Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
threat-intelligence | Security Copilot And Defender Threat Intelligence | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md | This article introduces you to Copilot and includes sample prompts that can help ![Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.](media/defender-ti-and-copilot/copilot-prompts-bar-sources.png) - In the **Manage plugins** pop-up window that appears, confirm that the **Microsoft Defender Threat Intelligence** toggle is turned on, then close the window. + In the **Manage sources** pop-up window that appears, under **Plugins**, confirm that the **Microsoft Defender Threat Intelligence** toggle is turned on, then close the window. ![Screenshot of the Manage plugins pop-up window with the Microsoft Defender Threat Intelligence plugin highlighted.](media/defender-ti-and-copilot/copilot-manage-plugins.png) |
admin | Microsoft Teams Apps Usage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-apps-usage.md | The Teams app usage report is available in the Microsoft 365 admin center and th ## How to get to the Microsoft Teams apps usage report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.-2. From the dashboard homepage, select on the **View more** button on the Microsoft Teams apps activity card. +2. From the dashboard homepage, select the **View more** button on the Microsoft Teams apps activity card. :::image type="content" source="../../media/teams-apps-tile.png" alt-text="Microsoft Teams app."::: You can view the **user activity** in the Teams app usage report by choosing the On the top of the report, three charts describe cross-app trends across your organization. -- Users who have installed apps-- User who have used apps+- Users who installed apps +- Users who used apps - Platform You can filter all charts by the time range picker in the top right. This chart shows you the total number of unique users that have installed an app :::image type="content" source="../../media/users-who-installed-apps.png" alt-text="Microsoft Teams apps Users who have installed apps chart."::: -### User who have used apps +### Users who have used apps This chart shows you the number of unique users that have used any app on each date within the selected period. For example ΓÇô if you select January 28, the chart will show you the total number of users on January 28. This table shows you per-user view with the following metrics for each app. A su ## Managing apps in the Teams Admin Center -For more information about how to manage your Teams apps, please refer to [About apps in Microsoft Teams](/microsoftteams/deploy-apps-microsoft-teams-landing-page). +For more information about how to manage your Teams apps, refer to [About apps in Microsoft Teams](/microsoftteams/deploy-apps-microsoft-teams-landing-page). To link an app in this report to the Manage Apps experience in Teams Admin Center, you can use the following items: - App Name - External App ID -External App IDs are equivalent to the ID in the Manage apps page for Store apps. For custom apps, to view External App ID in the Manage Apps page, follow the instructions on [Manage apps setup policies in Microsoft Teams](/microsoftteams/teams-app-setup-policies) to add the column in the column settings. You can also view it on the app details page for a custom app +External App IDs are equivalent to the ID in the Manage apps page for Store apps. For custom apps, to view External App ID in the Manage Apps page, follow the instructions on [Manage apps setup policies in Microsoft Teams](/microsoftteams/teams-app-setup-policies) to add the column in the column settings. You can also view it on the app details page for a custom app. |
admin | About Exchange Online Admin Role | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-exchange-online-admin-role.md | description: "Exchange administrators manage your organization's email and mailb To help you administer Microsoft 365, you can [assign](assign-admin-roles.md) users permissions to manage your organization's email and mailboxes from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>. You do this by assigning them to the Exchange Administrator role. -> [!TIP] -> When you assign someone to the Exchange Administrator role, we recommend assigning them to the Service Support Administrator role. This way they can see important information in the Microsoft 365 admin center, such as the health of the Exchange Online service, and change and release notifications. Here are some of the key tasks users can do when they are assigned to the Exchange Administrator role: |
admin | Create Dns Records At 1 1 Internet | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-1-1-internet.md | Before you use your domain with Microsoft, we have to make sure that you own it. 1. Select **Add record**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Screenshot of where you select Add record to add a domain verification TXT record."::: 1. Select the **TXT** section. Before you use your domain with Microsoft, we have to make sure that you own it. 1. Select **Save**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-5.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-5.png" alt-text="Screenshot of where you select Save to add a TXT verification record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: 1. Select **Add record**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Screenshot of where you select Add record to add an MX record."::: 1. Select the **MX** section. To verify the record in Microsoft 365: 1. Select **Save**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-mx-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-mx-save.png" alt-text="Screenshot of where you select Save to add an MX record."::: 1. If there are any MX records already listed, delete each of them by selecting the **Delete record** trash can on the **Add record** page. To verify the record in Microsoft 365: 1. Select **Add record**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Screenshot of where you select Add record to add an SPF TXT record."::: 1. Select the **SPF (TXT)** section. To verify the record in Microsoft 365: 1. Select **Save**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-spftxt-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-spftxt-save.png" alt-text="Screenshot of where you select Save to add an SPF TXT record."::: ## Advanced option: Skype for Business Only select this option if your organization uses Skype for Business for online 1. Select **Add record**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Screenshot of where you select Add record to add CNAME records for Skype for Business."::: 1. Select the **CNAME** section. Only select this option if your organization uses Skype for Business for online 1. Select **Add record**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Screenshot of where you select Add record to add an SRV record."::: 1. Select the **SRV** section. Only select this option if your organization uses Skype for Business for online 1. Select **Save**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-srv-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-srv-save.png" alt-text="Screenshot of where you select Save to add an SRV record."::: 1. Add the other SRV record. This service helps you secure and remotely manage mobile devices that connect to 1. Select **Add record**. - :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Screenshot of where you select Add record to add CNAME records for Mobile Device Management."::: 1. Select the **CNAME** section. |
admin | Create Dns Records At 123 Reg Co Uk | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-123-reg-co-uk.md | Before you use your domain with Microsoft, we have to make sure that you own it. 6. Select **Add**. - :::image type="content" source="../../media/dns-123reg/123reg-domains-TXTSPF-Add.png" alt-text="Select Add."::: + :::image type="content" source="../../media/dns-123reg/123reg-domains-TXTSPF-Add.png" alt-text="Screenshot of where you select Add to add a domain verification TXT record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: 6. Select **Add**. - :::image type="content" source="../../media/dns-123reg/123reg-domains-MX-Add.png" alt-text="Select Add."::: + :::image type="content" source="../../media/dns-123reg/123reg-domains-MX-Add.png" alt-text="Screenshot of where you select Add to add an MX record."::: 7. If there are any other MX records, remove each one by selecting the **Delete (trash can)** icon for that record. To verify the record in Microsoft 365: 6. Select **Add**. - :::image type="content" source="../../media/dns-123reg/123reg-domains-CNAME-Add.png" alt-text="Select Add."::: + :::image type="content" source="../../media/dns-123reg/123reg-domains-CNAME-Add.png" alt-text="Screenshot of where you select Add to add a CNAME record."::: ## Add a TXT record for SPF to help prevent email spam Only select this option if your organization uses Skype for Business for online 6. Select **Add**. - :::image type="content" source="../../media/dns-123reg/123reg-domains-TXTSPF-Add.png" alt-text="Select Add."::: + :::image type="content" source="../../media/dns-123reg/123reg-domains-TXTSPF-Add.png" alt-text="Screenshot of where you select Add to add an SRV record."::: 7. Add the other SRV record. Only select this option if your organization uses Skype for Business for online 1. Select **Add**. - :::image type="content" source="../../media/dns-123reg/123reg-domains-CNAME-Add.png" alt-text="Select Add."::: + :::image type="content" source="../../media/dns-123reg/123reg-domains-CNAME-Add.png" alt-text="Screenshot of where you select Add to add CNAME records for Skype for Business."::: 1. Add the other CNAME record. This service helps you secure and remotely manage mobile devices that connect to 1. Select **Add**. - :::image type="content" source="../../media/dns-123reg/123reg-domains-CNAME-Add.png" alt-text="Select Add."::: + :::image type="content" source="../../media/dns-123reg/123reg-domains-CNAME-Add.png" alt-text="Screenshot of where you select Add to add CNAME records for Mobile Device Management."::: 1. Add the other CNAME record. |
admin | Create Dns Records At Aws | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-aws.md | Before you use your domain with Microsoft, we have to make sure that you own it. **Note**: If you haven't created a hosted zone for your domain, select **Create hosted zone** and complete the steps before moving to the next step. - :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Select the name of the domain you want to verify."::: + :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the domain verification TXT record."::: 1. Select **Manage DNS**. Before you use your domain with Microsoft, we have to make sure that you own it. 1. Under **Domain name**, select the domain name for the hosted zone version of the domain you want to verify. - :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the name of the domain you want to verify."::: + :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the domain verification TXT record."::: 1. Select **Create record**. - :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Select Create record."::: + :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add a domain verification TXT record."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. Before you use your domain with Microsoft, we have to make sure that you own it. 1. Select **Create records**. - :::image type="content" source="../../media/dns-aws/aws-domains-txt-create-records.png" alt-text="Select Create records."::: + :::image type="content" source="../../media/dns-aws/aws-domains-txt-create-records.png" alt-text="Screenshot of where you select Create records to add a domain verification TXT record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: **Note**: If you haven't created a hosted zone for your domain, select **Create hosted zone** and complete the steps before moving to the next step. - :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the MX record."::: 1. Select **Manage DNS**. To verify the record in Microsoft 365: 1. Under **Domain name**, select the domain name for the hosted zone version of the domain you want to verify. - :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the domain name for the hosted zone version of the domain."::: 1. Select **Create record**. - :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Select Create record."::: + :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add an MX record."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. To verify the record in Microsoft 365: 1. Select **Create records**. - :::image type="content" source="../../media/dns-aws/aws-domains-mx-create-records.png" alt-text="Select Create records."::: + :::image type="content" source="../../media/dns-aws/aws-domains-mx-create-records.png" alt-text="Screenshot of where you select Create records to add an MX record"::: 1. If there are any other MX records, remove them by selecting the record, and then selecting **Delete**. To verify the record in Microsoft 365: **Note**: If you haven't created a hosted zone for your domain, select **Create hosted zone** and complete the steps before moving to the next step. - :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the CNAME record."::: 1. Select **Manage DNS**. To verify the record in Microsoft 365: 1. Under **Domain name**, select the domain name for the hosted zone version of the domain you want to verify. - :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the MX record."::: 1. Select **Create record**. - :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Select Create record."::: + :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add a CNAME record"::: 1. In the boxes for the new record, type or copy and paste the values from the following table. To verify the record in Microsoft 365: 1. Select **Create records**. - :::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Select Create records."::: + :::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Screenshot of where you select Create records to add a CNAME record"::: ## Add a TXT record for SPF to help prevent email spam To verify the record in Microsoft 365: **Note**: If you haven't created a hosted zone for your domain, select **Create hosted zone** and complete the steps before moving to the next step. - :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the SPF TXT record."::: 1. Select **Manage DNS**. To verify the record in Microsoft 365: 1. Under **Domain name**, select the domain name for the hosted zone version of the domain you want to verify. - :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the SPF TXT record."::: 1. Select **Create record**. - :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Select Create record."::: + :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add an SPF TXT record."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. To verify the record in Microsoft 365: 1. Select **Create records**. - :::image type="content" source="../../media/dns-aws/aws-domains-txt-create-records.png" alt-text="Select Create records."::: + :::image type="content" source="../../media/dns-aws/aws-domains-txt-create-records.png" alt-text="Screenshot of where you select Create records to add an SPF TXT record."::: ## Advanced option: Skype for Business Only select this option if your organization uses Skype for Business for online **Note**: If you haven't created a hosted zone for your domain, select **Create hosted zone** and complete the steps before moving to the next step. - :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the SRV records for Skype for Business."::: 1. Select **Manage DNS**. Only select this option if your organization uses Skype for Business for online 1. Under **Domain name**, select the domain name for the hosted zone version of the domain you want to verify. - :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the SRV records for Skype for Business."::: 1. Select **Create record**. - :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Select Create record."::: + :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add an SRV record."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. Only select this option if your organization uses Skype for Business for online 1. To add the other SRV record, select **Add another record**, create a record using the values from the next row in the table, and then again select **Create records**. - :::image type="content" source="../../media/dns-aws/aws-domians-srv-create-records.png" alt-text="Select Create records."::: + :::image type="content" source="../../media/dns-aws/aws-domians-srv-create-records.png" alt-text="Screenshot of where you select Create records to add an SRV record."::: > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Find and fix issues after adding your domain or DNS records](../get-help-with-domains/find-and-fix-issues.md). Only select this option if your organization uses Skype for Business for online **Note**: If you haven't created a hosted zone for your domain, select **Create hosted zone** and complete the steps before moving to the next step. - :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the CNAME records for Skype for Business."::: 1. Select **Manage DNS**. - :::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Select Manage DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Screenshot of Registered Domains where you select Manage DNS for the CNAME records for Skype for Business."::: 1. Under **Domain name**, select the domain name for the hosted zone version of the domain you want to verify. - :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the CNAME records for Skype for Business."::: 1. Select **Create record**. - :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Select Create record."::: + :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add CNAME records for Skype for Business."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. Only select this option if your organization uses Skype for Business for online 1. Select **Create records**. - :::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Select Create records."::: + :::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Screenshot of where you select Create records to add CNAME records for Skype for Business."::: > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md). This service helps you secure and remotely manage mobile devices that connect to **Note**: If you haven't created a hosted zone for your domain, select **Create hosted zone** and complete the steps before moving to the next step. - :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the CNAME records for Mobile Device Management."::: 1. Select **Manage DNS**. This service helps you secure and remotely manage mobile devices that connect to 1. Under **Domain name**, select the domain name for the hosted zone version of the domain you want to verify. - :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the name of the domain."::: + :::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the CNAME records for Mobile Device Management."::: 1. Select **Create record**. - :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Select Create record."::: + :::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add CNAME records for Mobile Device Management."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. This service helps you secure and remotely manage mobile devices that connect to 1. Select **Create records**. - :::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Select Create records."::: + :::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Screenshot of where you select Create records to add CNAME records for Mobile Device Management."::: > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md). |
admin | Create Dns Records At Cloudflare | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-cloudflare.md | Before you use your domain with Microsoft, we have to make sure that you own it. 1. On the DNS management page, select **+Add record**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Screenshot of where you select Add record to add a domain verification TXT record."::: 1. Select the TXT type from the drop-down list, and type or copy and paste the values from this table. Before you use your domain with Microsoft, we have to make sure that you own it. 1. Select **Save**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-TXT-save.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-TXT-save.png" alt-text="Screenshot of where you select Save to add a domain verification TXT record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: 1. On the DNS management page, select **+Add record**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Screenshot of where you select Add record to add an MX record."::: 1. Select the MX type from the drop-down list, and type or copy and paste the values from this table. To verify the record in Microsoft 365: 1. Select **Save**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-mx-save.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-mx-save.png" alt-text="Screenshot of where you select Save record to add an MX record."::: 1. If there are any other MX records listed in the **MX Records** section, delete them by selecting **Edit**, and then select **Delete**. To verify the record in Microsoft 365: 1. On the **DNS management** page, select **+Add record** - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Screenshot of where you select Add record to add a CNAME record."::: 1. Select the CNAME type from the drop-down list, and type or copy and paste the values from this table. To verify the record in Microsoft 365: 1. Select **Save**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Screenshot of where you select Save to add a CNAME record."::: ### Add a TXT record for SPF to help prevent email spam To verify the record in Microsoft 365: 1. On the DNS management page, select **+Add record**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Screenshot of where you select Add record to add an SPF TXT record."::: 1. Select the TXT type from the drop-down list, and type or copy and paste the values from this table. To verify the record in Microsoft 365: 1. Select **Save**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-TXT-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-TXT-save.png" alt-text="Screenshot of where you select Save to add an SPF TXT record."::: ## Advanced option: Skype for Business Only select this option if your organization uses Skype for Business for online 1. On the DNS management page, select **+Add record** - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Screenshot of where you select Add record to add an SRV record."::: 1. Select the SRV type from the drop-down list, and type or copy and paste the values from this table. Only select this option if your organization uses Skype for Business for online 1. Select **Save**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-srv-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-srv-save.png" alt-text="Screenshot of where you select Save to add an SRV record."::: 1. Add the other SRV record by copying the values from the second row of the table. Only select this option if your organization uses Skype for Business for online 1. On the DNS management page, select **+Add record** - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Screenshot of where you select Add record to add CNAME records for Skype for Business."::: 1. Select the CNAME type from the drop-down list, and type or copy and paste the values from this table. Only select this option if your organization uses Skype for Business for online 1. Select the **Save**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Screenshot of where you select Save to add CNAME records for Skype for Business."::: 1. Add the other CNAME record by copying the values from the second row of the table. This service helps you secure and remotely manage mobile devices that connect to 1. On the DNS management page, select **+Add record** - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-add-record.png" alt-text="Screenshot of where you select Add record to add CNAME records for Mobile Device Management."::: 1. Select the CNAME type from the drop-down list, and type or copy and paste the values from this table. This service helps you secure and remotely manage mobile devices that connect to 1. Select **Save**. - :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Screenshot of where you select Save to add an CNAME record for Mobile Device Management."::: 1. Add the other CNAME record by copying the values from the second row of the table. |
admin | Create Dns Records At Godaddy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-godaddy.md | Before you use your domain with Microsoft, we have to make sure that you own it. 3. Under **DNS Records**, select **ADD** on the top right corner. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Screenshot of where you select Add to add a domain verification TXT record."::: 4. Select **TXT** option from the filter box. - :::image type="content" source="../../media/dns-godaddy/godaddy-add-txt-records.png" alt-text="Select TXT from the Type drop-down list."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-add-txt-records.png" alt-text="Select TXT from the Type drop-down list for the domain verification TXT record."::: 5. In the boxes for the new record, type or copy and paste the values from the table. Before you use your domain with Microsoft, we have to make sure that you own it. ||||| |TXT|@|MS=ms *XXXXXXXX*<br>**Note**: This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|1 hour <br>| - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXTvalue.png" alt-text="Fill in the values from the table for the TXT record."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXTvalue.png" alt-text="Fill in the values from the table for the domain verification TXT record."::: 6. Select **Save**. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXT-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXT-save.png" alt-text="Screenshot of where you select Save to add a domain verification TXT record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: 3. Under **Records**, select **ADD**. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Screenshot of where you select Add to add an MX record."::: 4. Choose **MX** option from the filter box. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add-MX-records.png" alt-text="Drop down menu showing MX record selected."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add-MX-records.png" alt-text="Drop down menu showing MX record selected."::: 5. In the boxes for the new record, type or copy and paste the values from the following table. To verify the record in Microsoft 365: 3. Under **Records**, select **ADD**. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Screenshot of where you select Add to add a CNAME record."::: 4. Choose **CNAME** from the drop-down list. To verify the record in Microsoft 365: 3. Under **Records**, select **ADD**. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Screenshot of where you select Add to add an SPF TXT record."::: 4. Choose **TXT** from the drop-down list. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXT-save.png" alt-text="Select TXT from the Type drop-down list."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-TXT-save.png" alt-text="Select TXT from the Type drop-down list for the SPF TXT record."::: 5. In the boxes for the new record, type or copy and paste the following values. To verify the record in Microsoft 365: ||||| |TXT|@|v=spf1 include:secureserver.net -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|1 hour| - :::image type="content" source="../../media/dns-godaddy/godaddy-add-TXTvalue-spf.png" alt-text="Fill in the values from the table for the TXT record."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-add-TXTvalue-spf.png" alt-text="Fill in the values from the table for the SPF TXT record."::: 6. Select **Save**. Only select this option if your organization uses Microsoft Teams. Teams needs 4 3. Under **Records**, select **ADD**. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Screenshot of where you select Add to add an SRV record."::: 4. Choose **SRV** from the drop-down list. Only select this option if your organization uses Microsoft Teams. Teams needs 4 |SRV|_sip|_tls|@|sipdir.online.lync.com|100| 1|443|1 Hour| |SRV|_sipfederationtls|_tcp|@| sipfed.online.lync.com| 100|1|5061|1 Hour| - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-SRV-records.png" alt-text="Fill in the values from the table for the SRV record."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-SRV-records.png" alt-text="Fill in the values from the table for the SRV records."::: 6. Select **Save**. Only select this option if your organization uses Microsoft Teams. Teams needs 4 > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md). -### Add the two required CNAME records for Microsoft Teams +### Add the two required CNAME records for Microsoft Teams 1. To get started, go to your domains page at GoDaddy by using [this link](https://account.godaddy.com/products/?go_redirect=disabled). Only select this option if your organization uses Microsoft Teams. Teams needs 4 3. Under **Records**, select **ADD**. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Screenshot of where you select Add to add CNAME records for Microsoft Teams."::: 4. Choose **CNAME** from the drop-down list. Only select this option if your organization uses Microsoft Teams. Teams needs 4 |CNAME|sip|sipdir.online.lync.com. <br/> **This value MUST end with a period (.)**|1 Hour| |CNAME|lyncdiscover|webdir.online.lync.com. <br/> **This value MUST end with a period (.)**|1 Hour| - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-records.png" alt-text="Fill in the values from the table for the CNAME record."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-records.png" alt-text="Fill in the values from the table for the CNAME records for Microsoft Teams."::: -1. Select **Save**. +6. Select **Save**. -1. Add the other CNAME record by choosing the values from the second row of the table. +7. Add the other CNAME record by choosing the values from the second row of the table. > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md). This service helps you secure and remotely manage mobile devices that connect to 3. Under **Records**, select **ADD**. - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add.png" alt-text="Screenshot of where you select Add to add CNAME records for Mobile Device Management."::: 4. Choose **CNAME** from the drop-down list. :::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-type.png" alt-text="Select CNAME from the Type drop-down list."::: -1. In the empty boxes for the new records, type or copy and paste the values from the first row in the following table. +5. In the empty boxes for the new records, type or copy and paste the values from the first row in the following table. |Type|Name|Value|TTL| ||||| |CNAME|enterpriseregistration|enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)**|1 Hour| |CNAME|enterpriseenrollment|enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)**|1 Hour| - :::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-values.png" alt-text="Fill in the values from the table for the CNAME record."::: + :::image type="content" source="../../media/dns-godaddy/godaddy-domains-CNAME-values.png" alt-text="Fill in the values from the table for the CNAME records for Mobile Device Management."::: -1. Select **Save**. +6. Select **Save**. -1. Add the other CNAME record by choosing the values from the second row of the table. +7. Add the other CNAME record by choosing the values from the second row of the table. > [!NOTE] > Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see [Troubleshoot issues after changing your domain name or DNS records](../get-help-with-domains/find-and-fix-issues.md). |
