliant
- uimh-- uimhir aitheantais chánach-- uimhir aitheantais phearsanta-- uimhir phearsanta seirbhíse poiblí-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- uimhir aitheantais chánach
+- uimhir aitheantais phearsanta
+- uimhir phearsanta seirbhíse poiblí
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Ireland physical addresses This unbundled named entity detects patterns related to physical address from Ireland. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Ir
Medium - ## Israel bank account number ### Format
Medium
### Pattern Formatted:+ - two digits - a dash - three digits
Formatted:
- eight digits Unformatted:+ - 13 consecutive digits ### Checksum
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_israel_bank_account_number finds content that matches the pattern. - A keyword from Keyword_israel_bank_account_number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Account Number - מספר חשבון בנק - ## Israel national identification number ### Format
Yes
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_israeli_national_id_number finds content that matches the pattern. - A keyword from Keyword_Israel_National_ID is found. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_Israel_National_ID --   מספר זהות--   מספר זיה וי--   מספר זיהוי ישר אלי      --   זהותישר אלית--   هو ية اسرائيل ية عدد--   هوية إسرائ يلية--   رقم الهوية--   عدد هوية فريدة من نوعها--   idnumber#--   id number--   identity no        --   identitynumber#--   identity number--   israeliidentitynumber       --   personal id--   unique id  -
+- מספר זהות
+- מספר זיה וי
+- מספר זיהוי ישר אלי
+- זהותישר אלית
+- هو ية اسرائيل ية عدد
+- هوية إسرائ يلية
+- رقم الهوية
+- عدد هوية فريدة من نوعها
+- idnumber#
+- id number
+- identity no
+- identitynumber#
+- identity number
+- israeliidentitynumber
+- personal id
+- unique id
## Italy driver's license number
a combination of 10 letters and digits
### Pattern a combination of 10 letters and digits:+ - one letter (not case-sensitive) - the letter "A" or "V" (not case-sensitive) - seven digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression `Regex_italy_drivers_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keyword_italy_drivers_license_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keyword_italy_drivers_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- patenti di guida - patenti guida - ## Italy fiscal code This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
a 16-character combination of letters and digits in the specified pattern
### Pattern A 16-character combination of letters and digits:+ - three letters that correspond to the first three consonants in the family name - three letters that correspond to the first, third, and fourth consonants in the first name - two digits that correspond to the last digits of the birth year
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_italy_eu_national_id_card` is found.+
+- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_italy_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.+
+- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Italy Fiscal Code -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_italy_eu_national_id_card -- codice fiscal-- codice fiscale-- codice id personale-- codice personale-- fiscal code-- numero certificato personale-- numero di identificazione fiscale-- numero id personale-- numero personale-- personal certificate number-- personal code-- personal id code-- personal id number
+- codice fiscal
+- codice fiscale
+- codice id personale
+- codice personale
+- fiscal code
+- numero certificato personale
+- numero di identificazione fiscale
+- numero id personale
+- numero personale
+- personal certificate number
+- personal code
+- personal id code
+- personal id number
- personalcodeno#-- tax code-- tax id-- tax identification no-- tax identification number-- tax identity number-- tax no#-- tax no-- tax number-- tax registration number
+- tax code
+- tax id
+- tax identification no
+- tax identification number
+- tax identity number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Italy passport number ### Format
not applicable
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.+
+- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.
- The regular expression `Regex_italy_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 GEN/JAN 1988) or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.+
+- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.
```xml <!-- Italy Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_italy_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Italy physical addresses This unbundled named entity detects patterns related to physical address from Italy. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from It
Medium - ## Italy value added tax number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_italy_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_italy_value_added_tax_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_italy_value_added_tax_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_italy_value_added_tax_number -- vat number-- vat no
+- vat number
+- vat no
- vat# - iva - iva# - ## Japan bank account number ### Format
seven or eight digits
### Pattern bank account number:+ - seven or eight digits - bank account branch code:+ - four digits - a space or dash (optional) - three digits
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_jp_bank_account finds content that matches the pattern. - A keyword from Keyword_jp_bank_account is found. - One of the following is true:+ - The function Func_jp_bank_account_branch_code finds content that matches the pattern. - A keyword from Keyword_jp_bank_branch_code is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_jp_bank_account finds content that matches the pattern. - A keyword from Keyword_jp_bank_account is found.
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_jp_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_jp_drivers_license_number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 免許証# - 免許# - ## Japan My Number - Corporate This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_japanese_my_number_corporate finds content that matches the pattern. - A keyword from Keywords_japanese_my_number_corporate is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_japanese_my_number_corporate finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_japan_my_number_corporate -- corporate number
+- corporate number
- マイナンバー - 共通番号 - マイナンバーカード
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 法人番号 - 指定通知書 - ## Japan My Number - Personal This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_japanese_my_number_personal finds content that matches the pattern. - A keyword from Keywords_japanese_my_number_personal is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_japanese_my_number_personal finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
- 個人識別ナンバー - 通知カード - ## Japan passport number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_jp_passport finds content that matches the pattern. - A keyword from Keyword_jp_passport is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_jp_passport - Passport-- Passport Number-- Passport No.-- Passport #
+- Passport Number
+- Passport No.
+- Passport #
- パスポート - パスポート番号 - パスポートナンバー
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 旅券番号♯ - 旅券ナンバー - ## Japan residence card number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 12 letters and digits:+ - two letters (not case-sensitive) - eight digits - two letters (not case-sensitive)
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_jp_residence_card_number finds content that matches the pattern. - A keyword from Keyword_jp_residence_card_number is found.
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_jp_resident_registration_number finds content that matches the pattern. - A keyword from Keyword_jp_resident_registration_number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 登録番号 - 外国人登録証 - ## Japan social insurance number (SIN) ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 7-12 digits:+ - four digits - a hyphen (optional) - six digits
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_jp_sin finds content that matches the pattern. - A keyword from Keyword_jp_sin is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_jp_sin_pre_1997 finds content that matches the pattern. - A keyword from Keyword_jp_sin is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 厚生年金 - 厚生年金被保険者整理番号 - ## Lab test terms This unbundled named entity detects terms related to lab tests, such as *Insulin C-peptide*. It supports English terms only. It is also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
This unbundled named entity detects terms related to lab tests, such as *Insulin
High - ## Latvia driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_latvia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_latvia_eu_driver's_license_number` is found.+
+- The regular expression `Regex_latvia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_latvia_eu_driver's_license_number` is found.
```xml <!-- Latvia Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_latvia_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- autovad─½t─üja apliec─½bas - vad─½t─üja apliec─½ba - ## Latvia passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.+
+- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.+
+- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.
```xml <!-- Latvia Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number_common - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_latvia_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Latvia personal code ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.-- A keyword from `Keywords_latvia_eu_national_id_card` is found.+
+- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.
+- A keyword from `Keywords_latvia_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.+
+- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.
```xml <!-- Latvia Personal Code -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_latvia_eu_national_id_card -- administrative number-- alvas nē-- birth number-- citizen number-- civil number-- electronic census number-- electronic number-- fiscal code-- healthcare user number
+- administrative number
+- alvas n─ô
+- birth number
+- citizen number
+- civil number
+- electronic census number
+- electronic number
+- fiscal code
+- healthcare user number
- id# - id-code-- identification number-- identifikācijas numurs
+- identification number
+- identifik─ücijas numurs
- id-number-- individual number-- latvija alva-- nacionālais id-- national id-- national identifying number-- national identity number-- national insurance number-- national register number-- nodokļa numurs-- nodokļu id-- nodokļu identifikācija numurs-- personal certificate number-- personal code-- personal id code-- personal id number-- personal identification code-- personal identifier-- personal identity number-- personal number-- personal numeric code
+- individual number
+- latvija alva
+- nacion─ülais id
+- national id
+- national identifying number
+- national identity number
+- national insurance number
+- national register number
+- nodok─╝a numurs
+- nodok─╝u id
+- nodok─╝u identifik─ücija numurs
+- personal certificate number
+- personal code
+- personal id code
+- personal id number
+- personal identification code
+- personal identifier
+- personal identity number
+- personal number
+- personal numeric code
- personalcodeno#-- personas kods-- population identification code-- public service number-- registration number-- revenue number-- social insurance number-- social security number-- state tax code-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number
+- personas kods
+- population identification code
+- public service number
+- registration number
+- revenue number
+- social insurance number
+- social security number
+- state tax code
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin#-- voter’s number-
+- voter's number
## Latvia physical addresses
This unbundled named entity detects patterns related to physical address from La
Medium - ## Liechtenstein physical addresses
-This unbundled named entity detects patterns related to physical address from Liechtenstein. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
+This unbundled named entity detects patterns related to physical address from Liechtenstein. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
### Confidence level Medium - ## Lifestyles that relate to medical conditions This unbundled named entity detects terms related to lifestyles that might result in a medical condition, such as *smoking*. It supports English terms only. It is also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
This unbundled named entity detects terms related to lifestyles that might resul
High - ## Lithuania driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_lithuania_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_lithuania_eu_driver's_license_number` is found.+
+- The regular expression `Regex_lithuania_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_lithuania_eu_driver's_license_number` is found.
```xml <!-- Lithuania Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_lithuania_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- vairuotojo pa┼╛ym─ùjimo numeris - vairuotojo pa┼╛ym─ùjimo numeriai - ## Lithuania personal code This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_lithuania_eu_tax_file_number` is found.+
+- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_lithuania_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Lithuania Personal Code -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_lithuania_eu_national_id_card -- asmeninis skaitmeninis kodas-- asmens kodas-- citizen service number-- mokesčių id-- mokesčių identifikavimas numeris-- mokesčių identifikavimo numeris-- mokesčių numeris-- national identification number-- personal code-- personal numeric code-- piliečio paslaugos numeris-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- asmeninis skaitmeninis kodas
+- asmens kodas
+- citizen service number
+- mokes─ìi┼│ id
+- mokes─ìi┼│ identifikavimas numeris
+- mokes─ìi┼│ identifikavimo numeris
+- mokes─ìi┼│ numeris
+- national identification number
+- personal code
+- personal numeric code
+- pilie─ìio paslaugos numeris
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin#-- unikalus identifikavimo kodas-- unikalus identifikavimo numeris-- unique identification number-- unique identity number
+- unikalus identifikavimo kodas
+- unikalus identifikavimo numeris
+- unique identification number
+- unique identity number
- uniqueidentityno# - ## Lithuania physical addresses This unbundled named entity detects patterns related to physical address from Lithuania. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Li
Medium - ## Lithuania passport number ### Format
not applicable
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.+
+- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.+
+- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.
```xml <!-- Lithuania Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_lithuania_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Luxemburg driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_luxemburg_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_luxemburg_eu_driver's_license_number` is found.+
+- The regular expression `Regex_luxemburg_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_luxemburg_eu_driver's_license_number` is found.
```xml <!-- Luxemburg Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_luxemburg_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
## Luxemburg national identification number (natural persons) This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_luxemburg_eu_national_id_card` is found.+
+- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_luxemburg_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.
+- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Luxemburg National Identification Number (Natural persons) -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_luxemburg_eu_national_id_card -- eindeutige id-- eindeutige id-nummer
+- eindeutige id
+- eindeutige id-nummer
- eindeutigeid#-- id personnelle
+- id personnelle
- idpersonnelle# - idpersonnelle-- individual code-- individual id-- individual identification-- individual identity-- numéro d'identification personnel-- personal id-- personal identification-- personal identity
+- individual code
+- individual id
+- individual identification
+- individual identity
+- numéro d'identification personnel
+- personal id
+- personal identification
+- personal identity
- personalidno# - personalidnumber#-- persönliche identifikationsnummer-- unique id-- unique identity
+- pers├╢nliche identifikationsnummer
+- unique id
+- unique identity
- uniqueidkey# - ## Luxemburg national identification number (non-natural persons) ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.-- A keyword from `Keywords_luxemburg_eu_tax_file_number` is found.+
+- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.
+- A keyword from `Keywords_luxemburg_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.+
+- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.
```xml <!-- Luxemburg National Identification Number (Non-natural persons) -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_luxemburg_eu_tax_file_number -- carte de sécurité sociale-- étain non
+- carte de sécurité sociale
+- étain non
- étain#-- identifiant d'impôt-- luxembourg tax identifikatiounsnummer-- numéro d'étain-- numéro d'identification fiscal luxembourgeois-- numéro d'identification fiscale-- social security
+- identifiant d'imp├┤t
+- luxembourg tax identifikatiounsnummer
+- numéro d'étain
+- numéro d'identification fiscal luxembourgeois
+- numéro d'identification fiscale
+- social security
- sozialunterstützung - sozialversécherung - sozialversicherungsausweis-- steier id-- steier identifikatiounsnummer-- steier nummer-- steuer id
+- steier id
+- steier identifikatiounsnummer
+- steier nummer
+- steuer id
- steueridentifikationsnummer - steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - zinn# - zinn - zinnzahl - ## Luxemburg passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.+
+- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.+
+- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.
```xml <!-- Luxemburg Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_luxemburg_eu_passport_number - ausweisnummer
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Luxemburg physical addresses This unbundled named entity detects patterns related to physical address from Luxemburg. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Lu
Medium - ## Malaysia identification card number ### Format
Medium
### Pattern 12 digits:+ - six digits in the format YYMMDD, which are the date of birth - a dash (optional) - two-letter place-of-birth code
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_malaysia_id_card_number finds content that matches the pattern. - A keyword from Keyword_malaysia_id_card_number is found.
A DLP policy has high confidence that it's detected this type of sensitive infor
- nric - personal identification card - ## Malta driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_malta_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_malta_eu_driver's_license_number` is found.+
+- The regular expression `Regex_malta_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_malta_eu_driver's_license_number` is found.
```xml <!-- Malta Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_malta_eu_driver's_license_number - li─ïenzja tas-sewqan - li─ïenzji tas-sewwieq - ## Malta identity card number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Not applicable
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_malta_eu_national_id_card` is found.+
+- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_malta_eu_national_id_card` is found.
A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.+
+- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Malta Identity Card Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_malta_eu_national_id_card -- citizen service number-- id tat-taxxa-- identifika numru tal-biljett-- kodiċi numerali personali-- numru ta 'identifikazzjoni personali-- numru ta 'identifikazzjoni tat-taxxa-- numru ta 'identifikazzjoni uniku-- numru ta' identità uniku-- numru tas-servizz taċ-ċittadin-- numru tat-taxxa-- personal numeric code-- unique identification number-- unique identity number
+- citizen service number
+- id tat-taxxa
+- identifika numru tal-biljett
+- kodi─ïi numerali personali
+- numru ta 'identifikazzjoni personali
+- numru ta 'identifikazzjoni tat-taxxa
+- numru ta 'identifikazzjoni uniku
+- numru ta' identità uniku
+- numru tas-servizz ta─ï-─ïittadin
+- numru tat-taxxa
+- personal numeric code
+- unique identification number
+- unique identity number
- uniqueidentityno# - ## Malta passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.+
+- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.
- A keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.+
+- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.
```xml <!-- Malta Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_malta_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Malta physical addresses This unbundled named entity detects patterns related to physical address from Malta. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Ma
Medium - ## Malta tax identification number ### Format For Maltese nationals:+ - seven digits and one letter in the specified pattern Non-Maltese nationals and Maltese entities:+ - nine digits ### Pattern
Not applicable
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.-- A keyword from `Keywords_malta_eu_tax_file_number` is found.+
+- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.
+- A keyword from `Keywords_malta_eu_tax_file_number` is found.
A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.+
+- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.
```xml <!-- Malta Tax ID Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_malta_eu_tax_file_number -- citizen service number-- id tat-taxxa-- identifika numru tal-biljett-- kodiċi numerali personali-- numru ta 'identifikazzjoni personali-- numru ta 'identifikazzjoni tat-taxxa-- numru ta 'identifikazzjoni uniku-- numru ta' identità uniku-- numru tas-servizz taċ-ċittadin-- numru tat-taxxa-- personal numeric code-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- citizen service number
+- id tat-taxxa
+- identifika numru tal-biljett
+- kodi─ïi numerali personali
+- numru ta 'identifikazzjoni personali
+- numru ta 'identifikazzjoni tat-taxxa
+- numru ta 'identifikazzjoni uniku
+- numru ta' identità uniku
+- numru tas-servizz ta─ï-─ïittadin
+- numru tat-taxxa
+- personal numeric code
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin#-- unique identification number-- unique identity number
+- unique identification number
+- unique identity number
- uniqueidentityno# ## Medical specialities
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_mbi_card` finds content that matches the pattern.-- A keyword from `Keyword_mbi_card` is found.+
+- The regular expression `Regex_mbi_card` finds content that matches the pattern.
+- A keyword from `Keyword_mbi_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_mbi_card` finds content that matches the pattern.+
+- The regular expression `Regex_mbi_card` finds content that matches the pattern.
```xml <!-- Medicare Beneficiary Identifier (MBI) card -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- medicare beneficiary number - medicare beneficiary# - ## Mexico Unique Population Registry Code (CURP) ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_mexico_population_registry_code` finds content that matches the pattern.-- A keyword from `Keyword_mexico_population_registry_code` is found.+
+- The function `Func_mexico_population_registry_code` finds content that matches the pattern.
+- A keyword from `Keyword_mexico_population_registry_code` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_mexico_population_registry_code` finds content that matches the pattern.+
+- The function `Func_mexico_population_registry_code` finds content that matches the pattern.
```xml <!-- Mexico Unique Population Registry Code (CURP) -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_mexico_population_registry_code -- Clave Única de Registro de Población-- Clave Unica de Registro de Poblacion-- Unique Population Registry Code -- unique population code
+- Clave Única de Registro de Población
+- Clave Unica de Registro de Poblacion
+- Unique Population Registry Code
+- unique population code
- CURP-- Personal ID-- Unique ID
+- Personal ID
+- Unique ID
- personalid - personalidnumber - uniqueidkey - uniqueidnumber-- clave única-- clave unica-- clave personal Identidad-- personal Identidad Clave
+- clave ├║nica
+- clave unica
+- clave personal Identidad
+- personal Identidad Clave
- ClaveÚnica - claveunica - clavepersonalIdentidad - ## Netherlands citizen's service (BSN) number ### Format
eight or nine digits containing optional spaces
### Pattern eight-nine digits:+ - three digits - a space (optional) - three digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_netherlands_bsn finds content that matches the pattern. - A keyword from Keyword_netherlands_bsn is found. - The checksum passes.
A DLP policy has high confidence that it's detected this type of sensitive infor
- bsn# - bsn - burgerservicenummer-- citizen service number-- person number-- personal number-- personal numeric code-- person-related number-- persoonlijk nummer-- persoonlijke numerieke code
+- citizen service number
+- person number
+- personal number
+- personal numeric code
+- person-related number
+- persoonlijk nummer
+- persoonlijke numerieke code
- persoonsgebonden - persoonsnummer-- sociaal-fiscaal nummer-- social-fiscal number
+- sociaal-fiscaal nummer
+- social-fiscal number
- sofi - sofinummer-- uniek identificatienummer-- uniek identiteitsnummer-- unique identification number-- unique identity number
+- uniek identificatienummer
+- uniek identiteitsnummer
+- unique identification number
+- unique identity number
- uniqueidentityno# - ## Netherlands driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_netherlands_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_netherlands_eu_driver's_license_number` is found.+
+- The regular expression `Regex_netherlands_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_netherlands_eu_driver's_license_number` is found.
```xml <!-- Netherlands Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_netherlands_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- rijbewijs nummer - rijbewijsnummers - ## Netherlands passport number ### Format
not applicable
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.+
+- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.
- The regular expression `Regex_netherlands_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 26 MAA/MAR 2012) A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.+
+- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.
```xml <!-- Netherlands Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_netherlands_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- paspoortnummer - paspoort nr - ## Netherlands physical addresses This unbundled named entity detects patterns related to physical address from the Netherlands. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from th
Medium - ## Netherlands tax identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_netherlands_eu_tax_file_number` is found.+
+- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_netherlands_eu_tax_file_number` is found.
A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Netherlands Tax Identification Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_netherlands_eu_tax_file_number -- btw nummer-- hollânske tax identification-- hulandes impuesto id number-- hulandes impuesto identification-- identificatienummer belasting-- identificatienummer van belasting-- impuesto identification number-- impuesto number-- nederlands belasting id nummer-- nederlands belasting identificatie-- nederlands belasting identificatienummer-- nederlands belastingnummer-- nederlandse belasting identificatie-- netherlands tax identification-- netherland's tax identification-- netherlands tin-- netherland's tin-- tax id-- tax identification no-- tax identification number-- tax identification tal-- tax no#-- tax no-- tax number-- tax registration number-- tax tal
+- btw nummer
+- hollânske tax identification
+- hulandes impuesto id number
+- hulandes impuesto identification
+- identificatienummer belasting
+- identificatienummer van belasting
+- impuesto identification number
+- impuesto number
+- nederlands belasting id nummer
+- nederlands belasting identificatie
+- nederlands belasting identificatienummer
+- nederlands belastingnummer
+- nederlandse belasting identificatie
+- netherlands tax identification
+- netherland's tax identification
+- netherlands tin
+- netherland's tin
+- tax id
+- tax identification no
+- tax identification number
+- tax identification tal
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- tax tal
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Netherlands value added tax number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_netherlands_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_netherlands_value_added_tax_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_netherlands_value_added_tax_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_netherlands_value_added_tax_number -- vat number-- vat no
+- vat number
+- vat no
- vat#-- wearde tafoege tax getal-- btw nûmer
+- wearde tafoege tax getal
+- btw n├╗mer
- btw-nummer - ## New Zealand bank account number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_zealand_bank_account_number finds content that matches the pattern. - A keyword from Keywords_new_zealand_bank_account_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_zealand_bank_account_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_new_zealand_bank_account_number -- account number-- bank account
+- account number
+- bank account
- bank_acct_id - bank_acct_branch - bank_acct_nbr - ## New Zealand driver's license number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_newzealand_driver_license_number finds content that matches the pattern. - A keyword from Keywords_newzealand_driver_license_number is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_newzealand_driver_license_number finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
- driverlicence - driverlicences-- driver lic-- driver licence-- driver licences
+- driver lic
+- driver licence
+- driver licences
- driverslic - driverslicence - driverslicences-- drivers lic-- drivers lics-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's licence
+- driver's licences
- driverlic# - driverlics# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver licence#-- driver licences#
+- driver lic#
+- driver lics#
+- driver licence#
+- driver licences#
- driverslic# - driverslics# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's licence#-- driver's licences#-- international driving permit-- international driving permits-- nz automobile association-- new zealand automobile association-
+- driver's lic#
+- driver's lics#
+- driver's licence#
+- driver's licences#
+- international driving permit
+- international driving permits
+- nz automobile association
+- new zealand automobile association
## New Zealand inland revenue number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_zealand_inland_revenue_number finds content that matches the pattern. - A keyword from Keywords_new_zealand_inland_revenue_number is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_zealand_inland_revenue_number finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_new_zealand_inland_revenue_number -- ird no.-- ird no#-- nz ird-- new zealand ird-- ird number-- inland revenue number-
+- ird no.
+- ird no#
+- nz ird
+- new zealand ird
+- ird number
+- inland revenue number
## New Zealand ministry of health number
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_zealand_ministry_of_health_number finds content that matches the pattern. - A keyword from Keyword_nz_terms is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_zealand_ministry_of_health_number finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_nz_terms - NHI-- New Zealand-- National Health Index
+- New Zealand
+- National Health Index
- NHI#-- National Health Index#-
+- National Health Index#
## New Zealand physical addresses
This unbundled named entity detects patterns related to physical address from Ne
Medium - ## New Zealand social welfare number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_newzealand_social_welfare_number finds content that matches the pattern. - A keyword from Keywords_newzealand_social_welfare_number is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_newzealand_social_welfare_number finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keyword_new_zealand_social_welfare_number -- social welfare #-- social welfare#-- social welfare No.-- social welfare number
+- social welfare #
+- social welfare#
+- social welfare No.
+- social welfare number
- swn# - ## Norway identification number ### Format
A DLP policy has low confidence that it's detected this type of sensitive inform
### Pattern 11 digits:+ - six digits in the format DDMMYY, which are the date of birth - three-digit individual number - two check digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_norway_id_number finds content that matches the pattern. - A keyword from Keyword_norway_id_number is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_norway_id_numbe finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Personnummer - F├╕dselsnummer - ## Norway physical addresses This unbundled named entity detects patterns related to physical address from Norway. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from No
Medium - ## Philippines unified multi-purpose identification number ### Format
Medium
### Pattern 12 digits:+ - four digits - a hyphen - seven digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_philippines_unified_id finds content that matches the pattern. - A keyword from Keyword_philippines_id is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Identity Card - Pinag-isang Multi-Layunin ID - ## Poland driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_poland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_poland_eu_driver's_license_number` is found.+
+- The regular expression `Regex_poland_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_poland_eu_driver's_license_number` is found.
```xml <!-- Poland Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_poland_eu_driver's_license_number - prawo jazdy - prawa jazdy - ## Poland identity card ### Format
Yes
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_polish_national_id finds content that matches the pattern. - A keyword from Keyword_polish_national_id_passport_number is found. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Dowód Tożsamości - dow. os. - ## Poland national ID (PESEL) ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_pesel_identification_number finds content that matches the pattern. - A keyword from Keyword_pesel_identification_number is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_pesel_identification_number finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- pesel - tożsamości narodowej - ## Poland passport number This sensitive information type entity is included in the EU Passport Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_polish_passport_number_v2` finds content that matches the pattern. - The checksum passes. - A keyword from `Keywords_eu_passport_number` or `Keyword_polish_national_passport_number` is found. - A keyword from `Keywords_eu_passport_date` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_polish_passport_number_v2` finds content that matches the pattern. - The checksum passes. - A keyword from `Keywords_eu_passport_number` or `Keyword_polish_national_passport_number` is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_polish_passport_number_v2` finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keyword_polish_national_passport_number -- numer paszportu-- numery paszportów-- numery paszportowe-- nr paszportu-- nr. paszportu-- nr paszportów-- n° passeport-- passeport n°
+- numer paszportu
+- numery paszport├│w
+- numery paszportowe
+- nr paszportu
+- nr. paszportu
+- nr paszport├│w
+- n┬░ passeport
+- passeport n┬░
#### Keywords_eu_passport_date - date of issue - date of expiry - ## Poland physical addresses This unbundled named entity detects patterns related to physical address from Poland. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Po
Medium - ## Poland REGON number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_polish_regon_number finds content that matches the pattern. - A keyword from Keywords_polish_regon_number is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_polish_regon_number finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_poland_regon_number -- regon id-- statistical number-- statistical id-- statistical no-- regon number
+- regon id
+- statistical number
+- statistical id
+- statistical no
+- regon number
- regonid# - regonno#-- company id
+- company id
- companyid# - companyidno#-- numer statystyczny-- numeru regon
+- numer statystyczny
+- numeru regon
- numerstatystyczny# - numeruregon# - ## Poland tax identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_poland_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_poland_eu_tax_file_number` is found.
+- The function `Func_poland_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_poland_eu_tax_file_number` is found.
```xml <!-- Poland Tax Identification Number -->
A DLP policy has high confidence that it's detected this type of sensitive infor
- nip# - nip-- numer identyfikacji podatkowej
+- numer identyfikacji podatkowej
- numeridentyfikacjipodatkowej#-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin#-- vat id#-- vat id-- vat no-- vat number
+- vat id#
+- vat id
+- vat no
+- vat number
- vatid# - vatid - vatno# - ## Portugal citizen card number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_portugal_citizen_card finds content that matches the pattern. - A keyword from Keyword_portugal_citizen_card is found.
A DLP policy has high confidence that it's detected this type of sensitive infor
#### Keyword_portugal_citizen_card -- bilhete de identidade-- cartão de cidadão-- citizen card-- document number-- documento de identificação-- id number-- identification no-- identification number-- identity card no-- identity card number-- national id card
+- bilhete de identidade
+- cartão de cidadão
+- citizen card
+- document number
+- documento de identificação
+- id number
+- identification no
+- identification number
+- identity card no
+- identity card number
+- national id card
- nic-- número bi de portugal-- número de identificação civil-- número de identificação fiscal-- número do documento-- portugal bi number-
+- n├║mero bi de portugal
+- número de identificação civil
+- número de identificação fiscal
+- n├║mero do documento
+- portugal bi number
## Portugal driver's license number
two patterns - two letters followed by 5-8 digits with special characters
Pattern 1: Two letters followed by 5/6 with special characters:+ - Two letters (not case-sensitive) - A hyphen - Five or Six digits
Two letters followed by 5/6 with special characters:
Pattern 2: One letter followed by 6/8 digits with special characters:+ - One letter (not case-sensitive) - A hyphen - Six or eight digits - A space - One digit - ### Checksum No
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_portugal_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_portugal_eu_driver's_license_number` is found.+
+- The regular expression `Regex_portugal_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_portugal_eu_driver's_license_number` is found.
```xml <!-- Portugal Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_portugal_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Licença condução Portugal - carta de condução - ## Portugal passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.+
+- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.+
+- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.
```xml <!-- Portugal Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_portugal_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Portugal physical addresses This unbundled named entity detects patterns related to physical address from Portugal. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Po
Medium - ## Portugal tax identification number ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_portugal_eu_tax_file_number` is found.+
+- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_portugal_eu_tax_file_number` is found.
A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Portugal Tax Identification Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
- cpf - nif# - nif-- número de identificação fisca-- numero fiscal-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- número de identificação fisca
+- numero fiscal
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Romania driver's license number ### Format
one character followed by eight digits
### Pattern one character followed by eight digits:+ - one letter (not case-sensitive) or digit - eight digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_romania_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_romania_eu_driver's_license_number` is found.+
+- The regular expression `Regex_romania_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_romania_eu_driver's_license_number` is found.
```xml <!-- Romania Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_romania_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- permisele conducere - permis conducere - ## Romania passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.+
+- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.
- The regular expression `Regex_romania_eu_passport_date` finds date in the format DD MMM/MMM YY (Example- 01 FEB/FEB 10) or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.+
+- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.
```xml <!-- Romania Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_romania_eu_passport_number
Pașaport nr
- date of issue - date of expiry - ## Romania personal numeric code (CNP) This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_romania_eu_national_id_card` is found.+
+- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_romania_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.+
+- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Romania Personal Numerical Code (CNP) -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- cnp# - cnp-- cod identificare personal-- cod numeric personal-- cod unic identificare
+- cod identificare personal
+- cod numeric personal
+- cod unic identificare
- codnumericpersonal#-- codul fiscal nr.-- identificarea fiscală nr#-- id-ul taxei-- insurance number
+- codul fiscal nr.
+- identificarea fiscal─â nr#
+- id-ul taxei
+- insurance number
- insurancenumber#-- national id#-- national id-- national identification number-- număr identificare personal-- număr identitate-- număr personal unic
+- national id#
+- national id
+- national identification number
+- număr identificare personal
+- număr identitate
+- număr personal unic
- număridentitate# - număridentitate - numărpersonalunic# - numărpersonalunic-- număru de identificare fiscală-- numărul de identificare fiscală-- personal numeric code
+- num─âru de identificare fiscal─â
+- num─ârul de identificare fiscal─â
+- personal numeric code
- pin# - pin-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin#-- unique identification number-- unique identity number
+- unique identification number
+- unique identity number
- uniqueidentityno# - uniqueidentityno - ## Romania physical addresses This unbundled named entity detects patterns related to physical address from Romania. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Ro
Medium - ## Russia passport number domestic This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regex Regex_Russian_Passport_Number_Domestic finds content that matches the pattern. - A keyword from Keyword_Russian_Passport_Number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_russia_passport_number_domestic -- passport number-- passport no-- passport #-- passport id
+- passport number
+- passport no
+- passport #
+- passport id
- passportno# - passportnumber#-- паспорт нет-- паспорт id-- pоссийской паспорт-- pусский номер паспорта
+- паспорт нет
+- паспорт id
+- pоссийской паспорт
+- pусский номер паспорта
- паспорт# - паспортid#-- номер паспорта
+- номер паспорта
- номерпаспорта# - ## Russia passport number international This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regex Regex_Russian_Passport_Number_International finds content that matches the pattern. - A keyword from Keyword_Russian_Passport_Number is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_russia_passport_number_international -- passport number-- passport no-- passport #-- passport id
+- passport number
+- passport no
+- passport #
+- passport id
- passportno# - passportnumber#-- паспорт нет-- паспорт id-- pоссийской паспорт-- pусский номер паспорта
+- паспорт нет
+- паспорт id
+- pоссийской паспорт
+- pусский номер паспорта
- паспорт# - паспортid#-- номер паспорта
+- номер паспорта
- номерпаспорта# - ## Saudi Arabia National ID ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_saudi_arabia_national_id finds content that matches the pattern. - A keyword from Keyword_saudi_arabia_national_id is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- ID number - الوطنية الهوية بطاقة رقم - ## Singapore national registration identity card (NRIC) number ### Format
nine letters and digits
### Pattern - nine letters and digits:+ - the letter "F", "G", "M", "S", or "T" (not case-sensitive) - seven digits - an alphabetic check digit
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_singapore_nric finds content that matches the pattern. - A keyword from Keyword_singapore_nric is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_singapore_nric finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 身份证 - 身份證 - ## Slovakia driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_slovakia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovakia_eu_driver's_license_number` is found.+
+- The regular expression `Regex_slovakia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovakia_eu_driver's_license_number` is found.
```xml <!-- Slovakia Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_slovakia_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- vodičského preukazu - vodičských preukazov - ## Slovakia passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.+
+- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.+
+- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.
```xml <!-- Slovakia Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_slovakia_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Slovakia personal number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_slovakia_eu_national_id_card` is found.+
+- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_slovakia_eu_national_id_card` is found.
A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.+
+- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Slovakia Personal Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_slovakia_eu_national_id_card -- azonosító szám-- birth number-- číslo národnej identifikačnej karty-- číslo občianského preukazu-- daňové číslo-- id number-- identification no-- identification number-- identifikačná karta č-- identifikačné číslo-- identity card no-- identity card number-- národná identifikačná značka č-- national number
+- azonosító szám
+- birth number
+- číslo národnej identifikačnej karty
+- číslo občianského preukazu
+- daňové číslo
+- id number
+- identification no
+- identification number
+- identifikačná karta č
+- identifikačné číslo
+- identity card no
+- identity card number
+- národná identifikačná značka č
+- national number
- nationalnumber#-- nemzeti személyazonosító igazolvány
+- nemzeti személyazonosító igazolvány
- personalidnumber# - rč-- rodne cislo-- rodné číslo-- social security number
+- rodne cislo
+- rodné číslo
+- social security number
- ssn# - ssn-- személyi igazolvány szám-- személyi igazolvány száma-- személyigazolvány szám-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- személyi igazolvány szám
+- személyi igazolvány száma
+- személyigazolvány szám
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Slovakia physical addresses This unbundled named entity detects patterns related to physical address from Slovakia. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Sl
Medium - ## Slovenia driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_slovenia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovenia_eu_driver's_license_number` is found.+
+- The regular expression `Regex_slovenia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovenia_eu_driver's_license_number` is found.
```xml <!-- Slovenia Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number
+- dl number
#### Keywords_slovenia_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- številka vozniškega dovoljenja - številke vozniških dovoljenj - ## Slovenia passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.+
+- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.
- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.+
+- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.
```xml <!-- Slovenia Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_slovenia_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Slovenia physical addresses This unbundled named entity detects patterns related to physical address from Slovenia. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Sl
Medium - ## Slovenia tax identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_slovenia_eu_tax_file_number` is found.+
+- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_slovenia_eu_tax_file_number` is found.
A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Slovenia Tax Identification Number -->
A DLP policy has low confidence that it's detected this type of sensitive inform
#### Keywords_slovenia_eu_tax_file_number -- davčna številka-- identifikacijska številka davka-- številka davčne datoteke-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- davčna številka
+- identifikacijska številka davka
+- številka davčne datoteke
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## Slovenia Unique Master Citizen Number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_slovenia_eu_national_id_card` is found.+
+- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_slovenia_eu_national_id_card` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.+
+- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.
```xml <!-- Slovenia Unique Master Citizen Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_slovenia_eu_national_id_card -- edinstvena številka glavnega državljana
+- edinstvena številka glavnega državljana
- emšo-- enotna maticna številka obcana-- id card-- identification number-- identifikacijska številka-- identity card-- nacionalna id-- nacionalni potni list-- national id-- osebna izkaznica-- osebni koda-- osebni ne-- osebni številka-- personal code-- personal number-- personal numeric code-- številka državljana-- unique citizen number-- unique id number-- unique identity number-- unique master citizen number-- unique registration number-- uniqueidentityno #
+- enotna maticna številka obcana
+- id card
+- identification number
+- identifikacijska številka
+- identity card
+- nacionalna id
+- nacionalni potni list
+- national id
+- osebna izkaznica
+- osebni koda
+- osebni ne
+- osebni številka
+- personal code
+- personal number
+- personal numeric code
+- številka državljana
+- unique citizen number
+- unique id number
+- unique identity number
+- unique master citizen number
+- unique registration number
+- uniqueidentityno #
- uniqueidentityno# - ## South Africa identification number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 13 digits:+ - six digits in the format YYMMDD, which are the date of birth - four digits - a single-digit citizenship indicator
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_south_africa_identification_number finds content that matches the pattern. - A keyword from Keyword_south_africa_identification_number is found. - The checksum passes.
A DLP policy has high confidence that it's detected this type of sensitive infor
- ID - Identification - ## South Korea resident registration number ### Format
A DLP policy has high confidence that it's detected this type of sensitive infor
### Pattern 13 digits:+ - six digits in the format YYMMDD, which are the date of birth - a hyphen - one digit determined by the century and gender
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_south_korea_resident_number finds content that matches the pattern. - A keyword from Keyword_south_korea_resident_number is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_south_korea_resident_number finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- RRN - 주민등록번호 - ## Spain DNI This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.-- A keyword from `Keywords_spain_eu_national_id_card"` is found.+
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
+- A keyword from `Keywords_spain_eu_national_id_card"` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
```xml <!-- Spain DNI -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_spain_eu_national_id_card -- carné de identidad
+- carné de identidad
- dni# - dni - dninúmero#-- documento nacional de identidad-- identidad único
+- documento nacional de identidad
+- identidad ├║nico
- identidadúnico#-- insurance number-- national identification number-- national identity
+- insurance number
+- national identification number
+- national identity
- nationalid# - nationalidno# - nie# - nie - nienúmero#-- número de identificación-- número nacional identidad-- personal identification number-- personal identity no-- unique identity number
+- n├║mero de identificaci├│n
+- n├║mero nacional identidad
+- personal identification number
+- personal identity no
+- unique identity number
- uniqueid# - ## Spain driver's license number ### Format
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_spain_eu_driver's_license_number` is found.+
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_spain_eu_driver's_license_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.+
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
```xml <!-- Spain Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_spain_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- licencia de manejo - licencia manejo - ## Spain passport number ### Format
Not applicable
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.+
+- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.
- The regular expression `Regex_spain_eu_passport_date` finds date in the format DD-MM-YYYY or a keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.+
+- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.
```xml <!-- Spain Passport Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_spain_eu_passport_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of issue - date of expiry - ## Spain physical addresses This unbundled named entity detects patterns related to physical address from Spain. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Sp
Medium - ## Spain social security number (SSN) - ### Format 11-12 digits
Medium
### Pattern 11-12 digits:+ - two digits - a forward slash (optional) - seven to eight digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_spanish_social_security_number finds content that matches the pattern. - The checksum passes.-+ A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_spanish_social_security_number finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- social security number - n├║mero de la seguridad social - ## Spain tax identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.-- A keyword from `Keywords_spain_eu_tax_file_number` is found.+
+- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.
+- A keyword from `Keywords_spain_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.+
+- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.
```xml <!-- Spain Tax Identification Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- cif - cifid# - cifnúmero#-- número de contribuyente-- número de identificación fiscal-- número de impuesto corporativo
+- n├║mero de contribuyente
+- n├║mero de identificaci├│n fiscal
+- n├║mero de impuesto corporativo
- spanishcifid# - spanishcifid - spanishcifno# - spanishcifno-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## SQL Server connection string ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression CEP_Regex_SQLServerConnectionString finds content that matches the pattern. - A keyword from CEP_GlobalFilter isn't found. - The regular expression CEP_PasswordPlaceHolder doesn't find content that matches the pattern.
This sensitive information type identifies these keywords by using a regular exp
- testacs.<!--no-hyperlink-->com - s-int.<!--no-hyperlink-->net - ## Surgical procedures This unbundled named entity detects terms related to surgical procedures, such as *appendectomy*. It supports English terms only. It is also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
This unbundled named entity detects terms related to surgical procedures, such a
High - ## Sweden driver's license number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_sweden_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_sweden_eu_driver's_license_number` is found.+
+- The regular expression `Regex_sweden_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_sweden_eu_driver's_license_number` is found.
```xml <!-- Sweden Driver's License Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has medium confidence that it's detected this type of sensitive inf
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
#### Keywords_sweden_eu_driver's_license_number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- drivere lic. - körkort - numărul permisului de conducere-- שאָפער דערלויבעניש נומער
+- שאָפער דערלויבעניש נומער
- förare lic.-- דריווערס דערלויבעניש
+- דריווערס דערלויבעניש
- k├╢rkortsnummer - ## Sweden national ID ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10 or 12 digits and an optional delimiter:+ - two digits (optional) - Six digits in date format YYMMDD - delimiter of "-" or "+" (optional)
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_swedish_national_identifier` finds content that matches the pattern. - A keyword from `Keywords_swedish_national_identifier` is found - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_swedish_national_identifier` finds content that matches the pattern. - The checksum passes. - ```xml <!-- Sweden National ID --> <Entity id="f69aaf40-79be-4fac-8f05-fd1910d272c8" patternsProximity="300" recommendedConfidence="85">
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_swedish_national_identifier -- id no-- id number
+- id no
+- id number
- id#-- identification no-- identification number
+- identification no
+- identification number
- identifikationsnumret# - identifikationsnumret - identitetshandling-- identity document-- identity no-- identity number
+- identity document
+- identity no
+- identity number
- id-nummer-- personal id
+- personal id
- personnummer# - personnummer - skatteidentifikationsnummer - ## Sweden passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - the regular expression Regex_sweden_passport_number finds content that matches the pattern. - a keyword from `Keywords_eu_passport_number` or `Keyword_sweden_passport` is found. - the regular expression `Regex_sweden_eu_passport_date` finds a date in the format DD MMM/MMM YY (01 JAN/JAN 12) or a keyword from `Keywords_eu_passport_date` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - the regular expression Regex_sweden_passport_number finds content that matches the pattern. - a keyword from `Keywords_eu_passport_number` or `Keyword_sweden_passport` is found. - ```xml <!-- Sweden Passport Number --> <Entity id="ba4e7456-55a9-4d89-9140-c33673553526" patternsProximity="300" recommendedConfidence="75">
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keyword_sweden_passport -- alien registration card-- g3 processing fees-- multiple entry-- Numéro de passeport-- passeport n °-- passeport non-- passeport #
+- alien registration card
+- g3 processing fees
+- multiple entry
+- Numéro de passeport
+- passeport n ┬░
+- passeport non
+- passeport #
- passeport# - passeportnon-- passeportn °
+- passeportn ┬░
- passnummer-- pass nr-- schengen visa-- schengen visas-- single entry-- sverige pass-- visa requirements-- visa processing-- visa type
+- pass nr
+- schengen visa
+- schengen visas
+- single entry
+- sverige pass
+- visa requirements
+- visa processing
+- visa type
#### Keywords_eu_passport_date - date of issue - date of expiry - ## Sweden physical addresses This unbundled named entity detects patterns related to physical address from Sweden. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Sw
Medium - ## Sweden tax identification number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_sweden_eu_tax_file_number` is found.+
+- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_sweden_eu_tax_file_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.+
+- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.
```xml <!-- Sweden Tax Identification Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_sweden_eu_tax_file_number -- personal id number
+- personal id number
- personnummer-- skatt id nummer-- skatt identifikation-- skattebetalarens identifikationsnummer-- sverige tin-- tax file-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number
+- skatt id nummer
+- skatt identifikation
+- skattebetalarens identifikationsnummer
+- sverige tin
+- tax file
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## SWIFT code ### Format
four letters followed by 5-31 letters or digits
### Pattern four letters followed by 5-31 letters or digits:+ - four-letter bank code (not case-sensitive) - an optional space - 4-28 letters or digits (the Basic Bank Account Number (BBAN))
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_swift finds content that matches the pattern. - A keyword from Keyword_swift is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_swift -- international organization for standardization 9362-- iso 9362
+- international organization for standardization 9362
+- iso 9362
- iso9362 - swift# - swiftcode - swiftnumber - swiftroutingnumber-- swift code-- swift number #-- swift routing number-- bic number-- bic code-- bic #
+- swift code
+- swift number #
+- swift routing number
+- bic number
+- bic code
+- bic #
- bic#-- bank identifier code-- Organisation internationale de normalisation 9362-- rapide #-- code SWIFT-- le numéro de swift-- swift numéro d'acheminement-- le numéro BIC-- # BIC-- code identificateur de banque
+- bank identifier code
+- Organisation internationale de normalisation 9362
+- rapide #
+- code SWIFT
+- le numéro de swift
+- swift numéro d'acheminement
+- le numéro BIC
+- \# BIC
+- code identificateur de banque
- SWIFTコード - SWIFT番号 - BIC番号 - BICコード-- SWIFT コード-- SWIFT 番号-- BIC 番号-- BIC コード
+- SWIFT コード
+- SWIFT 番号
+- BIC 番号
+- BIC コード
- 金融機関識別コード - 金融機関コード - 銀行コード - ## Switzerland physical addresses This unbundled named entity detects patterns related to physical address from Switzerland. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Sw
Medium - ## Switzerland SSN AHV number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_swiss_social_security_number_ahv finds content that matches the pattern. - A keyword from Keywords_swiss_social_security_number_ahv is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_swiss_social_security_number_ahv finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
- ahv - ssn - pid-- insurance number
+- insurance number
- personalidno#-- social security number-- personal id number-- personal identification no.
+- social security number
+- personal id number
+- personal identification no.
- insuranceno# - uniqueidno#-- unique identification no.-- avs number-- personal identity no versicherungsnummer
+- unique identification no.
+- avs number
+- personal identity no versicherungsnummer
- identifikationsnummer-- einzigartige identität nicht
+- einzigartige identität nicht
- sozialversicherungsnummer-- identification personnelle id-- numéro de sécurité sociale-
+- identification personnelle id
+- numéro de sécurité sociale
## Taiwan national identification number
one letter (in English) followed by nine digits
### Pattern one letter (in English) followed by nine digits:+ - one letter (in English, not case-sensitive) - the digit "1" or "2" - eight digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_taiwanese_national_id finds content that matches the pattern. - A keyword from Keyword_taiwanese_national_id is found. - The checksum passes. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_taiwanese_national_id finds content that matches the pattern. - The checksum passes.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 簽名或蓋章 - 簽章 - ## Taiwan passport number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern biometric passport number:+ - the character "3" - eight digits non-biometric passport number:+ - nine digits ### Checksum
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_taiwan_passport finds content that matches the pattern. - A keyword from Keyword_taiwan_passport is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 中華民國護照 - Zhōnghuá Mínguó hùzhào - ## Taiwan-resident certificate (ARC/TARC) number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10 letters and digits:+ - two letters (not case-sensitive) - eight digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_taiwan_resident_certificate finds content that matches the pattern. - A keyword from Keyword_taiwan_resident_certificate is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- 外僑居留證 - 台灣地區居留證 - ## Thai population identification code ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 13 digits:+ - first digit isn't zero or nine - 12 digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Thai_Citizen_Id finds content that matches the pattern. - A keyword from Keyword_Thai_Citizen_Id is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Thai_Citizen_Id finds content that matches the pattern. ```xml
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Turkish_National_Id finds content that matches the pattern. - A keyword from Keyword_Turkish_National_Id is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_Turkish_National_Id finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Vatandaşlık numarası - Vatandaşlık no - ## Turkey physical addresses This unbundled named entity detects patterns related to physical address from Turkey. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from Tu
Medium - ## Types of medication This unbundled named entity detects medication names, such as *insulin*. It supports English terms only. It is also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
This unbundled named entity detects medication names, such as *insulin*. It sup
High - ## U.K. driver's license number ### Format
Combination of 18 letters and digits in the specified format
### Pattern 18 letters and digits:+ - Five letters (not case-sensitive) or the digit "9" in place of a letter. - One digit. - Five digits in the date format MMDDY for date of birth. The seventh character is incremented by 50 if driver is female; for example, 51 to 62 instead of 01 to 12.
Yes
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_uk_drivers_license` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` is found. - The checksum passes. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_uk_drivers_license` finds content that matches the pattern. - The checksum passes.
A DLP policy has low confidence that it's detected this type of sensitive inform
- driverlicenses - driverlicence - driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
- driverslic - driverslics - driverslicence - driverslicences - driverslicense - driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
- driver'lic - driver'lics - driver'license - driver'licenses - driver'licence - driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
- driver'slic - driver'slics - driver'slicense - driver'slicenses - driver'slicence - driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
- dl# - dls# - driverlic#
A DLP policy has low confidence that it's detected this type of sensitive inform
- driverlicenses# - driverlicence# - driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
- driverslic# - driverslics# - driverslicense# - driverslicenses# - driverslicence# - driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
- driver'lic# - driver'lics# - driver'license# - driver'licenses# - driver'licence# - driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
- driver'slic# - driver'slics# - driver'slicense# - driver'slicenses# - driver'slicence# - driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence -- driving license
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
- dlno-- dl number-
+- dl number
## U.K. electoral roll number
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_uk_electoral finds content that matches the pattern. - A keyword from Keyword_uk_electoral is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- electoral register - electoral roll - ## U.K. national health service number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10-17 digits:+ - either 3 or 10 digits - a space - three digits
Yes
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_uk_nhs_number finds content that matches the pattern. - One of the following is true: - A keyword from Keyword_uk_nhs_number is found.
A DLP policy has high confidence that it's detected this type of sensitive infor
- Date of Birth - Birth Date - ## U.K. national insurance number (NINO) This sensitive information type entity is included in the EU National Identification Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_uk_nino finds content that matches the pattern. - A keyword from Keyword_uk_nino is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_uk_nino finds content that matches the pattern. ```xml
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_uk_nino -- national insurance number-- national insurance contributions-- protection act
+- national insurance number
+- national insurance contributions
+- protection act
- insurance-- social security number-- insurance application-- medical application-- social insurance-- medical attention-- social security-- great britain-- NI Number-- NI No.-- NI #
+- social security number
+- insurance application
+- medical application
+- social insurance
+- medical attention
+- social security
+- great britain
+- NI Number
+- NI No.
+- NI #
- NI# - insurance# - insurancenumber - nationalinsurance# - nationalinsurancenumber - ## U.K. physical addresses This unbundled named entity detects patterns related to physical address from the U.K.. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from th
Medium -- ## U.K. Unique Taxpayer Reference Number This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
This sensitive information type is only available for use in:
10 digits without spaces and delimiters - ### Pattern 10 digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_uk_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_uk_eu_tax_file_number` is found.+
+- The function `Func_uk_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_uk_eu_tax_file_number` is found.
```xml <!-- U.K. Unique Taxpayer Reference Number -->
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_uk_eu_tax_file_number -- tax number-- tax file-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax registration number
+- tax number
+- tax file
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax registration number
- taxid# - taxidno# - taxidnumber# - taxno# - taxnumber# - taxnumber-- tin id-- tin no
+- tin id
+- tin no
- tin# - ## U.S. bank account number ### Format
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_usa_bank_account_number finds content that matches the pattern. - A keyword from Keyword_usa_Bank_Account is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- Debit Acct No. - Debit Account No. - ## U.S. driver's license number ### Format
Depends on the state
### Pattern depends on the state - for example, New York:+ - nine digits formatted like ddd ddd ddd will match. - nine digits like ddddddddd will not match.
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_york_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_[state_name]_drivers_license_name is found. - A keyword from Keyword_us_drivers_license is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_new_york_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_[state_name]_drivers_license_name is found. - A keyword from Keyword_us_drivers_license_abbreviations is found.
A DLP policy has low confidence that it's detected this type of sensitive inform
- identification card# - identification cards# - #### Keyword_[state_name]_drivers_license_name - state abbreviation (for example, "NY") - state name (for example, "New York") - ## U.S. individual taxpayer identification number (ITIN) ### Format
nine digits that start with a "9" and contain a "7" or "8" as the fourth digit,
### Pattern formatted:+ - the digit "9" - two digits - a space or dash
formatted:
- four digits unformatted:+ - the digit "9" - two digits - a "7" or "8"
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_formatted_itin finds content that matches the pattern. - A keyword from Keyword_itin is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_unformatted_itin finds content that matches the pattern. - A keyword from Keyword_itin is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_formatted_itin or Func_unformatted_itin finds content that matches the pattern. ```xml
A DLP policy has low confidence that it's detected this type of sensitive inform
- taxid - individual taxpayer - ## U.S. physical addresses This unbundled named entity detects patterns related to physical address from the U.S.. It is also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
This unbundled named entity detects patterns related to physical address from th
Medium - ## U.S. social security number (SSN) ### Format
nine digits, which may be in a formatted or unformatted pattern
### Pattern four functions look for SSNs in four different patterns:+ - Func_ssn finds SSNs with pre-2011 strong formatting that are formatted with dashes or spaces (ddd-dd-dddd OR ddd dd dddd) - Func_unformatted_ssn finds SSNs with pre-2011 strong formatting that are unformatted as nine consecutive digits (ddddddddd) - Func_randomized_formatted_ssn finds post-2011 SSNs that are formatted with dashes or spaces (ddd-dd-dddd OR ddd dd dddd)
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_ssn` finds content that matches the pattern. - A keyword from `Keyword_ssn` is found. A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_unformatted_ssn` finds content that matches the pattern. - A keyword from `Keyword_ssn` is found. A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function `Func_randomized_formatted_ssn` or `Func_randomized_unformatted_ssn` finds content that matches the pattern. - A keyword from `Keyword_ssn` is found. - ```xml <!-- U.S. Social Security Number (SSN) --> <Entity id="a44669fe-0d48-453d-a9b1-2cc83f2cba77" patternsProximity="300" recommendedConfidence="75">
A DLP policy has low confidence that it's detected this type of sensitive inform
- SS# - SSID - ## U.S./U.K. passport number ### Format
No
### Definition A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_usa_uk_passport finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_uk_eu_passport_number` is found. - A keyword from `Keywords_eu_passport_date` is found A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The function Func_usa_uk_passport finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_uk_eu_passport_number` is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keywords_eu_passport_number - passport#-- passport #
+- passport #
- passportid - passports - passportno-- passport no
+- passport no
- passportnumber-- passport number
+- passport number
- passportnumbers-- passport numbers
+- passport numbers
#### Keywords_uk_eu_passport_number - british passport - uk passport - ## Ukraine passport domestic This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regex Regex_Ukraine_Passport_Domestic finds content that matches the pattern. - A keyword from Keyword_Ukraine_Passport_Domestic is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_ukraine_passport_domestic -- ukraine passport-- passport number-- passport no-- паспорт України-- номер паспорта
+- ukraine passport
+- passport number
+- passport no
+- паспорт України
+- номер паспорта
- персональний - ## Ukraine passport international This sensitive information type is only available for use in:+ - data loss prevention policies - communication compliance policies - information governance
eight-character alphanumeric pattern
### Pattern eight-character alphanumeric pattern:+ - two letters or digits - six digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regex Regex_Ukraine_Passport_International finds content that matches the pattern. - A keyword from Keyword_Ukraine_Passport_International is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_ukraine_passport_international -- ukraine passport-- passport number-- passport no-- паспорт України-- номер паспорта--
+- ukraine passport
+- passport number
+- passport no
+- паспорт України
+- номер паспорта
compliance Sensitive Information Type Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-learn-about.md
f1_keywords:
- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation' ms.localizationpriority: medium-+ - M365-security-compliance description: "This article gives an overview of sensitive information types and how they detect sensitive information like social security, credit card, or bank account numbers to identify sensitive items"
Every sensitive information type entity is defined by these fields:
- name: how the sensitive information type is referred to - description: describes what the sensitive information type is looking for - pattern: A pattern defines what a sensitive information type detects. It consists of the following components.
- - Primary element ΓÇô The main element that the sensitive information type is looking for. It can be a **regular expression** with or without a checksum validation, a **keyword list**, a **keyword dictionary**, or a **function**.
- - Supporting element ΓÇô Elements that act as supporting evidence that help in increasing the confidence of the match. For example, keyword "SSN" in proximity to an SSN number. It can be a regular expression with or without a checksum validation, keyword list, keyword dictionary.
- - Confidence Level - Confidence levels (high, medium, low) reflect how much supporting evidence was detected along with the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for.
- - Proximity ΓÇô Number of characters between primary and supporting element.
+ - Primary element ΓÇô The main element that the sensitive information type is looking for. It can be a **regular expression** with or without a checksum validation, a **keyword list**, a **keyword dictionary**, or a **function**.
+ - Supporting element ΓÇô Elements that act as supporting evidence that help in increasing the confidence of the match. For example, keyword "SSN" in proximity to an SSN number. It can be a regular expression with or without a checksum validation, keyword list, keyword dictionary.
+ - Confidence Level - Confidence levels (high, medium, low) reflect how much supporting evidence was detected along with the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for.
+ - Proximity ΓÇô Number of characters between primary and supporting element.
![Diagram of corroborative evidence and proximity window.](../media/dc68e38e-dfa1-45b8-b204-89c8ba121f96.png) Learn more about confidence levels in this short video. -
- > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Hx60]
--
+ > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Hx60]
### Example sensitive information type - #### Argentina national identity (DNI) number ### Format
Eight digits separated by periods
### Pattern Eight digits:+ - two digits - a period - three digits
No
### Definition A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:+ - The regular expression Regex_argentina_national_id finds content that matches the pattern. - A keyword from Keyword_argentina_national_id is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
#### Keyword_argentina_national_id -- Argentina National Identity number -- Identity -- Identification National Identity Card -- DNI -- NIC National Registry of Persons -- Documento Nacional de Identidad -- Registro Nacional de las Personas -- Identidad -- Identificaci├│n
+- Argentina National Identity number
+- Identity
+- Identification National Identity Card
+- DNI
+- NIC National Registry of Persons
+- Documento Nacional de Identidad
+- Registro Nacional de las Personas
+- Identidad
+- Identificaci├│n
### More on confidence levels
-In a sensitive information type entity definition, **confidence level** reflects how much supporting evidence is detected in addition to the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for. For example, matches with a high confidence level will contain more supporting evidence in close proximity to the primary element, whereas matches with a low confidence level would contain little to no supporting evidence in close proximity.
+In a sensitive information type entity definition, **confidence level** reflects how much supporting evidence is detected in addition to the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for. For example, matches with a high confidence level will contain more supporting evidence in close proximity to the primary element, whereas matches with a low confidence level would contain little to no supporting evidence in close proximity.
A high confidence level returns the fewest false positives but might result in more false negatives. Low or medium confidence levels returns more false positives but few to zero false negatives. - **low confidence**: Matched items will contain the fewest false negatives but the most false positives. Low confidence returns all low, medium, and high confidence matches. The low confidence level has a value of 65. - **medium confidence**: Matched items will contain an average amount of false positives and false negatives. Medium confidence returns all medium, and high confidence matches. The medium confidence level has a value of 75.-- **high confidence**: Matched items will contain the fewest false positives but the most false negatives. High confidence only returns high confidence matches and has a value of 85.
+- **high confidence**: Matched items will contain the fewest false positives but the most false negatives. High confidence only returns high confidence matches and has a value of 85.
You should use high confidence level patterns with low counts, say five to ten, and low confidence patterns with higher counts, say 20 or more. > [!NOTE] > If you have existing policies or custom sensitive information types (SITs) defined using number-based confidence levels (also know as accuracy), they will automatically be mapped to the three discrete confidence levels; low confidence, medium confidence, and high confidence, across the Security @ Compliance Center UI.
-> - All policies with minimum accuracy or custom SIT patterns with confidence levels of between 76 and 100 will be mapped to high confidence.
+>
+> - All policies with minimum accuracy or custom SIT patterns with confidence levels of between 76 and 100 will be mapped to high confidence.
> - All policies with minimum accuracy or custom SIT patterns with confidence levels of between 66 and 75 will be mapped to medium confidence.
-> - All policies with minimum accuracy or custom SIT patterns with confidence levels less than or equal to 65 will be mapped to low confidence.
+> - All policies with minimum accuracy or custom SIT patterns with confidence levels less than or equal to 65 will be mapped to low confidence.
## Creating custom sensitive information types
You can choose from several options to create custom sensitive information types
> [!NOTE] > Improved confidence levels are available for immediate use within Data Loss Prevention for Microsoft 365 services, Microsoft Information Protection for Microsoft 365 services, Communication Compliance, Information Governance, and Records Management. > Microsoft 365 Information Protection now supports double byte character set languages for:
+>
> - Chinese (simplified) > - Chinese (traditional) > - Korean > - Japanese
->
+>
> This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes](mip-dbcs-relnotes.md) for more information. > [!TIP] > To detect patterns containing Chinese/Japanese characters and single byte characters or to detect patterns containing Chinese/Japanese and English, define two variants of the keyword or regex.
+>
> - For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".
->
-> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), you should create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.
-> - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the you should create two keyword lists.
+>
+> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), you should create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.
+>
+> - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the you should create two keyword lists.
> 1. Highly confidential > 2. 機密性が高い, 机密的document and 机密的 document
->
+>
> While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters like one would escape a hyphen or period in a regex. Here is a sample regex for reference:
-> - (?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4}
+>
+> `(?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4}`
> > We recommend using string match instead of word match in a keyword list. ## For further information+ - [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md) - [Create a custom sensitive information type](create-a-custom-sensitive-information-type.md) - [Create a custom sensitive information type in PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md)
compliance Sit Edm Notifications Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-edm-notifications-activities.md
The account you use must be one of the following:
- Compliance administrator - Exchange Online administrator
-To learn more about DLP permissions, see [Permissions](data-loss-prevention-policies.md#permissions).
+To learn more about DLP permissions, see [Permissions](data-loss-prevention-policies.md#permissions).