admin | Create Dns Records At Namecheap | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-namecheap.md | Before you use your domain with Microsoft, we have to make sure that you own it. > [!NOTE] > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**. - :::image type="content" source="../../media/a5b40973-19b5-4c32-8e1b-1521aa971836.png" alt-text="Select TXT Record."::: + :::image type="content" source="../../media/a5b40973-19b5-4c32-8e1b-1521aa971836.png" alt-text="Select TXT Record for the domain verification TXT record."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. Before you use your domain with Microsoft, we have to make sure that you own it. ||||| |TXT|@|MS=ms *XXXXXXXX* <br/>**Note:** This is an example. Use your specific **Destination or Points to Address** value here, from the table. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|30 min| - :::image type="content" source="../../media/fe75c0fd-f85c-4bef-8068-edaf9779b7f1.png" alt-text="Copy and paste the values from the table."::: + :::image type="content" source="../../media/fe75c0fd-f85c-4bef-8068-edaf9779b7f1.png" alt-text="Copy and paste the values from the table for the domain verification TXT record."::: 1. Select the **Save Changes** (check mark) control. - :::image type="content" source="../../media/b48d2c67-66b5-4aa4-8e59-0c764f236fac.png" alt-text="Select the Save Changes control."::: + :::image type="content" source="../../media/b48d2c67-66b5-4aa4-8e59-0c764f236fac.png" alt-text="Screenshot of the the Save Changes control for the domain verification TXT record."::: 1. Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: |||||| |MX Record|@|\<*domain-key*\>.mail.protection.outlook.com. <br/> **This value MUST end with a period (.)** <br/> **Note:** Get your *\<domain-key\>* from your Microsoft account. [How do I find this?](../get-help-with-domains/information-for-dns-records.md)|0 <br/> For more information about priority, see [What is MX priority?](../setup/domains-faq.yml)|30 min| - :::image type="content" source="../../media/f3b76d62-5022-48c1-901b-8615a8571309.png" alt-text="Copy and paste the values from the table."::: + :::image type="content" source="../../media/f3b76d62-5022-48c1-901b-8615a8571309.png" alt-text="Copy and paste the values from the table for the MX record."::: 1. Select the **Save Changes** (check mark) control. - :::image type="content" source="../../media/ef4e3112-36d2-47c8-a478-136a565dd71d.png" alt-text="Select the Save Changes control."::: + :::image type="content" source="../../media/ef4e3112-36d2-47c8-a478-136a565dd71d.png" alt-text="Screenshot of the the Save Changes control for the MX record."::: 1. If there are any other MX records, use the following two-step process to remove each of them: To verify the record in Microsoft 365: ||||| |CNAME|autodiscover|autodiscover.outlook.com. <br/> **This value MUST end with a period (.)**|Automatic| - :::image type="content" source="../../media/f79c5679-34eb-4544-8517-caa2e8a4111a.png" alt-text="Copy and paste the values from the table."::: + :::image type="content" source="../../media/f79c5679-34eb-4544-8517-caa2e8a4111a.png" alt-text="Copy and paste the values from the table for the CNAME record."::: 1. Select the **Save Changes** (check mark) control. - :::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Select the Save Changes control."::: + :::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Screenshot of the the Save Changes control for the CNAME record."::: ## Add a TXT record for SPF to help prevent email spam To verify the record in Microsoft 365: > [!NOTE] > The **Type** drop-down automatically appears when you select **ADD NEW RECORD**. - :::image type="content" source="../../media/c5d1fddb-28b5-48ec-91c9-3e5d3955ac80.png" alt-text="Select TXT Record."::: + :::image type="content" source="../../media/c5d1fddb-28b5-48ec-91c9-3e5d3955ac80.png" alt-text="Select TXT Record for the SPF TXT record."::: 1. In the boxes for the new record, type or copy and paste the following values from the following table. To verify the record in Microsoft 365: ||||| |TXT|@|v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|30 min| - :::image type="content" source="../../media/ea0829f1-990b-424b-b26e-9859468318dd.png" alt-text="Copy and paste the values from the table."::: + :::image type="content" source="../../media/ea0829f1-990b-424b-b26e-9859468318dd.png" alt-text="Copy and paste the values from the table for the SPF TXT record."::: 1. Select the **Save Changes** (check mark) control. - :::image type="content" source="../../media/f2846c36-ace3-43d8-be5d-a65e2c267619.png" alt-text="Select the Save Changes control."::: + :::image type="content" source="../../media/f2846c36-ace3-43d8-be5d-a65e2c267619.png" alt-text="Screenshot of the the Save Changes control for the SPF TXT record."::: ## Advanced option: Microsoft Teams Only select this option if your organization uses Microsoft Teams. Teams needs 4 |_sip|_tls|100|1|443|sipdir.online.lync.com. <br/> **This value MUST end with a period (.)**|Automatic| |_sipfederationtls|_tcp|100|1|5061|sipfed.online.lync.com. <br/> **This value MUST end with a period (.)**|Automatic| - :::image type="content" source="../../media/ff9566ea-0096-4b7f-873c-027080a23b56.png" alt-text="Copy and paste the values from the table."::: + :::image type="content" source="../../media/ff9566ea-0096-4b7f-873c-027080a23b56.png" alt-text="Copy and paste the values from the table for the SRV records."::: 1. Select the **Save Changes** (check mark) control. - :::image type="content" source="../../media/48a8dee4-c66d-449d-8759-9e9784c82b13.png" alt-text="Select the Save Changes control."::: + :::image type="content" source="../../media/48a8dee4-c66d-449d-8759-9e9784c82b13.png" alt-text="Screenshot of the the Save Changes control for the SRV records for Microsoft Teams."::: 1. Add the other SRV record by choosing the values from the second row of the table. Only select this option if your organization uses Microsoft Teams. Teams needs 4 1. Select the **Save Changes** (check mark) control. - :::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Select the Save Changes control."::: + :::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Screenshot of the the Save Changes control for the CNAME records for Microsoft Teams."::: 1. Add the other CNAME record by choosing the values from the second row of the table. This service helps you secure and remotely manage mobile devices that connect to |CNAME|enterpriseregistration|enterpriseregistration.windows.net. <br/> **This value MUST end with a period (.)**|Automatic| |CNAME|enterpriseenrollment|enterpriseenrollment-s.manage.microsoft.com. <br/> **This value MUST end with a period (.)**|Automatic| - :::image type="content" source="../../media/f79c5679-34eb-4544-8517-caa2e8a4111a.png" alt-text="Copy and paste the values from the table."::: + :::image type="content" source="../../media/f79c5679-34eb-4544-8517-caa2e8a4111a.png" alt-text="Copy and paste the values from the table for the CNAME records for Mobile Device Management."::: 1. Select the **Save Changes** control. - :::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Select the Save Changes control."::: + :::image type="content" source="../../media/91a5cce4-ca41-41ec-b976-aafe681a4d68.png" alt-text="Screenshot of the the Save Changes control for the CNAME records for Mobile Device Management."::: 1. Add the other CNAME record by choosing the values from the second row of the table. |
admin | Create Dns Records At Network Solutions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-network-solutions.md | Before you use your domain with Microsoft, we have to make sure that you own it. 1. Select **ADD**. - :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Screenshot of where you select Add to add a domain verification TXT record."::: > [!NOTE] > Select **Classic View** in the upper right to view the TXT record you created. To verify the record in Microsoft 365: 1. Select **ADD**. - :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-MX-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-MX-add.png" alt-text="Screenshot of where you select Add to add an MX record."::: > [!NOTE] > Select **Classic View** in the upper right to view the TXT record you created. To verify the record in Microsoft 365: 1. In the boxes for the new record, type or copy and paste the following values. - |Refers to|TXT Value|TTL + |Refers to|TXT Value|TTL| |||| |@ <br/> (The system will change this value to **@ (None)** when you save the record.)|v=spf1 include:spf.protection.outlook.com -all <br/> **Note:** We recommend copying and pasting this entry, so that all of the spacing stays correct.|1 Hour| 1. Select **ADD**. - :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-add.png" alt-text="Screenshot of where you select Add to add an SPF TXT record."::: > [!NOTE] > Select **Classic View** in the upper right to view the record you created. Only select this option if your organization uses Skype for Business for online 1. Select **ADD**. - :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-srv-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-networksolutions/networksolutions-domains-srv-add.png" alt-text="Screenshot of where you select Add to add an SRV record."::: > [!NOTE] > Select **Classic View** in the upper right to view the record you created. |
admin | Create Dns Records At Web Com | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-web-com.md | Before you use your domain with Microsoft, we have to make sure that you own it. 1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Select + ADD RECORD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Screenshot of where you select Add a record to add a domain verification TXT record."::: 1. Under **Type**, select **TXT** from the drop-down list. - :::image type="content" source="../../media/dns-webcom/webcom-domains-TXT.png" alt-text="Select TXT from the Type drop-down list."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-TXT.png" alt-text="Select TXT from the Type drop-down list for the domain verification TXT record."::: 1. Select, or copy and paste, the values from the following table. To verify the record in Microsoft 365: 1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Select + ADD RECORD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Screenshot of where you select Add a record to add an MX record."::: 1. Under **Type**, select **MX** from the drop-down list. To verify the record in Microsoft 365: 1. Select **ADD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-mx-add.png" alt-text="Select ADD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-mx-add.png" alt-text="Screenshot of where you select Add to add an MX record."::: 1. If there are any other MX records, delete all of them by selecting the edit tool, and then **Delete** for each record. To verify the record in Microsoft 365: 1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Select + ADD RECORD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Screenshot of where you select Add a record to add a CNAME record."::: 1. Under **Type**, select **CNAME** from the drop-down list. To verify the record in Microsoft 365: 1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Select + ADD RECORD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Screenshot of where you select Add a record to add an SPF TXT record."::: 1. Under **Type**, select **TXT** from the drop-down list. - :::image type="content" source="../../media/dns-webcom/webcom-domains-TXT.png" alt-text="Select TXT from the Type drop-down list."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-TXT.png" alt-text="Select TXT from the Type drop-down list for the SPF TXT record."::: 1. Select, or copy and paste, the values from the following table. Only select this option if your organization uses Skype for Business for online 1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Select + ADD RECORD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Screenshot of where you select Add a record to add an SRV record."::: 1. Under **Type**, select **SRV** from the drop-down list. Only select this option if your organization uses Skype for Business for online 1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Select + ADD RECORD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Screenshot of where you select Add a record to add CNAME records for Skype for Business."::: 1. Under **Type**, select **CNAME** from the drop-down list. This service helps you secure and remotely manage mobile devices that connect to 1. On the Manage Advanced DNS Records page, select **+ ADD RECORD**. - :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Select + ADD RECORD."::: + :::image type="content" source="../../media/dns-webcom/webcom-domains-add-record.png" alt-text="Screenshot of where you select Add a record to add CNAME records for Mobile Device Management."::: 1. Under **Type**, select **CNAME** from the drop-down list. |
admin | Create Dns Records At Wix | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-wix.md | Before you use your domain with Microsoft, we have to make sure you own it. Your 3. Select **+ Add Record** in the **TXT (Text)** row of the DNS editor. - :::image type="content" source="../../media/dns-wix/wix-domains-TXT-add-record.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-wix/wix-domains-TXT-add-record.png" alt-text="Screenshot of where you select Add record to add a domain verification TXT record."::: 4. In the boxes for the new record, type or copy and paste the values from the following table. Before you use your domain with Microsoft, we have to make sure you own it. Your 5. Select**Save**. - :::image type="content" source="../../media/dns-wix/wix-domains-txt-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-wix/wix-domains-txt-save.png" alt-text="Screenshot of where you select Save to add domain verification TXT record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: 3. Select **+ Add Record** in the **CNAME (Aliases)** row of the DNS editor for the CNAME record. - :::image type="content" source="../../media/dns-wix/wix-domains-cname-add-record.png" alt-text="Select + Add Record."::: + :::image type="content" source="../../media/dns-wix/wix-domains-cname-add-record.png" alt-text="Screenshot of where you select Add a record to add a CNAME record."::: 4. In the boxes for the new record, type or copy and paste the values from the following table: To verify the record in Microsoft 365: 5. Select **Save**. - :::image type="content" source="../../media/dns-wix/wix-domains-cname-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-wix/wix-domains-cname-save.png" alt-text="Screenshot of where you select Save to add a CNAME record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: 3. Select **+ Add Record** in the **TXT (Text)** row of the DNS editor. - :::image type="content" source="../../media/dns-wix/wix-domains-TXT-add-record.png" alt-text="Select + Add record."::: + :::image type="content" source="../../media/dns-wix/wix-domains-TXT-add-record.png" alt-text="Screenshot of where you select Add a record to add an SPF TXT record."::: **Note**: Wix provides an SPF row in the DNS editor. Ignore that row and use the **TXT (Text)** row to enter the SPF values below. To verify the record in Microsoft 365: 5. Select **Save**. - :::image type="content" source="../../media/dns-wix/wix-domains-txt-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-wix/wix-domains-txt-save.png" alt-text="Screenshot of where you select Save to add an SPF TXT record."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. Only select this option if your organization uses Skype for Business for online 1. Select **+ Add Record** in the **SRV** row of the DNS editor. - :::image type="content" source="../../media/dns-wix/wix-domains-srv-add-record.png" alt-text="Select + Add Record."::: + :::image type="content" source="../../media/dns-wix/wix-domains-srv-add-record.png" alt-text="Screenshot of where you select Add a record to add an SRV record."::: 1. In the boxes for the new record, type or copy and paste the values from the first row in the table: Only select this option if your organization uses Skype for Business for online 1. Select **Save**. - :::image type="content" source="../../media/dns-wix/wix-domains-srv-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-wix/wix-domains-srv-save.png" alt-text="Screenshot of where you select Save to add a SRV record."::: 1. Add the other SRV record by copying the values from the second row of the table. Only select this option if your organization uses Skype for Business for online 1. Select **Save**. - :::image type="content" source="../../media/dns-wix/wix-domains-cname-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-wix/wix-domains-cname-save.png" alt-text="Screenshot of where you select Save to add CNAME records for Skype for Business."::: 1. Add the other CNAME record by copying the values from the second row of the table. This service helps you secure and remotely manage mobile devices that connect to 1. Select **+ Add Record** in the **CNAME (Aliases)** row of the DNS editor for the CNAME record. - :::image type="content" source="../../media/dns-wix/wix-domains-cname-add-record.png" alt-text="Select + Add Record."::: + :::image type="content" source="../../media/dns-wix/wix-domains-cname-add-record.png" alt-text="Screenshot of where you select Add a record to add CNAME records for Mobile Device Management."::: 1. Enter the values from the first row in the following table. This service helps you secure and remotely manage mobile devices that connect to 1. Select **Save**. - :::image type="content" source="../../media/dns-wix/wix-domains-cname-save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-wix/wix-domains-cname-save.png" alt-text="Screenshot of where you select Save to add CNAME records for Mobile Device Management."::: 1. Add the other CNAME record by copying the values from the second row of the table. |
admin | Transfer A Domain From Microsoft To Another Host | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/transfer-a-domain-from-microsoft-to-another-host.md | Sign in as a global administrator, follow these steps to get a code at Microsoft 3. At the top of the page, select **Transfer domain**. -4. On the **Choose where to transfer your domain** page, select **A different registrar**, and then click **Next**. +4. On the **Choose where to transfer your domain** page, select **A different registrar**, and then select **Next**. 5. On the **Unlock domain transfer** page, select **Unlock transfer for <_your domain_>**, and then select **Next**. Sign in as a global administrator, follow these steps to get a code at Microsoft 7. Copy the authorization code and wait about 30 minutes for your domain transfer status to change to **Unlocked for transfer** on the **Registration** tab before you proceed with next steps. -8. Go to the website of the domain registrar you want to manage your domain name going forward. Follow directions for transferring a domain (search for help on their website). This usually means paying transfer fees and giving the Authcode to the new registrar so they can initiate the transfer. Microsoft will email you to confirm weΓÇÖve received the transfer request, and the domain will transfer within 5 days. +8. Go to the website of the domain registrar you want to manage your domain name going forward. Follow directions for transferring a domain (search for help on their website). This usually means paying transfer fees and giving the Authcode to the new registrar so they can initiate the transfer. Microsoft emails you to confirm weΓÇÖve received the transfer request, and the domain will transfer within five days. You can find the authorization code **Registration** tab on the **Domains** page in Microsoft 365. Sign in as a global administrator, follow these steps to get a code at Microsoft 9. After the transfer is complete, you'll renew your domain at the new domain registrar. -10. To finish the process, go back to the **Domains** page in the admin center, and then select **Complete domain transfer**. This will mark the domain as no longer purchased from Microsoft 365, and will disable the domain subscription. It will not remove the domain from the tenant, and will not affect existing users and mailboxes on the domain. +10. To finish the process, go back to the **Domains** page in the admin center, and then select **Complete domain transfer**. This marks the domain as no longer purchased from Microsoft 365, and will disable the domain subscription. It will not remove the domain from the tenant, and won't affect existing users and mailboxes on the domain. > [!NOTE] > Microsoft 365 purchased domains are not eligible for nameserver changes or transferring the domain between Microsoft 365 organizations. If either of these are required, the domain registration must be transferred to another registrar. |
admin | M365 Katakana Glossary | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/m365-katakana-glossary.md | Last updated 10/19/2023 # Microsoft 365 admin center katakana glossary -Explanations have been added to the main katakana terms used in the Microsoft 365 Management Center. For more detailed information, please refer to the text in the link on each item. +We added explanations to the main katakana terms used in the Microsoft 365 Management Center. For more detailed information, refer to the text in the link on each item. ## Account ![Account](../media/katanaglossary/001_account.png) -Refers to an identifying name assigned to an individual within an organization/company for the purpose of using Microsoft 365. It is created for each organization/company and a separate account is usually assigned to each individual. Use this account to use Microsoft 365 services. +Refers to an identifying name assigned to an individual within an organization/company for using Microsoft 365. It's created for each organization/company and a separate account is assigned to each individual. Use this account to use Microsoft 365 services. [Add users and assign licenses](add-users/add-users.md) Refers to an identifying name assigned to an individual within an organization/c ![Add-on](../media/katanaglossary/002_1_addon.png) -This is not a stand-alone offering by itself, but an additional feature to a service that is subscribed to by subscription. It provides more advanced and new features. +This isn't a stand-alone offering by itself, but an extra feature to a service that is subscribed to by subscription. It provides more advanced and new features. [Purchase or manage add-ons](../commerce/buy-or-edit-an-add-on.md) Also referred to as an original domain. An Internet domain dedicated to an organ ![Cloud storage](../media/katanaglossary/004_cloudstorage.png) -A place or device for storing files on the Internet. It can be beneficial when an individual uses the same file from multiple terminals or devices, or when multiple people work together. It is suitable for referencing and modifying files from different environments such as PCs and mobile devices, internal and remotely. +A place or device for storing files on the Internet. It can be beneficial when an individual uses the same file from multiple terminals or devices, or when multiple people work together. It's suitable for referencing and modifying files from different environments such as PCs and mobile devices, internal and remotely. ## Groups Various groups ![Global administrator](../media/katanaglossary/006_globaladmin.png) -The global administrator, usually has the authority to change, delete, or set new settings for all setting items. +The global administrator has the authority to change, delete, or set new settings for all setting items. -If you wish to appoint an administrator with limited administrative functions (e.g. you want to give them administrative functions but not allow them to purchase new services.), please refer to the following article. +If you wish to appoint an administrator with limited administrative functions (for example, you want to give them administrative functions but not allow them to purchase new services.), refer to the following article. [About the administrator role of the Microsoft 365 Management Center](add-users/about-admin-roles.md) Cooperating with several different organizations and people toward a common purp ## Service (online service) -A computer or software function that is provided over a network (Internet). It is distinguished from software that is executed directly on the PC at your disposal. +A computer or software function that is provided over a network (Internet). It's distinguished from software that is executed directly on the PC at your disposal. ## Website address In Microsoft 365, it refers to the URL of the SharePoint site. ## Sign-in -To make the service available for use from the account via authentication, or to allow the service to recognize the user. Microsoft 365 services becomes available by signing in. +To make the service available for use from the account via authentication, or to allow the service to recognize the user. Microsoft 365 services become available by signing in. ## Subscription A system to prevent confidential and personal information of organizations, empl ## Domain The part of a website or e-mail address that corresponds to an address on the Internet used for a website or e-mail address.-E.g.: contoso.com part of www.contoso.com and mail@contoso.com. +For example: contoso.com part of www.contoso.com and mail@contoso.com. ## Training and guide Refers to learning texts and videos for using and managing Microsoft 365 provide ## Public -In Microsoft 365, it refers to the state of being viewable or editable by all users in the organization. E.g.: Public group: A group in which anyone in the organization can participate. +In Microsoft 365, it refers to the state of being viewable or editable by all users in the organization. For example: Public group: A group in which anyone in the organization can participate. ## Give feedback In Microsoft 365, it refers to the state of being viewable or editable by all us Refers to sending comments or requests to Microsoft from users of the service. -For matters that require customer support attention in accordance with your support contract, please use the "Help and Support" link at the top of the page. For non-support related issues such as usability or new feature suggestions, please use this feedback form to send your suggestions. The development team looks directly at the content. The more specific your comments and requests are, the more likely it will be implemented. +For matters that require customer support attention in accordance with your support contract, use the "Help and Support" link at the top of the page. For non-support related issues such as usability or new feature suggestions, use this feedback form to send your suggestions. The development team looks directly at the content. The more specific your comments and requests are, the more likely it will be implemented. ## Privacy A function to set the scope of disclosure of files and information related to th ## Private -A state in which only certain people within an organization can view, modify, etc. The owner or administrator of that information or group can set which people are granted permission to connect. E.g.: Private group +A state in which only certain people within an organization can view, modify, etc. The owner or administrator of that information or group can set which people are granted permission to connect. For example: Private group ## Billing profile ![Billing profile](../media/katanaglossary/011_billpayments.png) -Billing information and other information related to Microsoft 365 payments are stored. It is used to pay for products and services purchased from Microsoft. Note: Billing profiles are not used for products and services purchased from Microsoft.com or the Management Center. +Billing information and other information related to Microsoft 365 payments are stored. It's used to pay for products and services purchased from Microsoft. Note: Billing profiles aren't used for products and services purchased from Microsoft.com or the Management Center. [Understanding the billing profile](../commerce/billing-and-payments/manage-billing-profiles.md) |
admin | Search In The Mac | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/search-in-the-mac.md | As the administrator of a Microsoft 365 organization, you can use search to find :::image type="content" source="../../media/search-bar.png" alt-text="Screenshot: Search bar in the Microsoft 365 admin center"::: -Search results are organized into different categories. Most of the categories are items in the admin center. For example, users, groups, shared mailboxes or domains. Other categories show you places you can navigate to, actions you can take or app level settings that you can change. And there's also a category related to documentation. +Search results are organized into different categories. Most of the categories are items in the admin center. For example, users, groups, shared mailboxes, or domains. Other categories show you places you can navigate to, actions you can take or app level settings that you can change. And there's also a category related to documentation. The following sections describe the different areas and categories in the admin center that are searchable. ## Before you begin -You need to be an administrator to search in the admin center. Search results are scoped to administrator permissions the logged in user has. For example, if SharePoint admin doesn't see an area or category in the admin center, they won't see it in search. +You need to be an administrator to search in the admin center. Search results are scoped to administrator permissions the logged in user has. For example, if SharePoint admin doesn't see an area or category in the admin center, they can't see it in search. ## Users -Users can be found by display name, last name, first name, username, primary email address, or email aliases. Select the user's name edit to edit the userΓÇÖs details. +You can find users by display name, last name, first name, username, primary email address, or email aliases. Select the user's name edit to edit the userΓÇÖs details. :::image type="content" source="../../media/User-search-stock-picture-domain-blanked.png" alt-text="Screenshot: Search for a user Felix Henderson"::: If you select the three dots (more actions) menu next to their name, you can res **Tips to improve user search results** -- Make sure you spell the users' names correctly as user searches are matched exactly against the earlier mentioned properties. For example, in the above example, Jus or Malz will work but a misspelling, like, Jostin instead of Justin will not find this user.+- Make sure you spell the users' names correctly as user searches are matched exactly against the earlier mentioned properties. For example, in the above example, Jus or Malz will work but a misspelling, like, Jostin instead of Justin won't find this user. - To get an exact match, search by primary email address or username. ## Groups Make sure you spell the group name correctly. ## Actions -You can search for Actions category contains frequently used actions in M365 Admin Center. Think of actions as verb in the system. For example, you can also search "reset password" from any page and then reset one or more passwords for users. You can search for ΓÇ£delete a userΓÇ¥ and delete the user from the Delete user page. +You can search for Actions category, which contains frequently used actions in M365 Admin Center. Think of actions as verb in the system. For example, you can also search "reset password" from any page and then reset one or more passwords for users. You can search for ΓÇ£delete a userΓÇ¥ and delete the user from the Delete user page. :::image type="content" source="../../media/search-for-actions-mac.png" alt-text="Screenshot: Search results showing actions you can perform in the admin center"::: ## Navigation -Results provides a way to quickly navigate to a specific page in the admin center. For example, searching for RBAC will take you to the Roles page for Microsoft Entra roles. +Results provides a way to quickly navigate to a specific page in the admin center. For example, searching for RBAC takes you to the Roles page for Microsoft Entra roles. :::image type="content" source="../../media/search-for-navigation-mac.png" alt-text="Screenshot: Search results showing navigation path in the admin center"::: Search for supported app level settings related to your organization, the servic ## Domain -You can find quick links to your domains, and then the link will take you to that domain's overview page. +You can find quick links to your domains, and then the link takes you to that domain's overview page. :::image type="content" source="../../media/search-for-domains-mac.png" alt-text="Search results showing domains owned in the admin center."::: ## Documentation -A documentation search provides relevant help documentation based on your search phrase. Click on the topic to learn more. +A documentation search provides relevant help documentation based on your search phrase. Select the article to learn more. :::image type="content" source="../../media/search-for-docs-mac.png" alt-text="Screenshot: Search showing documentation results in the admin center"::: |
admin | Experience Insights Help Articles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/experience-insights-help-articles.md | description: "Get a report of the Microsoft 365 help articles people in your org As the admin of a Microsoft 365 organization, you get a report of the Microsoft 365 help articles people in your organization are reading. You can use this information to see which Microsoft 365 product or service your users need the most help using and provide more resources and help. To learn more about adoption and training for users in your organization, see [Microsoft 365 Experience insights dashboard](experience-insights-dashboard.md). ## How to get to the Experience insights dashboard There are a couple of ways to get the Experience insights dashboard page. If youΓÇÖre a member of the global admin or global reader roles, when you log in to the Microsoft 365 admin center, youΓÇÖll see a one-time prompt to go to the Experience insights (preview) dashboard. You can access it at any time by selecting Experience insights (preview) from the admin home page. If youΓÇÖre a member of the reports reader role, once you sign into the admin center, youΓÇÖll automatically go to the Experience insights (preview) dashboard page. You can switch back to the admin center Dashboard view by selecting that option in the top right. Select an app or service and then select **Help content**. Chart information gives you insight into the apps and services that you want to track data on. Help article views is the total number of help article page views that users in your organization have viewed in a Microsoft 365 app or on support.microsoft.com. > [!NOTE] > Help article views are only shown for users who have signed in to the desktop app or have signed in to [support.microsoft.com](https://support.microsoft.com). |
admin | Password Policy Recommendations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md | -description: "Make your organization more secure against password attacks, and ban common passwords and enable risk-based multi-factor authentication." +description: "Make your organization more secure against password attacks, and ban common passwords and enable risk-based multifactor authentication." # Password policy recommendations for Microsoft 365 passwords Check out all of our small business content on [Small business help & learning]( As the admin of an organization, you're responsible for setting the password policy for users in your organization. Setting the password policy can be complicated and confusing, and this article provides recommendations to make your organization more secure against password attacks. -Microsoft cloud-only accounts have a pre-defined password policy that cannot be changed. The only items you can change are the number of days until a password expires and whether or not passwords expire at all. +Microsoft cloud-only accounts have a predefined password policy that can't be changed. The only items you can change are the number of days until a password expires and whether or not passwords expire at all. To determine how often Microsoft 365 passwords expire in your organization, see [Set password expiration policy for Microsoft 365](../manage/set-password-expiration-policy.md). Good password practices fall into a few broad categories: - **Containing successful attacks** Containing successful hacker attacks is about limiting exposure to a specific service, or preventing that damage altogether, if a user's password gets stolen. For example, ensuring that a breach of your social networking credentials doesn't make your bank account vulnerable, or not letting a poorly guarded account accept reset links for an important account. -- **Understanding human nature** Many valid password practices fail in the face of natural human behaviors. Understanding human nature is critical because research shows that almost every rule you impose on your users will result in a weakening of password quality. Length requirements, special character requirements, and password change requirements all result in normalization of passwords, which makes it easier for attackers to guess or crack passwords.+- **Understanding human nature** Many valid password practices fail in the face of natural human behaviors. Understanding human nature is critical because research shows that almost every rule you impose on your users results in a weakening of password quality. Length requirements, special character requirements, and password change requirements all result in normalization of passwords, which makes it easier for attackers to guess or crack passwords. ## Password guidelines for administrators The primary goal of a more secure password system is password diversity. You want your password policy to contain lots of different and hard to guess passwords. Here are a few recommendations for keeping your organization as secure as possible. -- Maintain an 8-character minimum length requirement+- Maintain an eight-character minimum length requirement - Don't require character composition requirements. For example, \*&(^%$ The primary goal of a more secure password system is password diversity. You wan - Ban common passwords, to keep the most vulnerable passwords out of your system -- Educate your users to not reuse their organization passwords for non-work related purposes+- Educate your users to not reuse their organization passwords for nonwork related purposes - Enforce registration for [multi-factor authentication](../security-and-compliance/set-up-multi-factor-authentication.md) Here's some password guidance for users in your organization. Make sure to let y - Don't use a single word, for example, **password**, or a commonly used phrase like **Iloveyou** -- Make passwords hard to guess, even by those who know a lot about you, such as the names and birthdays of your friends and family, your favorite bands, and phrases you like to use+- Make passwords hard to guess, even by people who know a lot about you, such as the names and birthdays of your friends and family, your favorite bands, and phrases you like to use ## Some common approaches and their negative impacts -These are some of the most commonly used password management practices, but research warns us about the negative impacts of them. +They're some of the most commonly used password management practices, but research warns us about their negative impacts. ### Password expiration requirements for users -Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them. +Password expiration requirements do more harm than good, as they make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them. ### Minimum password length requirements -To encourage users to think about a unique password, we recommend keeping a reasonable 8-character minimum length requirement. +To encourage users to think about a unique password, we recommend keeping a reasonable eight-character minimum length requirement. ### Requiring the use of multiple character sets Password complexity requirements reduce key space and cause users to act in pred - non-alphanumeric characters -Most people use similar patterns, for example, a capital letter in the first position, a symbol in the last, and a number in the last 2. Cybercriminals know this, so they run their dictionary attacks using the most common substitutions, "$" for "s", "@" for "a," "1" for "l". Forcing your users to choose a combination of upper, lower, digits, special characters has a negative effect. Some complexity requirements even prevent users from using secure and memorable passwords, and force them into coming up with less secure and less memorable passwords. +Most people use similar patterns. For example, a capital letter in the first position, a symbol in the last, and a number in the last 2. Cyber criminals are aware about such patterns, so they run their dictionary attacks using the most common substitutions, "$" for "s", "@" for "a," "1" for "l". Forcing your users to choose a combination of upper, lower, digits, special characters has a negative effect. Some complexity requirements even prevent users from using secure and memorable passwords, and force them into coming up with less secure and less memorable passwords. ## Successful Patterns The most important password requirement you should put on your users when creati ### Educate users to not reuse organization passwords anywhere else -One of the most important messages to get across to users in your organization is to not reuse their organization password anywhere else. The use of organization passwords in external websites greatly increases the likelihood that cybercriminals will compromise these passwords. +One of the most important messages to get across to users in your organization is to not reuse their organization password anywhere else. The use of organization passwords in external websites greatly increases the likelihood that cybercriminals can compromise these passwords. ### Enforce Multi-Factor Authentication registration -Make sure your users update contact and security information, like an alternate email address, phone number, or a device registered for push notifications, so they can respond to security challenges and be notified of security events. Updated contact and security information helps users verify their identity if they ever forget their password, or if someone else tries to take over their account. It also provides an out of band notification channel in the case of security events such as login attempts or changed passwords. +Make sure your users update contact and security information, like an alternate email address, phone number, or a device registered for push notifications, so they can respond to security challenges and be notified of security events. Updated contact and security information helps users verify their identity if they ever forget their password, or if someone else tries to take over their account. It also provides an out of band notification channel for security events such as login attempts or changed passwords. To learn more, see [Set up multi-factor authentication](../security-and-compliance/set-up-multi-factor-authentication.md). ### Enable risk based multi-factor authentication -Risk-based multi-factor authentication ensures that when our system detects suspicious activity, it can challenge the user to ensure that they are the legitimate account owner. +Risk-based multi-factor authentication ensures that when our system detects suspicious activity, it can challenge the user to ensure that they're the legitimate account owner. ## Next steps -Want to know more about managing passwords? Here is some recommended reading: +Want to know more about managing passwords? Here's some recommended reading: - [Forget passwords, go passwordless](https://www.microsoft.com/security/business/identity-access-management/passwordless-authentication) |
admin | Manage Domain Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/manage-domain-users.md | description: "Synchronize domain-controlled users with Microsoft 365 for busines Before you synchronize your users and computers from the local Active Directory Domain, review [Prepare for directory synchronization to Microsoft 365](../../enterprise/prepare-for-directory-synchronization.md). In particular: - - Make sure that no duplicates exist in your directory for the following attributes: **mail**, **proxyAddresses**, and **userPrincipalName**. These values must be unique and any duplicates must be removed. - - - We recommend that you configure the **userPrincipalName** (UPN) attribute for each local user account to match the primary email address that corresponds to the licensed Microsoft 365 user. For example: *mary.shelley@contoso.com* rather than *mary@contoso.local* - - - If the Active Directory domain ends in a non-routable suffix like *.local* or *.lan*, instead of an internet routable suffix such as *.com* or *.org*, adjust the UPN suffix of the local user accounts first as described in [Prepare a non-routable domain for directory synchronization](../../enterprise/prepare-a-non-routable-domain-for-directory-synchronization.md). +- Make sure that no duplicates exist in your directory for the following attributes: **mail**, **proxyAddresses**, and **userPrincipalName**. These values must be unique and any duplicates must be removed. -The **Run IdFix** in step four (4) below, will also make sure your on-premises Active Directory is ready for directory synchronization. +- We recommend that you configure the **userPrincipalName** (UPN) attribute for each local user account to match the primary email address that corresponds to the licensed Microsoft 365 user. For example: *mary.shelley@contoso.com* rather than *mary@contoso.local*. ++- If the Active Directory domain ends in a non-routable suffix like *.local* or *.lan*, instead of an internet routable suffix such as *.com* or *.org*, adjust the UPN suffix of the local user accounts first as described in [Prepare a non-routable domain for directory synchronization](../../enterprise/prepare-a-non-routable-domain-for-directory-synchronization.md). ++The **Run IdFix** in the following steps makes sure that your on-premises Active Directory is ready for directory synchronization. <a name='2-install-and-configure-azure-ad-connect'></a> To synchronize your users, groups, and contacts from the local Active Directory 5. Follow the wizard steps to download Microsoft Entra Connect and use it to synchronize your domain-controlled users to Microsoft 365. - See [Set up directory synchronization for Microsoft 365](../../enterprise/set-up-directory-synchronization.md) to learn more. As you configure your options for Microsoft Entra Connect, we recommend that you enable **Password Synchronization**, **Seamless Single Sign-On**, and the **password writeback** feature, which is also supported in Microsoft 365 for business. |
admin | Connect To Gcc Data With Usage Analytics | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/connect-to-gcc-data-with-usage-analytics.md | To initially configure Microsoft 365 Usage Analytics: - You need the [Power BI Desktop](https://powerbi.microsoft.com/en-us/desktop/) application to use the template file. - You need a [Power BI Pro license](https://go.microsoft.com/fwlink/p/?linkid=845347) or Premium capacity to publish and view the report. -## Step 1: Make you organizationΓÇÖs data available for the Microsoft 365 Usage Analytics report +## Step 1: Make your organizationΓÇÖs data available for the Microsoft 365 Usage Analytics report 1. In the Microsoft 365 admin center, expand the navigation menu, select **Reports**, then select **Usage**. 2. On the **Usage Reports** page, in the Microsoft 365 Usage Analytics section, select **Get Started**. To initially configure Microsoft 365 Usage Analytics: - This will start a process to make your organizations data accessible for this report, and you will see a message stating that **WeΓÇÖre getting your data ready for Microsoft 365 usage analytics**. Note that this process can take 24 hours to complete. + This starts a process to make your organizations data accessible for this report, and you'll see a message stating that **WeΓÇÖre getting your data ready for Microsoft 365 usage analytics**. This process can take 24 hours to complete. -4. When your organizations data is ready, refreshing the page will show a message stating that your data is now available, and will also provide your **tenant ID** number. You will need to use the tenant ID in a later step when you attempt to connect to your tenant data. +4. When your organizations data is ready, refreshing the page shows a message stating that your data is now available, and provides your **tenant ID** number. You'll need to use the tenant ID in a later step when you attempt to connect to your tenant data. ![Tenant ID.](../../media/usage-analytics/tenant-id-gcc.png) To initially configure Microsoft 365 Usage Analytics: ## Step 2: Download the Power BI template, connect to your data, and publish the report -Microsoft 365 GCC users can download and use the Microsoft 365 Usage Analytics report template file to connect to their data. You will need Power BI Desktop to open and use the template file. +Microsoft 365 GCC users can download and use the Microsoft 365 Usage Analytics report template file to connect to their data. You would need Power BI Desktop to open and use the template file. > [!NOTE] > Currently, a template app for the Microsoft 365 Usage Analytics report is not available for GCC tenants in the Power BI Marketplace. 1. After downloading the [Power BI template](https://download.microsoft.com/download/7/8/2/782ba8a7-8d89-4958-a315-dab04c3b620c/Microsoft%20365%20Usage%20Analytics.pbit), open it using Power BI Desktop. -2. When prompted for a **TenantID**, enter the tenant ID you received when you prepared your organizationΓÇÖs data for this report in step 1. Then select **Load**. It will take several minutes for your data to load. +2. When prompted for a **TenantID**, enter the tenant ID you received when you prepared your organizationΓÇÖs data for this report in step 1. Then select **Load**. It can take several minutes for your data to load. ![Enter tenant ID.](../../media/usage-analytics/add-tenant-id.png) -3. When loading completes, your report will display, and you will see an executive summary of your data. +3. When loading completes, your report is displayed, and you'll see an executive summary of your data. ![Executive Summary.](../../media/usage-analytics/exec-summary.png) 4. Save your changes to the report. -5. Select **Publish** in the Power BI Desktop menu to publish the report to the Power BI Online service where it can be viewed. This requires either a Power BI Pro license or Power BI Premium capacity. As part of the [publish process](/power-bi/create-reports/desktop-upload-desktop-files#to-publish-a-power-bi-desktop-dataset-and-reports), you will need to select a destination to publish to an available workspace in the Power BI Online Service. +5. Select **Publish** in the Power BI Desktop menu to publish the report to the Power BI Online service where it can be viewed. This requires either a Power BI Pro license or Power BI Premium capacity. As part of the [publish process](/power-bi/create-reports/desktop-upload-desktop-files#to-publish-a-power-bi-desktop-dataset-and-reports), you'll need to select a destination to publish to an available workspace in the Power BI Online Service. ## Related content |
admin | Navigate And Utilize Reports | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/navigate-and-utilize-reports.md | To get started with your reports, here are some tips: - Use the navigation tabs on the left or on a related metric on the **Executive Summary** page to navigate to each top-level report. - ![Shows the navigation tabs on the left.](../../media/navigate-usage-analytics1.png) + ![Shows the navigation tabs on the left.](../../media/navigate-usage-analytics1.png) - Use the navigation tabs at the top of each top-level report to navigate to different reports within that level. - ![Shows the navigation tabs at the top of each report.](../../media/navigate-usage-analytics2.png) + ![Shows the navigation tabs at the top of each report.](../../media/navigate-usage-analytics2.png) - Many reports contain a slicer where you can filter on the product, Microsoft Entra attribute, or activity that you want to view. These can be either single-select or multi-select. - ![Shows a slicer.](../../media/navigate-usage-analytics3.png) + ![Shows a slicer.](../../media/navigate-usage-analytics3.png) - ![Shows a slicer.](../../media/navigate-usage-analytics4.png) + ![Shows a slicer in a drop down list.](../../media/navigate-usage-analytics4.png) + Hover data points to view a call out that contains details. -- Hover over data points to view a callout that contains details.-- ![Shows hover example.](../../media/navigate-usage-analytics6.png) + ![Shows hover example.](../../media/navigate-usage-analytics6.png) The user who has instantiated the template app will have the ability to customize the report to their needs. To customize the template app: - Select **Edit report** at the top of the report. - ![Shows Edit report.](../../media/navigate-usage-analytics7.png) -+ ![Shows Edit report.](../../media/navigate-usage-analytics7.png) - Create your own visuals by using the underlying [datasets](usage-analytics-data-model.md). You can find lots of additional information in the Power BI help documentation: - [Power BI basic concepts](/power-bi/service-basic-concepts) - Learn about dashboard, datasets, reports, and other Power BI concepts. + Learn about dashboard, datasets, reports, and other Power BI concepts. - [Get started with Power BI](/power-bi/service-get-started?wt.mc_id=O365_Reports_PBI_contentpack) - Learn the basic functionality in Power BI. Find links to how to use Power BI Desktop. + Learn the basic functionality in Power BI. Find links to how to use Power BI Desktop. - [Share dashboards and reports](/power-bi/service-share-dashboards) - Learn how to share reports with your colleagues or people outside your organization. You can also share the report or a filtered version of the report. + Learn how to share reports with your colleagues or people outside your organization. You can also share the report or a filtered version of the report. |