EDM-based classification is included in these subscriptions:
compliance Sit Functions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-functions.md
This article explains what these functions look for, to help you understand how
|Function name | Function action | Is a validator| ||-|| |Func_aba_routing|detects ABA routing number|yes|
-|Func_alabama_drivers_license_number|detects Alabama driverΓÇÖs license number|no|
-|Func_alaska_delaware_oregon_drivers_license_number|detects Alaska, Delaware, Oregon driverΓÇÖs license number|no|
-|Func_alaska_drivers_license_number|detects Alaska driverΓÇÖs license number|no|
-|Func_alberta_drivers_license_number|detects Alberta driverΓÇÖs license number|no|
+|Func_alabama_drivers_license_number|detects Alabama driver's license number|no|
+|Func_alaska_delaware_oregon_drivers_license_number|detects Alaska, Delaware, Oregon driver's license number|no|
+|Func_alaska_drivers_license_number|detects Alaska driver's license number|no|
+|Func_alberta_drivers_license_number|detects Alberta driver's license number|no|
|Func_argentina_Unique_Tax_Key|detects and validates Argentina Unique tax key|no| |Func_Argentina_Unique_Tax_Key|detects Argentina Unique tax key|no|
-|Func_arizona_drivers_license_number|detects Arizona driverΓÇÖs license number|no|
-|Func_arkansas_drivers_license_number|detects Arkansas driverΓÇÖs license number|no|
+|Func_arizona_drivers_license_number|detects Arizona driver's license number|no|
+|Func_arkansas_drivers_license_number|detects Arkansas driver's license number|no|
|Func_australian_business_number|detects Australia business number|no| |Func_Australian_Company_Number|detects Australia company number|no| |Func_australian_medical_account_number|detects Australia medical account number|no|
This article explains what these functions look for, to help you understand how
|Func_brazil_cnpj|detects Brazil legal entity number (CNPJ)|yes| |Func_brazil_cpf|detects Brazil CPF|yes| |Func_brazil_rg|detects Brazil RG|no|
-|Func_british_columbia_drivers_license_number|detects British Columbia driverΓÇÖs license number|no|
+|Func_british_columbia_drivers_license_number|detects British Columbia driver's license number|no|
|Func_bulgaria_eu_national_id_card|detects Bulgaria uniform civil number|no|
-|Func_california_drivers_license_number|detects California driverΓÇÖs license number|no|
+|Func_california_drivers_license_number|detects California driver's license number|no|
|Func_canadian_sin|detects Canada sin|yes| |Func_chile_id_card|detects Chile ID card|no| |Func_china_resident_id|detects China-resident ID|no|
-|Func_colorado_drivers_license_number|detects Colorado driverΓÇÖs license number|no|
-|Func_connecticut_drivers_license_number|detects Connecticut driverΓÇÖs license number|no|
+|Func_colorado_drivers_license_number|detects Colorado driver's license number|no|
+|Func_connecticut_drivers_license_number|detects Connecticut driver's license number|no|
|Func_credit_card|detects credit card|yes| |Func_croatia_id_card|detects Croatia ID card|no| |Func_croatia_oib_number|detects Croatia OIB number|no|
This article explains what these functions look for, to help you understand how
|Func_czech_id_card|detects Czech ID card|no| |Func_dea_number|detects DEA number|yes| |Func_denmark_eu_tax_file_number|detects Denmark personal identification number|no|
-|Func_district_of_columbia_drivers_license_number|detects District of Columbia driverΓÇÖs license number|no|
+|Func_district_of_columbia_drivers_license_number|detects District of Columbia driver's license number|no|
|Func_estonia_eu_national_id_card|detects Estonia Personal Identification Code|no| |Func_eu_debit_card|detects EU debit card|no| |Func_finnish_national_id|detects Finnish national ID|no|
-|Func_florida_drivers_license_number|detects Florida driverΓÇÖs license number|no|
-|Func_florida_maryland_michigan_minnesota_drivers_license_number|detects Florida, Maryland, Michigan, Minnesota driverΓÇÖs license number|no|
+|Func_florida_drivers_license_number|detects Florida driver's license number|no|
+|Func_florida_maryland_michigan_minnesota_drivers_license_number|detects Florida, Maryland, Michigan, Minnesota driver's license number|no|
|Func_formatted_itin|detects formatted US ITIN|yes| |Func_fr_insee|detects France INSEE|no| |Func_fr_passport|detects France passport|no| |Func_france_eu_tax_file_number|detects France tax file number|no| |Func_france_value_added_tax_number|detects France value added tax number|no|
-|Func_french_drivers_license|detects French driverΓÇÖs license|no|
+|Func_french_drivers_license|detects French driver's license|no|
|Func_french_insee|detects French INSEE|no|
-|Func_georgia_drivers_license_number|detects Georgia driverΓÇÖs license number|no|
-|Func_german_drivers_license|detects Germany driverΓÇÖs license|no|
+|Func_georgia_drivers_license_number|detects Georgia driver's license number|no|
+|Func_german_drivers_license|detects Germany driver's license|no|
|Func_german_passport_data|detects Germany passport|no| |Func_german_passport|detects Germany passport|no| |Func_germany_eu_tax_file_number|detects Germany tax file number|no| |Func_germany_value_added_tax_number|detects Germany value added tax number|no| |Func_greece_eu_ssn|detects Greece sin (AMKA)|no|
-|Func_hawaii_drivers_license_number|detects Hawaii driverΓÇÖs license number|no|
+|Func_hawaii_drivers_license_number|detects Hawaii driver's license number|no|
|Func_hong_kong_id_card|detects Hong Kong ID card|no| |Func_hungarian_value_added_tax_number|detects Hungary value added tax number|no| |Func_hungary_eu_national_id_card|detects Hungary personal identification number|no| |Func_hungary_eu_ssn_or_equivalent|detects Hungary social security number|no| |Func_hungary_eu_tax_file_number|detects Hungary tax file number|no| |Func_iban|detects IBAN|yes|
-|Func_idaho_drivers_license_number|detects Idaho driverΓÇÖs license number|no|
-|Func_illinois_drivers_license_number|detects Illinois driverΓÇÖs license number|no|
+|Func_idaho_drivers_license_number|detects Idaho driver's license number|no|
+|Func_illinois_drivers_license_number|detects Illinois driver's license number|no|
|Func_india_aadhaar|detects India aadhaar|yes|
-|Func_indiana_drivers_license_number|detects Indiana driverΓÇÖs license number|no|
-|Func_iowa_drivers_license_number|detects Iowa driverΓÇÖs license number|no|
+|Func_indiana_drivers_license_number|detects Indiana driver's license number|no|
+|Func_iowa_drivers_license_number|detects Iowa driver's license number|no|
|Func_ireland_pps|detects Ireland PPS|no| |Func_israeli_national_id_number|detects Israel national ID number|no| |Func_italy_eu_national_id_card|detects Italy fiscal code|no|
This article explains what these functions look for, to help you understand how
|Func_japanese_my_number_personal|detects Japan my number personal|yes| |Func_jp_bank_account_branch_code|detects Japan bank account branch code|no| |Func_jp_bank_account|detects Japan bank account|no|
-|Func_jp_drivers_license_number|detects Japan driverΓÇÖs license number|no|
+|Func_jp_drivers_license_number|detects Japan driver's license number|no|
|Func_jp_passport|detects Japan passport|no| |Func_jp_resident_registration_number|detects Japan-resident registration number|no| |Func_jp_sin_pre_1997|detects Japan sin pre 1997|no| |Func_jp_sin|detects Japan SIN|no|
-|Func_kansas_drivers_license_number|detects Kansas driverΓÇÖs license number|no|
-|Func_kentucky_drivers_license_number|detects Kentucky driverΓÇÖs license number|no|
-|Func_kentucky_massachusetts_virginia_drivers_license_number|detects Kentucky, Massachusetts, Virginia driverΓÇÖs license number|no|
+|Func_kansas_drivers_license_number|detects Kansas driver's license number|no|
+|Func_kentucky_drivers_license_number|detects Kentucky driver's license number|no|
+|Func_kentucky_massachusetts_virginia_drivers_license_number|detects Kentucky, Massachusetts, Virginia driver's license number|no|
|Func_latvia_eu_national_id_card|detects Latvia personal code|no| |Func_lithuania_eu_tax_file_number|detects Lithuania personal code|no|
-|Func_louisiana_drivers_license_number|detects Louisiana driverΓÇÖs license number|no|
+|Func_louisiana_drivers_license_number|detects Louisiana driver's license number|no|
|Func_luxemburg_eu_tax_file_number_non_natural|detects Luxemburg national identification number (non-natural persons)|no| |Func_luxemburg_eu_tax_file_number|detects Luxemburg national identification number (natural persons)|no|
-|Func_maine_drivers_license_number|detects Maine driverΓÇÖs license number|no|
-|Func_manitoba_drivers_license_number|detects Manitoba driverΓÇÖs license number|no|
-|Func_maryland_drivers_license_number|detects Maryland driverΓÇÖs license number|no|
-|Func_massachusetts_drivers_license_number|detects Massachusetts driverΓÇÖs license number|no|
+|Func_maine_drivers_license_number|detects Maine driver's license number|no|
+|Func_manitoba_drivers_license_number|detects Manitoba driver's license number|no|
+|Func_maryland_drivers_license_number|detects Maryland driver's license number|no|
+|Func_massachusetts_drivers_license_number|detects Massachusetts driver's license number|no|
|Func_mexico_population_registry_code|detects Mexico population registry code|no|
-|Func_michigan_minnesota_drivers_license_number|detects Michigan, Minnesota driverΓÇÖs license number|no|
-|Func_minnesota_drivers_license_number|detects Minnesota driverΓÇÖs license number|no|
-|Func_mississippi_oklahoma_drivers_license_number|detects Mississippi, Oklahoma driverΓÇÖs license number|no|
-|Func_missouri_drivers_license_number|detects Missouri driverΓÇÖs license number|no|
-|Func_montana_drivers_license_number|detects Montana driverΓÇÖs license number|no|
-|Func_nebraska_drivers_license_number|detects Nebraska driverΓÇÖs license number|no|
+|Func_michigan_minnesota_drivers_license_number|detects Michigan, Minnesota driver's license number|no|
+|Func_minnesota_drivers_license_number|detects Minnesota driver's license number|no|
+|Func_mississippi_oklahoma_drivers_license_number|detects Mississippi, Oklahoma driver's license number|no|
+|Func_missouri_drivers_license_number|detects Missouri driver's license number|no|
+|Func_montana_drivers_license_number|detects Montana driver's license number|no|
+|Func_nebraska_drivers_license_number|detects Nebraska driver's license number|no|
|Func_netherlands_bsn|detects Netherlands BSN|no| |Func_netherlands_eu_tax_file_number|detects Netherlands tax file number|no| |Func_netherlands_value_added_tax_number|detects Netherlands value added tax number|no|
-|Func_nevada_drivers_license_number|detects Nevada driverΓÇÖs license number|no|
-|Func_new_brunswick_drivers_license_number|detects New Brunswick driverΓÇÖs license number|no|
-|Func_new_hampshire_drivers_license_number|detects New Hampshire driverΓÇÖs license number|no|
-|Func_new_jersey_drivers_license_number|detects New Jersey driverΓÇÖs license number|no|
-|Func_new_mexico_drivers_license_number|detects New Mexico driverΓÇÖs license number|no|
-|Func_new_york_drivers_license_number|detects New York driverΓÇÖs license number|no|
+|Func_nevada_drivers_license_number|detects Nevada driver's license number|no|
+|Func_new_brunswick_drivers_license_number|detects New Brunswick driver's license number|no|
+|Func_new_hampshire_drivers_license_number|detects New Hampshire driver's license number|no|
+|Func_new_jersey_drivers_license_number|detects New Jersey driver's license number|no|
+|Func_new_mexico_drivers_license_number|detects New Mexico driver's license number|no|
+|Func_new_york_drivers_license_number|detects New York driver's license number|no|
|Func_new_zealand_bank_account_number|detects New Zealand bank account number|no| |Func_new_zealand_inland_revenue_number|detects New Zealand inland revenue number|no| |Func_new_zealand_ministry_of_health_number|detects New Zealand ministry of health number|no|
-|Func_newfoundland_labrador_drivers_license_number|detects Newfoundland Labrador driverΓÇÖs license number|no|
+|Func_newfoundland_labrador_drivers_license_number|detects Newfoundland Labrador driver's license number|no|
|Func_newzealand_driver_license_number|detects New Zealand driver license number|no| |Func_newzealand_social_welfare_number|detects New Zealand social welfare number|no|
-|Func_north_carolina_drivers_license_number|detects North Carolina driverΓÇÖs license number|no|
-|Func_north_dakota_drivers_license_number|detects North Dakota driverΓÇÖs license number|no|
+|Func_north_carolina_drivers_license_number|detects North Carolina driver's license number|no|
+|Func_north_dakota_drivers_license_number|detects North Dakota driver's license number|no|
|Func_norway_id_number|detects Norway ID number|no|
-|Func_nova_scotia_drivers_license_number|detects Nova Scotia driverΓÇÖs license number|no|
-|Func_ohio_drivers_license_number|detects Ohio driverΓÇÖs license number|no|
-|Func_ontario_drivers_license_number|detects Ontario driverΓÇÖs license number|no|
-|Func_pennsylvania_drivers_license_number|detects Pennsylvania driverΓÇÖs license number|no|
+|Func_nova_scotia_drivers_license_number|detects Nova Scotia driver's license number|no|
+|Func_ohio_drivers_license_number|detects Ohio driver's license number|no|
+|Func_ontario_drivers_license_number|detects Ontario driver's license number|no|
+|Func_pennsylvania_drivers_license_number|detects Pennsylvania driver's license number|no|
|Func_pesel_identification_number|detects Poland National ID (PESEL)|no| |Func_poland_eu_tax_file_number|detects Poland tax file number|no| |Func_polish_national_id|detects Poland identity card|no| |Func_polish_passport_number|detects Polish passport number|no| |Func_polish_regon_number|detects Polish REGON number|no| |Func_portugal_eu_tax_file_number|detects Portugal Tax Identification Number|no|
-|Func_prince_edward_island_drivers_license_number|detects Prince Edward Island driverΓÇÖs license number|no|
-|Func_quebec_drivers_license_number|detects Quebec driverΓÇÖs license number|no|
+|Func_prince_edward_island_drivers_license_number|detects Prince Edward Island driver's license number|no|
+|Func_quebec_drivers_license_number|detects Quebec driver's license number|no|
|Func_randomized_formatted_ssn|detects randomized formatted US SSN|yes| |Func_randomized_unformatted_ssn|detects randomized unformatted US SSN|yes|
-|Func_rhode_island_drivers_license_number|detects Rhode Island driverΓÇÖs license number|no|
+|Func_rhode_island_drivers_license_number|detects Rhode Island driver's license number|no|
|Func_romania_eu_national_id_card|detects Romania personal numeric code (CNP)|no|
-|Func_saskatchewan_drivers_license_number|detects Saskatchewan driverΓÇÖs license number|no|
+|Func_saskatchewan_drivers_license_number|detects Saskatchewan driver's license number|no|
|Func_slovakia_eu_national_id_card|detects Slovakia personal number|no| |Func_slovenia_eu_national_id_card|detects Slovenia Unique Master Citizen Number|no| |Func_slovenia_eu_tax_file_number|detects Slovenia tax file number|no| |Func_south_africa_identification_number|detects South Africa identification number|yes|
-|Func_south_carolina_drivers_license_number|detects South Carolina driverΓÇÖs license number|no|
-|Func_south_dakota_drivers_license_number|detects South Dakota driverΓÇÖs license number|no|
+|Func_south_carolina_drivers_license_number|detects South Carolina driver's license number|no|
+|Func_south_dakota_drivers_license_number|detects South Dakota driver's license number|no|
|Func_south_korea_resident_number|detects South Korea resident number|no| |Func_spain_eu_DL_and_NI_number_citizen|detects Spain DL and NI number citizen|no| |Func_spain_eu_DL_and_NI_number_foreigner|detects Spain DL and NI number foreigner|no|
This article explains what these functions look for, to help you understand how
|Func_swedish_national_identifier|detects Swedish national identifier|yes| |Func_swiss_social_security_number_ahv|detects Swiss social security number AHV|no| |Func_taiwanese_national_id|detects Taiwanese national ID|no|
-|Func_tennessee_drivers_license_number|detects Tennessee driverΓÇÖs license number|no|
-|Func_texas_drivers_license_number|detects Texas driverΓÇÖs license number|no|
+|Func_tennessee_drivers_license_number|detects Tennessee driver's license number|no|
+|Func_texas_drivers_license_number|detects Texas driver's license number|no|
|Func_Thai_Citizen_Id|detects Thai Citizen ID|no| |Func_Turkish_National_Id|detects Turkish National ID|yes|
-|Func_uk_drivers_license|detects UK driverΓÇÖs license|no|
+|Func_uk_drivers_license|detects UK driver's license|no|
|Func_uk_eu_tax_file_number|detects UK unique taxpayer number|no| |Func_uk_nhs_number|detects UK NHS number|yes| |Func_uk_nino|detects UK NINO|no|
This article explains what these functions look for, to help you understand how
|Func_unformatted_itin|detects unformatted US ITIN|yes| |Func_unformatted_ssn|detects non-randomized unformatted US SSN|yes| |Func_usa_uk_passport|detects USA and UK passport|yes|
-|Func_utah_drivers_license_number|detects Utah driverΓÇÖs license number|no|
-|Func_vermont_drivers_license_number|detects Vermont driverΓÇÖs license number|no|
-|Func_virginia_drivers_license_number|detects Virginia driverΓÇÖs license number|no|
-|Func_washington_drivers_license_number|detects Washington driverΓÇÖs license number|no|
-|Func_west_virginia_drivers_license_number|detects West Virginia driverΓÇÖs license number|no|
-|Func_wisconsin_drivers_license_number|detects Wisconsin driverΓÇÖs license number|no|
-|Func_wyoming_drivers_license_number|detects Wyoming driverΓÇÖs license number|no|
+|Func_utah_drivers_license_number|detects Utah driver's license number|no|
+|Func_vermont_drivers_license_number|detects Vermont driver's license number|no|
+|Func_virginia_drivers_license_number|detects Virginia driver's license number|no|
+|Func_washington_drivers_license_number|detects Washington driver's license number|no|
+|Func_west_virginia_drivers_license_number|detects West Virginia driver's license number|no|
+|Func_wisconsin_drivers_license_number|detects Wisconsin driver's license number|no|
+|Func_wyoming_drivers_license_number|detects Wyoming driver's license number|no|
## Func_us_date
Accepted month names:
## Func_us_address
-Func_us_address looks for a U.S. state name or postal abbreviation followed by a valid zip code. The zip code must be one of the correct zip codes associated with the U.S. state name or abbreviation. The U.S. state name and zip code canΓÇÖt be separated by punctuation or letters.
+Func_us_address looks for a U.S. state name or postal abbreviation followed by a valid zip code. The zip code must be one of the correct zip codes associated with the U.S. state name or abbreviation. The U.S. state name and zip code can't be separated by punctuation or letters.
Examples:
compliance Sit Get Started Exact Data Match Based Sits Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview.md
Familiarize yourself with the concepts and terminology in these articles:
## Required licenses and permissions
-You must be a global admin, compliance administrator, or Exchange Online administrator to perform the tasks described in this article. To learn more about DLP permissions, see [Permissions](data-loss-prevention-policies.md#permissions).
+You must be a global admin, compliance administrator, or Exchange Online administrator to perform the tasks described in this article. To learn more about DLP permissions, see [Permissions](data-loss-prevention-policies.md#permissions).
See the [data loss prevention service description](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#data-loss-prevention-for-exchange-online-sharepoint-online-and-onedrive-for-business) for complete licensing information
compliance Sit Get Started Exact Data Match Export Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-export-data.md
The data file can include a maximum of:
- Up to 32 columns (fields) per data source - Up to 5 columns (fields) marked as searchable
-2. Structure the sensitive data in the .csv or .tsv file such that the first row includes the names of the fields used for EDM-based classification. In your file you might have field names such as "ssn", "birthdate", "firstname", "lastname". The column header names can't include spaces or underscores. For example, the sample .csv file that we use in this article is named *PatientRecords.csv*, and its columns include *PatientID*, *MRN*, *LastName*, *FirstName*, *SSN*, and more.
+2. Structure the sensitive data in the .csv or .tsv file such that the first row includes the names of the fields used for EDM-based classification. In your file you might have field names such as "ssn", "birthdate", "firstname", "lastname". The column header names can't include spaces or underscores. For example, the sample .csv file that we use in this article is named *PatientRecords.csv*, and its columns include *PatientID*, *MRN*, *LastName*, *FirstName*, *SSN*, and more.
3. Pay attention to the format of the sensitive data fields. In particular, fields that may contain commas in their content, for example, a street address that contains the value "Seattle,WA" would be parsed as two separate fields when parsed if the .csv format is selected. To avoid this, use the .tsv format or surrounded the comma containing values by double quotes in the sensitive data table. If comma containing values also contain spaces, you need to create a custom SIT that matches the corresponding format. For example, a SIT that detects multi-word string with commas and spaces in it.
compliance Sit Get Started Exact Data Match Hash Upload https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload.md
Separate the processes of hashing and uploading the sensitive data so you can mo
Once in production, keep the two steps separate in most cases. Performing the hashing process on an isolated computer and then transferring the file for upload to an internet-facing computer ensures the actual data is never available in clear text form in a computer that could have been compromised due to its connection to the Internet.
-### Ensure your sensitive data table doesnΓÇÖt have formatting issues.
+### Ensure your sensitive data table doesn't have formatting issues
Before you hash and upload your sensitive data, do a search to validate the presence of special characters that may cause problems in parsing the content. You can validate that the table is in a format suitable to use with EDM by using the EDM upload agent with the following syntax:
If the tool indicates a mismatch in number of columns it might be due to the pre
**If you find single or double quote characters surrounding full values**: you can leave them as they are.
-**If you find single quote characters or commas inside a value**: for example the personΓÇÖs name Tom OΓÇÖNeil or the city 'sΓÇæGravenhage which starts with an apostrophe character, you will need to modify the data export process used to generate the sensitive information table to surround such columns with double quotes.
+**If you find single quote characters or commas inside a value**: for example the person's name Tom O'Neil or the city 'sΓÇæGravenhage which starts with an apostrophe character, you will need to modify the data export process used to generate the sensitive information table to surround such columns with double quotes.
**If double quote characters are found inside values**, it might be preferable to use the Tab-delimited format for the table which is less susceptible to such issues.
If the tool indicates a mismatch in number of columns it might be due to the pre
#### Set up the security group and user account
-1. As a global administrator, go to the admin center using the appropriate [link for your subscription](sit-get-started-exact-data-match-based-sits-overview.md#portal-links-for-your-subscription) and [create a security group](/office365/admin/email/create-edit-or-delete-a-security-group) called **EDM\_DataUploaders**.
+1. As a global administrator, go to the admin center using the appropriate [link for your subscription](sit-get-started-exact-data-match-based-sits-overview.md#portal-links-for-your-subscription) and [create a security group](/office365/admin/email/create-edit-or-delete-a-security-group) called **EDM\_DataUploaders**.
-2. Add one or more users to the **EDM\_DataUploaders** security group. (These users will manage the database of sensitive information.)
+2. Add one or more users to the **EDM\_DataUploaders** security group. (These users will manage the database of sensitive information.)
### Hash and upload from one computer This computer must have direct access to your Microsoft 365 tenant. > [!NOTE]
-> Before you begin this procedure, make sure that you are a member of the **EDM\_DataUploaders** security group.
+> Before you begin this procedure, make sure that you are a member of the **EDM\_DataUploaders** security group.
> [!TIP] >Optionally, you can run a validation against your sensitive information source table file to check it for errors before uploading by running:
compliance Sit Learn About Exact Data Match Based Sits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits.md
# Learn about exact data match based sensitive information types
-[Sensitive information types](sensitive-information-type-learn-about.md) are used to help identify sensitive items so that you can prevent them from being inadvertently or inappropriately shared, to help in locating relevant data in eDiscovery, and to apply governance actions to certain types of information. You define a custom sensitive information type (SIT) based on:
+[Sensitive information types](sensitive-information-type-learn-about.md) are used to help identify sensitive items so that you can prevent them from being inadvertently or inappropriately shared, to help in locating relevant data in eDiscovery, and to apply governance actions to certain types of information. You define a custom sensitive information type (SIT) based on:
- patterns-- keyword evidence such as *employee*, *social security number*, or *ID*
+- keyword evidence such as *employee*, *social security number*, or *ID*
- character proximity to evidence in a particular pattern - confidence levels
But what if you wanted a custom sensitive information type (SIT) that uses exact
![EDM-based classification.](../media/EDMClassification.png)
-EDM-based classification enables you to create custom sensitive information types that refer to exact values in a database of sensitive information. The database can be refreshed daily, and contain up to 100 million rows of data. So as employees, patients, or clients come and go, and records change, your custom sensitive information types remain current and applicable. And, you can use EDM-based classification with policies, such as [data loss prevention policies](dlp-learn-about-dlp.md) or [Microsoft Cloud App Security file policies](/cloud-app-security/data-protection-policies).
+EDM-based classification enables you to create custom sensitive information types that refer to exact values in a database of sensitive information. The database can be refreshed daily, and contain up to 100 million rows of data. So as employees, patients, or clients come and go, and records change, your custom sensitive information types remain current and applicable. And, you can use EDM-based classification with policies, such as [data loss prevention policies](dlp-learn-about-dlp.md) or [Microsoft Cloud App Security file policies](/cloud-app-security/data-protection-policies).
> [!NOTE] > Microsoft 365 Information Protection supports double byte character set languages for:
The sensitive source table contains the sensitive information values that the ED
Here's a simple example of a sensitive information source table.
-|First Name |Last Name |Date of Birth |
-||||
-|Isaiah |Langer | 05-05-1960 |
-|Ana |Bowman |11-24-1971 |
-|Oscar |Ward |02-12-1998 |
-
+|First Name|Last Name|Date of Birth|
+||||
+|Isaiah|Langer| 05-05-1960|
+|Ana|Bowman|11-24-1971|
+|Oscar|Ward|02-12-1998|
### Rule package
Every SIT has a rule package. You use the rule package in an EDM SIT to define:
- Matches, which specify the field that will be the primary element to be used in exact lookup. It can be a regular expression with or without a checksum validation, a keyword list, a keyword dictionary, or a function. - Classification, which specifies the sensitive type match that triggers EDM lookup.-- Supporting element which are elements that, when found provide supporting evidence that help increase the confidence of the match. For example, keyword ΓÇ£SSNΓÇ¥ in proximity of an SSN number. It can be a regular expression with or without a checksum validation, keyword list, keyword dictionary.
+- Supporting element which are elements that, when found provide supporting evidence that help increase the confidence of the match. For example, keyword "SSN" in proximity of an SSN number. It can be a regular expression with or without a checksum validation, keyword list, keyword dictionary.
- Confidence levels (high, medium, low) reflect how much supporting evidence was detected along with the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for. See, [Fundamental parts of a sensitive information type](sensitive-information-type-learn-about.md#fundamental-parts-of-a-sensitive-information-type) for more on confidence levels.
-Proximity ΓÇô Number of characters between primary and supporting element
+Proximity - Number of characters between primary and supporting element
### You supply your own schema and data
compliance Sit Use Exact Data Refresh Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-use-exact-data-refresh-data.md
You can refresh your sensitive information database up to 5 times in every 24 ho
2. Use the procedures in [Hash and upload the sensitive information source table for exact data match sensitive information types](sit-get-started-exact-data-match-hash-upload.md#hash-and-upload-the-sensitive-information-source-table-for-exact-data-match-sensitive-information-types) to upload your sensitive information table source file.
-2. You can use [Task Scheduler](/windows/desktop/TaskSchd/task-scheduler-start-page) to automate the [Hash and upload the sensitive information source table for exact data match sensitive information types](sit-get-started-exact-data-match-hash-upload.md#hash-and-upload-the-sensitive-information-source-table-for-exact-data-match-sensitive-information-types) procedure. You can schedule tasks using several methods:
+3. You can use [Task Scheduler](/windows/desktop/TaskSchd/task-scheduler-start-page) to automate the [Hash and upload the sensitive information source table for exact data match sensitive information types](sit-get-started-exact-data-match-hash-upload.md#hash-and-upload-the-sensitive-information-source-table-for-exact-data-match-sensitive-information-types) procedure. You can schedule tasks using several methods:
|Method|What to do| |||
- |Windows PowerShell|See the [ScheduledTasks](/powershell/module/scheduledtasks/) documentation and the [example PowerShell script](#example-powershell-script-for-task-scheduler) in this article|
- |Task Scheduler API|See the [Task Scheduler](/windows/desktop/TaskSchd/using-the-task-scheduler) documentation|
- |Windows user interface|In Windows, click **Start**, and type Task Scheduler. Then, in the list of results, right-click **Task Scheduler**, and choose **Run as administrator**.|
+ |Windows PowerShell|See the [ScheduledTasks](/powershell/module/scheduledtasks/) documentation and the [example PowerShell script](#example-powershell-script-for-task-scheduler) in this article|
+ |Task Scheduler API|See the [Task Scheduler](/windows/desktop/TaskSchd/using-the-task-scheduler) documentation|
+ |Windows user interface|In Windows, click **Start**, and type Task Scheduler. Then, in the list of results, right-click **Task Scheduler**, and choose **Run as administrator**.|
### Example PowerShell script for Task Scheduler
compliance Teams Workflow In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/teams-workflow-in-advanced-ediscovery.md
The following table describes metadata properties for Teams content.
||| |ContainsEditedMessage|Indicates whether a transcript file contains an edited message. Edited messages are identified when viewing the transcript file.| |ConversationId|A GUID that identifies the conversation that the item is associated with. Transcript files and attachments from the same conversation have the same value for this property.|
-|Conversation name|The name of the conversation the transcript file or attachment is associated with. For Teams 1:1 and group chats, the value of this property is the UPN of all participants of the conversation are concatenated. For example, `User3 <User3@contoso.onmicrosoft.com>,User4 <User4@contoso.onmicrosoft.com>,User2 <User2@contoso.onmicrosoft.com>`. Teams channel (standard, private, and shared) chats use the following format for conversation name: `<Team name>,<Channel name>`. For example, `eDiscovery vNext, General`.|
+|Conversation name|The name of the conversation the transcript file or attachment is associated with. For Teams 1:1 and group chats, the value of this property is the UPN of all participants of the conversation are concatenated. For example, `User3 <User3@contoso.onmicrosoft.com>,User4 <User4@contoso.onmicrosoft.com>,User2 <User2@contoso.onmicrosoft.com>`. Teams channel (standard, private, and shared) chats use the following format for conversation name: `<Team name>,<Channel name>`. For example, `eDiscovery vNext, General`.|
|ConversationType|Indicates the type of Team chat. For Teams 1:1 and group chats, the value for this property is `Group`. For standard, private, and shared channel chats, the value is `Channel`.| |Date|The time stamp of the first message in the transcript file.| |FamilyId|A GUID that identifies the transcript file for a chat conversation. Attachments will have the same value for this property as the transcript file that contains the message the file was attached to.|
compliance Tls 1 2 In Office 365 Gcc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/tls-1-2-in-office-365-gcc.md
appliesto:
## Summary
-In order to comply with the latest compliance standards for the Federal Risk and Authorization Management Program (FedRAMP), we are disabling Transport Layer Security (TLS) versions 1.1 and 1.0 in Microsoft 365 for GCC High and DoD environments. This change was previously announced through Microsoft Support in [Preparing for the mandatory use of TLS 1.2 in Office 365](https://support.microsoft.com/help/4057306/preparing-for-tls-1-2-in-office-365).
+In order to comply with the latest compliance standards for the Federal Risk and Authorization Management Program (FedRAMP), we are disabling Transport Layer Security (TLS) versions 1.1 and 1.0 in Microsoft 365 for GCC High and DoD environments. This change was previously announced through Microsoft Support in [Preparing for the mandatory use of TLS 1.2 in Office 365](https://support.microsoft.com/help/4057306/preparing-for-tls-1-2-in-office-365).
The security of your data is important, and we are committed to transparency about changes that could affect your use of the service.
-Although the [Microsoft TLS 1.0 implementation](https://support.microsoft.com/help/3117336) has no known security vulnerabilities, we remain committed to the FedRAMP compliance standards. Therefore, we disabled TLS 1.1 and 1.0 in Microsoft 365 in GCC High and DoD environments on January 15, 2020. For information about how to remove TLS 1.1 and 1.0 dependencies, see the following white paper:
+Although the [Microsoft TLS 1.0 implementation](https://support.microsoft.com/help/3117336) has no known security vulnerabilities, we remain committed to the FedRAMP compliance standards. Therefore, we disabled TLS 1.1 and 1.0 in Microsoft 365 in GCC High and DoD environments on January 15, 2020. For information about how to remove TLS 1.1 and 1.0 dependencies, see the following white paper:
[Solving the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266) ## More information
-Starting on January 15, 2020, Microsoft 365 in the GCC High and DoD environments will disable TLS 1.1 and 1.0.
+Starting on January 15, 2020, Microsoft 365 in the GCC High and DoD environments will disable TLS 1.1 and 1.0.
-By January 15, 2020, all combinations of client servers and browser servers should use TLS version 1.2 (or a later version) to make sure that all connections can be made without issues to Microsoft 365. This may require updates to certain combinations of client servers and browser servers.
+By January 15, 2020, all combinations of client servers and browser servers should use TLS version 1.2 (or a later version) to make sure that all connections can be made without issues to Microsoft 365. This may require updates to certain combinations of client servers and browser servers.
For SharePoint and OneDrive, you'll need to update and configure .NET to support TLS 1.2. For information, see [How to enable TLS 1.2 on clients](/mem/configmgr/core/plan-design/security/enable-tls-1-2-client).
We know that the following client applications cannot use TLS 1.2:
- Android 4.3 and earlier versions - Firefox version 5.0 and earlier versions-- Internet Explorer 8ΓÇô10 on Windows 7 and earlier versions
+- Internet Explorer 8-10 on Windows 7 and earlier versions
- Internet Explorer 10 on Windows Phone 8.0 - Safari 6.0.4/OS X 10.8.4 and earlier versions
-Although current analysis of connections to Microsoft Online services shows that most services and endpoints see little TLS 1.1 and 1.0 usage, we're providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.1 and 1.0 ends. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services (AD FS), make sure that the infrastructure can support both inbound and outbound connections that use TLS 1.2 (or a later version).