admin | Usage Analytics Errors | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/usage-analytics-errors.md | Explore the following list of error messages to get help with the most common is **Error Code:** 422 - **Where you will see this message:** In Power BI when you are connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. + **Where you will see this message:** In Power BI when you're connecting to the Microsoft 365 Usage Analytics template app, or when directly calling the Microsoft 365 Reporting APIs. - **Cause:** Before you can connect to the app, you have to subscribe to the data from the Microsoft 365 admin center. If this step isn't done first, you won't be able to connect to the template app, even if you provide your Microsoft 365 tenant ID. + **Cause:** Before you can connect to the app, you have to subscribe to the data from the Microsoft 365 admin center. If this step isn't done first, you cannot connect to the template app, even if you provide your Microsoft 365 tenant ID. **To fix this error:** To subscribe to the data, go to the admin center \> **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> and locate the Microsoft 365 usage analytics tile on the main dashboard page. Select the **Get started** button and then in the **Reports** pane that opens, turn the **Make data available to Microsoft 365 usage analytics for Power BI** setting on and **Save**. ## We are processing your data - **Where you will see this message:** In the **Microsoft 365 usage analytics** tile on the **Usage** dashboard in the Microsoft 365 admin center. + **Where you will see this message:** In the **Microsoft 365 usage analytics** tile, on the **Usage** dashboard in the Microsoft 365 admin center. **Cause:** When you [opt in to seeing data in the template app](enable-usage-analytics.md) from the Microsoft 365 admin center, the Microsoft 365 system starts generating historical usage data for your organization. Depending on the size of your tenant, this step could take anywhere between 2 hours to 48 hours. - **To fix this:** Just be patient, but if the message does not change to **Your data is ready** after 3 days, [contact Microsoft 365 for business support](Get support](../get-help-support.md). + **To fix this:** Just be patient, but if the message doesn't change to **Your data is ready** after 3 days, [contact Microsoft 365 for business support](Get support](../get-help-support.md). ## We are unable to process your request at this time. We are still preparing the data for your organization **Error Code:** 423 - **Where you will see this message:** In Power BI, when you are connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. + **Where you will see this message:** In Power BI, when you're connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. **Cause:** When you [opt in to seeing data in the template app](enable-usage-analytics.md) from the admin center, the Microsoft 365 system starts generating historical usage data for your organization. Depending on the size of your tenant, this step could take anywhere between two hours to 48 hours. - **To fix this:** Just be patient, but if the message does not change to **Your data is ready** even 3 days since initiation, [contact Microsoft 365 for business support](../../business-video/get-help-support.md). + **To fix this:** Just be patient, but if the message doesn't change to **Your data is ready** even 3 days since initiation, [contact Microsoft 365 for business support](../../business-video/get-help-support.md). ## The tenant ID you provided is not in the correct format **Error Code:** 400 - **Where you will see this message:** In Power BI, when you are connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. + **Where you will see this message:** In Power BI, when you're connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. - **Cause:** The tenant ID is a guid and has to be in the format of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. If you enter any other string in the tenant input box, you will get this error. + **Cause:** The tenant ID is a guid and has to be in the format of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. If you enter any other string in the tenant input box, you get this error. **To fix this error:** Go to the admin center \> **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> and locate the Microsoft 365 usage analytics tile on the main dashboard page. The tenant ID is listed on the tile. You can copy it from here and paste it in the dialog box for connecting to the template app. Explore the following list of error messages to get help with the most common is **Error Code:** 404 - **Where you will see this message:** In Power BI when you are connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. + **Where you will see this message:** In Power BI when you're connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. - **Cause:** The tenant ID you provided is not valid or does not exist. + **Cause:** The tenant ID you provided isn't valid or doesn't exist. **To fix this error:** Go to the admin center \> **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> and locate the Microsoft 365 usage analytics tile on the main dashboard page. The tenant ID is listed on the tile. You can copy it from here and paste it in the dialog box for connecting to the template app. Explore the following list of error messages to get help with the most common is Error Code: 302 - **Where you will see this message:** In Power BI when you are connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. + **Where you will see this message:** In Power BI when you're connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. - **Cause:** The authorization code failed and may require you to enter your credentials again. + **Cause:** The authorization code failed and can require you to enter your credentials again. **To fix this error:** Sign out of Power BI, and then sign in again. Error Code: 302 **Error Code:** 403 - **Where you will see this message:** In Power BI when you are connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. + **Where you will see this message:** In Power BI when you're connecting to the Microsoft 365 Usage Analytics template app or when directly calling the Microsoft 365 Reporting APIs. - **Cause:** The authorization code failed because the user who tried connecting to the template app does not have the right level of authorization to access this data. + **Cause:** The authorization code failed because the user who tried connecting to the template app doesn't have the right level of authorization to access this data. - **To fix this error:** Provide the credentials of a user who is either a **Global admin**, **Exchange admin**, **Skype for Business admin**, **SharePoint admin**, **Global reader** or **Report reader** to connect to the template app. See [About admin roles](../add-users/about-admin-roles.md) for more information. + **To fix this error:** Provide the credentials of a user who is either a **Global admin**, **Exchange admin**, **Skype for Business admin**, **SharePoint admin**, **Global reader**, or **Report reader** to connect to the template app. See [About admin roles](../add-users/about-admin-roles.md) for more information. ## Refresh failed |
archive | Archive Compliance | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-compliance.md | |
archive | Archive End User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-end-user.md | |
archive | Archive Faq | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-faq.md | |
archive | Archive Manage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-manage.md | |
archive | Archive Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-overview.md | |
archive | Archive Preview Terms | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-preview-terms.md | audience: admin Last updated 11/15/2023 -+ search.appverid: |
archive | Archive Pricing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-pricing.md | |
archive | Archive Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-setup.md | |
archive | Archive States | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/archive/archive-states.md | |
backup | Backup Billing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-billing.md | + + Title: Set up pay-as-you-go billing for Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn how to set up pay-as-you-go billing for Microsoft 365 Backup. +++# Set up pay-as-you-go billing for Microsoft 365 Backup (Preview) ++As a first step to start using Microsoft 365 Backup, you should link an Azure subscription in Syntex pay-as-you-go, if you haven't already done so. Although Microsoft 365 Backup isn't part of the Microsoft Syntex product suite, this offering is still using the Syntex billing setup for consistency with other Microsoft 365 pay-as-you-go offerings. ++## Set up billing ++Use these steps to set up pay-as-you-go billing for Microsoft 365 Backup. ++1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). ++2. Select **Setup**. ++3. On the **Setup** page, in the **Files and content** section, select **Use content AI with Microsoft Syntex**. ++4. On the **Use content AI with Microsoft Syntex** page, select **Set up billing**. ++ ![Screenshot of the Set up billing option in the Microsoft 365 admin center.](../media/m365-backup/backup-setup-billing.png) ++ > [!NOTE] + > To set up pay-as-you-go billing for Microsoft 365 Backup, you must provide an owner or contribution role on the Azure subscription to be used. ++5. If you ***don't*** have an Azure subscription or resource group, follow these steps. If you have an Azure subscription and resource group, go directly to step 6. ++ To create a new Azure subscription with the same organization and Microsoft Entra tenant as your Microsoft 365 subscription: ++ 1. Sign in to the [Azure portal](https://portal.azure.com) with your Microsoft 365 admin, Microsoft Entra DC admin, or Global admin account. ++ 1. In the left navigation, select **Subscriptions**, and then select **Add**. ++ 1. On the **Add subscription** page, select an offer and complete the payment information and agreement. ++ To create a new Azure resource group: ++ 1. On the **Set up pay-as-you-go billing** panel, select **Learn more about Azure resource groups**. ++ 1. Or, you can follow steps in [Manage Azure resource groups by using the Azure portal](/azure/azure-resource-manager/management/manage-resource-groups-portal) to create a resource group. ++ ![Screenshot of the Set up pay-as-you-go billing panel in the Microsoft 365 admin center.](../media/m365-backup/backup-billing-panel.png) ++ > [!NOTE] + > The resource group should be mapped to the Azure subscription you provided when you set up pay-as-you-go. ++6. If you ***have*** an Azure subscription, follow these steps: ++ 1. On the **Set up pay-as-you-go billing** panel, under **Azure subscription**, select the subscription from the dropdown list. ++ > [!NOTE] + > The subscription dropdown list will not populate if you don't have an owner or contributor on the subscription. ++ ![Screenshot of the Set up pay-as-you-go billing panel showing the Azure subscription dropdown list.](../media/m365-backup/back-billing-subscription.png) ++ 1. Under **Resource group**, select the resource group from the dropdown list. ++ 1. Under **Region**, select the region from the dropdown list. ++ 1. Review and accept the terms of service, and then select **Save**. ++You have successfully set up billing. You can proceed to [Step 2: Turn on Microsoft 365 Backup](backup-setup.md#step-2-turn-on-microsoft-365-backup). ++## Manage consumption and invoices in the Azure portal ++You can view actual and accumulated cost breakdown by tenants and service type for OneDrive, SharePoint, and Exchange in Microsoft Cost Management in the Azure portal or access the information by using the [Cost Management public APIs](/rest/api/cost-management/operation-groups). Cost breakdown by application ID is coming soon. ++1. Sign in to the [Azure portal](https://portal.azure.com/). ++2. Search for *Cost Management + Billing*. ++3. Select **Cost analysis** to see: ++ - Accumulated cost and forecast cost. ++ - Select **+Add Filter** to see breakdown of cost by meters and tags. ++ ![Screenshot of the cost analysis page in Microsoft Cost Management.](../media/m365-backup/backup-cost-analysis.png) ++### Billing attribution by tenants, service type, and applications ++You can see actual cost breakdown by tags in Azure portal. There are currently two tags available for Microsoft 365 Backup: **tenants** and **servicetype**. ++To view tags: ++1. Select **+Add Filter** to see breakdown of cost by meters and tags. ++2. Select the tag: ++ - In the key-value pair, select **tenants** or **servicetype**, and then select the respective tenant ID or service type. ++ - **tenants** shows a list of tenant IDs. ++ - **servicetype** is OneDrive, SharePoint, or Exchange. ++ - **applications** is coming soon. ++ - Azure cost analysis - filter by tag. ++4. In the left navigation, select **Billing** to see monthly invoices. ++5. Set up budget alerts on cost by following the steps in the [Cost Management public APIs](/rest/api/cost-management/operation-groups). |
backup | Backup Faq | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-faq.md | + + Title: Frequently asked questions about Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Read frequently asked questions about Microsoft 365 Backup. +++# Frequently asked questions about Microsoft 365 Backup (Preview) ++> [!NOTE] +> This feature is currently in preview and subject to change. ++#### Has Microsoft's stance on shared responsibility of data protection changed? ++No, we still have the same point of view, but are now offering additional tools to help organizations achieve those goals and responsibilities. ++#### Why donΓÇÖt Disaster Recovery copies suffice for my backup? ++Disaster Recovery (DR) is the ability to recover from a situation in which the primary data center is unable to continue to operate. A DR copy with Microsoft 365 maintains the current state of content, not any historical versions from prior points in time. Microsoft 365 Backup provides additional benefit by giving you a way to restore data back to a healthy state in the past with fast RTO to with short RPO intervals. ++#### Why donΓÇÖt versions already solve this point in time restore problem? ++Versions give individual users a way to restore files or sites to prior points in time, but that kind of recovery method doesn't scale well for mass ransomware attacks where an admin needs to orchestrate the recovery. Versions might also be exhausted depending on the version limit set by the admin. ++#### Why donΓÇÖt legal holds solve the problem of keeping all versions of items for recovery? ++Legal holds retain data, but that feature is optimized for export (for example, via eDiscovery), not for mass restore. Microsoft 365 Backup gives the right enhanced restore tooling for ransomware and accidental/malicious deletions at scale, plus optimized performance for those scenarios. ++#### What mailbox changes are ΓÇ£backed upΓÇ¥? ++Mailbox backup enables the recovery of copies of mailbox item ΓÇ£versions.ΓÇ¥ Versions are created by two types of actions: ++- Modifications +- Deletions ++Example events that are versions and recoverable via backup: ++**User action** +- Edit a received email using ΓÇÿedit messageΓÇÖ via OL +- Edit a Note (not draft) +- Remove an attachment from an email +- Edit an attachment to an email +- Edit a contact (not draft) +- Modify body of a calendar invite +- Update time of a calendar invite +- Edit a task (not draft) +- Delete note from deleted items +- Delete email from deleted items +- Purge items from single item retention +- Delete a folder with items in it ++Example events that aren't versioned or recoverable via backup: ++**User action** +- Edit an email item in the drafts folder +- Update a flag on a received email +- Set ΓÇÿDo Not ForwardΓÇÖ on a received email +- Set a received message to highly important ++#### What is the service recovery point objective? ++The recovery point objective (RPO) is the maximum amount of time between the most recent backup and a data destruction event. Stated another way, itΓÇÖs the amount data lost due to a data destruction event not recoverable via the backups. In the case of Microsoft 365 Backup, the RPOs are: ++For OneDrive and SharePoint, the RPO for the first two weeks is 15 mins, then one week beyond that. This means for the first two weeks, the most amount of data that can be lost due to a data destruction event is roughly 10 minuteΓÇÖs worth of the most recent data. Likewise, after two weeks, the most amount of data that can be lost is a weekΓÇÖs worth of data. ++For Exchange Online, the RPO is 10 seconds, meaning the most amount of data that can be lost due to a data destruction event is roughly 10 secondΓÇÖs worth of data. ++Let's start with what it doesn't mean: We are *not* taking snapshots every 10 seconds. ++Backup frequency of 10 seconds (if the item is modified) means that changes to the item will be saved as a version once every 10 seconds, no matter how many changes are made in that 10-second interval. For example, if a ransomware attack encrypts the email item every second, will we take six copies in a minute. + |
backup | Backup Limitations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-limitations.md | + + Title: Preview limitations in Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn about the preview limitations in Microsoft 365 Backup. +++# Preview limitations in Microsoft 365 Backup (Preview) ++> [!NOTE] +> This feature is currently in preview and subject to change. ++## Feature limitations ++The constraints and limitations outlined in this article are temporary for the preview and will be resolved either by general availability or shortly after, unless stated otherwise. ++### Performance ++Performance and speed of web interfaces, initial configuration, and restores might be slower than expected during the preview period as we scale up our infrastructure to remove undesirable latency from our system. ++### Backup configuration ++- You can create only one active backup policy per underlying service (that is, one for OneDrive accounts, one for SharePoint sites, and one for Exchange online users). You can add or remove as many artifacts (sites or user accounts) to or from each active policy. ++- Once the sites or mailboxes are added to a backup policy, it might take up to 15 minutes per 1,000 sites or mailboxes for restore points to become available for restore. Backups begin as soon as the policy is in effect, even if the restore points aren't yet available. This limitation will be removed shortly. ++- The CSV upload feature for bulk addition of sites or user accounts in the backup policy creation workflow can accommodate a maximum of 3,000 entries per CSV file. ++- The rule-based feature for bulk addition of sites via site names or URL in the backup policy creation workflow can accommodate a maximum of 10 keywords at a time. Each keyword can have a minimum of three characters and maximum of 255 characters. ++- The rule-based feature for bulk addition of user accounts via security groups or distribution lists can accommodate a maximum of three groups at a time. These rules are static and applied one time only. That is, the security groups or distribution lists are flattened at the time of adding to the backup configuration policy. Groups or list won't be dynamically updated in the system if users are added or removed from the original security group, for example. ++- Backup and restore of tenants that have the multi-geo feature enabled for OneDrive and SharePoint might not work properly. We recommend not using the preview version of Backup until multi-geo support is fully enabled. +<! +- When you remove a OneDrive for Business account or a SharePoint site from a backup policy, you continue to be billed for the existing backups for the next one year of their retention. Additionally, the price of that backup will be proportional to the size of the site or account throughout that remaining year. +> +### Restore ++- Site search is case-sensitive and is a prefix-type search. ++- SharePoint sites or OneDrive accounts that are currently in the first stage recycle bin must first be restored from the recycle bin before they can be rolled to a prior point in time via the Microsoft 365 Backup tool. The point in time restore via Microsoft 365 Backup won't work if the site or OneDrive is in the recycle bin. ++- SharePoint admins operating the Microsoft 365 Backup tool need to have explicit read+ permissions to the sites they're searching for in the backups to be able to find those sites in the backup and restore them. In the future, weΓÇÖll introduce a Backup role, which grants SharePoint and Exchange admins full Backup search read rights when combined with their existing admin roles. ++- SharePoint sites and OneDrive accounts being restored to a prior point in time aren't locked in a ready-only state. Therefore, users might not realize their current edits will be imminently rolled back and lost. In the future, we introduce a read-only lock on all sites undergoing a restore. ++- For restores to a new URL, it might take up to 15 minutes for the destination URL to be displayed in the tool once a SharePoint site or OneDrive account restore to a new URL session completes. ++- For restores to a new URL, only the admin who executed the restore has ownership permissions for the restored SharePoint sites or OneDrive accounts in the new URLs. Restores to the same URL reverts permissions to their original state. We might decide to change this behavior in the future via a "copy permissions" feature. ++- Mailboxes, OneDrive accounts, and SharePoint sites that are under legal or in-place holds currently can't be restored unless the destination is removed from legal hold. To restore a SharePoint site under legal hold, you need to restore the site to a new URL. ++- While OneDrive account and mailbox backups of deleted users are maintained and after the userΓÇÖs Microsoft Entra ID is deleted are restorable, search in the people picker UI for that user won't work. The user is displayed as an empty user in results, requiring a guess-and-check methodology. ++- Mailbox draft items aren't backed up or restorable. ++- Calendar item backup and restore is limited to modified items only and doesn't cover deleted items. This action includes the following specific limitations: ++ - Restoring deleted calendar items with the ability to send updates post-restore isn't yet supported. ++ - Replacing encrypted items with healthy items during a cross mailbox restore (mailboxes all belonging to the same user account) isn't supported. ++ - Resolving orphaned conflict (in between ransomware and restore) isn't supported. ++ - Restoring organizer copy doesn't automatically make attendee copies catch up, it only allows future updates by organizer to work for all users added on the calendar item. ++- Deleting the user account (for example, deleting the Microsoft Entra ID user) that owns the OneDrive account or Exchange mailbox renders the OneDrive account and Exchange mailbox as inactive or orphaned. The end-to-end workflow to restore such sites or mailboxes isn't supported directly in the Microsoft 365 Backup product. The Microsoft 365 Backup product ensures retention of the content. For more information about how to restore inactive mailboxes or orphaned OneDrive accounts, see: ++ - OneDrive and Sharepoint: [Fix site user ID mismatch in SharePoint or OneDrive](/sharepoint/troubleshoot/sharing-and-permissions/fix-site-user-id-mismatch) ++ - Exchange: [Recover an inactive mailbox](/purview/recover-an-inactive-mailbox) ++- While restoring Exchange mailboxes at a granular level, the search feature provides several search parameters. These parameters allow you to enter up to a maximum of five keywords each. For example, the parameters "from" and "to" allow you to enter up to a maximum of five email addresses each. ++- The multi-geo feature isn't supported for SharePoint or OneDrive services in this release. This might affect the restore of sites across different geos. Exchange Online multi-geo is supported, however, when configuring a restore each mailbox in a single restore request must be in the same geo. ++- OneDrive accounts and SharePoint sites that have undergone the following types of changes won't be undoable via restore: tenant rename, tenant move, and site URL change. ++- If there are no differences between the current state of a mailbox and the prior point in time from which you're attempting a restore, a restore isn't performed and no new folders are created when a "restore to a new location" request is made. We don't plan to modify this behavior in the future. ++- SharePoint sites and OneDrive accounts being restored to a new URL have a read-only lock on that new URL until the restore completes. The global admin can still download documents or remove the read-only lock manually. This isn't behavior we plan on changing. ++## Self-service scale limits ++During the preview, we're enforcing self-service restore limits while we gain a better understanding of how organizations are using the tool so that we can build in enhancements in the future to help users avoid mistaken restore actions. These limits are described in the following table. ++|Limit parameters |Warning |Limit throttle* | +|||| +|Number of artifacts being restored across all active restoration tasks per workload (at a time) |> 100 | > 1,000 | +|Number of parallel active restoration tasks per workload | > 5 | > 25 | +|Number of artifacts (active and completed) restored in a day per workload | Not applicable | > 10,000 | ++*Customer can call into support to lift the safety restrictions. ++Follow these steps: ++1. As an administrator, select the following link, which will populate a help query in the admin center: [Microsoft 365 Backup Limit Request](https://aka.ms/M365BackupLimit). ++2. At the bottom of the pane, select **Contact Support**, and then select **New Service Request**. ++3. Leave **Description** blank. |