+Although current analysis of connections to Microsoft Online services shows that most services and endpoints see little TLS 1.1 and 1.0 usage, we're providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.1 and 1.0 ends. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services (AD FS), make sure that the infrastructure can support both inbound and outbound connections that use TLS 1.2 (or a later version).
-In addition to the outages that you might experience if you use the listed clients that cannot use TLS 1.2, removing TLS 1.1 and 1.0 will prevent you from being able to use the following Microsoft product:
+In addition to the outages that you might experience if you use the listed clients that cannot use TLS 1.2, removing TLS 1.1 and 1.0 will prevent you from being able to use the following Microsoft product:
- Lync phone ## References
-For guidance and references to help make sure that your clients are using TLS 1.2, see [Preparing for the mandatory use of TLS 1.2 in Office 365](https://support.microsoft.com/help/4057306/preparing-for-tls-1-2-in-office-365).
+For guidance and references to help make sure that your clients are using TLS 1.2, see [Preparing for the mandatory use of TLS 1.2 in Office 365](https://support.microsoft.com/help/4057306/preparing-for-tls-1-2-in-office-365).
compliance Tls 1.0 And 1.1 Deprecation For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365.md
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\W
The value of the **DefaultSecureProtocols** registry key that the KB article describes determines which network protocols can be used: |DefaultSecureProtocols Value|Protocol enabled|
-|-|-|
+|||
|0x00000008|Enable SSL 2.0 by default| |0x00000020|Enable SSL 3.0 by default| |0x00000080|Enable TLS 1.0 by default|
You can refer to [KB 4057306 Preparing for the mandatory use of TLS 1.2 in Offic
The following table shows the appropriate registry key values in Office 365 clients after October 31, 2018. |Enabled protocols for Office 365 service after October 31, 2018|Hexadecimal value|
-|-|-|
+|||
|TLS 1.0 + 1.1 + 1.2|0x00000A80| |TLS 1.1 + 1.2|0x00000A00| |TLS 1.0 + 1.2|0x00000880|
For more information, see [Preparing for the mandatory use of TLS 1.2 in Office
## References
-The following resources provide guidance to help make sure that your clients are using TLS 1.2 or a later version and to disable TLS 1.0 and 1.1:
+The following resources provide guidance to help make sure that your clients are using TLS 1.2 or a later version and to disable TLS 1.0 and 1.1:
-- For Windows 7 clients that connect to Office 365, make sure that TLS 1.2 is the default secure protocol in WinHTTP in Windows. For more information, see [KB 3140245 - Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows](https://support.microsoft.com/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in).
+- For Windows 7 clients that connect to Office 365, make sure that TLS 1.2 is the default secure protocol in WinHTTP in Windows. For more information, see [KB 3140245 - Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows](https://support.microsoft.com/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in).
- To address weak TLS usage by removing TLS 1.0 and 1.1 dependencies, see [TLS 1.2 support at Microsoft](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/). - [New IIS functionality](https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/) makes it easier to find clients on [Windows Server 2012 R2](https://support.microsoft.com/help/4025335/windows-8-1-windows-server-2012-r2-update-kb4025335) and [Windows Server 2016](https://support.microsoft.com/help/4025334/windows-10-update-kb4025334) that connect to the service by using weak security protocols.-- Get more information about how to [solve the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266).
+- Get more information about how to [solve the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266).
- For general information about our approach to security, go to the [Office 365 Trust Center](https://www.microsoft.com/trustcenter/cloudservices/office365). - [Preparing for TLS 1.0/1.1 Deprecation - Office 365 Skype for Business](https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Preparing-for-TLS-1-0-1-1-Deprecation-O365-Skype-for-Business/ba-p/222247) - [Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649) - [Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and/ba-p/607761) - [Exchange Server TLS guidance Part 3: Turning Off TLS 1.0/1.1](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-3-turning-off-tls-1-0-1-1/ba-p/607898) - [Enable TLS 1.1 and TLS 1.2 support in Office Online Server](/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-online-server)-
compliance Use A Script To Add Users To A Hold In Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-a-script-to-add-users-to-a-hold-in-ediscovery.md
Here are the steps to make this happen:
## Before you add users to a hold -- You have to be a member of the eDiscovery Manager role group in the Microsoft 365 compliance center and a SharePoint Online administrator to run the script in Step 3. For more information, see [Assign eDiscovery permissions in the OfficeΓÇì 365 Security & Compliance Center](assign-ediscovery-permissions.md).
+- You have to be a member of the eDiscovery Manager role group in the Microsoft 365 compliance center and a SharePoint Online administrator to run the script in Step 3. For more information, see [Assign eDiscovery permissions in the Office 365 Security & Compliance Center](assign-ediscovery-permissions.md).
- A maximum of 1,000 mailboxes and 100 sites can be added to a hold that's associated with an eDiscovery case in the Microsoft 365 compliance center. Assuming that every user that you want to place on hold has a OneDrive for Business site, you can add a maximum of 100 users to a hold using the script in this article.
compliance Use Notifications And Policy Tips https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-notifications-and-policy-tips.md
For each rule in a DLP policy, you can:
- Customize the text that's included in the notification by using HTML or tokens. See the section below for more information. > [!NOTE]
-> Email notifications can be sent only to individual recipientsΓÇönot groups or distribution lists. Only new content will trigger an email notification. Editing existing content will trigger policy tips, but not an email notification.
+> Email notifications can be sent only to individual recipientsΓÇönot groups or distribution lists. Only new content will trigger an email notification. Editing existing content will trigger policy tips, but not an email notification.
![Email notification options.](../media/4e7b9500-2a78-44e6-9067-09f4bfd50301.png)
Notifications have a Subject line that begins with the action taken, such as "No
By default, notifications display text similar to the following for an item on a site. The notification text is configured separately for each rule, so the text that's displayed differs depending on which rule is matched.
-|**If the DLP policy rule does this…**|**Then the default notification for SharePoint or OneDrive for Business documents says this…**|**Then the default notification for Outlook messages says this…**|
-|:--|:--|:--|
-|Sends a notification but doesn't allow override <br/> |This item conflicts with a policy in your organization. <br/> |Your email message conflicts with a policy in your organization. <br/> |
-|Blocks access, sends a notification, and allows override <br/> |This item conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked. <br/> |Your email message conflicts with a policy in your organization. The message wasn't delivered to all recipients. <br/> |
-|Blocks access and sends a notification <br/> |This item conflicts with a policy in your organization. Access to this item is blocked for everyone except its owner, last modifier, and the primary site collection administrator. <br/> |Your email message conflicts with a policy in your organization. The message wasn't delivered to all recipients. <br/> |
+|If the DLP policy rule does this...|Then the default notification for SharePoint or OneDrive for Business documents says this...|Then the default notification for Outlook messages says this...|
+||||
+|Sends a notification but doesn't allow override|This item conflicts with a policy in your organization.|Your email message conflicts with a policy in your organization.|
+|Blocks access, sends a notification, and allows override|This item conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked.|Your email message conflicts with a policy in your organization. The message wasn't delivered to all recipients.|
+|Blocks access and sends a notification|This item conflicts with a policy in your organization. Access to this item is blocked for everyone except its owner, last modifier, and the primary site collection administrator.|Your email message conflicts with a policy in your organization. The message wasn't delivered to all recipients.|
### Custom email notification
You can create a custom email notification instead of sending the default email
You can also use the following tokens to help customize the email notification. These tokens are variables that are replaced by specific information in the notification that's sent.
-|**Token**|**Description**|
-|:--|:--|
-|%%AppliedActions%% <br/> |The actions applied to the content. <br/> |
-|%%ContentURL%% <br/> |The URL of the document on the SharePoint Online site or OneDrive for Business site. <br/> |
-|%%MatchedConditions%% <br/> |The conditions that were matched by the content. Use this token to inform people of possible issues with the content. <br/> |
+|Token|Description|
+|||
+|%%AppliedActions%%|The actions applied to the content.|
+|%%ContentURL%%|The URL of the document on the SharePoint Online site or OneDrive for Business site.|
+|%%MatchedConditions%%|The conditions that were matched by the content. Use this token to inform people of possible issues with the content.|
![Notification message showing where tokens appear.](../media/cd3f36b3-40db-4f30-99e4-190750bd1955.png)
DLP policies are synced to sites and contented is evaluated against them periodi
By default, policy tips display text similar to the following for an item on a site. The notification text is configured separately for each rule, so the text that's displayed differs depending on which rule is matched.
-|**If the DLP policy rule does this…**|**Then the default policy tip says this…**|
-|:--|:--|
-|Sends a notification but doesn't allow override <br/> |This item conflicts with a policy in your organization. <br/> |
-|Blocks access, sends a notification, and allows override <br/> |This item conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked. <br/> |
-|Blocks access and sends a notification <br/> |This item conflicts with a policy in your organization. Access to this item is blocked for everyone except its owner, last modifier, and the primary site collection administrator. <br/> |
+|If the DLP policy rule does this...|Then the default policy tip says this...|
+|||
+|Sends a notification but doesn't allow override|This item conflicts with a policy in your organization.|
+|Blocks access, sends a notification, and allows override|This item conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked.|
+|Blocks access and sends a notification|This item conflicts with a policy in your organization. Access to this item is blocked for everyone except its owner, last modifier, and the primary site collection administrator.|
### Custom text for policy tips on sites
Note that while policy tips can draw only from a single location, email notifica
By default, policy tips display text similar to the following for email.
-|**If the DLP policy rule does this…**|**Then the default policy tip says this…**|
-|:--|:--|
-|Sends a notification but doesn't allow override <br/> |Your email conflicts with a policy in your organization. <br/> |
-|Blocks access, sends a notification, and allows override <br/> |Your email conflicts with a policy in your organization. <br/> |
-|Blocks access and sends a notification <br/> |Your email conflicts with a policy in your organization. <br/> |
+|If the DLP policy rule does this...|Then the default policy tip says this...|
+|||
+|Sends a notification but doesn't allow override|Your email conflicts with a policy in your organization.|
+|Blocks access, sends a notification, and allows override|Your email conflicts with a policy in your organization.|
+|Blocks access and sends a notification|Your email conflicts with a policy in your organization.|
## Policy tips in Excel, PowerPoint, and Word
In each of these Office desktop programs, people can choose to turn off policy t
By default, policy tips display text similar to the following on the Message Bar and Backstage view of an open document. The notification text is configured separately for each rule, so the text that's displayed differs depending on which rule is matched.
-|**If the DLP policy rule does this…**|**Then the default policy tip says this…**|
-|:--|:--|
-|Sends a notification but doesn't allow override <br/> |This file conflicts with a policy in your organization. Go to the **File** menu for more information. <br/> |
-|Blocks access, sends a notification, and allows override <br/> |This file conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked. Go to the **File** menu for more information. <br/> |
-|Blocks access and sends a notification <br/> |This file conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked. Go to the **File** menu for more information. <br/> |
+|If the DLP policy rule does this...|Then the default policy tip says this...|
+|||
+|Sends a notification but doesn't allow override|This file conflicts with a policy in your organization. Go to the **File** menu for more information.|
+|Blocks access, sends a notification, and allows override|This file conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked. Go to the **File** menu for more information.|
+|Blocks access and sends a notification|This file conflicts with a policy in your organization. If you don't resolve this conflict, access to this file might be blocked. Go to the **File** menu for more information.|
### Custom text for policy tips in Excel, PowerPoint, and Word
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of April 04, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 4/4/2022 | [Manage guest access in Microsoft 365 groups](/microsoft-365/admin/create-groups/manage-guest-access-in-groups?view=o365-21vianet) | modified |
+| 4/4/2022 | [Set up Microsoft 365 Business Standard with a new or existing domain](/microsoft-365/admin/setup/setup-business-standard?view=o365-21vianet) | modified |
+| 4/4/2022 | [Sign up for a Microsoft 365 Business Standard](/microsoft-365/admin/simplified-signup/signup-business-standard?view=o365-21vianet) | modified |
+| 4/4/2022 | [Create and edit AutoPilot profiles](/microsoft-365/business-premium/create-and-edit-autopilot-profiles?view=o365-21vianet) | renamed |
+| 4/4/2022 | [Publish retention labels and apply them in apps to retain or delete content](/microsoft-365/compliance/create-apply-retention-labels?view=o365-21vianet) | modified |
+| 4/4/2022 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
+| 4/4/2022 | [Insider risk solutions](/microsoft-365/compliance/insider-risk-solution-overview?view=o365-21vianet) | modified |
+| 4/4/2022 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/4/2022 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) | modified |
+| 4/4/2022 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-21vianet) | modified |
+| 4/4/2022 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-21vianet) | modified |
+| 4/4/2022 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-21vianet) | modified |
+| 4/4/2022 | [Overview of Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-21vianet) | modified |
+| 4/4/2022 | [Sign up for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-sign-up?view=o365-21vianet) | modified |
+| 4/4/2022 | [Troubleshoot and resolve problems and error messages in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-troubleshoot?view=o365-21vianet) | modified |
+| 4/4/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
+| 4/5/2022 | [Sign up for a Microsoft 365 Business Standard](/microsoft-365/admin/simplified-signup/signup-business-standard?view=o365-21vianet) | modified |
+| 4/5/2022 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
+| 4/5/2022 | [External Domain Name System records for Office 365](/microsoft-365/enterprise/external-domain-name-system-records?view=o365-21vianet) | modified |
+| 4/5/2022 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-21vianet) | modified |
+| 4/5/2022 | [Try Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 1. Implement App Protection Policies](/microsoft-365/solutions/manage-devices-with-intune-app-protection?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 3. Set up compliance policies for devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-compliance-policies?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 7. Implement data loss prevention (DLP) with information protection capabilities](/microsoft-365/solutions/manage-devices-with-intune-dlp-mip?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 2. Enroll devices into management with Intune](/microsoft-365/solutions/manage-devices-with-intune-enroll?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-21vianet) | modified |
+| 4/5/2022 | [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-21vianet) | modified |
+| 4/5/2022 | [Service encryption with Customer Key](/microsoft-365/compliance/customer-key-overview?view=o365-21vianet) | modified |
+| 4/5/2022 | [Set up Customer Key](/microsoft-365/compliance/customer-key-set-up?view=o365-21vianet) | modified |
+| 4/5/2022 | [Differences between document understanding and form processing models](/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model) | modified |
+| 4/5/2022 | [Microsoft 365 Zero Trust deployment plan](/microsoft-365/security/microsoft-365-zero-trust?view=o365-21vianet) | modified |
+| 4/5/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |
+| 4/5/2022 | [Firewall in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-firewall?view=o365-21vianet) | modified |
+| 4/5/2022 | [Get started using the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |
+| 4/5/2022 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) | modified |
+| 4/5/2022 | [Overview of Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
+| 4/5/2022 | [Understand policy order in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-policy-order?view=o365-21vianet) | modified |
+| 4/5/2022 | [The simplified configuration process in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |
+| 4/5/2022 | [Tutorials and simulations in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |
+| 4/5/2022 | [View or edit policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | modified |
+| 4/5/2022 | [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-21vianet) | modified |
+| 4/5/2022 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-21vianet) | modified |
+| 4/5/2022 | [What's new in Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-whatsnew?view=o365-21vianet) | modified |
+| 4/5/2022 | [Implement attack surface reduction (ASR) rules deployment](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-21vianet) | modified |
+| 4/5/2022 | [Plan ASR rules attack surface reduction deployment rules deployment](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan?view=o365-21vianet) | modified |
+| 4/5/2022 | [ASR rules deployment prerequisites](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-21vianet) | modified |
+| 4/5/2022 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) | modified |
+| 4/5/2022 | [Integrate your SIEM tools with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-21vianet) | modified |
+| 4/5/2022 | [Enable Corelight integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/corelight-integration?view=o365-21vianet) | modified |
+| 4/5/2022 | [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Protection](/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection?view=o365-21vianet) | modified |
+| 4/5/2022 | [Device discovery frequently asked questions](/microsoft-365/security/defender-endpoint/device-discovery-faq?view=o365-21vianet) | modified |
+| 4/5/2022 | [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-21vianet) | modified |
+| 4/5/2022 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/5/2022 | [Exclude devices in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/exclude-devices?view=o365-21vianet) | modified |
+| 4/5/2022 | [Investigate Microsoft Defender for Endpoint alerts](/microsoft-365/security/defender-endpoint/investigate-alerts?view=o365-21vianet) | modified |
+| 4/5/2022 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
+| 4/5/2022 | [Deploy Microsoft Defender for Endpoint on Linux with Puppet](/microsoft-365/security/defender-endpoint/linux-install-with-puppet?view=o365-21vianet) | modified |
+| 4/5/2022 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-21vianet) | modified |
+| 4/5/2022 | [How to schedule scans with Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-schedule-scan-mde?view=o365-21vianet) | modified |
+| 4/5/2022 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-21vianet) | modified |
+| 4/5/2022 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-21vianet) | modified |
+| 4/5/2022 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
+| 4/5/2022 | [Device inventory](/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-21vianet) | modified |
+| 4/5/2022 | [Create indicators](/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-21vianet) | modified |
+| 4/5/2022 | [Manage Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-maintenance-operations?view=o365-21vianet) | modified |
+| 4/5/2022 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-21vianet) | modified |
+| 4/5/2022 | [Get started with Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-plan1-getting-started?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
+| 4/5/2022 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified |
+| 4/5/2022 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-21vianet) | modified |
+| 4/5/2022 | [Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/security-config-management?view=o365-21vianet) | modified |
+| 4/5/2022 | [Troubleshoot Microsoft Defender for Endpoint service issues](/microsoft-365/security/defender-endpoint/troubleshoot-mdatp?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender Antivirus event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/5/2022 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-21vianet) | modified |
+| 4/5/2022 | [Web protection](/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-21vianet) | modified |
+| 4/5/2022 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-21vianet) | modified |
+| 4/5/2022 | [CloudAppEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table?view=o365-21vianet) | modified |
+| 4/5/2022 | [EmailAttachmentInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailattachmentinfo-table?view=o365-21vianet) | modified |
+| 4/5/2022 | [EmailEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailevents-table?view=o365-21vianet) | modified |
+| 4/5/2022 | [Get expert training on advanced hunting](/microsoft-365/security/defender/advanced-hunting-expert-training?view=o365-21vianet) | modified |
+| 4/5/2022 | [Migrate advanced hunting queries from Microsoft Defender for Endpoint](/microsoft-365/security/defender/advanced-hunting-migrate-from-mde?view=o365-21vianet) | modified |
+| 4/5/2022 | [Work with advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-results?view=o365-21vianet) | modified |
+| 4/5/2022 | [Alert grading for suspicious email forwarding activity](/microsoft-365/security/defender/alert-grading-playbook-email-forwarding?view=o365-21vianet) | modified |
+| 4/5/2022 | [Alert grading for suspicious inbox forwarding rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-forwarding-rules?view=o365-21vianet) | modified |
+| 4/5/2022 | [Alert grading for suspicious inbox manipulation rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-manipulation-rules?view=o365-21vianet) | modified |
+| 4/5/2022 | [Partner access through Microsoft 365 Defender APIs](/microsoft-365/security/defender/api-partner-access?view=o365-21vianet) | modified |
+| 4/5/2022 | [Configure and manage Microsoft Threat Experts capabilities through Microsoft 365 Defender](/microsoft-365/security/defender/configure-microsoft-threat-experts?view=o365-21vianet) | modified |
+| 4/5/2022 | [Deploy services supported by Microsoft 365 Defender](/microsoft-365/security/defender/deploy-supported-services?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 1. Triage and analyze your first incident](/microsoft-365/security/defender/first-incident-analyze?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 3. Perform a post-incident review of your first incident](/microsoft-365/security/defender/first-incident-post?view=o365-21vianet) | modified |
+| 4/5/2022 | [Prepare your security posture for your first incident](/microsoft-365/security/defender/first-incident-prepare?view=o365-21vianet) | modified |
+| 4/5/2022 | [Incident response with Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 1. Plan for Microsoft 365 Defender operations readiness](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-plan?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 4. Define Microsoft 365 Defender roles, responsibilities, and oversight](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-roles?view=o365-21vianet) | modified |
+| 4/5/2022 | [Step 5. Develop and test use cases](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases?view=o365-21vianet) | modified |
+| 4/5/2022 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |
+| 4/5/2022 | [Investigate incidents in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-incidents?view=o365-21vianet) | modified |
+| 4/5/2022 | [View and manage actions in the Action center](/microsoft-365/security/defender/m365d-autoir-actions?view=o365-21vianet) | modified |
+| 4/5/2022 | [Frequently asked questions when turning on Microsoft 365 Defender](/microsoft-365/security/defender/m365d-enable-faq?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Defender for Endpoint in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-mde?view=o365-21vianet) | modified |
+| 4/5/2022 | [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-21vianet) | modified |
+| 4/5/2022 | [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-21vianet) | modified |
+| 4/5/2022 | [Threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics?view=o365-21vianet) | modified |
+| 4/5/2022 | [Coin miners](/microsoft-365/security/intelligence/coinminer-malware?view=o365-21vianet) | modified |
+| 4/5/2022 | [How Microsoft identifies malware and potentially unwanted applications](/microsoft-365/security/intelligence/criteria?view=o365-21vianet) | modified |
+| 4/5/2022 | [Fileless threats](/microsoft-365/security/intelligence/fileless-threats?view=o365-21vianet) | modified |
+| 4/5/2022 | [Macro malware](/microsoft-365/security/intelligence/macro-malware?view=o365-21vianet) | modified |
+| 4/5/2022 | [Phishing trends and techniques](/microsoft-365/security/intelligence/phishing-trends?view=o365-21vianet) | modified |
+| 4/5/2022 | [How to protect against phishing attacks](/microsoft-365/security/intelligence/phishing?view=o365-21vianet) | modified |
+| 4/5/2022 | [Troubleshoot MSI portal errors caused by admin block](/microsoft-365/security/intelligence/portal-submission-troubleshooting?view=o365-21vianet) | modified |
+| 4/5/2022 | [Prevent malware infection](/microsoft-365/security/intelligence/prevent-malware-infection?view=o365-21vianet) | modified |
+| 4/5/2022 | [Rootkits](/microsoft-365/security/intelligence/rootkits-malware?view=o365-21vianet) | modified |
+| 4/5/2022 | [Submit files for analysis by Microsoft](/microsoft-365/security/intelligence/submission-guide?view=o365-21vianet) | modified |
+| 4/5/2022 | [Supply chain attacks](/microsoft-365/security/intelligence/supply-chain-malware?view=o365-21vianet) | modified |
+| 4/5/2022 | [Tech Support Scams](/microsoft-365/security/intelligence/support-scams?view=o365-21vianet) | modified |
+| 4/5/2022 | [Trojan malware](/microsoft-365/security/intelligence/trojans-malware?view=o365-21vianet) | modified |
+| 4/5/2022 | [Unwanted software](/microsoft-365/security/intelligence/unwanted-software?view=o365-21vianet) | modified |
+| 4/5/2022 | [Virus Information Alliance](/microsoft-365/security/intelligence/virus-information-alliance-criteria?view=o365-21vianet) | modified |
+| 4/5/2022 | [Microsoft Virus Initiative](/microsoft-365/security/intelligence/virus-initiative-criteria?view=o365-21vianet) | modified |
+| 4/5/2022 | [Worms](/microsoft-365/security/intelligence/worms-malware?view=o365-21vianet) | modified |
+| 4/5/2022 | [Secure by default in Office 365](/microsoft-365/security/office-365-security/secure-by-default?view=o365-21vianet) | modified |
+| 4/5/2022 | [Threat Trackers - New and Noteworthy](/microsoft-365/security/office-365-security/threat-trackers?view=o365-21vianet) | modified |
+| 4/5/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 4/5/2022 | [Use named entities in your data loss prevention policies (preview)](/microsoft-365/compliance/named-entities-use?view=o365-21vianet) | modified |
+| 4/6/2022 | [Add and replace your onmicrosoft.com fallback domain in Microsoft 365](/microsoft-365/admin/setup/add-or-replace-your-onmicrosoftcom-domain?view=o365-21vianet) | added |
+| 4/6/2022 | [Enable co-authoring for documents encrypted by sensitivity labels in Microsoft 365](/microsoft-365/compliance/sensitivity-labels-coauthoring?view=o365-21vianet) | modified |
+| 4/6/2022 | [Shared devices](/microsoft-365/managed-desktop/service-description/shared-devices?view=o365-21vianet) | modified |
+| 4/6/2022 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
+| 4/6/2022 | [Use shared queries in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-shared-queries?view=o365-21vianet) | modified |
+| 4/6/2022 | [Microsoft 365 guest sharing settings reference](/microsoft-365/solutions/microsoft-365-guest-settings?view=o365-21vianet) | modified |
+| 4/6/2022 | [Add DNS records to connect your domain](/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-21vianet) | modified |
+| 4/6/2022 | [Add and replace your onmicrosoft.com fallback domain in Microsoft 365](/microsoft-365/admin/setup/add-or-replace-your-onmicrosoftcom-domain?view=o365-21vianet) | modified |
+| 4/6/2022 | [Communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-21vianet) | modified |
+| 4/6/2022 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |
+| 4/6/2022 | [Manage mailbox auditing](/microsoft-365/compliance/enable-mailbox-auditing?view=o365-21vianet) | modified |
+| 4/6/2022 | [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-21vianet) | modified |
+| 4/6/2022 | [Change history for Microsoft Managed Desktop documentation](/microsoft-365/managed-desktop/change-history-managed-desktop?view=o365-21vianet) | modified |
+| 4/6/2022 | [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-21vianet) | modified |
+| 4/6/2022 | [Operationalize attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize?view=o365-21vianet) | modified |
+| 4/6/2022 | [Plan attack surface reduction (ASR) rules deployment](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan?view=o365-21vianet) | modified |
+| 4/6/2022 | [Test attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test?view=o365-21vianet) | modified |
+| 4/6/2022 | [Attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-21vianet) | modified |
+| 4/6/2022 | [Understand and use attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/6/2022 | [Migrate from a third-party protection service to Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365?view=o365-21vianet) | modified |
+| 4/6/2022 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-21vianet) | modified |
+| 4/6/2022 | [User reported message settings](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 4/6/2022 | [Restrict access to content using sensitivity labels to apply encryption](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |
+| 4/6/2022 | [Step 7. Implement data loss prevention (DLP) with information protection capabilities](/microsoft-365/solutions/manage-devices-with-intune-dlp-mip?view=o365-21vianet) | modified |
+| 4/6/2022 | [Step 2. Enroll devices into management with Intune](/microsoft-365/solutions/manage-devices-with-intune-enroll?view=o365-21vianet) | modified |
+| 4/6/2022 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-21vianet) | modified |
+| 4/7/2022 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-21vianet) | modified |
+| 4/7/2022 | [Manage multiple tenants](/microsoft-365/admin/multi-tenant/manage?view=o365-21vianet) | modified |
+| 4/7/2022 | [Add custom and required questions to the booking page](/microsoft-365/bookings/add-questions?view=o365-21vianet) | modified |
+| 4/7/2022 | [Add staff to Bookings](/microsoft-365/bookings/add-staff?view=o365-21vianet) | modified |
+| 4/7/2022 | [Microsoft Bookings](/microsoft-365/bookings/bookings-overview?view=o365-21vianet) | modified |
+| 4/7/2022 | [Configure SMS text notifications and reminders in Microsoft Bookings](/microsoft-365/bookings/bookings-sms?view=o365-21vianet) | modified |
+| 4/7/2022 | [Comparison chart: Bookings web app vs. Bookings Teams app](/microsoft-365/bookings/comparison-chart?view=o365-21vianet) | modified |
+| 4/7/2022 | [Create a manual booking](/microsoft-365/bookings/create-a-manual-booking?view=o365-21vianet) | modified |
+| 4/7/2022 | [Customize and publish your booking page](/microsoft-365/bookings/customize-booking-page?view=o365-21vianet) | modified |
+| 4/7/2022 | [Define your service offerings in Bookings](/microsoft-365/bookings/define-service-offerings?view=o365-21vianet) | modified |
+| 4/7/2022 | [Delete a booking calendar](/microsoft-365/bookings/delete-calendar?view=o365-21vianet) | modified |
+| 4/7/2022 | [Employee working hours in Microsoft Bookings](/microsoft-365/bookings/employee-hours?view=o365-21vianet) | modified |
+| 4/7/2022 | [Enter your business information](/microsoft-365/bookings/enter-business-information?view=o365-21vianet) | modified |
+| 4/7/2022 | [Get Access to Microsoft Bookings](/microsoft-365/bookings/get-access?view=o365-21vianet) | modified |
+| 4/7/2022 | [Get the Microsoft Bookings app for iOS and Android](/microsoft-365/bookings/get-bookings-app?view=o365-21vianet) | modified |
+| 4/7/2022 | [Metrics and activity tracking in Microsoft Bookings](/microsoft-365/bookings/metrics-and-activity-tracking?view=o365-21vianet) | modified |
+| 4/7/2022 | [Reporting information for Microsoft Bookings](/microsoft-365/bookings/reporting-info?view=o365-21vianet) | modified |
+| 4/7/2022 | [Schedule business closures, time off, and vacation time](/microsoft-365/bookings/schedule-closures-time-off-vacation?view=o365-21vianet) | modified |
+| 4/7/2022 | [Set buffer time in Microsoft Bookings](/microsoft-365/bookings/set-buffer-time?view=o365-21vianet) | modified |
+| 4/7/2022 | [Set language and time zones in Microsoft Bookings](/microsoft-365/bookings/set-language-time-zones?view=o365-21vianet) | modified |
+| 4/7/2022 | [Set your scheduling policies](/microsoft-365/bookings/set-scheduling-policies?view=o365-21vianet) | modified |
+| 4/7/2022 | [Turn Microsoft Bookings on or off](/microsoft-365/bookings/turn-bookings-on-or-off?view=o365-21vianet) | modified |
+| 4/7/2022 | [About registration numbers and under-review notifications](/microsoft-365/commerce/about-registration-numbers?view=o365-21vianet) | modified |
+| 4/7/2022 | [Add licenses to a VLSC subscription](/microsoft-365/commerce/licenses/add-licenses-bought-through-vlsc?view=o365-21vianet) | modified |
+| 4/7/2022 | [Add licenses using a product key](/microsoft-365/commerce/licenses/add-licenses-using-product-key?view=o365-21vianet) | modified |
+| 4/7/2022 | [Manage ISV app licenses](/microsoft-365/commerce/licenses/manage-third-party-app-licenses?view=o365-21vianet) | modified |
+| 4/7/2022 | [Manage SAAS apps for your organization](/microsoft-365/commerce/manage-saas-apps?view=o365-21vianet) | modified |
+| 4/7/2022 | [Enter your Microsoft Open product key](/microsoft-365/commerce/purchases-from-microsoft-open?view=o365-21vianet) | modified |
+| 4/7/2022 | [Verify eligibility for Microsoft 365 Education subscriptions](/microsoft-365/commerce/subscriptions/verify-academic-eligibility?view=o365-21vianet) | modified |
+| 4/7/2022 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |
+| 4/7/2022 | [Manage mailbox auditing](/microsoft-365/compliance/enable-mailbox-auditing?view=o365-21vianet) | modified |
+| 4/7/2022 | [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-21vianet) | modified |
+| 4/7/2022 | [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
+| 4/7/2022 | [Connect to Microsoft 365 with PowerShell](/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 4/7/2022 | [Securing Teams media traffic for VPN split tunneling](/microsoft-365/enterprise/microsoft-365-vpn-securing-teams?view=o365-21vianet) | modified |
+| 4/7/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |
+| 4/7/2022 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) | modified |
+| 4/7/2022 | [Schedule Microsoft Defender Antivirus protection updates](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/7/2022 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified |
+| 4/7/2022 | [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-21vianet) | modified |
+| 4/7/2022 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-21vianet) | modified |
+| 4/7/2022 | [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-21vianet) | modified |
+| 4/7/2022 | [Tax Information](/microsoft-365/commerce/billing-and-payments/tax-information?view=o365-21vianet) | modified |
+| 4/7/2022 | [Understand billing accounts](/microsoft-365/commerce/manage-billing-accounts?view=o365-21vianet) | modified |
+| 4/7/2022 | [Resources to help you upgrade from Office 2013 clients and servers](/microsoft-365/enterprise/upgrade-office-2013-clients-servers?view=o365-21vianet) | added |
+| 4/7/2022 | [Manage how and where Microsoft Defender Antivirus receives updates](/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/7/2022 | [DeviceLogonEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicelogonevents-table?view=o365-21vianet) | modified |
+| 4/7/2022 | [Overview - Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview?view=o365-21vianet) | modified |
+| 4/7/2022 | [Incident response with Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 4/7/2022 | [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-21vianet) | modified |
+| 4/7/2022 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
+| 4/7/2022 | [Understand the analyst report section in threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics-analyst-reports?view=o365-21vianet) | modified |
+| 4/7/2022 | [Threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics?view=o365-21vianet) | modified |
+| 4/7/2022 | [Top scoring in industry tests - Microsoft 365 Defender](/microsoft-365/security/defender/top-scoring-industry-tests?view=o365-21vianet) | modified |
+| 4/7/2022 | [What's new in Microsoft 365 Defender](/microsoft-365/security/defender/whats-new?view=o365-21vianet) | modified |
+| 4/7/2022 | Evaluate Microsoft Defender for Office 365 | removed |
+| 4/7/2022 | [Try and evaluate Defender for Office 365](/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365?view=o365-21vianet) | modified |
+| 4/7/2022 | [Step 5. Deploy device profiles in Microsoft Intune](/microsoft-365/solutions/manage-devices-with-intune-configuration-profiles?view=o365-21vianet) | modified |
+| 4/7/2022 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-21vianet) | modified |
+| 4/7/2022 | [Submit suspicious files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-21vianet) | added |
+| 4/7/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/7/2022 | [Configure and review priority accounts in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-review-priority-account?view=o365-21vianet) | added |
+| 4/7/2022 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
+| 4/7/2022 | [Resources to help you upgrade from Office 2013 clients and servers](/microsoft-365/enterprise/upgrade-office-2013-clients-servers?view=o365-21vianet) | modified |
+| 4/8/2022 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-21vianet) | modified |
+| 4/8/2022 | [Microsoft 365 admin center browser usage reports](/microsoft-365/admin/activity-reports/browser-usage-report?view=o365-21vianet) | modified |
+| 4/8/2022 | [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-device-usage-preview?view=o365-21vianet) | modified |
+| 4/8/2022 | [Microsoft 365 admin center Teams user activity reports](/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview?view=o365-21vianet) | modified |
+| 4/8/2022 | [Enable archive mailboxes for Microsoft 365 Compliance](/microsoft-365/compliance/enable-archive-mailboxes?view=o365-21vianet) | modified |
+| 4/8/2022 | [Apply a document understanding model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-model) | modified |
+| 4/8/2022 | [Create an extractor Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/create-an-extractor) | modified |
+| 4/8/2022 | [Differences between document understanding and form processing models](/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model) | modified |
+| 4/8/2022 | [Use a prebuilt model to extract info from invoices or receipts in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/prebuilt-models) | modified |
+| 4/8/2022 | [Use shared queries in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-shared-queries?view=o365-21vianet) | modified |
+| 4/8/2022 | [Microsoft 365 group expiration policy](/microsoft-365/solutions/microsoft-365-groups-expiration-policy?view=o365-21vianet) | modified |
+| 4/8/2022 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
+| 4/8/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |
+| 4/8/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |
+| 4/8/2022 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-21vianet) | modified |
+| 4/8/2022 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |
+| 4/8/2022 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |
+| 4/8/2022 | [Use setup wizard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-21vianet) | modified |
+| 4/8/2022 | [Try and evaluate Defender for Office 365](/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365?view=o365-21vianet) | modified |
+| 4/8/2022 | [Schedule business closures, time off, and vacation time](/microsoft-365/bookings/schedule-closures-time-off-vacation?view=o365-21vianet) | modified |
+| 4/8/2022 | [An overview of Microsoft LTI apps](/microsoft-365/lti/index?view=o365-21vianet) | modified |
+| 4/8/2022 | [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-21vianet) | modified |
++ ## Week of March 21, 2022
lti Teams Classes Meetings With Moodle https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-meetings-with-moodle.md
For the integration between Moodle and Teams to function correctly, Moodle and T
Follow the [instructions for installing and configuring the Moodle plugin](moodle-plugin-configuration.md).