backup | Backup Offboarding | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-offboarding.md | + + Title: Offboarding in Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn about how to offboard usage in Microsoft 365 Backup. +++# Offboarding in Microsoft 365 Backup (Preview) ++> [!NOTE] +> This feature is currently in preview and subject to change. ++To no longer use the Microsoft 365 Backup tool, you must offboard usage. This action includes pausing and deleting all active policies and deleting all of the backed-up data. During the preview, there are three ways that offboarding is initiated: ++- Disable the tool in the pay-as-you-go billing setup panel where you first enabled the tool. ++- Call into support to ask Microsoft to offboard you from the tool. If youΓÇÖd like offboarding to happen faster than default (with a minimum of 30 days), you can do this via the support call. ++- If your billing account goes into an unhealthy state. ++## Offboarding recovery undo period ++If offboarding from Microsoft 365 Backup has begun due to either an explicit request from you or due to an unhealthy billing state, the grace periods shown in the following table initiate. ++![Screenshot of a data table showing the offboarding undo periods.](../media/m365-backup/backup-offboarding-time.png) ++By bringing your billing back to a healthy state or by asking support to reverse the offboarding, the tool becomes usable again and no backups are lost. ++## GDPR special handling, compliance, and backup data deletion ++> [!IMPORTANT] +> Given that compliance tooling actions might destroy primary data, we administratively isolate those destructive actions from flowing through to backed up data automatically. In other words, **compliance actions that automatically delete your primary data will not automatically delete data from your backups**. ++The core purpose of the backup and restore service is to provide you with a way to recover from common data deletion, overwrite, or encryption events. ++### eDiscovery ++Data in the Exchange Online backups is eDiscoverable via existing eDiscovery tooling, assuming you have sufficient licenses to operate that tool. ++Data in the OneDrive account and SharePoint site backups that aren't currently part of your live latest version data in your tenant aren't eDiscoverable. An eDiscovery search won't discover data that exists solely in the OneDrive or SharePoint backups. ++### General Data Protection Regulations (GDPR) workflow instructions ++GDPR workflows aren't directly executable on all data in Microsoft 365 Backup. ++GDPR data service request (DSR) data deletion actions operated on the tenant won't delete data in the backups. Those actions must be executed again after a Backup restoration to ensure the original DSR is honored. ++DSRs related to the discovery of data using eDiscovery is possible for Exchange Online backups, but the same isn't possible for OneDrive or SharePoint backups. ++### Retention policies ++Retention and deletion policies don't ΓÇ£flow throughΓÇ¥ to the backups. This means that backup retention is governed solely by the backup policy. That policy currently has a nonvariable one year retention period. Once data is restored from the backups, that now-live data will be governed by applicable retention or deletion policies. ++### Sensitivity labels ++Restoration of any data (such as sites or mailbox items) reverts the sensitivity labels of the data to the state of that protected item at the prior point in time from which it's being restored (that is, the state of labeling at the point in time from which the content is being restored; in other words, the state reverts to the prior point in time). ++## Backup data deletion and undo grace periods ++If you need to delete data from the backups during the preview period, you must offboard from the offering entirely and delete all backups. In the future, we'll enable more granular restore point deletion capabilities. ++Any offboarding or backup deletion activities trigger a 29-day grace period where we'll hold the backup data. If you re-enable the tool, the backups are present in the tool again. ΓÇâ |
backup | Backup Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-overview.md | + + Title: Overview of Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn about the backup and recovery capabilities for SharePoint, Exchange Online, and OneDrive for Business using Microsoft 365 Backup. +++# Overview of Microsoft 365 Backup (Preview) ++> [!NOTE] +> Microsoft 365 Backup (Preview) is now available worldwide in all commercial cloud environments. General availability is expected to be mid-2024. This preview feature is subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md). ++## About the preview ++Microsoft 365 Backup is currently in preview and begins rolling out to organizations in mid-2024. You can set up billing for the product as described in [Set up Microsoft 365 Backup](backup-setup.md). Once Microsoft 365 Backup has been deployed and is available for use in your tenant, you'll see it in the Microsoft 365 admin center page under **Settings**. ++During the preview period, performance and speed of web interfaces, initial configuration, and restores might be slower than expected as we scale up our infrastructure to remove undesirable latency from our system. ++## Microsoft and partner offerings ++This documentation outlines the Microsoft 365 Backup offering available in the Microsoft 365 admin center. We're partnering with many independent software vendors (ISVs) to provide differentiated versions of their applications integrated with the Microsoft 365 Backup Storage platformΓÇöall providing the same underlying performance value proposition for your Microsoft 365 data. ++In the case of a partner application, operation of the Microsoft 365 Backup tool will be managed and paid for entirely through the partner's application. Those applications will have the ability to provide a single pane of glass for all of your data estates that require backups, and they might provide additional enhanced experiences or workflows. ++## Scenarios and value proposition ++Business continuity assurance is a top-of-mind concern for many companies. Microsoft 365 Backup delivers business continuity peace of mind by providing performance and reliable restore confidence. When evaluating a backup and restore offering, what really matters isn't solely the backup, but the ability to restore your data to a healthy state quickly when you need to do so. Recovering large volumes of content is difficult when copying data at a scale from a remote, air-gapped location requiring weeks or even months to get your business back up and running. ++In cases of a ransomware attack that encrypts large swaths of your data, or instances of an internal accidental or malicious data deletion or overwrite event, you need to be able to get your business back to a healthy state as soon as possible. This is what the Microsoft 365 Backup product offers, both through the Microsoft 365 admin center, and via partner applications built on the Microsoft 365 Backup Storage platform. ++To summarize, applications built on top of the Microsoft 365 Backup Storage platform deliver the following benefits regardless of the size or scale of the protected tenant: ++- Fast backup within hours ++- Fast restore within hours (see [performance targets](#general-availability-performance-targets) later in this article) ++- Full SharePoint site and OneDrive account restore fidelity, meaning the site and OneDrive are restored to their exact state at specific prior points in time via a rollback operation ++- In the future, roll forward granular file-level restores in OneDrive and SharePoint ++- Full Exchange mailbox item restores or granular item restores using search ++- Consolidated security and compliance domain management ++<!M365-Backup_VID_WEB_Final.mp4 <need a link that embeds properly into the learn docs>ΓÇâ> ++## Architectural overview and performance expectations ++### Architecture ++Microsoft 365 Backup provides ultra-fast backup and restore capabilities by creating backups within the protected servicesΓÇÖ data boundaries. ++Microsoft 365 Backup not only provides uniquely fast recovery from common business continuity and disaster recovery (BCDR) scenarios like ransomware or accidental/malicious employee content overwrite/deletion. Additional BCDR scenario protections are also built directly into the service. For example, OneDrive, SharePoint, and Exchange Online provide replicated copies of your data across geographically disparate datacenters to automatically protect against physical disasters and automatically failover to live active copies seamlessly without the need for end customer intervention. ++Our backups are protected from malicious overwrites because OneDrive, SharePoint, and Exchange use Append-Only storage. This means that SharePoint can only add new content blobs and can never change old ones until they're permanently deleted. The Exchange items are backed up in an immutable manner and can't be accessed by a client process (such as Outlook, OWA, or MFCMAPI). This process ensures that items can't be changed or corrupted after an initial save, protecting against attackers that try to corrupt old versions. For More information about the built-in service and data resiliency, see [SharePoint and OneDrive data resiliency in Microsoft 365](/compliance/assurance/assurance-sharepoint-onedrive-data-resiliency) and [Exchange Online data resiliency in Microsoft 365](/compliance/assurance/assurance-exchange-data-resiliency). ++Key architectural takeaways: ++- Data never leaves the Microsoft 365 data trust boundary or the geographic locations of your current data residency. ++- The backups are immutable unless expressly deleted by the Backup tool admin via product offboarding. ++- OneDrive, SharePoint, and Exchange have multiple physically redundant copies of your data to protect against physical disasters. ++ ![Diagram showing the Microsoft 365 data trust boundaries.](../media/m365-backup/backup-boundaries-diagram.png) ++### General availability performance targets ++> [!IMPORTANT] +> During the preview period, performance and speed of web interfaces, initial configuration, and restores might be slower than expected as we scale up our infrastructure to remove undesirable latency from our system. The following performance targets are not guarantees during the preview and might change at general availability. ++#### Backup policy performance ++Creating a new protection policy initiates the process of backing up selected SharePoint sites, OneDrive accounts, and Exchange mailboxes. Once you submit a request to activate a valid protection policy, it takes on average up to 60 minutes to process and another 60 minutes to create restore points. ++Restore points are physically created in the service as soon as the policy is confirmed to be activated in the tool, even if those restore points take some additional time to become visible in the restore tool. ++#### Restoration performance ++Restoration performance dictates your recovery time objection, or the time it will take for you to restore a healthy state of your data and thus recover from a data destruction event. +For full OneDrive account and SharePoint site restores, the fastest recovery will happen when choosing in-place restore rather a new URL restore. Additionally, choosing one of the recommended ΓÇ£fasterΓÇ¥ restore points presented in the restore workflow UI will yield the quickest recovery results. ++All restore points and restores to new URLs will be relatively fast, but same URL restores using a recommended ΓÇ£fasterΓÇ¥ restore point will typically yield better results. The Exchange Online restore workflow doesn't have or require the ΓÇ£fasterΓÇ¥ restore points. ++It will take on average less than one hour for the first full site or account protection unit to be restored when a new restore session is initiated. After the first site or account is restored in a session, the remaining protection units will complete in relatively fast succession. ++The following table summarizes expected performance for a normally distributed tenant, including tenants of large size and scale. During the preview period, actual performance might deviate from these general availability targets. ++|Scenario |Restore of all protection units* complete | +|:-|:--| +| 1,000 accounts, sites, or mailboxes<br>(30-GB average size) |Less than 12 hours | ++<sup>*A *protection unit* is a OneDrive account, SharePoint site, or Exchange mailbox.</sup> ++## General Data Protection Regulations (GDPR) ++For information about GDPR and Microsoft 365 Backup, see [GDPR special handling, compliance, and backup data deletion](backup-offboarding.md#gdpr-special-handling-compliance-and-backup-data-deletion). |
backup | Backup Preview Terms | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-preview-terms.md | + + Title: Microsoft 365 Backup preview terms and conditions ++++audience: admin + Last updated : 11/15/2023++++search.appverid: ++ - m365initiative-syntex +ms.localizationpriority: medium +description: Read the preview terms and conditions for Microsoft 365 Backup (Preview). +++# Microsoft 365 Backup preview terms and conditions ++Effective Date: November 15, 2023 ++"Company" means the Enterprise customer that uses this Preview Feature. ++**By using this Preview Feature, you accept these Terms and Conditions and all rights and obligations within. If you do not agree to these Terms and Conditions, DO NOT use the Preview Feature.** These Terms and Conditions govern the use of the Preview Feature offerings as described below. ++"Feedback" is all suggestions, comments, feedback, ideas, or know how, in any form, that Company provides to Microsoft. It doesn't include sales forecasts, financial results, future release scheduled, marketing plans and high-level product plans or feature lists for anticipated products. ++**MICROSOFT OFFERING**: Microsoft 365 Backup offers backup and recovery of OneDrive, SharePoint, and Exchange Online data for large volumes of data within the Microsoft 365 security boundary. Microsoft 365 Backup can restore your data in case of accidental deletion or ransomware. Customers will be able to sign up for Microsoft 365 Backup through Microsoft admin center. With Microsoft 365 Backup, customers can back up enterprise user accounts, sites, and mailboxes of users. ++**PREVIEW FEATURE**: To terminate your Feature Preview during the Preview Period, stop using the Preview Feature. Microsoft may change or discontinue the Preview Feature at any time with or without notice. Microsoft may also choose not to make the Preview Feature generally commercially available. ++During the Preview Period, Company will allow its tenant admins to back up SharePoint sites, OneDrive accounts, and Exchange mailboxes. Company must be aware that this is a preview service and all the limitations described in these Terms and Conditions. ++Prerequisite Requirements to enable Microsoft 365 Backup pay-as-you-go are: ++1. An Azure subscription with admin access as owner or contributor on the subscription ++2. A Microsoft 365 tenancy with either Microsoft 365 admin access or SharePoint admin access ++3. An Azure resource group ++No service-level agreement (SLA) applies to this Feature Preview. ++THE PREVIEW FEATURE IS PROVIDED "AS-IS," "WITH ALL FAULTS," AND "AS AVAILABLE." Microsoft provides no performance guarantee for the Feature Preview (including accompanying URLs provided for embedded or unauthenticated viewing) and Company bear the risk of using it. The Feature Preview isn't included in the SLA for Microsoft Syntex and may not be covered by customer support. ++Backup restores are meant to recover from attacks, not to circumvent primary storage costs or other unintended purposes. Periodic testing is permitted, but not in excessive amounts. Restores should be limited to no more than two (2) restores per protected site/mailbox per month, unless recovering from a real attack. ++**RELATIONSHIP WITH COMPANYΓÇÖS CUSTOMERS**: If Company is an Independent Software Vendor (ΓÇ£ISVΓÇ¥) both Parties, Microsoft and ISV retain responsibility for and control over all aspects of its relationship with its customers/users for the purpose of these Terms. Nothing in these Terms changes or terminates either PartyΓÇÖs rights or obligations with regard to, or its relationship with, its customers/users. Microsoft won't be a Party to any ISVΓÇÖs customer agreement that Company may use with its customers/users to test the Feature Preview, and Microsoft won't be identified to CompanyΓÇÖs customers/users, as a direct support provider for CompanyΓÇÖs customers/users of the Feature Preview. ++**Nothing in this Agreement changes CompanyΓÇÖs responsibility with regard to ISVΓÇÖs customers/users data. ΓÇ£User DataΓÇ¥ means any data, images, text, content, code, or other information or materials that a user provides to ISV or Microsoft. ISV is solely responsible for informing CompanyΓÇÖs customers/users that this is a Preview Feature, and that ISV has all the legal authorizations to allow ISVs customers/users data to be stored in the Preview Feature. ISVΓÇÖs and their customers/users will not hold Microsoft liable from any liability arising out of or in connection with this Agreement.** ++**<ins>LICENSE</ins>** ++If Company provides Feedback, Company grants to Microsoft, without charge, the nonexclusive License to make, modify, distribute, or otherwise commercialize the Input as part of any Microsoft offering. + +The above License doesn't extend to any technologies that may also be necessary to make or use any offering or portion thereof that incorporates the Feedback but aren't themselves expressly part of the Input (for example, enabling technologies). ++**<ins>PAYMENT TERMS</ins>** ++Microsoft 365 Backup uses pay-as-you-go (PAYG) billing through an Azure subscription. Microsoft 365 Backup billing is determined by how much data in GB you backup using Microsoft 365 Backup in GBs. Company will be able to view this usage as meter events through the Azure subscription it chooses. ++Microsoft 365 Backup Feature Preview pricing is as follows: ++|Microsoft 365 Backup Meters |Meter Unit |Price | +|||| +|Backup storage |$/GB/Month |$0.15 | ++**<ins>LENGTH OF OBLIGATIONS; DISCLOSURE</ins>** ++**Preview Period.** The Preview Period continues in effect until <ins>June 30, 2024, or 30 days after Commercial General Availability of the Preview Feature, whichever is first</ins>. Company may terminate their use of the Preview Feature at any time. Terminating use of the Preview Feature won't change any of the rights, licenses granted, or duties made while the Preview Period is in effect. Termination is defined as i) the CompanyΓÇÖs termination of use of the Preview Feature and/or ii) the Preview Period ends. ++**Effects upon Termination.** Once terminated, Company will no longer have access to Microsoft 365 Backup and all the backed-up content if Microsoft doesn't continue with the then generally available Microsoft 365 Backup features. Should Microsoft choose to make the Microsoft 365 Backup service generally available a pay-as-you-go (PAYG) billing through an Azure subscription, Company may continue without interruption. ++**<ins>TERMINATION FOR NON-PAYMENT</ins>** ++In case the CompanyΓÇÖs Azure subscription goes into an unhealthy stage of deleted or canceled or suspended, we'll prevent any future backup and restores until the subscription is back to a healthy state. Company has 30 days to recover any backed-up data and restores by bringing back the subscription to an active state. If no action is taken from the Company to bring subscription back to active state in 30 days, we'll soft delete the backed-up data from systems after this 30 days. Upon reactivation, Company must also pay for Microsoft 365 Backup usage for the days the subscription was in unhealthy state. +This Agreement can't be extended. Microsoft may also choose not to make the Preview Feature generally commercially available. ++**<ins>REPRESENTATIONS AND LIMITATIONS</ins>** ++**Input.** Company represents that it will not give any Feedback that: ++1. Violates any copyright or trade secret claim or right of any third party; ++2. It has reason to believe violates any patent claim or right of any third party; or ++3. Is subject to an excluded license. ++**Authority.** Company represents it has all rights and authority necessary to be legally bound to these Terms and Conditions and grant the rights described therein for itself and its affiliates. ++**Limitations.** All information, materials, and feedback are provided ΓÇ£as-isΓÇ¥ and Company bears the risk of using them; Company gives no express warranties, guarantees, or conditions as to its Feedback; and to the extent permitted under local law, Company excludes the implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement as to its Input. ++**<ins>LIMITATIONS ON AND EXCLUSIONS OF REMEDIES AND DAMAGES</ins>** ++Except as described herein, the only remedy for claims relating to these Terms and Conditions is for Company to terminate its use of the Preview Feature. Neither Party can recover any damages, including direct, consequential, lost profits, special, punitive, indirect, or incidental damages from the other. This limitation applies: ++1. To claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law. ++2. Even if one of us knew or should have known about the possibility of the damages. ++The limitations in this section don't apply to claims arising from or in connection with any infringement, misuse, or misappropriation by one of us of the otherΓÇÖs intellectual property rights. |
backup | Backup Pricing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-pricing.md | + + Title: Pricing model for Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn about the charge model and pricing calculator for Microsoft 365 Backup. +++# Pricing model for Microsoft 365 Backup (Preview) ++> [!NOTE] +> This feature is currently in preview and subject to change. ++## Microsoft 365 Backup charge model ++The Microsoft 365 Backup service, offered through the Microsoft 365 admin center, is a [pay-as-you-go consumption-based service](/microsoft-365/syntex/syntex-pay-as-you-go-services). The preview list price is $0.15/GB/month of protected content. ++### WhatΓÇÖs counted towards protected backup storage? ++Microsoft 365 Backup will charge you for content size of the following for 365 days from when it is added to backup protection: ++- Cumulative back up size of the mailboxes, SharePoint sites, and OneDrive accounts being protected. Size of OneDrive accounts and SharePoint sites are the size of the live OneDrive accounts and SharePoint sites as displayed in the live sitesΓÇÖ usage reports. Mailboxes are the size of the user's mailbox plus their online archives plus deleted items held for Backup. ++- Deleted content in userΓÇÖs Recycle Bin and second-stage Recycle Bin (also known as Site Collection Recycle Bin). ++> [!NOTE] +> Restore points or size of restores will not be charged. Although Azure is being used to process the payments, there are no additional Azure API or storage costs beyond the Microsoft 365 Backup usage charges mentioned above. ++As an example, if you have a site under protection that is currently 1 GB for the first month, you'll be charged 1 GB of Backup usage. If you delete content in that site such that it's now only 0.5 GB, your next monthly bill will still be for 1 GB since the backup tool is retaining that deleted content for a year. After a year when the backup of that deleted content expires, the 0.5 GB being retained for backup purposes will no longer be charged for Backup. ++> [!NOTE] +> These prices are subject to change when the product becomes generally available. A partner application integrated with Microsoft 365 Backup storage might charge a different rate for their service. ++<!<Include charge model video >> ++## Pricing calculator ++The Microsoft 365 Backup pricing calculator is a tool that helps you estimate the amount of backup storage and the costs that you'll incur to protect and back up your Microsoft 365 data. ++> [!NOTE] +> The tool is not intended to provide an exact prediction of your backup consumption, but rather to give you an estimate based on your current usage reports that are forecasted for the next 24 months based on historical trends. ++### Pricing calculator overview ++The Microsoft 365 Backup pricing calculator, when calculating the storage required for each month, takes into consideration the following heuristics: ++- How much storage is typically added (or removed) from a protection unit during the month. For example, if the protection unit was a SharePoint site, how much storage on average is added (or removed) from a SharePoint site during the month due to documents being added (or deleted). ++- How many new protection units for a service type are typically added (or removed) every month. For example, if the service type is Exchange mailboxes, how many new mailboxes are added (or deleted) on average each month. ++- The largest amount of storage required for the previous 12 months. ++### Using the pricing calculator ++To use the Microsoft 365 Backup pricing calculator, you'll need to perform the following steps. Information about how to collect data from each of these steps is detailed later in this article. ++1. Download the latest version of the [Microsoft 365 Backup pricing calculator tool](https://aka.ms/M365BackupCalculator). ++2. Review your [Microsoft 365 usage reports](https://admin.microsoft.com/Adminportal/Home#/reportsUsage) to get historical information about your current usage. Heuristics from the usage reports will be used to populate the inputs (orange boxes) in the pricing calculator tool. ++3. Open the Excel spreadsheet and select the **High-Level Estimates** worksheet. This sheet produces the simplest default model based on linear data growth assumptions. ++4. Enter the information recorded from the usage reports into the **High-Level Estimates** worksheet. ++5. If you know your tenant will have non-organic or non-linear usage changes, then for each of the service types, optionally override the estimated number of protection units or storage for a month in any or all of the service-specific tabs in the pricing calculator tool. ++6. An estimate of the Microsoft 365 Backup costs for the next 24 months will then be generated. ++### Leverage the Microsoft 365 usage reports as source data for the pricing calculator ++This section describes how to use your [Microsoft 365 admin center usage reports](https://admin.microsoft.com/Adminportal/Home#/reportsUsage) to populate the Microsoft 365 Backup pricing calculator. ++The Microsoft 365 Backup pricing calculator uses the input data about your current usage to help determine heuristics such as your average growth and usage patterns. To get this information, go to [Usage - Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home#/reportsUsage) and then review the [OneDrive - Usage](#onedriveusage), [SharePoint - Site usage](#sharepointsite-usage), or [Exchange - Mailbox usage](#exchangemailbox-usage) reports. ++You can change the period that the reports display data for by selecting the **Past *n* days** on the right-hand side and then selecting the period. ++![Screenshot showing an example of how to change the period for reporting display data.](../media/m365-backup/backup-change-period-data.png) + +As a recommendation and if there's usage data available, the longer the period isΓÇöfor example, 180-daysΓÇöthe more accurate your usage estimates will be and therefore more accurate the Microsoft 365 Backup pricing calculator estimates will be. ++For each of the service types (Exchange, OneDrive, and SharePoint) record the following information by reviewing the appropriate usage report: ++- Number of protection units at start end of period +- Number of protection units at end of period +- The amount of storage used at the start and end of the period ++Once you have this information, enter it into the **High-Level Estimates** worksheet as shown in the following example. ++![Screenshot showing an example of the High-Level Estimates worksheet in Excel.](../media/m365-backup/backup-estimates-worksheet.png) ++#### OneDrive - Usage ++![Screenshot showing the Usage page for OneDrive in the Microsoft 365 admin center.](../media/m365-backup/backup-onedrive-account-usage.png) ++##### Accounts ++Number of total and active accounts at the start of the period and at the end of the period. For example, 14 accounts and 16 accounts: ++![Screenshot showing the number of total and active accounts for OneDrive.](../media/m365-backup/backup-onedrive-account-total.png) ++##### Storage ++Amount of storage used at the start of at the start of the period and at the end of the period. For example, 0.58 GB and 0.37 GB: ++![Screenshot showing the amount of storage used for OneDrive.](../media/m365-backup/backup-onedrive-storage-total.png) ++#### SharePoint - Site usage ++![Screenshot showing the Usage page for SharePoint in the Microsoft 365 admin center.](../media/m365-backup/backup-sharepoint-site-usage.png) ++##### Sites ++Number of total and active sites at the start of the period and at the end of the period. For example, 2,457,360 sites and 2,457,454 sites: ++![Screenshot showing the number of total and active sites for SharePoint.](../media/m365-backup/backup-sharepoint-site-total.png) ++##### Storage ++Amount of storage used at the start of at the start of the period and at the end of the period. For example, 2,200 GB and 2,200 GB: ++![Screenshot showing the amount of storage used for SharePoint.](../media/m365-backup/backup-sharepoint-storage-total.png) ++#### Exchange - Mailbox usage ++![Screenshot showing the Usage page for Exchange in the Microsoft 365 admin center.](../media/m365-backup/backup-exchange-mailbox-usage.png) ++##### Mailbox ++Number of total and active user mailboxes at the start of the period and at the end of the period. For example, 26 mailboxes and 30 mailboxes: ++![Screenshot showing the number of total and active user mailboxes for Exchange.](../media/m365-backup/backup-exchange-mailbox-total.png) ++##### Storage ++Amount of storage used at the start of the period and at the end of the period. For example, 5.5 GB and 4.3 GB: ++![Screenshot showing the amount of storage used for Exchange.](../media/m365-backup/backup-exchange-storage-total.png) ++### Pricing calculator notes ++When using the Microsoft 365 Backup pricing calculator, be aware of the following: ++- In the Microsoft 365 Backup pricing calculator, any Excel spreadsheet cell that is colored orange can have data entered. ++- To modify how many protection units you want to protect per service type, you can change the **Percentage of Protection Units to protect**. For example, if you only want to protect 20 percent of your SharePoint sites, you can set the **Percentage of Protection Units to protect** for SharePoint to 20%. ++- The estimate is calculated projecting forward from the end of period data. That is, Month 1 is calculated using the end of period data. ++- The **Variables** worksheet displays the heuristics such as average growth and usage patterns of the service types which are used to calculate the estimate. ++- The **Price per GB** field on the **Variables** worksheet can be modified if required. For the Microsoft 365 Backup solution, we recommend that you use the default value. ++- The OneDrive accounts, SharePoint sites, and Exchange mailboxes worksheets provide more detail on the estimated costs including the ability to override the estimated number of protection units or storage for a month. ++- If the number of protection units for a month is overridden and the storage for a month is *not* overridden as well, then the amount of storage required for the month is calculated by multiplying the overridden number of protection units by the average new protection unit storage added per month (GB). ++### Variables ++The following variables are used to estimate the Microsoft 365 Backup costs and are defined in the **Variables** worksheet: ++- **Number of months in a protection unit period**: The number of months in the period converted from the number of days in the period. ++- **Average number of protection units added per month**: The average number of new protection units that are added each month. Essentially protection unit growth per month. ++- **Average protection unit storage per type at start of period (GB)**: The average amount of storage consumed by a protection unit at the start of the period. ++- **Average protection unit storage per type at end of period (GB)**: The average amount of storage consumed by a protection unit at the end of the period. ++- **Average protection unit storage growth per month (GB)**: The amount of storage that is typically added to each protection unit every month. Essentially protection unit storage growth per month. ++- **Average new protection unit storage added per month (GB)**: The average amount of storage that is required if a new protection unit is added during a month. |