-## Register Microsoft OneLTI tools for use in Moodle
+## Register Microsoft Teams LTI for use in Moodle
> [!IMPORTANT] > The person who performs this integration should be a Moodle administrator and a Microsoft 365 tenant administrator.
security Compare Mdb M365 Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/compare-mdb-m365-plans.md
Title: Compare security features in Microsoft 365 plans for small and medium-sized businesses description: Understand the differences between Defender for Business and Defender for Endpoint. Knowing what's included in each plan can help you make an informed decision for your company.
+search.appverid: MET150
-+ audience: Admin Last updated 04/08/2022
ms.prod: m365-security
ms.technology: mdb ms.localizationpriority: medium
+f1.keywords: NOCSH
- SMB - m365-initiative-defender-business
> [!IMPORTANT] > Microsoft Defender for Business is rolling out to [Microsoft 365 Business Premium](../../business-premium/index.md) customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.
->
-> Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
+>
+> Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
Microsoft offers a wide variety of cloud solutions and services, including several different plans for small and medium-sized businesses. For example, [Microsoft 365 Business Premium](../../business/microsoft-365-business-overview.md) includes security and device management capabilities, along with productivity features, like Office apps. This article is designed to help clarify what security features, such as device protection, are included in Microsoft 365 Business Premium, Microsoft Defender for Business, and Microsoft Defender for Endpoint.
Microsoft Defender for Business is available as a standalone offering or as part
- [Compare Microsoft Defender for Business (standalone) to Microsoft 365 Business Premium](#compare-security-features-in-microsoft-defender-for-business-to-microsoft-365-business-premium) - [Compare Defender for Business (standalone) to Microsoft Defender for Endpoint enterprise offerings](#compare-microsoft-defender-for-business-to-microsoft-defender-for-endpoint-plans-1-and-2)
-**You don't have to have a Microsoft 365 subscription to buy and use Microsoft Defender for Business.** Microsoft Defender for Business is included in Microsoft 365 Business Premium, and it is available as a standalone security solution for small and medium-sized businesses. If you already have Microsoft 365 Business Basic or Standard, consider adding either upgrading to Microsoft 365 Business Premium or adding Microsoft Defender for Business to get more threat protection capabilities.
+**You don't have to have a Microsoft 365 subscription to buy and use Microsoft Defender for Business.** Microsoft Defender for Business is included in Microsoft 365 Business Premium, and it is available as a standalone security solution for small and medium-sized businesses. If you already have Microsoft 365 Business Basic or Standard, consider adding either upgrading to Microsoft 365 Business Premium or adding Microsoft Defender for Business to get more threat protection capabilities.
## Compare security features in Microsoft Defender for Business to Microsoft 365 Business Premium
Microsoft Defender for Business is available as a standalone offering or as part
**Beginning March 1, 2022, Defender for Business will start rolling out as part of Microsoft 365 Business Premium. Defender for Business as a standalone offering is still in preview.**
-The following table compares security features and capabilities in Defender for Business (standalone) to Microsoft 365 Business Premium.
-
- <br/><br/>
-
-| Feature/Capability | [Microsoft Defender for Business](mdb-overview.md)<br/>(standalone; currently in preview) | [Microsoft 365 Business Premium](../../business/microsoft-365-business-overview.md)<br/>(includes Defender for Business) |
-|:|:|:|
-| Email protection | Yes <br/>- [Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md) | Yes <br/>- [Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) <br/>- [Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md) |
-| Antispam protection | Yes <br/>- For devices | Yes <br/>- For devices<br/>- For Microsoft 365 email content, such as messages and attachments |
-| Antimalware protection | Yes<br/>- For devices | Yes <br/>- For devices<br/>- For Microsoft 365 email content, such as messages and attachments |
-| [Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) <br/> (antivirus and antimalware protection) | Yes<br/>- Microsoft Defender Antivirus is included in Windows 10 and later | Yes <br/>- Microsoft Defender Antivirus is included in Windows 10 and later<br/>- Next-generation protection policies for onboarded devices |
-| [Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) <br/>(ASR rules in Windows 10 or later and firewall protection) | Yes | Yes |
-| [Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) <br/>(behavior-based detection and manual response actions) | Yes | Yes |
-| [Automated investigation and response](../defender-endpoint/automated-investigations.md) | Yes | Yes |
-| [Threat & vulnerability management](../defender-endpoint/tvm-dashboard-insights.md) | Yes | Yes |
-| Centralized management and reporting | Yes | Yes |
-| [APIs](../defender-endpoint/apis-intro.md) <br/>(for integration with custom apps or reporting solutions) | Yes | Yes |
-
+The following table compares security features and capabilities in Defender for Business (standalone) to Microsoft 365 Business Premium.
+
+|Feature/Capability|[Microsoft Defender for Business](mdb-overview.md)<br/>(standalone; currently in preview)|[Microsoft 365 Business Premium](../../business/microsoft-365-business-overview.md)<br/>(includes Defender for Business)|
+||||
+|Email protection|Yes <br/>- [Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md)|Yes <br/>- [Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) <br/>- [Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md)|
+|Antispam protection|Yes <br/>- For devices|Yes <br/>- For devices<br/>- For Microsoft 365 email content, such as messages and attachments|
+|Antimalware protection|Yes<br/>- For devices|Yes <br/>- For devices<br/>- For Microsoft 365 email content, such as messages and attachments|
+|[Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) <br/> (antivirus and antimalware protection)|Yes<br/>- Microsoft Defender Antivirus is included in Windows 10 and later|Yes <br/>- Microsoft Defender Antivirus is included in Windows 10 and later<br/>- Next-generation protection policies for onboarded devices|
+|[Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) <br/>(ASR rules in Windows 10 or later and firewall protection)|Yes|Yes|
+|[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) <br/>(behavior-based detection and manual response actions)|Yes|Yes|
+|[Automated investigation and response](../defender-endpoint/automated-investigations.md)|Yes|Yes|
+|[Threat & vulnerability management](../defender-endpoint/tvm-dashboard-insights.md)|Yes|Yes|
+|Centralized management and reporting|Yes|Yes|
+|[APIs](../defender-endpoint/apis-intro.md) <br/>(for integration with custom apps or reporting solutions)|Yes|Yes|
## Compare Microsoft Defender for Business to Microsoft Defender for Endpoint Plans 1 and 2
-Defender for Business brings enterprise-grade capabilities of Defender for Endpoint to small and medium-sized businesses.
-
-The following table compares security features and capabilities in Defender for Business to Microsoft Defender for Endpoint Plans 1 and 2. <br/><br/>
-
-| Feature/Capability | [Defender for Business](mdb-overview.md)<br/>(standalone; currently in preview) | [Defender for Endpoint Plan 1](../defender-endpoint/defender-endpoint-plan-1.md) | [Defender for Endpoint Plan 2](../defender-endpoint/microsoft-defender-endpoint.md) |
-|:|:|:|:|
-| [Centralized management](../defender-endpoint/manage-atp-post-migration.md) <sup>[[1](#fn1)]</sup> | Yes | Yes | Yes |
-| [Simplified client configuration](mdb-simplified-configuration.md) | Yes | No | No |
-| [Threat & vulnerability management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md) | Yes | No | Yes |
-| [Attack surface reduction capabilities](../defender-endpoint/overview-attack-surface-reduction.md) | Yes | Yes | Yes |
-| [Next-generation protection](../defender-endpoint/next-generation-protection.md) | Yes | Yes | Yes |
-| [Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) | Yes <sup>[[2](#fn2)]</sup> | No | Yes |
-| [Automated investigation and response](../defender-endpoint/automated-investigations.md) | Yes <sup>[[2](#fn2)]</sup> | No | Yes |
-| [Threat hunting](../defender-endpoint/advanced-hunting-overview.md) and six months of data retention <sup>[[3](#fn3)]</sup> | No | No | Yes |
-| [Threat analytics](../defender-endpoint/threat-analytics.md) | Yes <sup>[[2](#fn2)]</sup> | No | Yes |
-| [Cross-platform support](../defender-endpoint/minimum-requirements.md) <br/>(Windows, macOS, iOS, and Android OS) | Yes <sup>[[4](#fn4)]</sup> | Yes | Yes |
-| [Microsoft Threat Experts](../defender-endpoint/microsoft-threat-experts.md) | No | No | Yes |
-| Partner APIs | Yes | Yes | Yes |
-| [Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants) | Yes | No | No |
+Defender for Business brings enterprise-grade capabilities of Defender for Endpoint to small and medium-sized businesses.
+
+The following table compares security features and capabilities in Defender for Business to Microsoft Defender for Endpoint Plans 1 and 2.
+
+|Feature/Capability|[Defender for Business](mdb-overview.md)<br/>(standalone; currently in preview)|[Defender for Endpoint Plan 1](../defender-endpoint/defender-endpoint-plan-1.md)|[Defender for Endpoint Plan 2](../defender-endpoint/microsoft-defender-endpoint.md)|
+|||||
+|[Centralized management](../defender-endpoint/manage-atp-post-migration.md) <sup>[[1](#fn1)]</sup>|Yes|Yes|Yes|
+|[Simplified client configuration](mdb-simplified-configuration.md)|Yes|No|No|
+|[Threat & vulnerability management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)|Yes|No|Yes|
+|[Attack surface reduction capabilities](../defender-endpoint/overview-attack-surface-reduction.md)|Yes|Yes|Yes|
+|[Next-generation protection](../defender-endpoint/next-generation-protection.md)|Yes|Yes|Yes|
+|[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md)|Yes <sup>[[2](#fn2)]</sup>|No|Yes|
+|[Automated investigation and response](../defender-endpoint/automated-investigations.md)|Yes <sup>[[2](#fn2)]</sup>|No|Yes|
+|[Threat hunting](../defender-endpoint/advanced-hunting-overview.md) and six months of data retention <sup>[[3](#fn3)]</sup>|No|No|Yes|
+|[Threat analytics](../defender-endpoint/threat-analytics.md)|Yes <sup>[[2](#fn2)]</sup>|No|Yes|
+|[Cross-platform support](../defender-endpoint/minimum-requirements.md) <br/>(Windows, macOS, iOS, and Android OS)|Yes <sup>[[4](#fn4)]</sup>|Yes|Yes|
+|[Microsoft Threat Experts](../defender-endpoint/microsoft-threat-experts.md)|No|No|Yes|
+|Partner APIs|Yes|Yes|Yes|
+|[Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants)|Yes|No|No|
(<a id="fn1">1</a>) Onboard and manage devices in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or with another tool, such as Microsoft Endpoint Manager ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)).
The following table compares security features and capabilities in Defender for
- [See the requirements for Microsoft Defender for Business](mdb-requirements.md) - [Get Microsoft Defender for Business](get-defender-business.md)-- [Learn how to set up and configure Microsoft Defender for Business](mdb-setup-configuration.md)
+- [Learn how to set up and configure Microsoft Defender for Business](mdb-setup-configuration.md)
security Admin Submissions Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/admin-submissions-mde.md
You can also submit a file or file hash directly from the list of alerts on the
- [Microsoft Defender for Endpoint in Microsoft 365 Defender](../defender/microsoft-365-security-center-mde.md) - [Address false positives/negatives](defender-endpoint-false-positives-negatives.md)-- [View and organize alerts queue in Microsoft Defender for Endpoint](alerts-queue.md)
+- [View and organize alerts queue in Microsoft Defender for Endpoint](alerts-queue.md)
security Android Support Signin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-support-signin.md
Return to the Microsoft Defender for Endpoint onboarding screen, select **Allow*
If a user faces an issue which is not already addressed in the above sections or is unable to resolve using the listed steps, the user can provide **in-app feedback** along with **diagnostic data**. Our team can then investigate the logs to provide the right solution. Users can follow these steps to do the same:
-1. Open the **MDE application** on your device and click on the **profile icon** in the top-left corner.
+1. Open the **MDE application** on your device and click on the **profile icon** in the top-left corner.
:::image type="content" source="images/select-profile-icon-1.jpg" alt-text="The profile icon in the Microsoft Defender for Endpoint portal" lightbox="images/select-profile-icon-1.jpg":::
-2. Select "Help & feedback".
+2. Select "Help & feedback".
:::image type="content" source="images/selecthelpandfeedback2.png" alt-text="The Help & feedback option that can be selected in the Microsoft Defender for Endpoint portal" lightbox="images/selecthelpandfeedback2.png":::
-3. Select "Send feedback to Microsoft".
+3. Select "Send feedback to Microsoft".
:::image type="content" alt-text="Select send feedback to Microsoft" source="images/send-feedback-to-microsoft-3.jpg":::
-4. Choose from the given options. To report an issue, select "I want to report an issue".
+4. Choose from the given options. To report an issue, select "I want to report an issue".
:::image type="content" source="images/report-issue-4.jpg" alt-text="The I want to report an issue option" lightbox="images/report-issue-4.jpg":::
-5. Provide details of the issue that you are facing and check "Send diagnostic data". We recommend checking "Include your email address" so that the team can reach back to you with a solution or a follow-up.
+5. Provide details of the issue that you are facing and check "Send diagnostic data". We recommend checking "Include your email address" so that the team can reach back to you with a solution or a follow-up.
:::image type="content" source="images/finalsubmit5.png" alt-text="The pane on which you can add details and attach diagnostic data" lightbox="images/finalsubmit5.png":::
-6. Click on "Submit" to successfully send the feedback.
+6. Click on "Submit" to successfully send the feedback.
+
security Attack Surface Reduction Rules Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference.md
Last updated 02/04/2022
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
This article provides information about attack reduction rules:
This article provides information about attack reduction rules:
- Rule descriptions - Configuration management system rule names
-## Public preview: Supported operating systems
-
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-The following table lists the supported operating systems for attack surface reduction rules that are currently prerelease product. The rules are listed alphabetical order. Unless otherwise indicated, the minimum Windows&nbsp;10 build is version 1709 (RS3, build 16299) or later; the minimum Windows&nbsp;Server build is version is 1809 or later.
-
-> [!NOTE]
-> Attack surface reduction rules in Windows&nbsp;Server&nbsp;2012&nbsp;R2 and Windows&nbsp;Server&nbsp;2016 are available for devices onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016 Preview](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-functionality-in-the-modern-unified-solution-for-windows-server-2012-r2-and-2016-preview).
->
-
-| Rule name | Windows&nbsp;Server 2016 <sup>[[1](#fn1)]<sup></sup> | Windows&nbsp;Server 2012 R2 <sup>[[1](#fn1)]<sup></sup> |
-||::|::|
-|[Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers) | Y | Y |
-|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | Y | Y |
-|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | Y | Y |
-|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | Y | Y |
-|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | Y | Y |
-|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | Y | Y |
-|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | Y | Y |
-|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | N | N |
-|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | Y | Y |
-|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | Y | Y |
-|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | Y | Y |
-|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) \* _File and folder exclusions not supported._ | N | N |
-|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | Y | Y |
-|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | Y | Y |
-|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | N | N |
-|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y | Y |
-| | | |
-
-(<a id="fn1">1</a>) Refers to the modern, unified solution for Windows Server 2012 and 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
-
-_End Public Preview: Supported operating systems_
- ## Supported operating systems
-The following table lists the supported operating systems for rules that are currently released to general availability. The rules are listed alphabetical order.
+The following table lists the supported operating systems for rules that are currently released to general availability. The rules are listed alphabetical order in this table.
> [!Note] > > Unless otherwise indicated, the minimum Windows&nbsp;10 build is version 1709 (RS3, build 16299) or later; the minimum Windows&nbsp;Server build is version is 1809 or later. >
+> Attack surface reduction rules in Windows&nbsp;Server&nbsp;2012&nbsp;R2 and Windows&nbsp;Server&nbsp;2016 are available for devices onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016 Preview](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-functionality-in-the-modern-unified-solution-for-windows-server-2012-r2-and-2016-preview).
-|Rule name|Windows&nbsp;10|Windows&nbsp;Server 2019|Windows&nbsp;Server|
-||::|::|::|
-|[Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers) | Y | Y | Y <br><br> version 1803 (Semi-Annual Channel) or later |
-|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | Y version 1809 or later | Y | Y <br><br> |
-|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | Y | Y | Y <br><br> |
-|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | Y version 1803 or later | Y <br><br> | Y <br><br> |
-|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | Y | Y <br><br> | Y <br><br> |
-|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | Y version 1803 or later | Y <br><br> | Y <br><br> |
-|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | Y | Y <br><br> | Y <br><br> |
-|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | Y | Y <br><br> | Y <br><br> |
-|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | Y | Y <br><br> | Y <br><br> |
-|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | Y | Y <br><br> | Y <br><br> |
-|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | Y | Y <br><br> | Y <br><br> |
-|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) <br><br> \* _File and folder exclusions not supported._ | Y version 1903 (build 18362) or later| Y | Y <br><br> version 1903 (build 18362) or later |
-|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | Y version 1803 or later | Y <br><br> | Y <br><br> |
-|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | Y | Y <br><br> | Y <br><br> |
-|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | Y | Y <br><br> | Y <br><br> |
-|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y version 1803 or later | Y <br><br> | Y <br><br> |
-| | | | |
+| Rule name|Windows 10 | Windows Server 2019 | Windows&nbsp;Server | Windows Server 2016 <sup>[[1, 2](#fn1)]<sup></sup> | Windows Server 2012&nbsp;R2 <sup>[[1, 2](#fn1)]<sup></sup> |
+|:|::|::|::|::|::|
+| [Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers) | Y | Y | Y <br> version 1803 (Semi-Annual Channel) or later | Y | Y |
+| [Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | Y version 1809 or later | Y | Y | Y | Y |
+| [Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | Y | Y | Y | Y | Y |
+| [Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | Y <br> version 1803 or later | Y | Y | Y | Y |
+| [Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | Y | Y | Y | Y | Y |
+| [Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | Y <br> version 1803 or later | Y | Y | Y | Y |
+| [Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | Y | Y | Y | Y | Y |
+| [Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | Y | Y | Y | N | N |
+| [Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | Y | Y | Y | Y | Y |
+| [Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | Y | Y | Y | Y | Y |
+| [Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | Y | Y | Y | Y | Y |
+| [Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) <br> \* _File and folder exclusions not supported._ | Y <br> version 1903 (build 18362) or later | Y | Y <br> version 1903 (build 18362) or later | N | N |
+| [Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | Y <br> version 1803 or later | Y | Y | Y | Y |
+| [Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | Y | Y | Y | Y | Y |
+| [Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | Y | Y | Y | N | N |
+| [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y <br> version 1803 or later | Y | Y | Y | Y |
+
+(<a id="fn1">1</a>) Refers to the modern unified solution for Windows Server 2012 and 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
+
+(<a id="fn1">2</a>) For Windows&nbsp;Server 2016 and Windows&nbsp;Server 2012&nbsp;R2, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111.
## Supported configuration management systems
security Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md
Last updated 1/18/2022
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
## Why attack surface reduction rules are important
You can create a custom view that filters events to only show the following even
|1122|Event when rule fires in Audit-mode| The "engine version" listed for attack surface reduction events in the event log, is generated by Defender for Endpoint, not by the operating system. Defender for Endpoint is integrated with Windows 10 and Windows 11, so this feature works on all devices with Windows 10 or Windows 11 installed.+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Automated Investigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/automated-investigations.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Want to see how it works? Watch the following video:
security Behavioral Blocking Containment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/behavioral-blocking-containment.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
A few minutes after the artifact was blocked, multiple instances of the same fil
This example shows that with behavioral blocking and containment capabilities, threats are detected, contained, and blocked automatically.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Next steps - [Learn more about Defender for Endpoint](overview-endpoint-detection-response.md)
security Client Behavioral Blocking https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/client-behavioral-blocking.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platform**
+- Windows
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
Antivirus protection works best when paired with cloud protection.
[Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.
-Whenever a suspicious behavior is detected, an [alert](alerts-queue.md) is generated, and is visible in the While the attack was detected and stopped, alerts, such as an "initial access alert," were triggered and appeared in the [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender) (formerly Microsoft 365 Defender).
+Whenever a suspicious behavior is detected, an [alert](alerts-queue.md) is generated and is visible while the attack was detected and stopped; alerts, such as an "initial access alert," are triggered and appear in the [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender) (formerly Microsoft 365 Defender).
Client behavioral blocking is effective because it not only helps prevent an attack from starting, it can help stop an attack that has begun executing. And, with [feedback-loop blocking](feedback-loop-blocking.md) (another capability of behavioral blocking and containment), attacks are prevented on other devices in your organization.
If your organization is using Defender for Endpoint, client behavioral blocking
- [EDR in block mode](edr-in-block-mode.md) - [Attack surface reduction](attack-surface-reduction.md) - [Next-generation protection](configure-microsoft-defender-antivirus-features.md) (antivirus, antimalware, and other threat protection capabilities)+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Cloud Protection Microsoft Antivirus Sample Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ Microsoft Defender Antivirus uses many intelligent mechanisms for detecting malware. One of the most powerful capabilities is the ability to apply the power of the cloud to detect malware and perform rapid analysis. Cloud protection and automatic sample submission work together with Microsoft Defender Antivirus to help protect against new and emerging threats. If a suspicious or malicious file is detected, a sample is sent to the cloud service for analysis while Microsoft Defender Antivirus blocks the file. As soon as a determination is made, which happens quickly, the file is either released or blocked by Microsoft Defender Antivirus.
There are two more scenarios where Defender for Endpoint might request a file sa
|Manual file sample collection in the Microsoft 365 Defender portal | When onboarding devices to Defender for Endpoint, you can configure settings for [endpoint detection and response (EDR)](overview-endpoint-detection-response.md). For example, there is a setting to enable sample collections from the device, which can easily be confused with the sample submission settings described in this article. <br/><br/>The EDR setting controls file sample collection from devices when requested through the Microsoft 365 Defender portal, and is subject to the roles and permissions already established. This setting can allow or block file collection from the endpoint for features such as deep analysis in the Microsoft 365 Defender portal. If this setting is not configured, the default is to enable sample collection. <br/><br/>Learn about Defender for Endpoint configuration settings, see: [Onboarding tools and methods for Windows 10 devices in Defender for Endpoint](configure-endpoints.md) | | Automated investigation and response content analysis | When [automated investigations](automated-investigations.md) are running on devices (when configured to run automatically in response to an alert or manually run), files that are identified as suspicious can be collected from the endpoints for further inspection. If necessary, the file content analysis feature for automated investigations can be disabled in the Microsoft 365 Defender portal. <br/><br/> The file extension names can also be modified to add or remove extensions for other file types that will be automatically submitted during an automated investigation. <br/><br/> To learn more, see [Manage automation file uploads](manage-automation-file-uploads.md). |
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also [Next-generation protection overview](next-generation-protection.md)
security Cloud Protection Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus.md
# Cloud protection and Microsoft Defender Antivirus **Applies to:**+ - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ Next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To identify new threats dynamically, next-generation technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. Cloud protection works together with Microsoft Defender Antivirus to deliver accurate, real-time, and intelligent protection. [:::image type="content" source="images/mde-cloud-protection.png" alt-text="Diagram showing how cloud protection works together with Microsoft Defender Antivirus" lightbox="images/mde-cloud-protection.png":::](enable-cloud-protection-microsoft-defender-antivirus.md)
Now that you have an overview of cloud protection in Microsoft Defender Antiviru
1. See [Why cloud protection should be enabled for Microsoft Defender Antivirus](why-cloud-protection-should-be-on-mdav.md).
-2. Proceed to [Enable cloud protection](enable-cloud-protection-microsoft-defender-antivirus.md)
+2. Proceed to [Enable cloud protection](enable-cloud-protection-microsoft-defender-antivirus.md)
+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Command Line Arguments Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can perform various functions in Microsoft Defender Antivirus using the dedicated command-line tool **mpcmdrun.exe**. This utility is useful when you want to automate Microsoft Defender Antivirus tasks. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. Run it from a command prompt.
The following table lists common errors that can occur while using the MpCmdRun
|**ValidateMapsConnection failed to establish a connection to MAPS (hr=800722F0D**|The firewall is blocking the connection or conducting SSL inspection.| |**ValidateMapsConnection failed to establish a connection to MAPS (hr=80072EE7 httpcode=451)**|The firewall is blocking the connection or conducting SSL inspection.|
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md)
security Common Exclusion Mistakes Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
+- macOS
+- Linux
You can define an exclusion list for items that you don't want Microsoft Defender Antivirus to scan. Such excluded items could contain threats that make your device vulnerable. This article describes some common mistake that you should avoid when defining exclusions.
Do not use a single exclusion list to define exclusions for multiple server work
Microsoft Defender Antivirus Service runs in system context using the LocalSystem account, which means it gets information from the system environment variable, and not from the user environment variable. Use of environment variables as a wildcard in exclusion lists is limited to system variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. Therefore, do not use user environment variables as wildcards when adding Microsoft Defender Antivirus folder and process exclusions. See the table under [System environment variables](configure-extension-file-exclusions-microsoft-defender-antivirus.md#system-environment-variables) for a complete list of system environment variables. See [Use wildcards in the file name and folder path or extension exclusion lists](configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) for information on how to use wildcards in exclusion lists.+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Configuration Management Reference Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus.md
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ You can manage and configure Microsoft Defender Antivirus with the following tools: - [Microsoft Intune](/mem/intune/protect/endpoint-security-antivirus-policy) (now part of Microsoft Endpoint Manager)
The following articles provide further information, links, and resources for usi
|[Manage Microsoft Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage Microsoft Defender Antivirus, plus links to documentation for all cmdlets and allowed parameters| |[Manage Microsoft Defender Antivirus with Windows Management Instrumentation (WMI)](use-wmi-microsoft-defender-antivirus.md)|Instructions for using WMI to manage Microsoft Defender Antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties)| |[Manage Microsoft Defender Antivirus with the MpCmdRun.exe command-line tool](command-line-arguments-microsoft-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use Microsoft Defender Antivirus|+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Configure Advanced Scan Types Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
## Use Microsoft Intune to configure scanning options
If Microsoft Defender Antivirus detects a threat inside an email message, it wil
On any OS, only the network drives that are mapped at system level, are scanned. User-level mapped network drives aren't scanned. User-level mapped network drives are those that a user maps in their session manually and using their own credentials.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
security Configure Block At First Sight Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
This article describes an antivirus/antimalware feature known as "block at first sight", and describes how to enable block at first sight for your organization.
If you have a personal device that is not managed by an organization, you might
> [!CAUTION] > Turning off block at first sight lowers the level of protection for your device. We do not recommend permanently disabling block at first sight.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
## See also
security Configure Cloud Block Timeout Period Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Microsoft Defender Antivirus cloud service](cloud-protection-microsoft-defender-antivirus.md).
You can use Group Policy to specify an extended timeout for cloud checks.
5. Select **OK**.
-
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Configure Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+**Platforms**
+- Windows
You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection.
Keep the following points in mind when you are defining exclusions:
- Review and audit changes to your list of exclusions. Your security team should preserve context around why a certain exclusion was added to avoid confusion later on. Your security team should be able to provide specific answers to questions about why exclusions exist.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Microsoft Defender Antivirus exclusions on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md)
security Configure Extension File Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ You can define exclusions for Microsoft Defender Antivirus that apply to [scheduled scans](schedule-antivirus-scans.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on, real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). **Generally, you shouldn't need to apply exclusions**. If you do need to apply exclusions, you can choose from several different kinds: - Exclusions based on file extensions and folder locations (described in this article)
If you do not have Internet access, you can create your own EICAR test file by w
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md)
security Configure Local Policy Overrides Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
By default, Microsoft Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances.
You can disable this setting to ensure that only globally-defined lists (such as
> [!NOTE] > If you disable local list merging, it will override controlled folder access settings. It also overrides any protected folders or allowed apps set by the local administrator. For more information about controlled folder access settings, see [Allow a blocked app in Windows Security](https://support.microsoft.com/help/4046851/windows-10-allow-blocked-app-windows-security).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related topics - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
security Configure Microsoft Defender Antivirus Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can configure Microsoft Defender Antivirus with a number of tools, such as:
The following broad categories of features can be configured:
> [!TIP] > Review [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md).+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Configure Network Connections Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
To ensure Microsoft Defender Antivirus cloud-delivered protection works properly, your security team must configure your network to allow connections between your endpoints and certain Microsoft servers. This article lists connections that must be allowed for using the firewall rules. It also provides instructions for validating your connection. Configuring your protection properly will ensure you receive the best value from your cloud-delivered protection services.
A similar message occurs if you're using Internet Explorer:
The Windows event log will also show [Windows Defender client event ID 1116](troubleshoot-microsoft-defender-antivirus.md).
+ > [!TIP]
+ > If youΓÇÖre looking for Antivirus related information for other platforms, see:
+ > - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+ > - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+ > - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+ > - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+ > - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+ > - [Configure Defender for Endpoint on Android features](android-configure.md)
+ > - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
++ ## See also - [Configure device proxy and Internet connectivity settings for Microsoft Defender for Endpoint](configure-proxy-internet.md)
security Configure Notifications Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
In Windows 10 and Windows 11, application notifications about malware detection and remediation are more robust, consistent, and concise. Microsoft Defender Antivirus notifications appear on endpoints when scans are completed and threats are detected. Notifications follow both scheduled and manually triggered scans. These notifications also appear in the **Notification Center**, and a summary of scans and threat detections appear at regular time intervals.
To add custom contact information to endpoint notifications, see [Customize the
5. Select **OK**. This will prevent additional notifications from appearing.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Configure Process Opened File Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.
$WDAVprefs.ExclusionProcess
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Microsoft Defender Antivirus cmdlets](/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md)
security Configure Protection Features Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Microsoft Defender Antivirus uses several methods to provide threat protection:
See [Use next-gen Microsoft Defender Antivirus technologies through cloud protec
||| | [Detect and block potentially unwanted applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md)| Detect and block apps that may be unwanted in your network, such as adware, browser modifiers and toolbars, and rogue or fake antivirus apps | | [Enable and configure Microsoft Defender Antivirus protection capabilities](configure-real-time-protection-microsoft-defender-antivirus.md)|Enable and configure real-time protection, heuristics, and other always-on Microsoft Defender Antivirus monitoring features |+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Configure Real Time Protection Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus.md
# Enable and configure Microsoft Defender Antivirus always-on protection in Group Policy - **Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities.
The main real-time protection capability is enabled by default, but you can disa
6. Close **Local Group Policy Editor**.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)
security Configure Remediation Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
When Microsoft Defender Antivirus runs a scan, it attempts to remediate or remove threats that are detected. You can configure how Microsoft Defender Antivirus should address certain threats, whether a restore point should be created before remediating, and when threats should be removed.
You can also use the [`Set-MpPreference` PowerShell cmdlet](/powershell/module/d
Also see [Configure remediation-required scheduled full Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md#remed) for more remediation-related settings.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md)
security Configure Server Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-server-endpoints.md
ms.technology: mde
- Windows Server 2022 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-configserver-abovefoldlink) Defender for Endpoint extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft 365 Defender console. Support for Windows Server provides deeper insight into server activities, coverage for kernel and memory attack detection, and enables response actions.
You'll need to complete the following general steps to successfully onboard serv
:::image type="content" source="images/server-onboarding-tools-methods.png" alt-text="An illustration of onboarding flow for Windows Servers and Windows 10 devices" lightbox="images/server-onboarding-tools-methods.png":::
-**Windows Server 2012 R2 and Windows Server 2016 (Preview)**
-
->[!IMPORTANT]
-> You'll need to turn on the preview features in the Endpoints section of Microsoft 365 Defender to use this functionality. Navigate to [Microsoft 365 Defender > Settings > Endpoints > Advanced features](https://security.microsoft.com/preferences2/integration) and turn on Preview features.
+**Windows Server 2012 R2 and Windows Server 2016**
- Download installation and onboarding packages - Apply the installation package
You'll need to complete the following general steps to successfully onboard serv
-### New Windows Server 2012 R2 and 2016 functionality in the modern unified solution (Preview)
+### New Windows Server 2012 R2 and 2016 functionality in the modern unified solution
-Previous implementation of onboarding Windows Server 2012 R2 and Windows Server 2016 required the use of Microsoft Monitoring Agent (MMA).
+The previous implementation of onboarding Windows Server 2012 R2 and Windows Server 2016 required the use of Microsoft Monitoring Agent (MMA).
The new unified solution package makes it easier to onboard servers by removing dependencies and installation steps. In addition, this unified solution package comes with the following major improvements:
Depending on the server that you're onboarding, the unified solution installs Mi
If you have previously onboarded your servers using MMA, follow the guidance provided in [Server migration](server-migration.md) to migrate to the new solution.
->[!NOTE]
->While this method of onboarding Windows Server 2012 R2 and Windows Server 2016 is in preview, you can choose to continue to use the previous onboarding method using Microsoft Monitoring Agent (MMA). For more information, see [Install and configure endpoints using MMA](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma).
-
-#### Known issues and limitations on the new, unified solution package for Windows Server 2012 R2 and 2016
+#### Known issues and limitations in the new, unified solution package for Windows Server 2012 R2 and 2016
The following specifics apply to the new unified solution package for Windows Server 2012 R2 and 2016: - Ensure connectivity requirements as specified in [Enable access to Microsoft Defender for Endpoint service URLs in the proxy server](/microsoft-365/security/defender-endpoint/configure-proxy-internet?enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server) are met. They are equivalent to those for Windows Server 2019. - We are investigating an issue with Windows Server 2012 R2 connectivity to cloud when static TelemetryProxyServer is used and the certificate revocation list (CRL) URLs are not reachable from the SYSTEM account context. The immediate mitigation is to either use an alternative proxy option that provides such connectivity, or configure the same proxy via the WinInet setting on the SYSTEM account context. - Previously, the use of the Microsoft Monitoring Agent (MMA) on Windows Server 2016 and below allowed for the OMS / Log Analytics gateway to provide connectivity to Defender cloud services. The new solution, like Microsoft Defender for Endpoint on Windows Server 2019, Windows Server 2022, and Windows 10, does not support this gateway.- - On Windows Server 2016, verify that Microsoft Defender Antivirus is installed, is active and up to date. You can download and install the latest platform version using Windows Update. Alternatively, download the update package manually from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623) or from [MMPC](https://go.microsoft.com/fwlink/?linkid=870379&arch=x64). - On Windows Server 2012 R2, there is no user interface for Microsoft Defender Antivirus. In addition, the user interface on Windows Server 2016 only allows for basic operations. To perform operations on a device locally, refer to [Manage Microsoft Defender for Endpoint with PowerShell, WMI, and MPCmdRun.exe](/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools). As a result, features that specifically rely on user interaction, such as where the user is prompted to make a decision or perform a specific task, may not work as expected. It is recommended to disable or not enable the user interface nor require user interaction on any managed server as it may impact protection capability. - Not all Attack Surface Reduction rules are available on all operating systems. See [Attack Surface Reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules).
The following specifics apply to the new unified solution package for Windows Se
- On Windows Server 2012 R2, Network Events may not populate in the timeline. This issue requires a Windows Update released as part of the [October 12, 2021 monthly rollup (KB5006714)](https://support.microsoft.com/topic/october-12-2021-kb5006714-monthly-rollup-4dc4a2cd-677c-477b-8079-dcfef2bda09e). - Operating system upgrades are not supported. Offboard then uninstall before upgrading. - Automatic exclusions for *server roles* are not supported on Windows Server 2012 R2; however, built-in exclusions for operating system files are. For more information about adding exclusions, see [Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-currently-supported-versions-of-windows-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).-- Currently, if you choose to offboard and uninstall the modern, unified solution and re-onboard the previous MMA-based EDR sensor, you may encounter repeated `MsSenseS.exe` crashes. -
-As a workaround, remove the following registry keys if they exist:
-- `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security\fdedb2b8-61e4-4a7e-8b15-abf214a08fcc`-- `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security\c60418cc-7e07-400f-ae3b-d521c5dbd96f`-
-You can use the following commands:
-
-```cmd
-reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security /v fdedb2b8-61e4-4a7e-8b15-abf214a08fcc /f
-reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security /v c60418cc-7e07-400f-ae3b-d521c5dbd96f /f
-```
-No restart is required.
--
-<a name="integration-with-azure-defender"></a>
+- On machines that have been upgraded from the previous, MMA-based solution and the EDR sensor is a (preview) version older than 10.8047.22439.1056, uninstalling and reverting back to the MMA-based solution may lead to crashes.
+- Integration with Microsoft Defender for Cloud / Microsoft Defender for servers for alerting and automated deployment or upgrade is not yet available. Whilst you can manually install the new solution on these machines, no alerts will be displayed in Microsoft Defender for Cloud.
## Integration with Microsoft Defender for Cloud
Microsoft Defender for Endpoint integrates seamlessly with Microsoft Defender fo
For more information, see [Integration with Microsoft Defender for Cloud](azure-server-integration.md). > [!NOTE]
-> For Windows Server 2012 R2 and 2016 running the modern unified solution preview, integration with Microsoft Defender for Cloud / Microsoft Defender for servers for alerting and automated deployment is not yet available. Whilst you can manually install the new solution on these machines, no alerts will be displayed in Microsoft Defender for Cloud.
+> For Windows Server 2012 R2 and 2016 running the modern unified solution, integration with Microsoft Defender for Cloud / Microsoft Defender for servers for alerting and automated deployment or upgrade is not yet available. Whilst you can manually install the new solution on these machines, no alerts will be displayed in Microsoft Defender for Cloud.
> [!NOTE] > - The integration between Microsoft Defender for servers and Microsoft Defender for Endpoint has been expanded to support Windows Server 2022, [Windows Server 2019, and Windows Virtual Desktop (WVD)](/azure/security-center/release-notes#microsoft-defender-for-endpoint-integration-with-azure-defender-now-supports-windows-server-2019-and-windows-10-virtual-desktop-wvd-in-preview).
For more information, see [Integration with Microsoft Defender for Cloud](azure-
## Windows Server 2012 R2 and Windows Server 2016
-> [!NOTE]
-> While this method of onboarding Windows Server 2012 R2 and Windows Server 2016 is in preview, you can choose to continue to use the previous onboarding method using Microsoft Monitoring Agent (MMA). For more information, see [Install and configure endpoints using MMA](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma).
- ### Prerequisites **Prerequisites for Windows Server 2012 R2**
The installer package will check if the following components have already been i
**Prerequisites for Windows Server 2016**
-Aside from fully updating the machine with the Latest Cumulative Update (LCU), verify that Microsoft Defender Antivirus is installed, is active and up to date. You can download and install the latest platform version using Windows Update. Alternatively, download the update package manually from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623) or from [MMPC](https://go.microsoft.com/fwlink/?linkid=870379&arch=x64).
+The Servicing Stack Update (SSU) from September 14, 2021 or later must be installed. The Latest Cumulative Update (LCU) from September 20, 2018 or later must be installed. It is recommended to install the latest available SSU and LCU on the server.
-> [!NOTE]
-> In order to successfully update the built-in version of Windows Defender, which has a version number starting with 4.10, to the latest available platform, a servicing stack update must have been applied as well as the Latest Cumulative Update (LCU) equal to or later than September 20, 2018ΓÇöKB4457127 (OS Build 14393.2515).
+The Microsoft Defender Antivirus feature must be installed and running version 4.18.2109.6 or later. You can download and install the latest platform version using Windows Update. Alternatively, download the update package manually from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623) or from [MMPC](https://go.microsoft.com/fwlink/?linkid=870379&arch=x64).
**Prerequisites for running with third-party security solutions** If you intend to use a third-party antimalware solution, you'll need to run Microsoft Defender Antivirus in passive mode. You must remember to set to passive mode during the installation and onboarding process.
-**New update package for Microsoft Defender for Endpoint on Windows Server 2012 R2 and 2016**
+
+**Update package for Microsoft Defender for Endpoint on Windows Server 2012 R2 and 2016**
+> [!NOTE]
+> If you're installing Microsoft Defender for Endpoint on Servers with McAfee Endpoint Security (ENS) or VirusScan Enterprise (VSE), the version of the McAfee platform may need to be updated to ensure Microsoft Defender Antivirus is not removed or disabled. For more information including the specific version numbers required, see, [McAfee Knowledge Center article](https://kc.mcafee.com/corporate/index?page=content&id=KB88214).
++ To receive regular product improvements and fixes for the EDR Sensor component, ensure Windows Update [KB5005292](https://go.microsoft.com/fwlink/?linkid=2168277) gets applied or approved. In addition, to keep protection components updated, see [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions).
You can offboard Windows Server 2012 R2, Windows Server 2016, Windows Server (SA
- [Offboard and monitor devices using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-devices-using-mobile-device-management-tools) - [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script)
+After offboarding, you can proceed to uninstall the unified solution package on Windows Server 2012 R2 and Windows Server 2016.
+ For other Windows server versions, you have two options to offboard Windows servers from the service: - Uninstall the MMA agent
security Configure Server Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md). In addition to server role-defined automatic exclusions, you can add or remove custom exclusions. To do that, refer to these articles:
If necessary, you can add or remove custom exclusions. To do that, see the follo
- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Configure and validate exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md)
security Configure Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-updates.md
ms.technology: m365d
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> [!NOTE] > This functionality requires Microsoft Defender Antivirus version 4.18.2106.X or newer.
Example:
Use `Set-MpPreference -PlatformUpdatesChannel Beta` to configure platform updates to arrive from the Beta Channel. For more information on the parameters and how to configure them, see [Set-MpPreference (Microsoft Defender Antivirus)|Microsoft Docs](/powershell/module/defender/set-mppreference).+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/controlled-folders.md
Last updated
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Applies to**
+- Windows
+ > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
security Customize Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/customize-controlled-folders.md
Last updated
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> [!TIP] > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
security Defender Endpoint False Positives Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md).
If you have worked through all the steps in this article and still need help, co
3. In the **Support Assistant** window, describe your issue, and then send your message. From there, you can open a service request.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also [Manage Microsoft Defender for Endpoint](manage-mde-post-migration.md)
security Deploy Manage Report Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can deploy, manage, and report on Microsoft Defender Antivirus in a number of ways.
Topic | Description
[Deploy and enable Microsoft Defender Antivirus protection](deploy-microsoft-defender-antivirus.md) | While the client is installed as a core part of Windows 10 or Windows 11, and traditional deployment does not apply, you will still need to enable the client on your endpoints with Microsoft Endpoint Configuration Manager, Microsoft Intune, or Group Policy Objects. [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) | There are two parts to updating Microsoft Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in a number of ways, using Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, and WMI. [Monitor and report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection.+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+
security Deploy Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Depending on the management tool you are using, you may need to specifically enable or configure Microsoft Defender Antivirus protection.
The remaining article in this section provides end-to-end advice and best practi
- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - [Deploy, manage updates, and report on Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)-- [Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md)
+- [Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md)
+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Deployment Rings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-rings.md
The following table shows the supported endpoints and the corresponding tool you
| Endpoint | Deployment tool | |--||
-| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> NOTE: If you want to deploy more than 10 devices in a production environment, use the Group Policy method instead or the other supported tools listed below.<br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-azure-defender) |
+| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> NOTE: If you want to deploy more than 10 devices in a production environment, use the Group Policy method instead or the other supported tools listed below.<br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-microsoft-defender-for-cloud) |
| **macOS** | [Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) | | **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md)| | **iOS** | [Microsoft Endpoint Manager](ios-install.md) |
security Deployment Strategy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-strategy.md
Use the following material to select the appropriate Defender for Endpoint archi
| Endpoint | Deployment tool | |--||
-| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-azure-defender) |
+| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-microsoft-defender-for-cloud) |
| **macOS** | [Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) | | **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md)| | **iOS** | [Microsoft Endpoint Manager](ios-install.md) |
The following table lists the supported endpoints and the corresponding deployme
|Endpoint|Deployment tool| |||
-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-azure-defender)|
+|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-microsoft-defender-for-cloud)|
|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| |**Linux Server**|[Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md)| |**iOS**|[App-based](ios-install.md)|
security Deployment Vdi Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
In addition to standard on-premises or hardware configurations, you can also use Microsoft Defender Antivirus in a remote desktop (RDS) or non-persistent virtual desktop infrastructure (VDI) environment.
Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist
4. Deploy your Group Policy object as you usually do.
-Suppressing notifications prevents notifications from Microsoft Defender Antivirus from showing up in the Action Center on Windows 10 when scans are done or remediation actions are taken. However, your security operations team will see the results of the scan in the While the attack was detected and stopped, alerts, such as an "initial access alert," were triggered and appeared in the [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender).
+Suppressing notifications prevents notifications from Microsoft Defender Antivirus from showing up in the Action Center on Windows 10 when scans are done or remediation actions are taken. However, your security operations team will see the results of the scan while the attack was detected and stopped; alerts, such as an "initial access alert," are triggered and appear in the [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender).
> [!TIP] > To open the Action Center on Windows 10 or Windows 11, take one of the following steps:
Exclusions can be added, removed, or customized to suit your needs.
For more information, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-exclusions-microsoft-defender-antivirus.md).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Additional resources - [Tech Community Blog: Configuring Microsoft Defender Antivirus for non-persistent VDI machines](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/configuring-microsoft-defender-antivirus-for-non-persistent-vdi/ba-p/1489633)
security Detect Block Potentially Unwanted Apps Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Edge](/microsoft-edge/deploy/microsoft-edge)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software that might be unexpected or unwanted. PUA is not considered a virus, malware, or other type of threat, but it might perform actions on endpoints that adversely affect endpoint performance or use. The term *PUA* can also refer to an application that has a poor reputation, as assessed by Microsoft Defender for Endpoint, due to certain kinds of undesirable behavior.
Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA
For more information, see [Configure and validate exclusions based on file extension and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Next-generation protection](microsoft-defender-antivirus-in-windows-10.md)
security Edr In Block Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/edr-in-block-mode.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
The following table lists requirements for EDR in block mode:
|Requirement|Details| ||| |Permissions|You must have either the Global Administrator or Security Administrator role assigned in [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). For more information, see [Basic permissions](basic-permissions.md).|
-|Operating system|Devices must be running one of the following versions of Windows: <br/>- Windows 11 <br/>- Windows 10 (all releases)<br/>- Windows Server 2022 <br/>- Windows Server 2019<br/>- Windows Server, version 1803 or newer<br/>- Windows Server 2016 and Windows Server 2012 R2 (with the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview))<sup>[[1](#fn1)]</sup> |
-|Microsoft Defender for Endpoint|Devices must be onboarded to Defender for Endpoint. See the following articles: <br/>- [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md)<br/>- [Onboard devices and configure Microsoft Defender for Endpoint capabilities](onboard-configure.md)<br/>- [Onboard Windows servers to the Defender for Endpoint service](configure-server-endpoints.md)<br/>- [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution (Preview)](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview) |
+|Operating system|Devices must be running one of the following versions of Windows: <br/>- Windows 11 <br/>- Windows 10 (all releases)<br/>- Windows Server 2022 <br/>- Windows Server 2019<br/>- Windows Server, version 1803 or newer<br/>- Windows Server 2016 and Windows Server 2012 R2 (with the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution))<sup>[[1](#fn1)]</sup> |
+|Microsoft Defender for Endpoint|Devices must be onboarded to Defender for Endpoint. See the following articles: <br/>- [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md)<br/>- [Onboard devices and configure Microsoft Defender for Endpoint capabilities](onboard-configure.md)<br/>- [Onboard Windows servers to the Defender for Endpoint service](configure-server-endpoints.md)<br/>- [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution (Preview)](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution) |
|Microsoft Defender Antivirus|Devices must have Microsoft Defender Antivirus installed and running in either active mode or passive mode. [Confirm Microsoft Defender Antivirus is in active or passive mode](#how-do-i-confirm-microsoft-defender-antivirus-is-in-active-or-passive-mode).| |Cloud-delivered protection|Microsoft Defender Antivirus must be configured such that [cloud-delivered protection is enabled](enable-cloud-protection-microsoft-defender-antivirus.md).| |Microsoft Defender Antivirus platform|Devices must be up to date. To confirm, using PowerShell, run the [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus) cmdlet as an administrator. In the **AMProductVersion** line, you should see **4.18.2001.10** or above. <p> To learn more, see [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).|
If Microsoft Defender Antivirus is running in active mode or passive mode, EDR i
- Windows Server, version 1803 or newer - Windows Server 2022 - Windows Server 2019 -- Windows Server 2016 and Windows Server 2012 R2 (with the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview))
+- Windows Server 2016 and Windows Server 2012 R2 (with the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution))
-With the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview) for Windows Server 2016 and Windows Server 2012 R2, you can run EDR in block mode in either passive mode or active mode.
+With the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution) for Windows Server 2016 and Windows Server 2012 R2, you can run EDR in block mode in either passive mode or active mode.
> [!NOTE] > Windows Server 2016 and Windows Server 2012 R2 must be onboarded using the instructions in [Onboard Windows servers](configure-server-endpoints.md) for this feature to work.
security Enable Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md
Last updated 1/18/2022
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> [!TIP] > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
You can also exclude ASR rules from triggering based on certificate and file has
> [!IMPORTANT] > Excluding files or folders can severely reduce the protection provided by ASR rules. Excluded files will be allowed to run, and no report or event will be recorded.
-> If ASR rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md).
+> If ASR rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](attack-surface-reduction-rules-deployment-test.md#step-1-test-asr-rules-using-audit).
You can specify individual files or folders (using folder paths or fully qualified resource names), but you can't specify which rules the exclusions apply to. An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted.
security Enable Cloud Protection Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus.md
**Applies to:** -- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+
+**Platforms**
+- Windows
[Cloud protection in Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md) delivers accurate, real-time, and intelligent protection. Cloud protection should be enabled by default; however, you can configure cloud protection to suit your organization's needs.
For more information about allowed parameters, see [Windows Defender WMIv2 APIs]
> [!NOTE] > If automatic sample submission has been configured with Group Policy then the setting will be greyed-out and unavailable.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Use Microsoft cloud protection in Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md)
security Enable Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-controlled-folders.md
Last updated
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
security Enable Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-network-protection.md
Last updated
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> [!TIP] > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
security Evaluate Controlled Folder Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access.md
Last updated
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-enablesiem-abovefoldlink)
security Evaluate Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus.md
**Applies to:**+
+- Microsoft Defender Antivirus
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+**Platforms**
+- Windows
+ Use this guide to determine how well Microsoft Defender Antivirus protects you from viruses, malware, and potentially unwanted applications. > [!TIP]
You can also download a PowerShell that will enable all the settings described i
> > For the latest recommendations for real-world deployment and monitoring of Microsoft Defender Antivirus across a network, see [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related topics - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
security Feedback Loop Blocking https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/feedback-loop-blocking.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
## Overview
If your organization is using Defender for Endpoint, feedback-loop blocking is e
- [Next-generation protection](/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features) (antivirus)
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Behavioral blocking and containment](behavioral-blocking-containment.md)
security Gov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/gov.md
iOS|![Yes.](images/svg/check-yes.svg) <br /> Public preview|![Yes](images/svg/ch
> [!NOTE] > <sup>1</sup> The patch must be deployed prior to device onboarding in order to configure Defender for Endpoint to the correct environment. >
-> <sup>2</sup> Learn about the [unified modern solution for Windows 2016 and 2012 R2](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview). If you have previously onboarded your servers using MMA, follow the guidance provided in [Server migration](server-migration.md) to migrate to the new solution.
+> <sup>2</sup> Learn about the [unified modern solution for Windows 2016 and 2012 R2](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution). If you have previously onboarded your servers using MMA, follow the guidance provided in [Server migration](server-migration.md) to migrate to the new solution.
> > <sup>3</sup> When using [Microsoft Monitoring Agent](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma) you'll need to choose "Azure US Government" under "Azure Cloud" if using the [setup wizard](/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard), or if using a [command line](/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line) or a [script](/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation) - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1. <br /> The minimum MMA supported version is 10.20.18029 (March 2020).
security Limited Periodic Scanning Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 or Windows 11 device.
Sliding the switch to **On** will show the standard Microsoft Defender AV option
## Related articles - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)-- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
+- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Machine Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine-reports.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
+- Mac OS
+- Linux
+- iOS
+- Android
Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
For example, to show data about Windows 10 devices with Active sensor health sta
2. Then select **OS platforms > Windows 10**. 3. Select **Apply**.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related topic - [Threat protection report](threat-protection-reports.md)
security Manage Event Based Updates Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Microsoft Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service.
If you have enabled cloud-delivered protection, Microsoft Defender AV will send
> [!NOTE] > **Allow notifications to disable definitions based reports** enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
security Manage Gradual Rollout https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-gradual-rollout.md
ms.technology: m365d
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
It is important to ensure that client components are up-to-date to deliver critical protection capabilities and prevent attacks.
To create your own custom gradual rollout process for monthly updates, you can u
- PowerShell For details on how to use these tools, see [Create a custom gradual rollout process for Microsoft Defender updates](configure-updates.md).+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Manage Outdated Endpoints Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Microsoft Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis.
See the following for more information and allowed parameters:
4. [Deploy the updated policy as usual](/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
security Manage Protection Update Schedule Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Microsoft Defender Antivirus lets you determine when it should look for and download updates.
See the following for more information and allowed parameters:
- [Windows Defender WMIv2 APIs](/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal)
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
security Manage Protection Updates Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
<a id="protection-updates"></a> <!-- this has been used as anchor in VDI content -->
Set up a network file share (UNC/mapped drive) to download security intelligence
> [!NOTE] > Do not add the x64 (or x86) folder in the path. The mpcmdrun.exe process adds it automatically.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
security Manage Updates Baselines Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md
ms.technology: mde Previously updated : 04/07/2022 Last updated : 04/11/2022 - M365-security-compliance - m365initiative-defender-endpoint
- [Microsoft Defender for Endpoint Plans 1 and 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. Make sure to update your antivirus protection, even if Microsoft Defender Antivirus is running in [passive mode](microsoft-defender-antivirus-compatibility.md). There are two types of updates related to keeping Microsoft Defender Antivirus up to date: - Security intelligence updates
All our updates contain
<summary>March-2022 (Platform: 4.18.2203.5 | Engine: 1.1.19100.5)</summary> &ensp;Security intelligence update version: **1.361.1449.0**<br/>
-&ensp;Released: **March 7, 2022**<br/>
+&ensp;Released: **April 7, 2022**<br/>
&ensp;Platform: **4.18.2203.5**<br/> &ensp;Engine: **1.1.19100.5**<br/> &ensp;Support phase: **Security and Critical Updates**<br/>
For more information, see [Microsoft Defender update for Windows operating syste
|[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. | |[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. | | [Microsoft Defender for Endpoint update for EDR Sensor](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac) | You can update the EDR sensor (MsSense.exe) that is included in the new Microsoft Defender for Endpoint unified solution package released in 2021. |+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Manage Updates Mobile Devices Vms Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Mobile devices and VMs may require more configuration to ensure performance is not impacted by updates.
You can configure Microsoft Defender Antivirus to only download protection updat
This action prevents protection updates from downloading when the PC is on battery power.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md)
security Microsoft Defender Antivirus Compatibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility.md
- Microsoft Defender Antivirus - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+**Platforms**
+- Windows
+ [!include[Prerelease information](../../includes/prerelease.md)] Microsoft Defender Antivirus is automatically installed on endpoints running the following versions of Windows:
The table in this section describes various states you might see with Microsoft
| Passive mode | In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are *not* remediated by Microsoft Defender Antivirus. Threats can be remediated by [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md), however. <br/><br/> Files are scanned by EDR, and reports are provided for threat detections that are shared with the Defender for Endpoint service. You might see alerts showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode. <br/><br/> When Microsoft Defender Antivirus is in passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into active mode if your devices have a non-Microsoft antivirus product that is providing real-time protection from malware. <br/><br/> For optimal security layered defense and detection efficacy, make sure to get your antivirus and antimalware updates, even if Microsoft Defender Antivirus is running in passive mode. See [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md). <br/><br/> Note that passive mode is only supported on Windows Server 2012 R2 & 2016 when the machine is onboarded using the [modern, unified solution](/microsoft-365/security/defender-endpoint/configure-server-endpoints). | | Disabled <br/><br/> or <br/><br/> Uninstalled | When disabled or uninstalled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. <br/><br/> Disabling or uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution. <br/><br/> In cases where Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the non-Microsoft antivirus/antimalware product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. The automatic re-enabling of Microsoft Defender Antivirus helps to ensure that antivirus protection is maintained on your endpoints. <br/><br/> You might also use [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which works with the Microsoft Defender Antivirus engine to periodically check for threats if you are using a non-Microsoft antivirus app. |
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
## See also
security Microsoft Defender Antivirus Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
# Microsoft Defender Antivirus in Windows **Applies to:**+ - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ Microsoft Defender Antivirus is available in Windows 10 and Windows 11, and in versions of Windows Server. Microsoft Defender Antivirus is a major component of your next-generation protection in Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices (or endpoints) in your organization. Microsoft Defender Antivirus is built into Windows, and it works with Microsoft Defender for Endpoint to provide protection on your device and in the cloud.
You'll see the name of your antivirus/antimalware solution on the settings page.
It's important to keep Microsoft Defender Antivirus, or any antivirus/antimalware solution, up to date. Microsoft releases regular updates to help ensure that your devices have the latest technology to protect against new malware and attack techniques. To learn more, see [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Microsoft Defender Antivirus management and configuration](configuration-management-reference-microsoft-defender-antivirus.md)
security Microsoft Defender Offline https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-offline.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).
See the following for more information:
Microsoft Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](microsoft-defender-security-center-antivirus.md).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
security Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection.md
Last updated
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
security Next Generation Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/next-generation-protection.md
# Next-generation protection overview **Applies to**+
+- Microsoft Defender Antivirus
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+**Platforms**
+- Windows
+ Microsoft Defender for Endpoint includes next-generation protection to reinforce the security perimeter of your network. Next-generation protection was designed to catch all types of emerging threats. In addition to Microsoft Defender Antivirus, your next-generation protection services include the following capabilities: - [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-microsoft-defender-antivirus.md), which includes always-on scanning using file and process behavior monitoring and other heuristics (also known as *real-time protection*). It also includes detecting and blocking apps that are deemed unsafe, but might not be detected as malware.
For information on how to configure next-generation protection services, see [Co
> [!NOTE] > Configuration and management is largely the same in Windows Server as in Windows clients. However, there are some differences. +
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+
security Office 365 Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus.md
- Microsoft Defender Antivirus - Microsoft 365
+**Platforms**
+- Windows
+ You might already know that: - **Microsoft Defender Antivirus protects your Windows device from software threats, such as viruses, malware, and spyware**. Microsoft Defender Antivirus is your complete, ongoing protection, built into Windows 10 and Windows 11, and ready to go. [Microsoft Defender Antivirus is your next-generation protection](./microsoft-defender-antivirus-in-windows-10.md).
Protection from ransomware is one great reason to put your files in OneDrive. An
> [!VIDEO https://www.microsoft.com/videoplayer/embed/70b4d256-46fb-481f-ad9b-921ef5fd7bed]
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Want to learn more? See these resources: - [OneDrive](/onedrive)
Protection from ransomware is one great reason to put your files in OneDrive. An
- [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-atp) - [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md)++
security Onboard Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-configure.md
The following table lists the available tools based on the endpoint that you nee
| Endpoint | Tool options | |--||
-| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-azure-defender) |
+| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-microsoft-defender-for-cloud) |
| **macOS** | [Local scripts](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) | | **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md)| | **iOS** | [Microsoft Endpoint Manager](ios-install.md) |
security Overview Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction.md
Last updated 1/18/2022
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> [!TIP] > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
As mentioned in the video, Defender for Endpoint includes several attack surface
|:|:| | [Hardware-based isolation](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. Use container isolation for Microsoft Edge to help guard against malicious websites. | | [Application control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) | Use application control so that your applications must earn trust in order to run. |
-| [Controlled folder access](controlled-folders.md) | Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Microsoft Defender Antivirus) |
-| [Network protection](network-protection.md) | Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus) |
+| [Controlled folder access](controlled-folders.md) | Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Microsoft Defender Antivirus). |
+| [Network protection](network-protection.md) | Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus). |
| [Exploit protection](exploit-protection.md) | Help protect the operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions. | | [Device control](device-control-report.md) | Protects against data loss by monitoring and controlling media used on devices, such as removable storage and USB drives, in your organization. |
-| [Attack surface reduction (ASR) rules deployment guide](attack-surface-reduction-rules-deployment.md) | Presents overview information and prerequisites for deploying attack surface reduction rules |
-| [Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) | Lists the recommended steps for attack surface reduction rules deployment |
+| [Attack surface reduction (ASR) rules deployment guide](attack-surface-reduction-rules-deployment.md) | Presents overview information and prerequisites for deploying attack surface reduction rules. |
+| [Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) | Lists the recommended steps for attack surface reduction rules deployment. |
| [Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) | Provides steps to use audit mode to test attack surface reduction rules. |
-| [Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) | Shows the steps to transition attack surface reduction rules from test (audit) mode to the active, enabled (Block) mode |
+| [Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) | Shows the steps to transition attack surface reduction rules from test (audit) mode to the active, enabled (Block) mode. |
| [Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) | Provides information about day-to-day review and maintenance activities. | | [Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md) | Provides details about each attack surface reduction rule. | | [Attack surface reduction rules](attack-surface-reduction.md) | Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus). |
security Prevent Changes To Security Settings With Tamper Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Tamper protection is available for devices that are running one of the following versions of Windows:
Tamper protection is available for devices that are running one of the following
- Windows Server 2012 R2 > [!NOTE]
-> Tamper protection in Windows Server 2012 R2 is available for devices that are onboarded to Microsoft Defender for Endpoint by using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016 Preview](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-functionality-in-the-modern-unified-solution-for-windows-server-2012-r2-and-2016-preview).