backup | Backup Restore Data | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-restore-data.md | + + Title: Restore data in Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn how to restore data using restore points and express restore points in Microsoft 365 Backup. +++# Restore data in Microsoft 365 Backup (Preview) ++> [!NOTE] +> This feature is currently in preview and subject to change. ++Once you back up your data, you might need to restore the data if there was an accidental deletion, ransomware attack, or other event. The Restore feature in Microsoft 365 Backup is created to help you restore backed up data. ++As part of restoring data from backup, admin needs to choose a *restore point* manually or from a recommended *express restore point* by the tool. ++- **Restore point**. A prior point in time from which you can restore a healthy version of your content or metadata. If the data from a prior point in time is identical to the present state of your data, then there will be no items restored, including **Restore to a new folder** for Exchange Online. ++- **Express restore point**. A set of recommended restore points that offers faster restore of data from the backup than a regular restore point. ++Currently, you can restore OneDrive accounts, SharePoint sites, and Exchange mailbox content from specific prior points in time from the backups. Site restores to a prior point in time, if restored to the same URL, will overwrite the state and the content of the site to match the exact state at the prior point in time. This is commonly referred to as a rollback versus a roll-forward. ++Mailbox restores inherently restore only changed items such that current items that remain unchanged since the desired prior restore point won't be modified or overwritten. Thus, mailbox restores follow a roll-forward process. Site, OneDrive, and mailbox restores can be done in place or in the case of SharePoint sites to a new URL, or in the case of mailbox items a new folder. By restoring to a new location, any undesirable overwriting any existing data is avoided. ++> [!NOTE] +> During the preview, only full OneDrive account and SharePoint site restore is possible. In the future, file-level granular restore will be possible. ++In the future, we'll support granular OneDrive and SharePoint file-level restore to provide a roll-forward behavior similar to that of mailbox item restores today. ++Restores started serially for each of three services will execute in parallel. There's no need to wait for one serviceΓÇÖs restore to finish before starting another. ++## Restore point frequency ++The restore point frequency, also known as the [recovery point objective](backup-faq.md#what-is-the-service-recovery-point-objective) (RPO), defines the maximum amount of time during which data is lost after an attack. Stated differently, itΓÇÖs the time between the most recent backup of the healthy state of data and the time of the attack. The RPOs for each of the protected services are summarized in the following table. ++|Type |RPO for 0-14 days in the past |RPO for 15-365 days in the past | +|||| +|Full OneDrive account and full SharePoint site restore |15 minutes |One week | +|Exchange Online |10 minutes |10 minutes | ++## Restore data from backup for OneDrive, SharePoint, and Exchange ++Once you back up your data, you might need to restore the data if there was an accidental deletion, ransomware attack, or other event. The restore feature in Microsoft 365 Backup is created to help you restore backed up data. ++> [!NOTE] +> We recommend choosing an express restore point for full account, site, or mailbox restores as it will provide the fastest restore experience. ++Select the **OneDrive**, **SharePoint**, or **Exchange** tab for steps to restore data from backup for that product. ++# [OneDrive](#tab/onedrive) ++Follow these steps to restore data backed up for OneDrive. ++1. In the Microsoft 365 admin center, on the **Microsoft 365 Backup** page, in the **OneDrive** section, select **Restore**. ++2. On the **Select type of content** page, you'll see **OneDrive accounts** preselected. Select **Next**. ++ ![Screenshot showing the Select type of content page with OneDrive accounts selected.](../media/m365-backup/backup-onedrive-select-type.png) ++3. From the list of backed up OneDrive accounts, select the accounts to restore, and then select **Next**. ++4. On the **Select the date and time** page, select the date and time from which you want to restore the content. ++ ![Screenshot showing the Select the date and time page for OneDrive.](../media/m365-backup/backup-onedrive-select-date-time.png) ++ Choose a recommended restore point from **Select a faster restore point**, which will offer a faster restore compared to standard restore points. ++ ![Screenshot showing the Select a faster restore point option for OneDrive.](../media/m365-backup/backup-onedrive-select-faster-restore.png) ++ Backup will restore the closest backed up content *before* the specified date and time. Select **Next**. ++ For example, assume backup is taken October 2, 2023 8:00 AM and October 2, 10:00 AM PST. If you select date and time as October 2, 2023 9:00 AM PST, Microsoft 365 Backup will restore the OneDrive and its content to its state on October 2, 2023 8:00 AM PST. ++5. On the **Confirm restore points** page, you're presented with a list of available express restore points that will restore with better performance than non-express restore points. We highly recommend that you choose an express restore point all else equal. ++ ![Screenshot showing the Confirm restore points page for OneDrive.](../media/m365-backup/backup-onedrive-confirm-restore.png) ++6. Confirm the restore point in time to which the data will be restored from backup. If the restore point is correct, select **Next**. ++7. On the **Select another backup** panel, choose another backup for the account selected, if needed. ++ ![Screenshot showing the Select another backup panel for OneDrive.](../media/m365-backup/backup-onedrive-select-another-backup.png) ++8. On the **Set destination** page, selected OneDrive accounts can be restored by choosing either the **Restore to the original OneDrive accounts** or **Create new SharePoint site and restore to there** option. ++ ![Screenshot showing the Select destination page and options for OneDrive.](../media/m365-backup/backup-onedrive-set-destination.png) ++ a. **Restore to the original OneDrive accounts** option + - The entire OneDrive is replaced by the backed-up version chosen based on the restore point. + - File and folder permissions are also reverted to the selected date and time. ++ b. **Create new SharePoint site and restore to there** option + - The entire OneDrive will restore to a new SharePoint site where you can then copy or move data into the original OneDrive to create a roll-forward type of restore and avoid overwriting currently healthy data. ++9. On the **Review and Finish** page, you're asked to review and finish all your choices. If everything looks as you want it, select **Restore OneDrive accounts**. ++ ![Screenshot showing the Review and finish page for OneDrive.](../media/m365-backup/backup-onedrive-review-finish.png) ++# [SharePoint](#tab/sharepoint) ++Follow these steps to restore data backed up for SharePoint. ++1. In the Microsoft 365 admin center, on the **Microsoft 365 Backup** page, in the **SharePoint** section, select **Restore**. ++2. On the **Select type of content** page, you'll see **SharePoint site content** preselected. Select **Next**. ++ ![Screenshot showing the Select type of content page with SharePoint site content selected.](../media/m365-backup/backup-sharepoint-select-type.png) ++3. From the list of backed up SharePoint sites, select the sites to restore, and then select **Next**. ++4. On the **Select the date and time** page, select the date and time from which you want to restore the content. ++ ![Screenshot showing the Select the date and time page for SharePoint.](../media/m365-backup/backup-sharepoint-select-date-time.png) ++ Choose a recommended restore point from **Select a faster restore point**, which will offer a faster restore compared to standard restore points. ++ ![Screenshot showing the Select a faster restore point option for SharePoint.](../media/m365-backup/backup-sharepoint-select-faster-restore.png) ++ Backup will restore the closest backed up content *before* the specified date and time. Select **Next**. ++ For example, assume backup is taken October 2, 2023 8:00 AM and October 2, 2023 10:00 AM PST. If you select date and time as October 2, 2023, 9:00 AM PST, Microsoft 365 Backup will restore the site and its content to the state present on October 2, 2023 8:00 AM PST. ++5. On the **Confirm restore points** page, you'll be presented with a list of available express restore points that will restore with better performance than non-express restore points. We highly recommend that you choose an express restore point all else equal. ++ ![Screenshot showing the Confirm restore points page for SharePoint.](../media/m365-backup/backup-sharepoint-confirm-restore.png) ++6. Confirm the restore point in time to which the data will be restored from backup. If the restore point is correct, select **Next**. ++7. On the **Select another backup** panel, choose another backup for the site selected, if needed. ++ ![Screenshot showing the Select another backup panel for SharePoint.](../media/m365-backup/backup-sharepoint-select-another-backup.png) ++8. On the **Set destination** page, selected SharePoint sites can be restored by choosing either the **Restore to the original OneDrive accounts** or **Create new SharePoint site and restore to there** option. ++ ![Screenshot showing the Select destination page and options for SharePoint.](../media/m365-backup/backup-sharepoint-set-destination.png) ++ a. **Restore to original sites** option + - The entire original site is replaced by the backed-up version chosen based on the restore point. + - File and folder permissions and all metadata state are also reverted to the selected date and time. ++ b. **Create new SharePoint site and restore to there** option + - The entire site will restore to a new SharePoint site where you can then copy or move data into the original site or a different site to create a roll-forward type of restore and avoid overwriting currently healthy data. ++9. On the **Review and Finish** page, you're asked to review and finish your choices. If everything looks as you want it, select **Restore sites**. ++ ![Screenshot showing the Review and finish page for SharePoint.](../media/m365-backup/backup-sharepoint-review-finish.png) + ++# [Exchange](#tab/exchange) ++<!Once you have set up protection policies for your mailboxes, you might need to restore the data in case of an accidental deletion, ransomware attack, or other event. The Restore feature in Microsoft 365 Backup is created to help you restore backed up data. Exchange restores will only restore modified or deleted items. Any item that is unaffected in the visible folder structure will remain intact.> ++Follow these steps to restore data backed up for Exchange. ++1. In the Microsoft 365 admin center, on the **Microsoft 365 Backup** page, in the **Exchange** section, select **Restore**. ++2. On the **Select type of content** page, you'll see **Exchange mailbox content (emails, notes, contacts, calendars, and tasks)** preselected. Select **Next**. Note that calendar restores aren't supported during the preview. ++3. From the list of backed up Exchange accounts, select the accounts to restore, and then select **Next**. ++4. On the **Content scope** page, you'll see two options to choose from: ++ - [Option 1: All emails, notes, contacts, calendars, and tasks](#option-1-all-emails-notes-contacts-calendars-and-tasks) + - [Option 2: Selected content only](#option-2-selected-content-only) ++### Option 1: All emails, notes, contacts, calendars, and tasks ++1. Use this option to perform a full mailbox restore, On the **Content scope** page, the **All emails, notes, contacts, calendars, and tasks** option lets you restore all emails, notes, contacts, and tasks, and modified calendar items for that user account. Select the last known good (LKG) date and time from which you want to restore the content. Make sure that the time zone in the dropdown menu reflects your intention, and select **Next**. ++ ![Screenshot showing the Content scope page with the All emails, notes, contacts, calendars, and tasks option selected.](../media/m365-backup/backup-exchange-content-scope-all.png) ++ For example, the last time the end user remembers seeing their mailbox in a "good state" was October 2, 2023 8:00 AM. However, on October 2, 2023 9:00 AM they saw all of their emails were encrypted (possible ransomware attack), choose the last known good time as October 2, 2023 8:00 AM. ++2. Now you're asked to confirm the restore point in time to which the data will be restored from backup. The page informs you whether there are any backups to restore from the LKG time chosen. If you see no errors, you can proceed. If there are errors, you have the option to choose another LKG time. Select **Next**. ++3. The destination of restored items can be chosen from two options, then select **Next**. ++ a. **Restore to a new folder** where the content will be restored to a newly created folder named *Restored Items YYYY-DD-MM, HH:MM*. ++ b. **Restore in place** where current version of the item will be overwritten by the restored content. ++4. On the **Review and Finish** page, you'll now be asked to review and finish all your choices. If everything looks as you want it, select **Restore user mailboxes**. ++5. Track the progress of your newly created task on the **Restoration tasks** tab. ++### Option 2: Selected content only ++1. Use this option to perform a partial mailbox restore. On the **Content scope** page, the **Selected content only** option gives the admin the ability to do a granular restore (not full mailbox restore). ++ ![Screenshot showing the Content scope page with the Selected content only option selected.](../media/m365-backup/backup-exchange-content-scope-selected.png) ++ The search for items is based on four options: ++ - Sender + - Recipient + - Has attachment + - Keywords ++ Choose the time period, then filter and value that you want to do a granular search on to find matching items. + +2. Now you're asked to confirm the restore point in time to which the data will be restored from backup. If the restore point is what you want, select **Next**. ++3. The destination of restored items can be chosen from two options, then select **Next**. ++ a. **Restore to a new folder** where the content will be restored to a newly created folder named *Recovered Items YYYY-MM-DD, HH:MM*. ++ Example: ++ ![Screenshot showing an example of newly create folder where content has been restored.](../media/m365-backup/backup-restore-to-new-folder.png) ++ b. **Restore in place** where the current version of the item will be overwritten by the restored content. ++4. On the **Review and Finish** page, you'll now be asked to review and finish all your choices. If everything looks as you want it, select **Restore user mailboxes**. ++5. Track the progress of your newly created task on the **Restoration tasks** tab. ++### States of backup ++|States |Definition | +||| +|Active | Protection scope selected under backup policy is being actively backed up. | +|Paused | No further backups will be taken but already taken backups will be preserved. | +|Not set up | No backup policy is set up for this scope. | +|Processing | A change to backup policy or a restore is in progress. | ++ |
backup | Backup Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-setup.md | + + Title: Set up Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn how to set up and configure Microsoft 365 Backup and backup policies. +++# Set up Microsoft 365 Backup (Preview) ++> [!NOTE] +> Microsoft 365 Backup (Preview) is now available worldwide in all commercial cloud environments. General availability is expected to be mid-2024. This preview feature is subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md). ++Get started with Microsoft 365 Backup by following these simple three steps in the Microsoft 365 admin center. ++![Diagram showing the three-step setup process for Microsoft 365 Backup.](../media/m365-backup/backup-setup-diagram.png) ++<!<insert how-to Affirma video ΓÇô https://aka.ms/M365Backup-how-to-video> > ++## Step 1: Set up pay-as-you-go billing ++Microsoft 365 Backup is a pay-as-you-go offering that charges based on consumption, unlike traditional seat-based licenses. To set up pay-as-you-go for Microsoft 365 Backup, you will need to have this information: ++> [!div class="checklist"] +> * **Valid Azure subscription**. An Azure subscription provides a logical container for your resources. Each Azure resource is associated with only one subscription. Creating a subscription is the first step in adopting Azure. To learn more about Azure, see [Azure fundamental concepts](/azure/cloud-adoption-framework/ready/considerations/fundamental-concepts). +> * **Resource group**. A resource group provides a logical grouping of resources within an Azure subscription. +> * **Region**. The region in which you want to register the service. +> * **Owner or contributor**. Name of an owner or contributor role on the Azure subscription. ++Once you have the information on this list, you are ready to [set up pay-as-you-go billing for Microsoft 365 Backup](backup-billing.md). ++<!To set up pay-as-you-go billing, follow the steps in [Configure Microsoft Syntex for pay-as-you-go billing](../syntex-azure-billing.md).> ++### Permissions ++You must have Global admin or SharePoint admin permissions to access the Microsoft 365 admin center and set up Microsoft 365 Backup. ++## Step 2: Turn on Microsoft 365 Backup ++To turn on Microsoft 365 Backup, you'll need to go to the Microsoft 365 admin center. ++1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). ++2. Select **Setup**. ++3. On the **Setup** page, in the **Files and content** section, select **Use content AI with Microsoft Syntex**. ++4. On the **Use content AI with Microsoft Syntex** page, select **Manage Microsoft Syntex**. ++5. From the list of products, select **Backup Preview**. ++6. By default, the feature is turned off. Select **Turn on** to enable Microsoft 365 Backup for your organization. ++7. Review the applicable [terms of service for Microsoft 365 Backup](backup-preview-terms.md) and select **Confirm**. ++ ![Screenshot of the Turn on Backup panel and the Confirm button.](../media/m365-backup/backup-setup-turn-on.png) +<! +8. Select **Go to Microsoft 365 Backup** to start setting up Microsoft 365 Backup on OneDrive, SharePoint, or Exchange. ++ ![Screenshot of the Microsoft 365 Backup page showing SharePoint, Exchange, and OneDrive.](../../media/content-understanding/backup-setup-backup-page.png) +> ++## Step 3: Create backup policies to protect your data ++Now that you have enabled Microsoft 365 Backup for your organization, follow through to create policies and start protecting your content. ++1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). ++2. Select **Settings**. ++3. Select **Microsoft 365 Backup** from the list of products. ++ ![Screenshot of the Microsoft 365 admin center panel showing Settings and Microsoft 365 Backup.](../media/m365-backup/backup-setup-admin-center-panel.png) ++### Set up backup policies for OneDrive, SharePoint, and Exchange ++To use Microsoft 365 Backup for OneDrive, SharePoint, or Exchange, you need to create a backup policy for each product. A *policy* represents the backup plan defined by admins for protecting the Microsoft 365 data of an organization. ++A policy contains details of what data (OneDrive accounts, SharePoint sites, and Exchange mailboxes) to protect. Although you see the retention period and backup frequency (which defines the restore point objective), those settings aren't currently variable or modifiable. ++Select the **OneDrive**, **SharePoint**, or **Exchange** tab for steps to create a backup policy for that product. ++# [OneDrive](#tab/onedrive) ++Follow these steps to set up a backup policy for OneDrive accounts using Microsoft 365 Backup. ++1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). ++2. Select **Settings**. ++3. Select **Microsoft 365 Backup** from the list of products. ++4. On the **Microsoft 365 Backup** page, in the **OneDrive** section, select **Set up policy**. ++ ![Screenshot of the Microsoft 365 Backup page with OneDrive highlighted.](../media/m365-backup/backup-setup-backup-page-onedrive.png) ++5. On the **Overview** page, review the backup features for OneDrive, and then select **Next**. ++ ![Screenshot of the Overview page for OneDrive.](../media/m365-backup/backup-overview-page-onedrive.png) ++6. On the **Protection scope** page, you can set up OneDrive user accounts using any or all three ways. A protection scope is the scope of user accounts within OneDrive that you want to protect with Microsoft 365 Backup. ++ ![Screenshot of the Protection scope page for OneDrive with the options highlighted.](../media/m365-backup/backup-protection-scope-onedrive.png) ++ a. Under **Add via search**, select **Choose accounts** to see user accounts that can be added via search. On the **Search and select accounts** panel, select the accounts you want to add to the policy. ++ ![Screenshot of the Search and select accounts panel on the Protection scope page for OneDrive.](../media/m365-backup/backup-protection-add-search-onedrive.png) ++ b. Under **Add via**, select **Distribution lists** or **Security groups**, or both. The distribution list and security group are flattened when added, meaning the policy won't update dynamically if the groups or distribution list are updated later. ++ ![Screenshot of the Add via Distribution lists and Security groups on the Protection scope page for OneDrive.](../media/m365-backup/backup-protection-add-dl-sg-onedrive.png) ++ c. Under **Import from file**, select **Upload CSV** to import user account details via CSV upload. ++ ![Screenshot of the Import from file section on the Protection scope page for OneDrive.](../media/m365-backup/backup-protection-import-file-onedrive.png) ++8. On the **Review OneDrive backup policy** page, review the information to make sure it's how you want it, and then select **Create policy** (or **Update policy** if it's an update). ++9. The backup policy for OneDrive is created. ++ ![Screenshot of the OneDrive backup policy created page.](../media/m365-backup/backup-policy-created-onedrive.png) ++# [SharePoint](#tab/sharepoint) ++Follow these steps to set up a backup policy for SharePoint sites using Microsoft 365 Backup. ++1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). ++2. Select **Settings**. ++3. Select **Microsoft 365 Backup** from the list of products. ++4. On the **Microsoft 365 Backup** page, in the **SharePoint** section, select **Set up policy**. ++ ![Screenshot of the Microsoft 365 Backup page with SharePoint highlighted.](../media/m365-backup/backup-setup-backup-page-sharepoint.png) ++5. On the **Overview** page, review the backup features for SharePoint, and then select **Next**. ++ ![Screenshot of the Overview page for SharePoint.](../media/m365-backup/backup-overview-page-sharepoint.png) ++6. On the **Protection scope** page, you can set up SharePoint sites by choosing to back up individual sites or collection of sites. A protection scope is the scope of sites within SharePoint that you want to protect with Microsoft 365 Backup. ++ ![Screenshot of the Protection scope page for SharePoint with the options highlighted.](../media/m365-backup/backup-protection-scope-sharepoint.png) ++ a. Under **Add via search**, select **Choose sites** to see the individual sites or site collections that can be added via search. On the **Search and select sites** panel, select the sites you want to add to the policy. ++ ![Screenshot of the Search and select sites panel on the Protection scope page for SharePoint.](../media/m365-backup/backup-protection-add-search-sharepoint.png) ++ b. Under **Add via**, select **Distribution lists** or **Security groups**, or both. The distribution list and security group are flattened when added, meaning the policy won't update dynamically if the groups or distribution list are updated later. ++ c. Under **Import from file**, select **Upload CSV** to import user account details via CSV upload. ++ ![Screenshot of the Import from file section on the Protection scope page for SharePoint.](../media/m365-backup/backup-protection-import-file-sharepoint.png) ++7. Once you've made the right selections, select **Next** to create the backup policy for SharePoint. ++8. On the **Review SharePoint backup policy** page, review the information to make sure it's how you want it, and then select **Create policy** (or **Update policy** if it's an update). ++ ![Screenshot of the Review SharePoint backup policy page.](../media/m365-backup/backup-policy-review-policy-sharepoint.png) ++9. The backup policy for SharePoint is created. ++ ![Screenshot of the SharePoint backup policy created page.](../media/m365-backup/backup-policy-created-sharepoint.png) ++# [Exchange](#tab/exchange) ++Follow these steps to set up a backup policy for Exchange mailboxes sites using Microsoft 365 Backup. Ensure that Microsoft 365 Backup is [enabled for your tenant](#step-2-turn-on-microsoft-365-backup). ++1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). ++2. Select **Settings**. ++3. Select **Microsoft 365 Backup** from the list of products. ++4. On the **Microsoft 365 Backup** page, in the **Exchange** section, select **Set up policy**. ++ ![Screenshot of the Microsoft 365 Backup page with Exchange highlighted.](../media/m365-backup/backup-setup-backup-page-exchange.png) ++5. On the **Overview** page, review and verify the backup policy attributes for Exchange, such as backup frequency, backup retention, cost details, and then select **Next**. ++ ![Screenshot of the Overview page for Exchange.](../media/m365-backup/backup-overview-page-exchange.png) ++6. On the **Protection scope** page, choose the scope of protection for the mailbox policy. Microsoft 365 Backup for Exchange allows the addition of mailboxes in three ways. ++ ![Screenshot of the Protection scope page for Exchange.](../media/m365-backup/backup-protection-scope-exchange.png) ++ a. Under **Add via search**, select **Choose user mailboxes** to see the mailboxes that can be added via search. On the **Search and select mailboxes** panel, select the mailboxes you want to add to the policy. ++ ![Screenshot of the Search and select mailboxes panel on the Protection scope page for Exchange.](../media/m365-backup/backup-protection-add-search-exchange.png) ++ b. Under **Add via**, select **Distribution lists** or **Security groups**, or both. The distribution list and security group are flattened when added, meaning the policy won't update dynamically if the groups or distribution list are updated later. ++ ![Screenshot of the Add via Distribution lists and Security groups on the Protection scope page for Exchange.](../media/m365-backup/backup-protection-add-dl-sg-exchange.png) ++ c. Under **Import from file**, select **Upload CSV** to import user account details via CSV upload. ++ ![Screenshot of the Import from file section on the Protection scope page for Exchange.](../media/m365-backup/backup-protection-import-file-exchange.png) ++7. Once you've made the right selections, select **Next** to create the backup policy for Exchange. ++8. On the **Review Exchange backup policy** page, review the information to make sure it's how you want it, and then select **Create policy** (or **Update policy** if it's an update). ++ ![Screenshot of the Review Exchange backup policy page.](../media/m365-backup/backup-policy-review-policy-exchange.png) ++9. Wait for status of your policy to show as **Active** in the home screen. This might take between 15 and 60 minutes. The backup policy for Exchange is created. Select **View scope** at any time to verify the details. ++ ![Screenshot of the Exchange backup policy created page.](../media/m365-backup/backup-policy-created-exchange.png) ++++## Admin roles and backup management privileges ++Only tenant-level admins can create and manage backups using Microsoft 365 Backup for their users. End users don't have the ability to enable backup or restores for their user account, distribution lists, mailboxes, or sites. ItΓÇÖs important to note that your admin role determines which products you can manage with Microsoft 365 Backup. In the future, we might introduce a Backup admin role that can control the entire tool. ++|Admin role |OneDrive |SharePoint |Exchange | +||||| +|Global admin | Γ£ô | Γ£ô | Γ£ô | +|SharePoint admin | Γ£ô | Γ£ô | | +|Exchange admin | | | Γ£ô | ++## Glossary ++- **Protection units** ΓÇô SharePoint sites, OneDrive accounts, or Exchange Online mailboxes backed up by the Microsoft 365 Backup tool. ++- **Restore point** ΓÇô A prior point in time from which you can restore a version of your content and metadata. If the protection unit from a prior point in time is identical to the present state of your data, then a restore from that point will have no impact on your current data. ++- **RPO** ΓÇô Recovery point objective, or how close in time the most recent restore point is to an impacting event. ++- **RTO** ΓÇô Recovery time objective, or how fast a restore to a prior point in time can complete. |