+> Tamper protection in Windows Server 2012 R2 is available for devices onboarded using the modern unified solution package. For more information, see [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints).
+ ## Overview
If your organization uses Microsoft Endpoint Manager (MEM) you can turn tamper p
If you're using [version 2006 of Configuration Manager](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver endpoint security configuration policies to on-premises collections & devices. > [!NOTE]
-> The procedure can be used to extend tamper protection to devices running Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2019, and Windows Server 2022. Make sure to review the prerequisites and other information in the resources mentioned in this procedure.
+> The procedure can be used to extend tamper protection to devices running Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2019, and Windows Server 2022. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. For Windows Server 2012 R2 running the modern, unified solution [version 2203 of Configuration Manager](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2203) is required.
1. Set up tenant attach. To learn more, see [Get started: Create and deploy endpoint security policies from the admin center](/mem/configmgr/tenant-attach/endpoint-security-get-started).
Here's what you see in the Windows Security app:
3. Set **Tamper Protection** to **On** or **Off**.
-## Are you using Windows Server 2016, or Windows version 1709, 1803, or 1809?
+## Are you using Windows Server 2012 R2, 2016, or Windows version 1709, 1803, or 1809?
-If you are using Windows Server 2016, Windows 10 version 1709, 1803, or [1809](/windows/release-health/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. Instead, you can use PowerShell to determine whether tamper protection is enabled.
+If you are using Windows Server 2012 R2 using the modern unified solution, Windows Server 2016, Windows 10 version 1709, 1803, or [1809](/windows/release-health/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. Instead, you can use PowerShell to determine whether tamper protection is enabled.
On Windows Server 2016, the Settings app will not accurately reflect the status of real-time protection when tamper protection is enabled.
Your security operations team can also use hunting queries, such as the followin
[View information about tampering attempts](#view-information-about-tampering-attempts).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
security Prevent End User Interaction Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can use Group Policy to prevent users on endpoints from seeing the Microsoft Defender Antivirus interface. You can also prevent them from pausing scans.
You can prevent users from pausing scans, which can be helpful to ensure schedul
5. Double-click the **Allow users to pause scan** setting and set the option to **Disabled**. Click **OK**.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md)
security Production Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/production-deployment.md
Use netsh to configure a system-wide static proxy.
### Proxy Configuration for down-level devices
-Down-Level devices include Windows 7 SP1 and Windows 8.1 workstations as well as Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and versions of Windows Server 2016 prior to Windows Server CB 1803. These operating systems will have the proxy configured as part of the Microsoft Management Agent to handle communication from the endpoint to Azure. Refer to the Microsoft Management Agent Fast Deployment Guide for information on how a proxy is configured on these devices.
+Down-Level devices include Windows 7 SP1 and Windows 8.1 workstations as well as Windows Server 2008 R2, and other server operating systems that have been onboarded previously using the Microsoft Monitoring Agent. These operating systems will have the proxy configured as part of the Microsoft Management Agent to handle communication from the endpoint to Azure. Refer to the Microsoft Management Agent Fast Deployment Guide for information on how a proxy is configured on these devices.
### Proxy Service URLs
security Raw Data Export Storage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export-storage.md
```json {
- "time": "<The time WDATP received the event>"
- "tenantId": "<Your tenant ID>"
- "category": "<The Advanced Hunting table name with 'AdvancedHunting-' prefix>"
- "properties": { <WDATP Advanced Hunting event as Json> }
+ "time": "<The time WDATP received the event>"
+ "tenantId": "<Your tenant ID>"
+ "category": "<The Advanced Hunting table name with 'AdvancedHunting-' prefix>"
+ "properties": { <WDATP Advanced Hunting event as Json> }
} ```
security Report Monitor Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Microsoft Defender Antivirus is built into Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, and Windows Server 2016. Microsoft Defender Antivirus is of your next-generation protection in Microsoft Defender for Endpoint. Next-generation protection helps protect your devices from software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.
You can also [monitor malware events using the Malware Assessment solution in Lo
For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the [(Deployment, management, and reporting options table)](deploy-manage-report-microsoft-defender-antivirus.md#ref2).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
security Restore Quarantined Files Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
If Microsoft Defender Antivirus is configured to detect and remediate threats on your device, Microsoft Defender Antivirus quarantines suspicious files. If you are certain a quarantined file is not a threat, you can restore it.
If Microsoft Defender Antivirus is configured to detect and remediate threats on
> [!TIP] > Restoring a file from quarantine can also be done using Command Prompt. See [Restore a file from quarantine](/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts#restore-file-from-quarantine).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md)
security Review Scan Results Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
After a Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results.
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
Use the [**Get** method of the **MSFT_MpThreat** and **MSFT_MpThreatDetection**](/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal) classes.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles
security Run Analyzer Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-analyzer-windows.md
ms.technology: m365d
In addition to the above, there is also an option to [collect the analyzer support logs using live response.](troubleshoot-collect-support-log.md). > [!NOTE]
-> On Windows 10/11, Windows Server 2019/2022, or Windows Server 2012R2/2016 with the [modern unified solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview) installed, the client analyzer script calls into an executable file called `MDEClientAnalyzer.exe` to run the connectivity tests to cloud service URLs.
+> On Windows 10/11, Windows Server 2019/2022, or Windows Server 2012R2/2016 with the [modern unified solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution) installed, the client analyzer script calls into an executable file called `MDEClientAnalyzer.exe` to run the connectivity tests to cloud service URLs.
> > On Windows 8.1, Windows Server 2016 or any previous OS edition where Microsoft Monitoring Agent (MMA) is used for onboarding, the client analyzer script calls into an executable file called `MDEClientAnalyzerPreviousVersion.exe` to run connectivity tests for Command and Control (CnC) URLs while also calling into Microsoft Monitoring Agent connectivity tool `TestCloudConnection.exe` for Cyber Data channel URLs.
security Run Scan Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type. When you run a scan, you can choose from among three types: Quick scan, full scan, and custom scan. In most cases, use a quick scan. A quick scan looks at all the locations where there could be malware registered to start with the system, such as registry keys and known Windows startup folders.
For more information on how to use PowerShell with Microsoft Defender Antivirus,
Use the [**Start** method](/previous-versions/windows/desktop/defender/start-msft-mpscan) of the **MSFT_MpScan** class. For more information about which parameters are allowed, see [Windows Defender WMIv2 APIs](/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal)+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Schedule Antivirus Scans Group Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/schedule-antivirus-scans-group-policy.md
# Schedule antivirus scans using Group Policy **Applies to:**+ - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
This article describes how to configure scheduled scans using Group Policy. To learn more about scheduling scans and about scan types, see [Configure scheduled quick or full Microsoft Defender Antivirus scans](schedule-antivirus-scans.md).
For more information, see the [Manage when protection updates should be download
|:|:|:|:| | Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled |
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Schedule Antivirus Scans Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/schedule-antivirus-scans-powershell.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
This article describes how to configure scheduled scans using PowerShell cmdlets. To learn more about scheduling scans and about scan types, see [Configure scheduled quick or full Microsoft Defender Antivirus scans](schedule-antivirus-scans.md).
Set-MpPreference -ScanScheduleQuickScanTime
``` For more information about how to use PowerShell with Microsoft Defender Antivirus, see [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender Antivirus cmdlets](/powershell/module/defender/).+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Schedule Antivirus Scans Wmi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/schedule-antivirus-scans-wmi.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
This article describes how to configure scheduled scans using WMI. To learn more about scheduling scans and about scan types, see [Configure scheduled quick or full Microsoft Defender Antivirus scans](schedule-antivirus-scans.md).
ScanScheduleQuickScanTime
For more information and allowed parameters, see [Windows Defender WMIv2 APIs](/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Schedule Antivirus Scans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/schedule-antivirus-scans.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
In addition to always-on, real-time protection and [on-demand antivirus](run-scan-microsoft-defender-antivirus.md) scans, you can set up regular, scheduled antivirus scans. You can configure the type of scan, when the scan should occur, and if the scan should occur after a [protection update](manage-protection-updates-microsoft-defender-antivirus.md) or when an endpoint is not being used. You can also set up special scans to complete remediation actions if needed.
Use the following table to choose a scan type.
- A full scan can detect malicious files that were not detected by other scans, such as a quick scan. However, a full scan can take a while and use valuable system resources to complete. - If a device is offline for an extended period of time, a full scan can take longer to complete.+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Server Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/server-migration.md
ms.technology: mde
[!include[Prerelease information](../../includes/prerelease.md)] > [!NOTE]
-> Always ensure Microsoft Defender Antivirus is fully updated on Windows Server 2016 before proceeding with installation or upgrade. To receive regular product improvements and fixes for the EDR Sensor component, ensure Windows Update [KB5005292](https://go.microsoft.com/fwlink/?linkid=2168277) gets applied or approved. In addition, to keep protection components updated, please reference [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions).
+> Always ensure the operating system, and Microsoft Defender Antivirus on Windows Server 2016, are fully updated before proceeding with installation or upgrade. To receive regular product improvements and fixes for the EDR Sensor component, ensure Windows Update [KB5005292](https://go.microsoft.com/fwlink/?linkid=2168277) gets applied or approved after installation. In addition, to keep protection components updated, please reference [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions).
-These instructions apply to the new unified solution and installer package of Microsoft Defender for Endpoint for Windows Server 2012 R2 and Windows Server 2016. This article contains high-level instructions for various possible migration scenarios from the previous to the current solution. These high-level steps are intended as guidelines to be adjusted to the deployment and configuration tools available in your environment.
+These instructions apply to the new unified solution and installer (MSI) package of Microsoft Defender for Endpoint for Windows Server 2012 R2 and Windows Server 2016. This article contains high-level instructions for various possible migration scenarios from the previous to the current solution. These high-level steps are intended as guidelines to be adjusted to the deployment and configuration tools available in your environment.
> [!NOTE] > Operating system upgrades with Microsoft Defender for Endpoint installed are not supported. Please offboard then uninstall before proceeding with an upgrade. > [!NOTE]
-> During preview, full Microsoft Endpoint Configuration Manager automation and integration to perform an automated upgrade will be available in a later release of MECM. From the 2107 release with the latest hotfix rollup, you CAN use the Endpoint Protection node for configuration as well as Group Policy, PowerShell, Microsoft Endpoint Manager tenant attach or local configuration. In addition, you can leverage existing functionality in Microsoft Endpoint Configuration Manager to automate manual upgrade steps; methods for which are described below.
+> Full Microsoft Endpoint Configuration Manager automation and integration to perform an automated upgrade will be available in a later release of MECM. From the 2107 release with the latest hotfix rollup, you CAN use the Endpoint Protection node for configuration as well as Group Policy, PowerShell, Microsoft Endpoint Manager tenant attach or local configuration. In addition, you can leverage existing functionality in Microsoft Endpoint Configuration Manager to automate manual upgrade steps; methods for which are described below.
## Installer script
These instructions apply to the new unified solution and installer package of Mi
To facilitate upgrades when Microsoft Endpoint Configuration Manager or Microsoft Defender for Cloud are not in use or not yet available to perform the upgrade, you can use this [upgrade script](https://github.com/microsoft/mdefordownlevelserver). It can help automate the following required steps: 1. Remove the OMS workspace for Microsoft Defender for Endpoint (OPTIONAL).
-2. Remove System Center Endpoint Protection client if installed.
+2. Remove System Center Endpoint Protection (SCEP) client if installed.
3. Download and install (Windows Server 2012 R2) [prerequisites](configure-server-endpoints.md#prerequisites) if required. 4. Install Microsoft Defender for Endpoint. 5. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
EXAMPLE: .\install.ps1 -RemoveMMA <YOUR_WORKSPACE_ID> -OnboardingScript ".\Windo
## Microsoft Endpoint Configuration Manager migration scenarios
-### You are currently using Microsoft Endpoint Configuration Manager to manage your servers, including System Center Endpoint Protection (SCEP) and are running the Microsoft Monitoring Agent (MMA)-based sensor. You want to upgrade to the Microsoft Defender for Endpoint unified solution **preview**.
- >[!NOTE]
->You'll need Microsoft Endpoint Configuration Manager, version 2107.
-
+>You'll need Microsoft Endpoint Configuration Manager, version 2107 or later.
Migration steps: 1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016). 2. Create a new collection with membership rules to include machines to be migrated. 3. [Create an application](/mem/configmgr/apps/deploy-use/create-applications) to perform the following tasks:
- 1. Remove the MMA workspace configuration for Microsoft Defender for Endpoint. See [Remove a workspace using PowerShell](/azure/azure-monitor/agents/agent-manage). This step is optional; the previous EDR sensor will stop running after the newer one becomes active (note this can take several hours).
- 2. Uninstall SCEP.
- 3. Install the [prerequisites](configure-server-endpoints.md#prerequisites) where applicable.
- 4. Install Microsoft Defender for Endpoint (see [Configure server endpoints](configure-server-endpoints.md).
- 5. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
-
+ 1. Uninstall SCEP.
+ 2. Install the [prerequisites](configure-server-endpoints.md#prerequisites) where applicable.
+ 3. Install Microsoft Defender for Endpoint (see [Configure server endpoints](configure-server-endpoints.md).
+ 4. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
> [!TIP] > You can use the [installer script](server-migration.md#installer-script) as part of your application to automate the above steps. 4. Deploy the application to the new collection.
Migration steps:
3. Ensure third-party antivirus management no longer pushes antivirus to these machines.* 4. Author your policies in the Endpoint Protection node of MECM and target to the newly created collection.* 5. Create an application to perform the following tasks:
- 1. Remove the MMA workspace configuration for Microsoft Defender for Endpoint. See [Remove a workspace using PowerShell](/azure/azure-monitor/agents/agent-manage). This step is optional; the previous EDR sensor will stop running after the newer one becomes active (note this can take several hours).
+ 1. Remove the MMA workspace configuration for Microsoft Defender for Endpoint. See [Remove a workspace using PowerShell](/azure/azure-monitor/agents/agent-manage). This step is optional; the previous EDR sensor will stop running after the newer one becomes active.
2. Install the [prerequisites](configure-server-endpoints.md#prerequisites) where applicable. 3. Install the Microsoft Defender for Endpoint for Windows Server 2012 R2 and 2016 package and **enable passive mode**. See [Install Microsoft Defender Antivirus using command line](configure-server-endpoints.md#install-microsoft-defender-for-endpoint-using-the-command-line). 4. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
security Specify Cloud Protection Level Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - Microsoft Defender Antivirus
+**Platforms**
+- Windows
+ Cloud protection works together with Microsoft Defender Antivirus to deliver protection to your endpoints much faster than through traditional security intelligence updates. You can configure your level of cloud protection by using Microsoft Endpoint Manager (recommended) or Group Policy. > [!NOTE]
Cloud protection works together with Microsoft Defender Antivirus to deliver pro
> [!TIP] > Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Endpoint Manager - Preview](/mem/intune/configuration/group-policy-analytics).+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
## See also
security Switch To Mde Phase 1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-phase-1.md
To enable communication between your devices and Defender for Endpoint, configur
|Capabilities|Operating System|Resources| ||||
-|[Endpoint detection and response](overview-endpoint-detection-response.md) (EDR)|[Windows 10](/windows/release-health/release-information) or later<br/><br/>Windows Server 2022 <br/><br/>[Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803, or later](/windows-server/get-started/whats-new-in-windows-server-1803)|[Configure machine proxy and internet connectivity settings](configure-proxy-internet.md)|
-|EDR|[Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)|[Configure proxy and internet connectivity settings](onboard-downlevel.md#configure-proxy-and-internet-connectivity-settings)|
+|[Endpoint detection and response](overview-endpoint-detection-response.md) (EDR)|[Windows 10](/windows/release-health/release-information) or later<br/><br/>Windows Server 2022 <br/><br/>[Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803, or later](/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2016*](/windows/release-health/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2*](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)|[Configure machine proxy and internet connectivity settings](configure-proxy-internet.md)|
+|EDR[Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)|[Configure proxy and internet connectivity settings](onboard-downlevel.md#configure-proxy-and-internet-connectivity-settings)|
|EDR|macOS (see [System requirements](microsoft-defender-endpoint-mac.md)|[Defender for Endpoint on macOS: Network connections](microsoft-defender-endpoint-mac.md#network-connections)|
-|[Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md)|[Windows 10](/windows/release-health/release-information) or later <br/><br/>Windows Server 2022 <br/><br/> [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/><br/> [Windows Server 1803, or later](/windows-server/get-started/whats-new-in-windows-server-1803) <br/><br/> [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016)|[Configure and validate Microsoft Defender Antivirus network connections](configure-network-connections-microsoft-defender-antivirus.md)|
+|[Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md)|[Windows 10](/windows/release-health/release-information) <br/><br/> [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/><br/> Windows Server 2022 <br/><br/> [Windows Server 1803, or later](/windows-server/get-started/whats-new-in-windows-server-1803) <br/><br/> [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016)<br/><br/>[Windows Server 2012 R2*](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)|[Configure and validate Microsoft Defender Antivirus network connections](configure-network-connections-microsoft-defender-antivirus.md)|
|Antivirus|macOS (see [System requirements](microsoft-defender-endpoint-mac.md)|[Defender for Endpoint on macOS: Network connections](microsoft-defender-endpoint-mac.md#network-connections)| |Antivirus|Linux (see [System requirements](microsoft-defender-endpoint-linux.md#system-requirements))|[Defender for Endpoint on Linux: Network connections](microsoft-defender-endpoint-linux.md#network-connections)|
+*Requires installation of the modern, unified solution for Windows Server 2012 R2 and 2016. For more information, see [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints).
+ ## Next step **Congratulations**! You have completed the **Prepare** phase of [switching to Defender for Endpoint](switch-to-mde-overview.md#the-migration-process)!
security Troubleshoot Microsoft Defender Antivirus When Migrating https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+**Platforms**
+- Windows
You can find help here if you encounter issues while migrating from a third-party security solution to Microsoft Defender Antivirus.
Another feature, known as [limited periodic scanning](limited-periodic-scanning-
> [!IMPORTANT] > Limited periodic scanning is not recommended in enterprise environments. The detection, management and reporting capabilities available when running Microsoft Defender Antivirus in this mode are reduced as compared to active mode.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
++ ### See also - [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md)
security Troubleshoot Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
If you encounter a problem with Microsoft Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution.
This is an internal error. It might have triggered when a scan fails to complete
</tr> </table>
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
++ ## Related topics - [Report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md)
security Troubleshoot Np https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-np.md
If you've tested the feature with the demo site and with audit mode, and network
See [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md). ## Add exclusions
-The current exclusion options are:
-1. Setting up a custom allow indicator.
-2. Using IP exclusions: `Add-MpPreference -ExclusionIpAddress 192.168.1.1`
-3. Excluding an entire process. For more information, see [Microsoft Defender Antivirus exclusions](configure-exclusions-microsoft-defender-antivirus.md).
+The current exclusion options are:
+1. Setting up a custom allow indicator.
+2. Using IP exclusions: `Add-MpPreference -ExclusionIpAddress 192.168.1.1`
+3. Excluding an entire process. For more information, see [Microsoft Defender Antivirus exclusions](configure-exclusions-microsoft-defender-antivirus.md).
## Collect diagnostic data for file submissions
security Troubleshoot Performance Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-performance-issues.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
If your system is having high CPU usage or performance issues related to the real-time protection service in Microsoft Defender for Endpoint, you can submit a ticket to Microsoft support. Follow the steps in [Collect Microsoft Defender Antivirus diagnostic data](collect-diagnostic-data.md).
The command-line tool *wpr.exe* is part of the operating system starting with Wi
8. Include both the file and the folder in your submission to Microsoft support.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## See also - [Collect Microsoft Defender Antivirus diagnostic data](collect-diagnostic-data.md)
security Troubleshoot Reporting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-reporting.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
> [!IMPORTANT] > On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
If the above prerequisites have all been met, you might need to proceed to the n
> [!div class="nextstepaction"] > [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data.md)
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
## Related topics
security Tune Performance Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus.md
ms.technology: mde
**Applies to** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
**What is Microsoft Defender Antivirus performance analyzer?**
To start recording system events, open PowerShell in administrative mode and per
1. Run the following command to start the recording: `New-MpPerformanceRecording -RecordTo <recording.etl>`
-
+ where `-RecordTo` parameter specifies full path location in which the trace file is saved. For more cmdlet information, see [Microsoft Defender Antivirus cmdlets](/powershell/module/defender). 2. If there are processes or services thought to be affecting performance, reproduce the situation by carrying out the relevant tasks. 3. Press **ENTER** to stop and save recording, or **Ctrl+C** to cancel recording.
-4. Analyze the results using the performance analyzer's `Get-MpPerformanceReport`parameter. For example, on executing the command `Get-MpPerformanceReport -Path <recording.etl> -TopFiles 3 -TopScansPerFile 10`, the user is provided with a list of top-ten scans for the top 3 files affecting performance.
+4. Analyze the results using the performance analyzer's `Get-MpPerformanceReport`parameter. For example, on executing the command `Get-MpPerformanceReport -Path <recording.etl> -TopFiles 3 -TopScansPerFile 10`, the user is provided with a list of top-ten scans for the top 3 files affecting performance.
For more information on command-line parameters and options, see the [New-MpPerformanceRecording](#new-mpperformancerecording) and [Get-MpPerformanceReport](#get-mpperformancereport). > [!NOTE] > When running a recording, if you get the error "Cannot start performance recording because Windows Performance Recorder is already recording", run the following command
-> to stop the existing trace with the new command:
+> to stop the existing trace with the new command:
> **wpr -cancel -instancename MSFT_MpPerformanceRecording** ### Performance tuning data and information
-Based on the query, the user will be able to view data for scan counts, duration (total/min/average/max/median), path, process, and reason for scan. The image below shows sample output for a simple query of the top 10 files for scan impact.
+Based on the query, the user will be able to view data for scan counts, duration (total/min/average/max/median), path, process, and reason for scan. The image below shows sample output for a simple query of the top 10 files for scan impact.
:::image type="content" source="images/example-output.png" alt-text="Example output for a basic TopFiles query" lightbox="images/example-output.png":::
For examples that describe the process of "export" and "convert" through sample
#### For CSV -- **To export**:
+- **To export**:
`(Get-MpPerformanceReport -Path:.\Repro-Install.etl -Topscans:1000). TopScans | Export-CSV -Path:.\Repro-Install-Scans.csv -Encoding:UTF8 -NoTypeInformation` -- **To convert**:
+- **To convert**:
`(Get-MpPerformanceReport -Path:.\Repro-Install.etl -Topscans:100). TopScans | ConvertTo-Csv -NoTypeInformation` #### For JSON
For examples that describe the process of "export" and "convert" through sample
`(Get-MpPerformanceReport -Path:.\Repro-Install.etl -Topscans:1000). TopScans | ConvertTo-Json -Depth:1` ### Requirements+ Microsoft Defender Antivirus performance analyzer has the following prerequisites: - Supported Windows versions: Windows 10, Windows 11, and Windows Server 2016 and above
Microsoft Defender Antivirus performance analyzer has the following prerequisite
- PowerShell Version: PowerShell Version 5.1, PowerShell ISE, Remote PowerShell (4.18.2201.10+), PowerShell 7.x (4.18.2201.10+) ## PowerShell reference
-There are two new PowerShell cmdlets used to tune performance of Microsoft Defender Antivirus:
+
+There are two new PowerShell cmdlets used to tune performance of Microsoft Defender Antivirus:
- [New-MpPerformanceRecording](#new-mpperformancerecording) - [Get-MpPerformanceReport](#get-mpperformancereport) - ### New-MpPerformanceRecording The following section describes the reference for the new PowerShell cmdlet New-MpPerformanceRecording. This cmdlet Collects a performance recording of Microsoft Defender Antivirus scans.
New-MpPerformanceRecording -RecordTo <String >
``` #### Description: New-MpPerformanceRecording+ The `New-MpPerformanceRecording` cmdlet collects a performance recording of Microsoft Defender Antivirus scans. These performance recordings contain Microsoft-Antimalware-Engine and NT kernel process events and can be analyzed after collection using the [Get-MpPerformanceReport](#get-mpperformancereport) cmdlet. This `New-MpPerformanceRecording` cmdlet provides an insight into problematic files that could cause a degradation in the performance of Microsoft Defender Antivirus. This tool is provided "AS IS", and is not intended to provide suggestions on exclusions. Exclusions can reduce the level of protection on your endpoints. Exclusions, if any, should be defined with caution.
For more information on the performance analyzer, see [Performance Analyzer](/wi
> [!IMPORTANT] > This cmdlet requires elevated administrator privileges.
-**Supported OS versions**
+**Supported OS versions**:
Windows Version 10 and later.
The above command collects a performance recording on Server02 (as specified by
#### Parameters: New-MpPerformanceRecording ##### -RecordTo+ Specifies the location in which to save the Microsoft Defender Antimalware performance recording. ```yaml Type: String Position: Named Default value: None
-Accept pipeline input: False
+Accept pipeline input: False
Accept wildcard characters: False ```
-##### -Session
+##### -Session
+ Specifies the PSSession object in which to create and save the Microsoft Defender Antivirus performance recording. When you use this parameter the RecordTo parameter refers to the local path on the remote machine. Available with Defender platform version 4.18.2201.10. ```yaml Type: PSSession[] Position: 0 Default value: None
-Accept pipeline input: False
+Accept pipeline input: False
Accept wildcard characters: False ```
The following section describes the Get-MpPerformanceReport PowerShell cmdlet. A
Get-MpPerformanceReport [-Path] <String> [-TopScans <Int32>] [-TopFiles <Int32>
- [-TopScansPerFile <Int32>]
- [-TopProcessesPerFile <Int32>
- [-TopScansPerProcessPerFile <Int32>]
- ]
-]
+ [-TopScansPerFile <Int32>]
+ [-TopProcessesPerFile <Int32>
+ [-TopScansPerProcessPerFile <Int32>]
+ ]
+]
[-TopExtensions <Int32>
- [-TopScansPerExtension <Int32>]
- [-TopProcessesPerExtension <Int32>
- [-TopScansPerProcessPerExtension <Int32>]
- ]
- [-TopFilesPerExtension <Int32>
- [-TopScansPerFilePerExtension <Int32>]
- ]
- ]
+ [-TopScansPerExtension <Int32>]
+ [-TopProcessesPerExtension <Int32>
+ [-TopScansPerProcessPerExtension <Int32>]
+ ]
+ [-TopFilesPerExtension <Int32>
+ [-TopScansPerFilePerExtension <Int32>]
+ ]
+ ]
] [-TopProcesses <Int32>
- [-TopScansPerProcess <Int32>]
- [-TopExtensionsPerProcess <Int32>
- [-TopScansPerExtensionPerProcess <Int32>]
- ]
+ [-TopScansPerProcess <Int32>]
+ [-TopExtensionsPerProcess <Int32>
+ [-TopScansPerExtensionPerProcess <Int32>]
+ ]
] [-TopFilesPerProcess <Int32>
- [-TopScansPerFilePerProcess <Int32>]
+ [-TopScansPerFilePerProcess <Int32>]
] [-MinDuration <String>] ``` #### Description: Get-MpPerformanceReport+ The `Get-MpPerformanceReport` cmdlet analyzes a previously collected Microsoft Defender Antivirus performance recording ([New-MpPerformanceRecording](#new-mpperformancerecording)) and reports the file paths, file extensions, and processes that cause the highest impact to Microsoft Defender Antivirus scans. The performance analyzer provides an insight into problematic files that could cause a degradation in the performance of Microsoft Defender Antivirus. This tool is provided "AS IS" and is not intended to provide suggestions on exclusions. Exclusions can reduce the level of protection on your endpoints. Exclusions, if any, should be defined with caution. For more information on the performance analyzer, see [Performance Analyzer](/windows-hardware/test/wpt/windows-performance-analyzer) docs.
-**Supported OS versions**
+**Supported OS versions**:
Windows Version 10 and later.
Windows Version 10 and later.
#### Examples: Get-MpPerformanceReport
-##### Example 1: Single query
+##### Example 1: Single query
```powershell Get-MpPerformanceReport -Path:.\Defender-scans.etl -TopScans:20 ```
-##### Example 2: Multiple queries
+##### Example 2: Multiple queries
```powershell Get-MpPerformanceReport -Path:.\Defender-scans.etl -TopFiles:10 -TopExtensions:10 -TopProcesses:10 -TopScans:10 ```
-##### Example 3: Nested queries
+##### Example 3: Nested queries
```powershell Get-MpPerformanceReport -Path:.\Defender-scans.etl -TopProcesses:10 -TopExtensionsPerProcess:3 -TopScansPerExtensionPerProcess:3
Get-MpPerformanceReport -Path:.\Defender-scans.etl -TopScans:100 -MinDuration:10
#### Parameters: Get-MpPerformanceReport ##### -MinDuration+ Specifies the minimum duration of any scan or total scan durations of files, extensions, and processes included in the report; accepts values like **0.1234567sec**, **0.1234ms**, **0.1us**, or a valid TimeSpan. ```yaml Type: String Position: Named Default value: None
-Accept pipeline input: False
+Accept pipeline input: False
Accept wildcard characters: False ``` ##### -Path+ Specifies the path(s) to one or more locations. ```yaml
Accept pipeline input: True
Accept wildcard characters: False ```
-### -TopExtensions
+### -TopExtensions
+ Specifies how many top extensions to output, sorted by "Duration". ```yaml
Accept pipeline input: False
Accept wildcard characters: False ```
-### -TopExtensionsPerProcess
+### -TopExtensionsPerProcess
+ Specifies how many top extensions to output for each top process, sorted by "Duration". ```yaml
Accept wildcard characters: False
``` ### -TopFiles
-Requests a top-files report and specifies how many top files to output, sorted by "Duration".
+Requests a top-files report and specifies how many top files to output, sorted by "Duration".
```yaml Type: Int32
Accept pipeline input: False
Accept wildcard characters: False ```
-### -TopFilesPerExtension
-Specifies how many top files to output for each top extension, sorted by "Duration".
+### -TopFilesPerExtension
+Specifies how many top files to output for each top extension, sorted by "Duration".
```yaml Type: Int32
Accept wildcard characters: False
``` ### -TopFilesPerProcess+ Specifies how many top files to output for each top process, sorted by "Duration". ```yaml
Accept wildcard characters: False
``` ### -TopProcesses+ Requests a top-processes report and specifies how many of the top processes to output, sorted by "Duration". ```yaml
Accept pipeline input: False
Accept wildcard characters: False ```
-### -TopProcessesPerExtension
-Specifies how many top processes to output for each top extension, sorted by "Duration".
+### -TopProcessesPerExtension
+Specifies how many top processes to output for each top extension, sorted by "Duration".
```yaml Type: Int32
Accept pipeline input: False
Accept wildcard characters: False ``` - ### -TopProcessesPerFile
-Specifies how many top processes to output for each top file, sorted by "Duration ".
+Specifies how many top processes to output for each top file, sorted by "Duration ".
```yaml Type: Int32
Accept wildcard characters: False
``` ### -TopScans
-Requests a top-scans report and specifies how many top scans to output, sorted by "Duration".
+Requests a top-scans report and specifies how many top scans to output, sorted by "Duration".
```yaml Type: Int32
Accept pipeline input: False
Accept wildcard characters: False ``` - ### -TopScansPerExtension
-Specifies how many top scans to output for each top extension, sorted by "Duration".
+Specifies how many top scans to output for each top extension, sorted by "Duration".
```yaml Type: Int32
Accept pipeline input: False
Accept wildcard characters: False ```
+### -TopScansPerExtensionPerProcess
-### -TopScansPerExtensionPerProcess
Specifies how many top scans to output for each top extension for each top process, sorted by "Duration". - ```yaml Type: Int32 Position: Named
Accept pipeline input: False
Accept wildcard characters: False ``` - ### -TopScansPerFile
-Specifies how many top scans to output for each top file, sorted by "Duration".
+Specifies how many top scans to output for each top file, sorted by "Duration".
```yaml Type: Int32
Accept pipeline input: False
Accept wildcard characters: False ```
-### -TopScansPerFilePerExtension
-Specifies how many top scans to output for each top file for each top extension, sorted by "Duration".
+### -TopScansPerFilePerExtension
+Specifies how many top scans to output for each top file for each top extension, sorted by "Duration".
```yaml Type: Int32
Accept pipeline input: False
Accept wildcard characters: False ```
+### -TopScansPerFilePerProcess
-### -TopScansPerFilePerProcess
Specifies how many top scans for output for each top file for each top process, sorted by "Duration". - ```yaml Type: Int32 Position: Named
Accept pipeline input: False
Accept wildcard characters: False ```
+### -TopScansPerProcess
-### -TopScansPerProcess
Specifies how many top scans to output for each top process in the Top Processes report, sorted by "Duration". - ```yaml Type: Int32 Position: Named
Accept wildcard characters: False
``` ### -TopScansPerProcessPerExtension
-Specifies how many top scans for output for each top process for each top extension, sorted by "Duration".
+Specifies how many top scans for output for each top process for each top extension, sorted by "Duration".
```yaml Type: Int32
Accept wildcard characters: False
``` ### -TopScansPerProcessPerFile
-Specifies how many top scans for output for each top process for each top file, sorted by "Duration".
+Specifies how many top scans for output for each top process for each top file, sorted by "Duration".
```yaml Type: Int32
Default value: None
Accept pipeline input: False Accept wildcard characters: False ```
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Use Group Policy Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can use [Group Policy](/windows/win32/srvnodes/group-policy) to configure and manage Microsoft Defender Antivirus on your endpoints.
The following table lists commonly used Group Policy settings that are available
|Threats|Specify threat alert levels at which default action should not be taken when detected|[Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md)| |Threats|Specify threats upon which default action should not be taken when detected|[Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md)|
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
## See also
security Use Intune Config Manager Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can use [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) to configure Microsoft Defender Antivirus scans. [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Configuration Manager](/mem/configmgr/core/understand/introduction) are now part of Endpoint Manager.
You can use [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) to conf
> [!TIP] > Need help? See [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related articles - [Reference articles for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md)
security Use Powershell Cmdlets Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration. You can read more about it at the [PowerShell hub on MSDN](/previous-versions/msdn10/mt173057(v=msdn.10)).
Get-Help <cmdlet> -Online
Omit the `-online` parameter to get locally cached help.
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md)
security Use Wmi Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus.md
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings.
Changes made with WMI will affect local settings on the endpoint where the chang
You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-microsoft-defender-antivirus.md).
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md)
security Web Content Filtering https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-content-filtering.md
To dispute the category of a domain, navigate to **Reports** \> **Web protection
A panel will open where you can select the priority and add more details such as the suggested category for recategorization. Once you complete the form, select **Submit**. Our team will review the request within one business day. For immediate unblocking, create a [custom allow indicator](indicator-ip-domain.md).
-### URL category lookup
-
-To determine the category of a website, you can use the URL search function available on the Microsoft 365 Defender portal (<https://security.microsoft.com>) under **Endpoints** \> **Search**. In the URL search results, the web content filtering category appears under **URL/Domain details**. If the category result is not shown, the URL is not currently assigned to an existing web content filtering category.
-
-<!:::image type="content" source="../../media/web-content-filtering-category-lookup.png" alt-text="The web content filtering category lookup results" lightbox="../../media/web-content-filtering-category-lookup.png":::>
- ## Web content filtering cards and details Select **Reports** \> **Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering.
security Whats New In Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
For more information on Microsoft Defender for Endpoint on other operating syste
- [What's new in Defender for Endpoint on iOS](ios-whatsnew.md) - [What's new in Defender for Endpoint on Linux](linux-whatsnew.md)
+## March 2022
+- [Updated onboarding and feature parity for Windows Server 2012 R2 and Windows Server 2016)](configure-server-endpoints.md)<br/> The new unified solution package is now generally available and makes it easier to onboard servers by removing dependencies and installation steps. In addition, this unified solution package comes with many new feature improvements.
## January 2022
security Why Cloud Protection Should Be On Mdav https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/why-cloud-protection-should-be-on-mdav.md
**Applies to:**
+- Microsoft Defender Antivirus
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)-- Microsoft Defender Antivirus+
+**Platforms**
+- Windows
Microsoft Defender Antivirus cloud protection helps protect against malware on your endpoints and across your network. We recommend keeping cloud protection turned on, because certain security features and capabilities in Microsoft Defender for Endpoint only work when cloud protection is enabled.
Now that you have an overview of cloud protection and its role in Microsoft Defe
4. **[Configure the "block at first sight" feature](configure-block-at-first-sight-microsoft-defender-antivirus.md)**. The "block at first sight" feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it by using Microsoft Endpoint Manager or Group Policy. 5. **[Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)**. Microsoft Defender Antivirus can block suspicious files from running while it queries our cloud protection service. You can configure the amount of time the file will be prevented from running by using Microsoft Endpoint Manager or Group Policy.+
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Why Use Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus.md
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- Microsoft Defender Antivirus
+
+**Platforms**
+- Windows
Microsoft Defender Antivirus is the next-generation protection component of [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) (Microsoft Defender for Endpoint).
Although you can use a non-Microsoft antivirus solution with Microsoft Defender
|10|File recovery via OneDrive|If you are using Microsoft Defender Antivirus together with [Office 365](/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).| |11|Technical support|By using Microsoft Defender for Endpoint together with Microsoft Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](/microsoft-365/security/defender-endpoint/troubleshoot-mdatp)and [review event logs and error codes with Microsoft Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md).|
+> [!TIP]
+> If youΓÇÖre looking for Antivirus related information for other platforms, see:
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+ ## Learn More [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)
security Advanced Hunting Shared Queries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-shared-queries.md
ms.technology: m365d
Under the Queries tab in advanced hunting, you can find the drop-down menus for **Shared queries**, **My queries**, and **Community queries**. You can select a downward-facing arrow to expand a menu.
You can save a new or existing query so that it is only accessible to you or sha
## Delete or rename a query 1. Select the three dots to the right of a query you want to rename or delete.
- :::image type="content" source="../../media/shared-query-3.png" alt-text="The options for a shared query in the Advanced Hunting page in the Microsoft 365 Defender portal" lightbox="../../media/shared-query-3.png":::
+ :::image type="content" source="../../media/advanced-hunting-del-save-query.png" alt-text="Rename or delete a query in the Advanced Hunting page in the Microsoft 365 Defender portal" lightbox="../../media/advanced-hunting-del-save-query.png":::
2. Select **Delete** and confirm deletion. Or select **Rename** and provide a new name for the query.
Microsoft security researchers regularly share advanced hunting queries in a [de
You can easily find these queries in the **Community queries** drop-down menu as well. Community queries are grouped into folders like *Campaigns*, *Collection*, *Defense evasion*, and the like. Further information about the query is provided as in-line comments in the query itself.
security Eval Defender Endpoint Enable Eval https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-enable-eval.md
The following table lists the available tools based on the endpoint that you nee
Endpoint | Tool options :|:
-**Windows** | [Local script (up to 10 devices)](../defender-endpoint/configure-endpoints-script.md), [Group Policy](../defender-endpoint/configure-endpoints-gp.md), [Microsoft Endpoint Manager/ Mobile Device Manager](../defender-endpoint/configure-endpoints-mdm.md), [Microsoft Endpoint Configuration Manager](../defender-endpoint/configure-endpoints-sccm.md), [VDI scripts](../defender-endpoint/configure-endpoints-vdi.md), [Integration with Microsoft Defender for Cloud](../defender-endpoint/configure-server-endpoints.md#integration-with-azure-defender)
+**Windows** | [Local script (up to 10 devices)](../defender-endpoint/configure-endpoints-script.md), [Group Policy](../defender-endpoint/configure-endpoints-gp.md), [Microsoft Endpoint Manager/ Mobile Device Manager](../defender-endpoint/configure-endpoints-mdm.md), [Microsoft Endpoint Configuration Manager](../defender-endpoint/configure-endpoints-sccm.md), [VDI scripts](../defender-endpoint/configure-endpoints-vdi.md), [Integration with Microsoft Defender for Cloud](../defender-endpoint/configure-server-endpoints.md#integration-with-microsoft-defender-for-cloud)
**macOS** | [Local scripts](../defender-endpoint/mac-install-manually.md), [Microsoft Endpoint Manager](../defender-endpoint/mac-install-with-intune.md), [JAMF Pro](../defender-endpoint/mac-install-with-jamf.md), [Mobile Device Management](../defender-endpoint/mac-install-with-other-mdm.md) **Linux Server** | [Local script](../defender-endpoint/linux-install-manually.md), [Puppet](../defender-endpoint/linux-install-with-puppet.md), [Ansible](../defender-endpoint/linux-install-with-ansible.md) **iOS** | [App-based](../defender-endpoint/ios-install.md)
security Integrate Microsoft 365 Defender Secops Tasks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-tasks.md
ms.technology: m365d
Here are the periodic or as-needed tasks to maintain your SOC for Microsoft 365 Defender.
-| Activity | Description | Cadence | Team assigned |
-|:-|:--|:-|:-|
-| Service administration collaboration with SOC Teams | Administration of peripheral services such as asset tracking (CMDB), application licensing (new SaaS licenses), device purchases (upgrades or renew device deployments), and other Microsoft 365 tenant-wide changes (Intune, Microsoft 365, and others) that may affect deployment of Microsoft 365 Defender products. | Weekly and as needed | Engineering & SecOps |
-| Update anti-phishing and data loss prevention campaigns | Incorporate SOC use case and lessons learned with extended organization (HR, legal, training, and others). | Monthly and as needed | SOC Oversight |
-| Deploy automation scripts and services where appropriate | Download and test automation scripts and configuration files from approved Microsoft sites to improve Microsoft 365 Defender operations. | Weekly and as needed | Engineering and SecOps |
-| Portal or license management | Check announcements and the Microsoft Messaging Center for Microsoft 365 Defender portal or licensing needs based on Microsoft updates and new features. | Weekly | SOC Oversight|
-| Update SOC escalation tickets | All SOC teams update escalation tickets (such as Sentinel, ServiceNow tickets) assigned to them. | Daily | All SOC teams |
-| Track Microsoft 365 Defender Threat & Vulnerability remediation activity | Generate TvM Secure Score remediation activity and report to asset owners through an intranet portal. | Daily | Monitoring |
-| Generate Secure Score report | Monitoring team tracks and reports Secure Score improvements. | Weekly SOC | Monitoring |
-| Run IR tabletop exercise | Test SOC team playbooks in tabletop exercise. | As needed | All SOC teams |
-|||||
+|Activity|Description|Cadence|Team assigned|
+|||||
+|Service administration collaboration with SOC Teams|Administration of peripheral services such as asset tracking (CMDB), application licensing (new SaaS licenses), device purchases (upgrades or renew device deployments), and other Microsoft 365 tenant-wide changes (Intune, Microsoft 365, and others) that may affect deployment of Microsoft 365 Defender products.|Weekly and as needed|Engineering & SecOps|
+|Update anti-phishing and data loss prevention campaigns|Incorporate SOC use case and lessons learned with extended organization (HR, legal, training, and others).|Monthly and as needed|SOC Oversight|
+|Deploy automation scripts and services where appropriate|Download and test automation scripts and configuration files from approved Microsoft sites to improve Microsoft 365 Defender operations.|Weekly and as needed|Engineering and SecOps|
+|Portal or license management|Check announcements and the Microsoft Messaging Center for Microsoft 365 Defender portal or licensing needs based on Microsoft updates and new features.|Weekly|SOC Oversight|
+|Update SOC escalation tickets|All SOC teams update escalation tickets (such as Sentinel, ServiceNow tickets) assigned to them.|Daily|All SOC teams|
+|Track Microsoft 365 Defender Threat & Vulnerability remediation activity|Generate TvM Secure Score remediation activity and report to asset owners through an intranet portal.|Daily|Monitoring|
+|Generate Secure Score report|Monitoring team tracks and reports Secure Score improvements.|Weekly SOC|Monitoring|
+|Run IR tabletop exercise|Test SOC team playbooks in tabletop exercise.|As needed|All SOC teams|
Integrate these tasks into your current SOC processes.
security Integrate Microsoft 365 Defender Secops Use Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
+f1.keywords:
- NOCSH ms.localizationpriority: medium audience: ITPro-+ - M365-security-compliance - m365solution-m365dsecops
+search.appverid:
- MOE150 - MET150 ms.technology: m365d
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
-The recommended methods to deploy Microsoft 365 Defender in your Security Operations Center (SOC) will depend on the SOC team's current set of tools, processes, and skillsets. Maintaining cyber hygiene across platforms can be challenging because of the vast amount of data coming from dozens if not hundreds of security sources.
+The recommended methods to deploy Microsoft 365 Defender in your Security Operations Center (SOC) will depend on the SOC team's current set of tools, processes, and skillsets. Maintaining cyber hygiene across platforms can be challenging because of the vast amount of data coming from dozens if not hundreds of security sources.
-Security tools are interrelated. Turning on one feature in a security technology or changing a process may in turn break another. For this reason, Microsoft recommends that your SOC team formalize a method for defining and prioritizing use cases. Use cases help define requirements and test processes for SOC operations across various teams. It creates a methodology for capturing metrics to determine if the right roles and mix of tasks are aligned to the right team with the right skillsets.
+Security tools are interrelated. Turning on one feature in a security technology or changing a process may in turn break another. For this reason, Microsoft recommends that your SOC team formalize a method for defining and prioritizing use cases. Use cases help define requirements and test processes for SOC operations across various teams. It creates a methodology for capturing metrics to determine if the right roles and mix of tasks are aligned to the right team with the right skillsets.
## Develop and formalize use case process The SOC should define a high-level standard and process for developing use cases, which would be regulated by the SOC Oversight team. The SOC Oversight team should work with your business, IT, legal, HR, and other groups to prioritize use cases for the SOC that will eventually make their way into the SOC team's runbooks and playbooks. Priority of use cases are based on objectives, such as compliance or privacy.
-SOC Oversight activities related to use case development include:
+SOC Oversight activities related to use case development include:
- Requirements - Staffing or training needs
Once a high-level use case standard has been defined and approved, the next step
## Use case example 1: New phishing variant The first step in creating a use case is to outline the workflow using a story board. Here's an example of a high-level story board for a new phishing exploit notification to a Threat Intelligence team.
-
+ :::image type="content" source="../../media/integrate-microsoft-365-defender-secops/example-use-case-workflow-storyboard-phishing.png" alt-text="The workflow of a use case for an anti-phishing campaign" lightbox="../../media/integrate-microsoft-365-defender-secops/example-use-case-workflow-storyboard-phishing.png"::: ### Invoke the use case workflow for example 1
-Once the story board has been approved, the next step is to invoke the use case workflow. Here is an example process for an anti-phishing campaign.
-
+Once the story board has been approved, the next step is to invoke the use case workflow. Here is an example process for an anti-phishing campaign.
+ :::image type="content" source="../../media/integrate-microsoft-365-defender-secops/example-detailed-use-case-workflow-phishing.png" alt-text="A detailed use case workflow for an anti-phishing campaign" lightbox="../../media/integrate-microsoft-365-defender-secops/example-detailed-use-case-workflow-phishing.png"::: ## Use case example 2: Threat and vulnerability scanning
-Another scenario where a use case could be used is for threat and vulnerability scanning. In this example, the SOC requires that threats and vulnerabilities be remediated against assets via approved processes that include scanning of assets.
+Another scenario where a use case could be used is for threat and vulnerability scanning. In this example, the SOC requires that threats and vulnerabilities be remediated against assets via approved processes that include scanning of assets.
Here is an example high-level storyboard for the threat and vulnerability management of assets.
-
+ :::image type="content" source="../../media/integrate-microsoft-365-defender-secops/example-use-case-workflow-storyboard-tvm.png" alt-text="A use-case workflow for threat and vulnerability management" lightbox="../../media/integrate-microsoft-365-defender-secops/example-use-case-workflow-storyboard-tvm.png"::: ### Invoke the use case workflow for example 2 Here is an example process for threat and vulnerability scanning.
-
+ :::image type="content" source="../../media/integrate-microsoft-365-defender-secops/example-detailed-use-case-workflow-tvm.png" alt-text="A detailed use case workflow for threat and vulnerability management" lightbox="../../media/integrate-microsoft-365-defender-secops/example-detailed-use-case-workflow-tvm.png":::
-
+ ### Analyze the use case output and lessons learned
-After a use case has been approved and tested, gaps among your security teams should be identified, along with people, processes, and the Microsoft 365 Defender technologies involved. Microsoft 365 Defender technologies should be analyzed to determine if they are capable of achieving desired outcomes. These can be tracked via a checklist or a matrix.
+After a use case has been approved and tested, gaps among your security teams should be identified, along with people, processes, and the Microsoft 365 Defender technologies involved. Microsoft 365 Defender technologies should be analyzed to determine if they are capable of achieving desired outcomes. These can be tracked via a checklist or a matrix.
For example, in the anti-phishing scenario example, the SOC teams could have made the discoveries in this table. -
-| SOC team | Requirement | People to meet requirement | Process to meet requirement | Relevant technology | Gap identified | Use case change log | Exempt (Y/N) |
-|:-|:--|:-|:-|:-|:--|:-|:-|
-| Threat Intelligence and Analytics team | Data sources are properly feeding the threat intelligence engines. | Threat Intelligence Analyst/Engineer | Data feed requirements established, threat intelligence triggers from approved sources | Microsoft Defender for Identity, Microsoft Defender for Endpoint | Threat Intelligence team did not use automation script to link Microsoft 365 Defender API with threat intel engines | Add Microsoft 365 Defender as data sources to threat engines <BR> <BR> Update use case run book | N |
-| Monitoring team | Data sources are properly feeding the monitoring dashboards | Tier 1,2 SOC AnalystΓÇôMonitoring & Alerts | Workflow for reporting Security & Compliance Center Secure Score | [Alerts in Security & Compliance Center](/microsoft-365/security/office-365-security/alerts) <br><br> Secure Score monitoring | No mechanism for SOC analysts to report successful new phishing variant detection to improve Secure Score <br><br> [Reporting in Security & Compliance Center](/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance)| Add a process for tracking Secure Score improvement to Reporting workflows | N |
-| Engineering and SecOps Team | Change control updates are made in the SOC team runbooks | Tier 2 SOC Engineer | Change Control notification procedure for SOC team runbooks | Approved changes to security devices | Changes to Microsoft 365 Defender connectivity to SOC security technology requires approval | Add Microsoft Defender for Cloud Apps, Defender for Identity, Defender for Endpoint, Security & Compliance Center to SOC runbooks | Y |
-|||||||||
+|SOC team|Requirement|People to meet requirement|Process to meet requirement|Relevant technology|Gap identified|Use case change log|Exempt (Y/N)|
+|||||||||
+|Threat Intelligence and Analytics team|Data sources are properly feeding the threat intelligence engines.|Threat Intelligence Analyst/Engineer|Data feed requirements established, threat intelligence triggers from approved sources|Microsoft Defender for Identity, Microsoft Defender for Endpoint|Threat Intelligence team did not use automation script to link Microsoft 365 Defender API with threat intel engines|Add Microsoft 365 Defender as data sources to threat engines <BR> <BR> Update use case run book|N|
+|Monitoring team|Data sources are properly feeding the monitoring dashboards|Tier 1,2 SOC AnalystΓÇôMonitoring & Alerts|Workflow for reporting Security & Compliance Center Secure Score|[Alerts in Security & Compliance Center](/microsoft-365/security/office-365-security/alerts) <br><br> Secure Score monitoring|No mechanism for SOC analysts to report successful new phishing variant detection to improve Secure Score <br><br> [Reporting in Security & Compliance Center](/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance)|Add a process for tracking Secure Score improvement to Reporting workflows|N|
+|Engineering and SecOps Team|Change control updates are made in the SOC team runbooks|Tier 2 SOC Engineer|Change Control notification procedure for SOC team runbooks|Approved changes to security devices|Changes to Microsoft 365 Defender connectivity to SOC security technology requires approval|Add Microsoft Defender for Cloud Apps, Defender for Identity, Defender for Endpoint, Security & Compliance Center to SOC runbooks|Y|
Additionally, the SOC teams could have made the discoveries outlined in the table below in regard to the threat and vulnerability management scenario outlined above:
-| SOC team | Requirement | People to meet requirement | Process to meet requirement | Relevant technology | Gap identified | Use case change log | Exempt (Y/N) |
-|:-|:--|:-|:-|:-|:--|:-|:-|
-| SOC Oversight | All assets connected to approved networks are identified and categorized | SOC Oversight, BU owners, application owners, IT asset owners, etc. | Centralized asset management system to discover and list asset category and attributes based on risk. | ServiceNow or other assets. <br><br>[Microsoft 365 Device Inventory](/security/defender-endpoint/device-discovery) | Only 70% of assets have been discovered. Microsoft 365 Defender remediation tracking only effective for known assets | Mature asset lifecycle management services to ensure Microsoft 365 Defender has 100% coverage | N |
-| Engineering & SecOps Teams | High impact and critical vulnerabilities in assets are remediated according to policy | SecOps engineers, SOC analysts: Vulnerability & Compliance, Security Engineering | Defined process for categorizing High Risk and Critical Vulnerabilities | [Threat and Vulnerability Management Dashboards](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) | Defender for Endpoint has identified high impact, high alert devices with no remediation plan or implementation of Microsoft recommended activity | Add a workflow for notifying asset owners when remediation activity is required within 30 days per policy; Implement a ticketing system to notify asset owners of remediation steps. | N |
-| Monitoring Teams | Threat and vulnerability status is reported via company intranet portal | Tier 2 SOC analyst | Auto-generated reports from Microsoft 365 Defender showing remediation progress of assets | [Alerts in Security & Compliance Center](/microsoft-365/security/office-365-security/alerts) <br><br> Secure Score monitoring | No views or dashboard reports being communicated to asset owners regarding threat and vulnerability status of assets. | Create automation script to populate status of high risk and critical asset vulnerability remediation to the organization. | N |
-|||||||||
+|SOC team|Requirement|People to meet requirement|Process to meet requirement|Relevant technology|Gap identified|Use case change log|Exempt (Y/N)|
+|||||||||
+|SOC Oversight|All assets connected to approved networks are identified and categorized|SOC Oversight, BU owners, application owners, IT asset owners, etc.|Centralized asset management system to discover and list asset category and attributes based on risk.|ServiceNow or other assets. <br><br>[Microsoft 365 Device Inventory](/security/defender-endpoint/device-discovery)|Only 70% of assets have been discovered. Microsoft 365 Defender remediation tracking only effective for known assets|Mature asset lifecycle management services to ensure Microsoft 365 Defender has 100% coverage|N|
+|Engineering & SecOps Teams|High impact and critical vulnerabilities in assets are remediated according to policy|SecOps engineers, SOC analysts: Vulnerability & Compliance, Security Engineering|Defined process for categorizing High Risk and Critical Vulnerabilities|[Threat and Vulnerability Management Dashboards](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)|Defender for Endpoint has identified high impact, high alert devices with no remediation plan or implementation of Microsoft recommended activity|Add a workflow for notifying asset owners when remediation activity is required within 30 days per policy; Implement a ticketing system to notify asset owners of remediation steps.|N|
+|Monitoring Teams|Threat and vulnerability status is reported via company intranet portal|Tier 2 SOC analyst|Auto-generated reports from Microsoft 365 Defender showing remediation progress of assets|[Alerts in Security & Compliance Center](/microsoft-365/security/office-365-security/alerts) <br><br> Secure Score monitoring|No views or dashboard reports being communicated to asset owners regarding threat and vulnerability status of assets.|Create automation script to populate status of high risk and critical asset vulnerability remediation to the organization.|N|
In these example use cases, the testing revealed several gaps in the SOC team's requirements that were established as baselines for the responsibilities of each team. The use case checklist can be as comprehensive as needed to ensure that the SOC team is prepared for the Microsoft 365 Defender integration with new or existing SOC requirements. Since this will be an iterative process, the use case development process and the use case output content will naturally serve to update and mature the SOC's runbooks with lessons learned. ## Update production runbooks and playbooks
-Once use case testing has been remediated for all gaps, the lessons learned and metrics collected in them can be incorporated into your SOC team's production runbooks (operating processes) and playbooks (incident responses and escalation procedures).
+Once use case testing has been remediated for all gaps, the lessons learned and metrics collected in them can be incorporated into your SOC team's production runbooks (operating processes) and playbooks (incident responses and escalation procedures).
-Maintenance of the SOC team runbooks and playbooks can be organized in a multitude of ways. Each SOC team may be responsible for their own, or there may be a single centralized version for all teams to share in a central repository. Runbook and playbook management for individual organizations is based on size, skillsets, roles, and segregation of duties. Once a runbook has been updated, the playbook update process should follow.
+Maintenance of the SOC team runbooks and playbooks can be organized in a multitude of ways. Each SOC team may be responsible for their own, or there may be a single centralized version for all teams to share in a central repository. Runbook and playbook management for individual organizations is based on size, skillsets, roles, and segregation of duties. Once a runbook has been updated, the playbook update process should follow.
## Use a standard framework for escalation
Playbooks are the steps the SOC teams will need to follow when a real event occu
The NIST four step incident response process includes four phases:
-1. Preparation
-2. Detection and analysis
-3. Containment, eradication, and recovery
-4. Post-incident activity
+1. Preparation
+2. Detection and analysis
+3. Containment, eradication, and recovery
+4. Post-incident activity
### Example: Tracking preparation phase activity
-One of the core foundations of an escalation playbook is to ensure there is little ambiguity as to what each SOC team is supposed to do before, during, and after an event or incident. Therefore, it is good practice to list out step by step instructions.
+One of the core foundations of an escalation playbook is to ensure there is little ambiguity as to what each SOC team is supposed to do before, during, and after an event or incident. Therefore, it is good practice to list out step by step instructions.
For example, the Preparation phase could include an if/then or XoR matrix of tasks. In the case of the new phishing variant example use case, such a matrix could look like this:
-| Why is Escalation Warranted? | Next Step |
-|:-|:--|
-| Alert in SOC Monitoring rated as **critical** triggered > **500/hour** | Go to Playbook A, Section 2, Activity 5 (with a link to the playbook section) |
-| eCommerce reported potential DDoS attack | Invoke Playbook B-Section C, Activity 19 (with a link to the playbook section) |
-| Executive reported a suspicious email as spear phishing attempt | Go to Playbook 5, Section 2, Activity 5 (with a link to the playbook section) |
-|||
+|Why is Escalation Warranted?|Next Step|
+|||
+|Alert in SOC Monitoring rated as **critical** triggered > **500/hour**|Go to Playbook A, Section 2, Activity 5 (with a link to the playbook section)|
+|eCommerce reported potential DDoS attack|Invoke Playbook B-Section C, Activity 19 (with a link to the playbook section)|
+|Executive reported a suspicious email as spear phishing attempt|Go to Playbook 5, Section 2, Activity 5 (with a link to the playbook section)|
After executing the Preparation phase, organizations should invoke the remaining phases as outlined by NIST: - Detection and analysis - Containment, eradication, and recovery-- Post-incident activity
+- Post-incident activity
## Next step
security Virus Initiative Criteria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/virus-initiative-criteria.md
You can request membership if you're a representative for an organization that d
To qualify for the MVI program, your organization must meet all the following requirements:
-1) Your security solution either replaces or compliments Microsoft Defender Antivirus.
+1. Your security solution either replaces or compliments Microsoft Defender Antivirus.
-2) Your organization is responsible for both developing and distributing app updates to end-customers that address compatibility with Windows.
+2. Your organization is responsible for both developing and distributing app updates to end-customers that address compatibility with Windows.
-3) Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences or being reviewed in an industry-standard report such as AV-Comparatives, OPSWAT, or Gartner.
+3. Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences or being reviewed in an industry-standard report such as AV-Comparatives, OPSWAT, or Gartner.
-4) Your organization must sign a non-disclosure agreement (NDA) with Microsoft.
+4. Your organization must sign a non-disclosure agreement (NDA) with Microsoft.
-5) Your organization must sign a program license agreement. Maintaining this license agreement requires that you adhere to all program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
+5. Your organization must sign a program license agreement. Maintaining this license agreement requires that you adhere to all program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
-6) You must submit your app to Microsoft for periodic performance testing and feature review.
+6. You must submit your app to Microsoft for periodic performance testing and feature review.
-7) Your solution must be certified through independent testing by at least one industry-standard organization, and yearly certification must be maintained.
+7. Your solution must be certified through independent testing by at least one industry-standard organization, and yearly certification must be maintained.
-Test Provider | Lab Test Type | Minimum Level / Score
-- ||-
-AV-Comparatives | Real-World Protection Test </br> https://www.av-comparatives.org/testmethod/real-world-protection-tests/ |"Approved" rating from AV Comparatives
-AV-Test | Must pass tests for Windows. Certifications for Mac and Linux aren't accepted </br> https://www.av-test.org/en/about-the-institute/certification/ | Achieve "AV-TEST Certified" (for home users) or "AV-TEST Approved" (for corporate users)
-ICSA Labs | Endpoint Anti-Malware Detection </br> https://www.icsalabs.com/technology-program/anti-virus/criteria |PASS/Certified
-SKD Labs | Certification Requirements Product: Anti-virus or Antimalware </br> http://www.skdlabs.com/html/english/ </br> http://www.skdlabs.com/cert/ |SKD Labs Star Check Certification Requirements Pass >= 98.5% with On Demand, On Access and Total Detection tests
-VB 100 | VB100 Certification Test V1.1 </br> https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/ | VB100 Certification
-West Coast Labs | Checkmark Certified </br> http://www.checkmarkcertified.com/sme/ | "A" Rating on Product Security Performance
+|Test Provider|Lab Test Type|Minimum Level / Score|
+|-||-|
+|AV-Comparatives|Real-World Protection Test </br> <https://www.av-comparatives.org/testmethod/real-world-protection-tests/>|"Approved" rating from AV Comparatives|
+|AV-Test|Must pass tests for Windows. Certifications for Mac and Linux aren't accepted </br> <https://www.av-test.org/en/about-the-institute/certification/>|Achieve "AV-TEST Certified" (for home users) or "AV-TEST Approved" (for corporate users)|
+|ICSA Labs|Endpoint Anti-Malware Detection </br> <https://www.icsalabs.com/technology-program/anti-virus/criteria>|PASS/Certified|
+|SKD Labs|Certification Requirements Product: Anti-virus or Antimalware </br> <http://www.skdlabs.com/html/english/> </br> <http://www.skdlabs.com/cert/>|SKD Labs Star Check Certification Requirements Pass >= 98.5% with On Demand, On Access and Total Detection tests|
+|VB 100|VB100 Certification Test V1.1 </br> <https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/>|VB100 Certification|
+|West Coast Labs|Checkmark Certified </br> <http://www.checkmarkcertified.com/sme/>|"A" Rating on Product Security Performance|
## Apply now
security Configure Review Priority Account https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-review-priority-account.md
For more information, see [User tags in Microsoft Defender for Office 365](user-
The Threat protection status report is a single view that brings together information about malicious content and malicious email detected and blocked by Microsoft Defender for Office 365.
-To view the report in the Microsoft 365 Defender portal, go to **Reports** \> **Email & collaboration** \> **Email & collaboration reports**. On the **Email & collaboration reports** page, find **Threat protection status**, and then click **View details**.
+To view the report in the Microsoft 365 Defender portal, go to **Reports** \> **Email & collaboration** \> **Email & collaboration reports**. On the **Email & collaboration reports** page, find **Threat protection status**, and then select **View details**. Navigate to either the **Spam view**, **Phish view**, or **Malware view**, then use the filter icon to select **Priority account protection**.
### Threat Explorer
The tabs along the top of the entity page will allow you to investigate email ef
## More information - [User tags in Microsoft Defender for Office 365](user-tags.md)-- [Manage and monitor priority accounts](../../admin/setup/priority-accounts.md)
+- [Manage and monitor priority accounts](../../admin/setup/priority-accounts.md)