backup | Backup View Edit Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-view-edit-policies.md | + + Title: View and edit backup policies in Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 04/11/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn how to view and edit backup policies in Microsoft 365 Backup. +++# View and edit backup policies in Microsoft 365 Backup (Preview) ++> [!NOTE] +> This feature is currently in preview and subject to change. ++You can edit the scope of OneDrive accounts, SharePoint sites, and Exchange mailboxes associated with a backup policy. As part of edit, you can either add new accounts, sites, or mailboxes to or remove them from backup. Removing accounts, sites, and mailboxes from Microsoft 365 Backup doesn't mean existing backups will be deleted, rather it means additional backups will not be taken. ++Select the **OneDrive**, **SharePoint**, or **Exchange** tab for steps to view and edit backup policies for that product. ++# [OneDrive](#tab/onedrive) ++Follow these steps to view and edit backup policies for OneDrive. ++1. In the Microsoft 365 admin center, on the **Microsoft 365 Backup** page, in the **OneDrive** section, select **Edit scope**. ++ ![Screenshot showing the view and edit backup policy for OneDrive in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-onedrive.png) ++2. On the **OneDrive accounts backup policy** panel, on the **Policy details** tab, select **Edit scope**. ++3. You can either add new accounts to or remove accounts from an existing OneDrive backup policy. ++ a. To add new accounts, on the **Backed up accounts** tab, select **+ Add accounts**. ++ b. Select the accounts from the list. Once you have added accounts to the list, follow the prompts to update the policy. ++ ![Screenshot showing how to add user accounts to the existing OneDrive backup policy in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-add-account.png) ++ c. To remove accounts from existing backup policy, on the **Backed up accounts** tab, select the accounts from the list, and then select **Remove**. Once you have done your changes, follow the prompts to remove the accounts. ++ ![Screenshot showing how to remove user accounts from OneDrive backup policy in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-remove-account.png) ++4. Once you have done your changes, follow the prompts to update the policy. ++ ![Screenshot of the updated OneDrive accounts backup policy panel in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-updated-account.png) ++> [!NOTE] +> Removing accounts from backup policy means no future backups will be taken for those removed accounts. Existing backups for those accounts will not be deleted. ++# [SharePoint](#tab/sharepoint) ++Follow these steps to view and edit backup policies in SharePoint. ++1. In the Microsoft 365 admin center, on the **Microsoft 365 Backup** page, in the **SharePoint** section, select **Edit scope**. ++ ![Screenshot showing the view and edit backup policy for SharePoint in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-sharepoint.png) ++2. On the **SharePoint sites backup policy** panel, on the **Policy details** tab, select **Edit scope**. ++3. You can either add new sites to or remove sites from an existing SharePoint backup policy. ++ a. To add new sites, on the **Backed up sites** tab, select **+ Add sites**. ++ b. Select sites by any method as discussed in the creation section. Once you have added sites to the list, follow the prompts to update the policy. ++ ![Screenshot showing how to add sites to the existing SharePoint backup policy in the Microsoft 365 admin center.](../media/m365-backup/backup-sharepoint-add-site.png) ++ c. To remove sites from existing SharePoint backup policy, on the **Backed up sites** tab,select the relevant sites, and then select **Remove**. Once you have done your changes, follow the prompts to remove the sites. ++ ![Screenshot showing how to remove sites from SharePoint backup policy in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-remove-site.png) ++4. Once you have done your changes, follow the prompts to update the policy. ++ ![Screenshot of the updated SharePoint sites backup policy panel in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-updated-sites.png) ++> [!NOTE] +> Removing sites from backup policy means no future backups will be taken for those removed sites. Existing backups for the removed sites will not be deleted. ++# [Exchange](#tab/exchange) ++Follow these steps to view and edit backup policies for Exchange. ++1. In the Microsoft 365 admin center, on the **Microsoft 365 Backup** page, in the **Exchange** section, select **Edit scope**. ++ ![Screenshot showing the view and edit backup policy for Exchange in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-exchange.png) ++2. On the **Exchange mailbox backup policy** panel, on the **Policy details** tab, select **Edit scope**. ++3. You can either add new user mailboxes to or remove user mailboxes from the existing Exchange backup policy. ++ a. To add new user mailboxes, select **+ Add user mailboxes**. ++ ![Screenshot showing how to add mailboxes to the existing Exchange backup policy in the Microsoft 365 admin center.](../media/m365-backup/backup-exchange-add-mailbox.png) ++ b. To remove user mailboxes from existing backup policy, on the **Backed up sites** tab, select the user mailboxes from the list, and select **Remove**. ++ ![Screenshot showing how to remove user mailboxes from Exchange backup policy in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-remove-mailbox.png) ++4. Once you have done your changes, follow the prompts to update the policy. ++ ![Screenshot of the updated Exchange mailbox backup policy panel in the Microsoft 365 admin center.](../media/m365-backup/backup-policy-updated-mailbox.png) ++> [!NOTE] +> Removing mailboxes from backup policy means no future backups will be taken for those removed mailboxes. Existing backups for those mailboxes will not be deleted. ++ |
commerce | Product Key Errors And Solutions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/product-key-errors-and-solutions.md | If there's an error message when you try to redeem a product key for **Microsoft | Error message when you enter your product key... | Try this... | |--|-| | "Sorry, this is an invalid product key. Try entering it again. If your product key is for Microsoft 365 Personal or Microsoft 365 Family, redeem it at office.com/setup." <br/><br/>If you're using Office 365 Solo in Japan: "Sorry, this is an invalid product key. Try entering it again. If your product key is for Office 365 Solo, redeem it at office.com/setup." | If you're setting up [Microsoft 365 Family or Personal](https://support.microsoft.com/office/28cbc8cf-1332-4f04-9123-9b660abb629e), you need to redeem your product key at [https://setup.microsoft365.com](https://setup.microsoft365.com). Otherwise, for business customers, carefully check the numbers and characters you're entering. |-| "The product key you entered isn't valid. Try entering it again." Or "This product key isn't valid. Please enter a different product key." | Carefully check the numbers and characters you're entering. Mistakes can be made with 0 and o, 5 and S, l and I, and so on. If the issue persists, contact the reseller where you bought your product key. | +| "The product key you entered isn't valid. Try entering it again." Or "This product key isn't valid. Enter a different product key." | Carefully check the numbers and characters you're entering. Mistakes can be made with 0 and o, 5 and S, l and I, and so on. If the issue persists, contact the reseller where you bought your product key. | | "You have already entered this product key. Enter a different key." | Check the product keys you already entered to see if the key was added. If you're renewing a subscription using a product key, you must use a new and unused product key. <br/><br/>Need to buy a new key? Visit a reseller, orΓÇöif you're working with a partnerΓÇöcontact your partner. <br/><br/>If the issue persists, [contact support](../admin/get-help-support.md). If you're working with a partner, contact your partner for product key support. | | "The product key you entered has expired. Enter a different key." | You must use a new and unused product key to renew a current subscription or activate a new subscription.<br/><br/>Need to buy a new key? Visit a reseller, orΓÇöif you're working with a partnerΓÇöcontact your partner. |-| "This product key has already been used. Please enter a different product key." | Verify that the key hasn't already been used by you or a member of your organization. If the key hasn't already been used, contact your partner or the reseller where you bought the product key. | -| "Sorry, we can't process your request right now. Please wait a few minutes and try again." | If subsequent attempts result in the same error message for more than 15 minutes, [contact support](../admin/get-help-support.md). | -| "The requested subscription is not available. One of the following reasons could have caused this: The offer is not available - The service is not available in your country/region - It is impossible to use/select the same trial twice. If the issue persists, contact Microsoft support." | [Contact support](../admin/get-help-support.md)[contact support](../admin/get-help-support.md). If you're working with a partner, contact your partner for support. | +| "This product key has already been used. Enter a different product key." | Verify that the key hasn't already been used by you or a member of your organization. If the key hasn't already been used, contact your partner or the reseller where you bought the product key. | +| "Sorry, we can't process your request right now. Wait a few minutes and try again." | If subsequent attempts result in the same error message for more than 15 minutes, [contact support](../admin/get-help-support.md). | +| "The requested subscription isn't available. One of the following reasons could have caused this: The offer isn't available - The service isn't available in your country/region - It's impossible to use/select the same trial twice. If the issue persists, contact Microsoft support." | [Contact support](../admin/get-help-support.md)[contact support](../admin/get-help-support.md). If you're working with a partner, contact your partner for support. | | "You've added more user licenses than this offer allows. The maximum is \<x\> user licenses. Remove this product key and enter one that adds fewer user licenses." | Contact your reseller or partner. You bought more licenses than can be used with this Microsoft 365 subscription. | | "You must be a global or billing admin to redeem a product key." | Be sure your permissions are set as either billing or global admin. To verify this, [Sign in to Microsoft 365](https://support.microsoft.com/office/e9eb7d51-5430-4929-91ab-6157c5a050b4) with your work or school account and go to the admin center. <br/><br/>In the admin center, select **Users** \> **Active users**. In **Filters**, choose **Global admins** or **Billing admins**. <br/><br/>Ensure that you're listed in the results. | |
enterprise | Enabling SP Multigeo Satellite Geolocation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/Enabling-SP-MultiGeo-satellite-geolocation.md | description: This article provides information for Global or SharePoint admins a # Enabling SharePoint Multi-Geo in your satellite geo location -This article is for Global or SharePoint administrators who have created a Multi-Geo satellite location **before** SharePoint Multi-Geo capabilities became generally available on March 27, 2019, and who have not enabled SharePoint Multi-Geo in their satellite geo location(s). +This article is for Global or SharePoint administrators who created a Multi-Geo satellite location **before** SharePoint Multi-Geo capabilities became generally available on March 27, 2019, and who didn't enable SharePoint Multi-Geo in their satellite geo locations. >[!Note] >If you have added a new geo location **after March 27th, 2019**, you do not need to perform these instructions, as your new geo location will already be enabled for OneDrive and SharePoint Multi-Geo. -These instructions will allow you to enable SharePoint in your satellite location, so your Multi-Geo satellite users can take advantage of both OneDrive and SharePoint Multi-Geo capabilities in O365. +These instructions allow you to enable SharePoint in your satellite location, so your Multi-Geo satellite users can take advantage of both OneDrive and SharePoint Multi-Geo capabilities in O365. >[!IMPORTANT] >Please note that this is a one way enablement. Once you set SPO mode, you will not be able to revert your tenant to OneDrive only Multi-Geo mode without an escalation with support. To set a geo location into SPO mode, connect to the geo location you want to set 2. Connect-SPOService -URL "https://$tenantGeo-admin.sharepoint.com" -Credential $credential 3. Set-SPOMultiGeoExperience</br></br> ![Set-SPOMultiGeoExperience.](../media/Set-SPO-MultiGeo.jpg)-4. This operation usually takes about an hour while we perform various publish backs in the service and re-stamp your tenant. After at least 1 hour, please perform a Get-SPOMultiGeoExperience. This will show you whether this geo location is in SPO mode.</br></br> +4. This operation usually takes about an hour while we perform various publish backs in the service and re-stamp your tenant. After at least 1 hour, perform a Get-SPOMultiGeoExperience. This shows you whether this geo location is in SPO mode.</br></br> ![Image of Set-SPOMultiGeoExperience.](../media/Get-SPO-MultiGeo.jpg) >[!Note] >Certain caches in the service update every 24 hours, so it is possible that for a period of up to 24 hours, your satellite geo may intermittently behave as if it was still in ODB mode. This does not cause any technical issues. -For additional information regarding SharePoint Multi-Geo, please refer to [aka.ms/sharepointmultigeo](multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md) +For additional information regarding SharePoint Multi-Geo, refer to [aka.ms/sharepointmultigeo](multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md) |
enterprise | Additional Network Security Requirements For Office 365 Gcchigh And Dod | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/additional-network-security-requirements-for-office-365-gcchigh-and-dod.md | Title: "Additional network security requirements for Office 365 GCC High and DoD" + Title: "Additional network security requirements for Office 365 Government Community Cloud (GCC) High and DoD" search.appverid: - OGD150 - MOE150 ms.assetid: -description: "Summary: Office 365 GCC High and DoD have additional network security requirements" +description: "Summary: Office 365 GCC High and DoD have extra network security requirements." hideEdit: true hideEdit: true *This article applies to Office 365 GCC High, Office 365 DOD, Microsoft 365 GCC High, and Microsoft 365 DOD.* -Office 365 GCC High and DOD are secure cloud environments to meet the needs of the United States Government and its suppliers and contractors. These cloud environments have additional network restrictions on which external endpoints the services are permitted to access. +Office 365 GCC High and DOD are secure cloud environments to meet the needs of the United States Government and its suppliers and contractors. These cloud environments have extra network restrictions on which external endpoints the services are permitted to access. -GCC High and DOD customers planning to use federated identities or hybrid coexistence may require Microsoft to permit inbound and/or outbound access to your existing on-premises deployments. Examples of these activities include: +GCC High and DOD customers planning to use federated identities or hybrid coexistence might require Microsoft to permit inbound and/or outbound access to your existing on-premises deployments. Examples of these activities include: -* Use of federated identities (with Active Directory Federation Services or similar supported STS) +* Use of federated identities (with Active Directory Federation Services or similar supported Security token service (STS)) * Hybrid coexistence with an on-premises Exchange Server or Skype for Business deployment * Migration of existing user content from an on-premises system Send an email to [Office 365 Government Allow-List Requests](mailto:o365gwlt@mic The body of your message should include the following data: * Your Microsoft Online Services tenant name (for example, contoso.onmicrosoft.com, fabrikam.onmicrosoft.us)-* An email distribution list that Microsoft will communicate with for on-going communications related to network changes and/or follow up for invalid subnets +* An email distribution list that Microsoft communicates with for on-going communications related to network changes and/or follow up for invalid subnets * Indicate whether you plan to use Microsoft Teams hybrid coexistence with your on-premises deployments-* Federated identity system externally accessible URL (for example, sts.contoso.com) and IP address range in CIDR notation (for example,. 10.1.1.0/28) -* On-Premises PKI Certificate Revocation List URL and IP address range in CIDR notation +* Federated identity system externally accessible URL (for example, sts.contoso.com) and IP address range in CIDR (Classless Inter-Domain Routing) notation (for example, 10.1.1.0/28) +* On-Premises public key infrastructure (PKI) Certificate Revocation List URL and IP address range in CIDR notation * Externally accessible URL and IP address range for Exchange Server on-premises deployment in CIDR notation * Externally accessible URL and IP address range for Skype for Business on-premises deployment in CIDR notation For security and compliance reasons, keep in mind the following restrictions on * Subnet ranges canΓÇÖt be larger than /24 * We **cannot** accommodate requests to allow access to commercial cloud services (commercial Office 365, Google G-Suite, Amazon Web Services, etc.) -Once your request has been received and approved by Microsoft, there's a three-week SLA for implementation and canΓÇÖt be expedited. You'll receive an initial acknowledgment when weΓÇÖve received your request and a final acknowledgment once it has been completed. +Once Microsoft receives and approves your request, there's a three-week service-level agreement (SLA) for implementation and canΓÇÖt be expedited. You receive an initial acknowledgment when we receive your request and a final acknowledgment once it's complete. |
enterprise | Administering A Multi Geo Environment | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/administering-a-multi-geo-environment.md | Title: "Service Behavior in a Multi-Geo Enabled Environment" Previously updated : 08/10/2020 Last updated : 04/10/2024 +- must-keep ms.localizationpriority: medium description: Admins can learn about how to administer SharePoint and OneDrive services in a multi-geo environment. A unified [Audit log](https://support.office.com/article/0d4d0f35-390b-4518-800e ## BCS, Secure Store, Apps -BCS, Secure Store, and Apps all have separate instances in each satellite location, therefore the SharePoint Online administrator should manage and configure these services separately from each satellite location. +BCS, Secure Store, and Apps all have separate instances in each satellite location, and therefore the SharePoint administrator should manage and configure these services separately from each satellite location. ## Compliance admin center Users' Exchange Online mailboxes are moved automatically if their PDL is changed ## Information Protection (IP) Data Loss Prevention (DLP) policy -You can set your IP DLP policies for OneDrive for Business, SharePoint Online, and Exchange Online in the Security and Compliance center, scoping policies as needed to the whole _Tenant_ or to applicable users. For example: If you wish to select a policy for a user in a satellite location, select to apply the policy to a specific OneDrive for Business and enter the user's OneDrive for Business URL. See [Overview of data loss prevention policies](https://support.office.com/article/1966b2a7-d1e2-4d92-ab61-42efbb137f5e) for general guidance in creating DLP policies. +You can set your IP DLP policies for OneDrive, SharePoint, and Exchange Online in the Security and Compliance center, scoping policies as needed to the whole _Tenant_ or to applicable users. For example: If you wish to select a policy for a user in a satellite location, select to apply the policy to a specific OneDrive and enter the user's OneDrive URL. See [Overview of data loss prevention policies](https://support.office.com/article/1966b2a7-d1e2-4d92-ab61-42efbb137f5e) for general guidance in creating DLP policies. The DLP policies are automatically synchronized based on their applicability to each geo location. Power Apps created for the satellite location will use the end point located in ## Microsoft Power Automate -Flows created for the satellite location will use the end point located in the default geo location for the _Tenant_. Microsoft Power Automate isn't a Multi-Geo service. +Flows created for the satellite location will use the end point located in the default geo location for the _Tenant_. Microsoft Power Automate isn't a Multi-Geo service. -## SharePoint Online storage quota +## SharePoint storage quota -By default, all geo locations of a multi-geo environment share the available _Tenant_ storage quota. You can also manage the storage quota by allocating a specific quota for a particular geo location. For more information, see [SharePoint storage quotas in multi-geo environments](sharepoint-multi-geo-storage-quota.md). +By default, all geo locations of a multi-geo environment share the available _Tenant_ storage quota. You can also manage the storage quota by allocating a specific quota for a particular geo location. For more information, see [SharePoint storage quotas in multi-geo environments](sharepoint-multi-geo-storage-quota.md). ## Sharing -Administrators can set and manage sharing policies for each of their locations. The OneDrive for Business and SharePoint Online sites in each geo location will honor only the corresponding geo-specific sharing settings. (For example, you can allow [external sharing](https://support.office.com/article/C8A462EB-0723-4B0B-8D0A-70FEAFE4BE85) for your central location, but not for your satellite location or vice versa.) Note that the sharing settings don't allow configuring sharing limitations between geo locations. +Administrators can set and manage sharing policies for each of their locations. The OneDrive and SharePoint sites in each geo location will honor only the corresponding geo-specific sharing settings. (For example, you can allow [external sharing](https://support.office.com/article/C8A462EB-0723-4B0B-8D0A-70FEAFE4BE85) for your central location, but not for your satellite location or vice versa.) Note that the sharing settings don't allow configuring sharing limitations between geo locations. ## Microsoft Stream -Videos uploaded to Microsoft Stream in a 1:1 chat are stored in the OneDrive for Business of the person uploading. Meeting recordings are stored in the OneDrive for Business of each attendee who records the meeting. +Videos uploaded to Microsoft Stream in a 1:1 chat are stored in the OneDrive of the person uploading. Meeting recordings are stored in the OneDrive of each attendee who records the meeting. ## Taxonomy See [Work with user profiles in a Multi-Geo tenant](/sharepoint/dev/solution-gui ## Viva Engage -Viva Engage is not a Multi-Geo workload. Viva Engage threads stored in Viva Engage will be placed in the _Tenant's_ central location. Viva Engage is rolling out a file storage change which will store Viva Engage files within SharePoint. Viva Engage files stored in SharePoint will be placed the SharePoint site associated with the Viva Engage group. SharePoint group sites are based on PDL logic as outlined in [SharePoint Sites and Groups](multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md#sharepoint-sites-and-groups). +Viva Engage isn't a Multi-Geo workload. Viva Engage threads stored in Viva Engage will be placed in the _Tenant's_ central location. Viva Engage is rolling out a file storage change which will store Viva Engage files within SharePoint. Viva Engage files stored in SharePoint will be placed the SharePoint site associated with the Viva Engage group. SharePoint group sites are based on PDL logic as outlined in [SharePoint Sites and Groups](multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md#sharepoint-sites-and-groups). |
enterprise | Assign Per User Skype For Business Online Policies With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-per-user-skype-for-business-online-policies-with-microsoft-365-powershell.md | How do you determine which external access policy to assign Alex? The following Get-CsExternalAccessPolicy -Include All| Where-Object {$_.EnableFederationAccess -eq $True -and $_.EnablePublicCloudAccess -eq $False} ``` -Unless you have created any custom instances of ExternalAccessPolicy, that command returns one policy that meets our criteria (FederationOnly). Here is an example: +Unless you have created any custom instances of ExternalAccessPolicy, that command returns one policy that meets our criteria (FederationOnly). Here's an example: ```powershell Identity : Tag:FederationOnly EnablePublicCloudAudioVideoAccess : False EnableOutsideAccess : True ``` -Now that you know which policy to assign to Alex, we can assign that policy by using the [Grant-CsExternalAccessPolicy](/powershell/module/skype/Get-CsExternalAccessPolicy) cmdlet. Here is an example: +Now that you know which policy to assign to Alex, we can assign that policy by using the [Grant-CsExternalAccessPolicy](/powershell/module/skype/Get-CsExternalAccessPolicy) cmdlet. Here's an example: ```powershell Grant-CsExternalAccessPolicy -Identity "Alex Darrow" -PolicyName "FederationOnly" ``` -Assigning a policy is pretty simple: you simply specify the Identity of the user and the name of the policy to be assigned. +Assigning a policy is simple: you can specify the Identity of the user and the name of the policy to be assigned. -And when it comes to policies and policy assignments, you're not limited to working with user accounts one a time. For example, suppose you need a list of all the users who are allowed to communicate with federated partners and with Windows Live users. We already know that those users have been assigned the external user access policy FederationAndPICDefault. Because we know that, you can display a list of all those users by running one simple command. Here is the command: +And when it comes to policies and policy assignments, you're not limited to working with user accounts one a time. For example, suppose you need a list of all the users who are allowed to communicate with federated partners and with Windows Live users. We already know that those users have been assigned the external user access policy FederationAndPICDefault. Because we know that, you can display a list of all those users by running one simple command. Here's the command: ```powershell Get-CsOnlineUser -Filter {ExternalAccessPolicy -eq "FederationAndPICDefault"} | Select-Object DisplayName Get-CsOnlineUser | Grant-CsExternalAccessPolicy "FederationAndPICDefault" This command uses Get-CsOnlineUser to return a collection of all the users who have been enabled for Lync, then sends all that information to Grant-CsExternalAccessPolicy, which assigns the FederationAndPICDefault policy to each and every user in the collection. -As an additional example, suppose you've previously assigned Alex the FederationAndPICDefault policy and now you've changed your mind and would like him to be managed by the global external access policy. You can't explicitly assign the global policy to anyone. Instead, the global policy is used for a given user if no per-user policy is assigned to that user. Therefore, if we want Alex to be managed by the global policy, you need to *unassign* any per-user policy previously assigned to him. Here is an example command: +As an additional example, suppose you've previously assigned Alex the FederationAndPICDefault policy, and now you've changed your mind and would like him to be managed by the global external access policy. You can't explicitly assign the global policy to anyone. Instead, the global policy is used for a given user if no per-user policy is assigned to that user. Therefore, if we want Alex to be managed by the global policy, you need to *unassign* any per-user policy previously assigned to him. Here's an example command: ```powershell Grant-CsExternalAccessPolicy -Identity "Alex Darrow" -PolicyName $Null This command sets the name of the external access policy assigned to Alex to a n ## Managing large numbers of users -To manage large numbers of users (1000 or more), you need to batch the commands via a script block using the [Invoke-Command](/powershell/module/microsoft.powershell.core/invoke-command) cmdlet. In previous examples, each time a cmdlet is executed, it must set up the call and then wait for the result before sending it back. When using a script block, this allows the cmdlets to be executed remotely, and once completed, send the data back. +To manage large numbers of users (1000 or more), you need to batch the commands via a script block using the [Invoke-Command](/powershell/module/microsoft.powershell.core/invoke-command) cmdlet. In previous examples, each time a cmdlet is executed, it must set up the call and then wait for the result before sending it back. When using a script block, this allows the cmdlets to be executed remotely, and once completed, send the data back. ```powershell $s = Get-PSSession | Where-Object { ($.ComputerName -like '*.online.lync.com' -or $.Computername -eq 'api.interfaces.records.teams.microsoft.com') -and $.State -eq 'Opened' -and $.Availability -eq 'Available' } $count = 0 } ``` -This will find 500 users at a time who do not have a client policy. It will grant them the client policy "ClientPolicyNoIMURL" and the external access policy "FederationAndPicDefault". The results are batched into groups of 50 and each batch of 50 is then sent to the remote machine. +This finds 500 users at a time who don't have a client policy. It grants them the client policy "ClientPolicyNoIMURL" and the external access policy "FederationAndPicDefault". The results are batched into groups of 50 and each batch of 50 is then sent to the remote machine. ## See also |
enterprise | Capacity Planning And Load Testing Sharepoint Online | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/capacity-planning-and-load-testing-sharepoint-online.md | search.appverid: - SPO160 - MET150 ms.assetid: c932bd9b-fb9a-47ab-a330-6979d03688c0-description: "This article describes how you can deploy to SharePoint Online without performing traditional load testing since it is not permitted." +description: "This article describes how you can deploy to SharePoint Online without performing traditional load testing since it isn't permitted." # Capacity planning and load testing SharePoint Online-This article describes how you can deploy to SharePoint Online without traditional load testing, since load-testing is not permitted on SharePoint Online. SharePoint Online is a cloud service and the load capabilities, health, and overall balance of load in the service is managed by Microsoft. +This article describes how you can deploy to SharePoint Online without traditional load testing, since load-testing isn't permitted on SharePoint Online. SharePoint Online is a cloud service and Microsoft manages the load capabilities, health, and overall balance of load in the service. The best approach to ensuring the success of launching your site is to follow basic principles, practices, and recommendations that are highlighted in the [plan your portal launch roll-out](planportallaunchroll-out.md). ## Overview of how SharePoint Online performs Capacity planning -One of the main benefits of SharePoint Online over an on-premises deployment is the elasticity of the cloud and optimizations for users in distributed regions. Our large-scale environment is set up to service millions of users on a daily basis, so it is important that we handle capacity effectively by balancing and expanding farms. +One of the main benefits of SharePoint Online over an on-premises deployment is the elasticity of the cloud and optimizations for users in distributed regions. Our large-scale environment is set up to service millions of users on a daily basis. So it's important that we handle capacity effectively by balancing and expanding farms. While the growth is often unpredictable for any one tenant in any one farm, the aggregated sum of requests is predictable over time. By identifying the growth trends in SharePoint Online, we can plan for future expansion. -In order to efficiently use capacity and deal with unexpected growth, in any farm, we have automation that tracks and monitors various elements of the service. Multiple metrics are utilized, with one of the main ones being CPU load, which is used as a signal to scale-up front-end servers. Additionally to this we recommend a [phased / wave approach](planportallaunchroll-out.md), as SQL environments will scale according to load and growth over time, and following the phases and waves allows for the correct distribution of that load and growth. +In order to efficiently use capacity and deal with unexpected growth, in any farm, we have automation that tracks and monitors various elements of the service. Multiple metrics are utilized, with one of the main ones being CPU load, which is used as a signal to scale-up front-end servers. Additionally, we recommend a [phased / wave approach](planportallaunchroll-out.md), as SQL environments will scale according to load and growth over time. Following the phases and waves allows for the correct distribution of that load and growth. -Capacity is more than just about adding more hardware on a continuous basis but it also pertains to managing and controlling that capacity to ensure it is servicing valid load requests. We recommend that customers follow the recommended guidance to ensure they have the best experience. It also means that we have throttling patterns and controls in place to ensure we do not allow "abusive" behavior in the service. Whilst not all "bad" behavior is intentional, we do have to ensure that we limit the effect of that behavior. For further information on throttling and how to avoid it, review the [how to avoid being throttled guidance](/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online) article. +Capacity is more than just about adding more hardware on a continuous basis but it also pertains to managing and controlling that capacity to ensure it's servicing valid load requests. We recommend that customers follow the recommended guidance to ensure they have the best experience. It also means that we have throttling patterns and controls in place to ensure we don't allow "abusive" behavior in the service. While not all "bad" behavior is intentional, we do have to ensure that we limit the effect of that behavior. For further information on throttling and how to avoid it, review the [how to avoid being throttled guidance](/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online) article. ## Why you cannot load test SharePoint Online With on-premises environments, load testing is used to validate scale assumption and ultimately find the breaking point of a farm; by saturating it with load. -With SharePoint Online, we need to do things differently because the scale is relatively fluid and adjusts, throttles, and controls load, based on certain heuristics. Being such a large-scale multi-tenant environment, we must protect all tenants in the same farm, so we will automatically throttle any load tests. -If you do however attempt to load test, besides being throttled, you will receive disappointing and potentially misleading results because the farm you tested today will probably have had scale changes during the testing window or within hours after testing, as scale and farm balancing actions are performed on an on-going basis. +With SharePoint Online, we need to do things differently because the scale is relatively fluid and adjusts, throttles, and controls load, based on certain heuristics. Being such a large-scale multi-tenant environment, we must protect all tenants in the same farm, so we automatically throttle any load tests. +If you do however attempt to load test, besides being throttled, you could receive disappointing and potentially misleading results. The reason it could happen is because the farm you tested today could have scale changes during the testing window or within hours after testing, as scale and farm balancing actions are performed on an on-going basis. Instead of trying to load test SharePoint as a service, rather focus on following the recommended practices and follow the [Creating, launching, and maintaining a healthy portal](/sharepoint/portal-health) guidance. |
enterprise | Configure Skype For Business For Hybrid Modern Authentication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-skype-for-business-for-hybrid-modern-authentication.md | -Modern Authentication, is a method of identity management that offers more secure user authentication and authorization, is available for Skype for Business server on-premises and Exchange server on-premises, and split-domain Skype for Business hybrids. +Modern Authentication is a method of identity management that offers more secure user authentication and authorization, is available for Skype for Business server on-premises and Exchange server on-premises, and split-domain Skype for Business hybrids. > [!IMPORTANT] > Would you like to know more about Modern Authentication (MA) and why you might prefer to use it in your company or organization? Check [this document](hybrid-modern-auth-overview.md) for an overview. If you need to know what Skype for Business topologies are supported with MA, that's documented here! This summary breaks down the process into steps that might otherwise get lost du 1. Since many **prerequisites** are common for both Skype for Business and Exchange, [see the overview article for your pre-req checklist](hybrid-modern-auth-overview.md). Do this *before* you begin any of the steps in this article. -1. Collect the HMA-specific info you'll need in a file, or OneNote. +1. Collect the HMA-specific info you need in a file, or OneNote. 1. Turn ON Modern Authentication for EXO (if it isn't already turned on). This summary breaks down the process into steps that might otherwise get lost du 1. Turn ON Hybrid Modern Authentication for Skype for Business on-premises. -These steps turn on MA for SFB, SFBO, EXCH, and EXO - that is, all the products that can participate in an HMA configuration of SFB and SFBO (including dependencies on EXCH/EXO). In other words, if your users are homed in/have mailboxes created in any part of the Hybrid (EXO + SFBO, EXO + SFB, EXCH + SFBO, or EXCH + SFB), your finished product will look like this: +These steps turn on MA for SFB, SFBO, EXCH, and EXO - that is, all the products that can participate in an HMA configuration of SFB and SFBO (including dependencies on EXCH/EXO). In other words, if your users are homed in/have mailboxes created in any part of the Hybrid (EXO + SFBO, EXO + SFB, EXCH + SFBO, or EXCH + SFB), your finished product looks like this: ![A Mixed 6 Skype for business HMA topology has MA on in all four possible locations.](../media/ab89cdf2-160b-49ac-9b71-0160800acfc8.png) -As you can see there are four different places to turn on MA! For the best user experience, we recommend you turn on MA in all four of these locations. If you can't turn MA on in all these locations, adjust the steps so that you turn on MA only in the locations that are necessary for your environment. +As you can see, there are four different places to turn on MA! For the best user experience, we recommend you turn on MA in all four of these locations. If you can't turn MA on in all these locations, adjust the steps so that you turn on MA only in the locations that are necessary for your environment. See the [Supportability topic for Skype for Business with MA](/skypeforbusiness/plan-your-deployment/modern-authentication/topologies-supported) for supported topologies. See the [Supportability topic for Skype for Business with MA](/skypeforbusiness/ ## Collect all HMA-specific info you'll need -After you've double-checked that you meet the [prerequisites](hybrid-modern-auth-overview.md) to use Modern Authentication (see the note above), you should create a file to hold the info you'll need for configuring HMA in the steps ahead. Examples used in this article: +After you've checked that you meet the [prerequisites](hybrid-modern-auth-overview.md) to use Modern Authentication (see the previous note), you should create a file to hold the info you'll need for configuring HMA in the steps ahead. Examples used in this article: - **SIP/SMTP domain** After you've double-checked that you meet the [prerequisites](hybrid-modern-auth - **SFB 2015 CU5 Web Service URLs** -You'll need internal and external web service URLs for all SfB 2015 pools deployed. To obtain these, run the following from Skype for Business Management Shell: +You need internal and external web service URLs for all SfB 2015 pools deployed. To obtain these, run the following command from Skype for Business Management Shell: ```powershell Get-CsService -WebServer | Select-Object PoolFqdn, InternalFqdn, ExternalFqdn | FL Get-CsService -WebServer | Select-Object PoolFqdn, InternalFqdn, ExternalFqdn | - Ex. External: https://lyncwebext01.contoso.com -If you're using a Standard Edition server, the internal URL will be blank. In this case, use the pool fqdn for the internal URL. +If you're using a Standard Edition server, the internal URL would be blank. In this case, use the pool fqdn for the internal URL. ## Turn on Modern Authentication for EXO Follow the instructions here: [How to configure Exchange Server on-premises to u ### Add on-premises web service URLs as SPNs in Microsoft Entra ID -Now you'll need to run commands to add the URLs (collected earlier) as Service Principals in SFBO. +Now you need to run commands to add the URLs (collected earlier) as Service Principals in SFBO. > [!NOTE] > Service principal names (SPNs) identify web services and associate them with a security principal (such as an account name or group) so that the service can act on the behalf of an authorized user. Clients authenticating to a server make use of information that's contained in SPNs. Now you'll need to run commands to add the URLs (collected earlier) as Service P 2. Run this command, on-premises, to get a list of SFB web service URLs. - Note that the AppPrincipalId begins with `00000004`. This corresponds to Skype for Business Online. + The AppPrincipalId begins with `00000004`. This corresponds to Skype for Business Online. - Take note of (and screenshot for later comparison) the output of this command, which will include an SE and WS URL, but mostly consist of SPNs that begin with `00000004-0000-0ff1-ce00-000000000000/`. + Take note of (and screenshot for later comparison) the output of this command, which includes an SE and WS URL, but mostly consist of SPNs that begin with `00000004-0000-0ff1-ce00-000000000000/`. ```powershell Get-MsolServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 | Select -ExpandProperty ServicePrincipalNames ``` -3. If the internal **or** external SFB URLs from on-premises are missing (for example, https://lyncwebint01.contoso.com and https://lyncwebext01.contoso.com) we will need to add those specific records to this list. +3. If the internal **or** external SFB URLs from on-premises are missing (for example, https://lyncwebint01.contoso.com and https://lyncwebext01.contoso.com) we'll need to add those specific records to this list. - Be sure to replace *the example URLs* below with your actual URLs in the Add commands! + Be sure to replace *the example URLs* with your actual URLs in the Add commands! ```powershell $x= Get-MsolServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 Now you'll need to run commands to add the URLs (collected earlier) as Service P Set-MSOLServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 -ServicePrincipalNames $x.ServicePrincipalNames ``` -4. Verify your new records were added by running the **Get-MsolServicePrincipal** command from step 2 again, and looking through the output. Compare the list or screenshot from before to the new list of SPNs. You might also screenshot the new list for your records. If you were successful, you'll see the two new URLs in the list. Going by our example, the list of SPNs will now include the specific URLs https://lyncwebint01.contoso.com and https://lyncwebext01.contoso.com/. +4. Verify your new records were added by running the **Get-MsolServicePrincipal** command from step 2 again, and looking through the output. Compare the list or screenshot from before to the new list of SPNs. You can also screenshot the new list for your records. If you were successful, you can view the two new URLs in the list. Going by our example, the list of SPNs will now include the specific URLs https://lyncwebint01.contoso.com and https://lyncwebext01.contoso.com/. ### Create the EvoSTS Auth Server Object Set-CsOAuthConfiguration -ClientAuthorizationOAuthServerIdentity evoSTS ## Verify -Once you enable HMA, a client's next login will use the new auth flow. Note that just turning on HMA won't trigger a reauthentication for any client. The clients reauthenticate based on the lifetime of the auth tokens and/or certs they have. +Once you enable HMA, a client's next login will use the new auth flow. Just turning on HMA wouldn't trigger a reauthentication for any client. The clients reauthenticate based on the lifetime of the auth tokens and/or certs they have. -To test that HMA is working after you've enabled it, sign out of a test SFB Windows client and be sure to click 'delete my credentials'. Sign in again. The client should now use the Modern Auth flow and your login will now include an **Office 365** prompt for a 'Work or school' account, seen right before the client contacts the server and logs you in. +To test that HMA is working after you've enabled it, sign out of a test SFB Windows client and be sure to select 'delete my credentials'. Sign in again. The client should now use the Modern Auth flow and your login will now include an **Office 365** prompt for a 'Work or school' account, seen right before the client contacts the server and logs you in. -You should also check the 'Configuration Information' for Skype for Business Clients for an 'OAuth Authority'. To do this on your client computer, hold down the CTRL key at the same time you right-click the Skype for Business Icon in the Windows Notification tray. Click **Configuration Information** in the menu that appears. In the 'Skype for Business Configuration Information' window that will appear on the desktop, look for the following: +You should also check the 'Configuration Information' for Skype for Business Clients for an 'OAuth Authority'. To do this on your client computer, hold down the CTRL key at the same time you right-click the Skype for Business Icon in the Windows Notification tray. Select **Configuration Information** in the menu that appears. In the 'Skype for Business Configuration Information' window that appears on the desktop, look for the following: :::image type="content" alt-text="The Configuration information of a Skype for Business Client using Modern Authentication shows a Lync and EWS OAUTH Authority URL of https://login.windows.net/common/oauth2/authorize." source="../media/4e54edf5-c8f8-4e7f-b032-5d413b0232de.png"::: -You should also hold down the CTRL key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and click 'Connection Status'. Look for the client's SMTP address against an AuthN type of 'Bearer\*', which represents the bearer token used in OAuth. +You should also hold down the CTRL key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and select 'Connection Status'. Look for the client's SMTP address against an AuthN type of 'Bearer\*', which represents the bearer token used in OAuth. ## Related articles |
enterprise | Create Sharepoint Sites And Add Users With Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/create-sharepoint-sites-and-add-users-with-powershell.md | description: "Summary: Use PowerShell to create new SharePoint Online sites and *This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.* -When you use PowerShell for Microsoft 365 to create SharePoint Online sites and add users, you can quickly and repeatedly perform tasks much faster than you can in the Microsoft 365 admin center. You can also perform tasks that are not possible to perform in the Microsoft 365 admin center. +When you use PowerShell for Microsoft 365 to create SharePoint Online sites and add users, you can quickly and repeatedly perform tasks faster than you can in the Microsoft 365 admin center. You can also perform tasks that aren't possible to perform in the Microsoft 365 admin center. ## Connect to SharePoint Online -The procedures in this topic require you to connect to SharePoint Online. For instructions, see [Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online) +The procedures in this article require you to connect to SharePoint Online. For instructions, see [Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online). ## Step 1: Create new site collections using PowerShell -Create multiple sites using PowerShell and a .csv file that you create using the example code provided and Notepad. For this procedure, youΓÇÖll be replacing the placeholder information shown in brackets with your own site- and tenant-specific information. This process lets you create a single file and run a single PowerShell command that uses that file. This makes the actions taken both repeatable and portable and eliminates many, if not all, errors that can come from typing long commands into the SharePoint Online Management Shell. There are two parts to this procedure. First youΓÇÖll create a .csv file, and then youΓÇÖll reference that .csv file using PowerShell, which will use its contents to create the sites. +Create multiple sites using PowerShell and a .csv file that you create using the example code provided and Notepad. For the procedure, you're replacing the placeholder information shown in brackets with your own site- and tenant-specific information. This process lets you create a single file and run a single PowerShell command that uses that file. This process makes the actions both repeatable and portable and eliminates many, if not all, errors that can come from typing long commands into the SharePoint Online Management Shell. There are two parts to this procedure. First you create a .csv file, and then you reference that .csv file using PowerShell, which uses its contents to create the sites. -The PowerShell cmdlet imports the .csv file and pipes it to a loop inside the curly brackets that reads the first line of the file as column headers. The PowerShell cmdlet then iterates through the remaining records, creates a new site collection for each record, and assigns properties of the site collection according to the column headers. +The PowerShell cmdlet imports the .csv file and pipes it to a loop inside the curly brackets that reads the opening line of the file as column headers. The PowerShell cmdlet then iterates through the remaining records, creates a new site collection for each record, and assigns properties of the site collection according to the column headers. ### Create a .csv file The PowerShell cmdlet imports the .csv file and pipes it to a loop inside the cu Import-Csv C:\users\MyAlias\desktop\SiteCollections.csv | ForEach-Object {New-SPOSite -Owner $_.Owner -StorageQuota $_.StorageQuota -Url $_.Url -NoWait -ResourceQuota $_.ResourceQuota -Template $_.Template -TimeZoneID $_.TimeZoneID -Title $_.Name} ``` - Where *MyAlias* equals your user alias. + Where *MyAlias* equals your user alias 2. Wait for the Windows PowerShell prompt to reappear. It might take a minute or two. The PowerShell cmdlet imports the .csv file and pipes it to a loop inside the cu 4. Note the new site collections in the list. Using our example CSV file, you would see the following site collections: **TeamSite01**, **Blog01**, **Project01**, and **Community01** -ThatΓÇÖs it. YouΓÇÖve created multiple site collections using the .csv file you created and a single Windows PowerShell command. YouΓÇÖre now ready to create and assign users to these sites. +ThatΓÇÖs it. You created multiple site collections using the .csv file you created and a single Windows PowerShell command. YouΓÇÖre now ready to create and assign users to these sites. ## Step 2: Add users and groups -Now youΓÇÖre going to create users and add them to a site collection group. You will then use a .csv file to bulk upload new groups and users. +Now youΓÇÖre going to create users and add them to a site collection group. You then use a .csv file to bulk upload new groups and users. The following procedures continue using the example sites TeamSite01, Blog01, Project01, and Community01. The following procedures continue using the example sites TeamSite01, Blog01, Pr https://tenant.sharepoint.com/sites/Project01,Project Alpha Approvers,Full Control ``` - Where *tenant* equals your tenant name. + Where *tenant* equals your tenant name 2. Save the file to your desktop as **GroupsAndPermissions.csv**. The following procedures continue using the example sites TeamSite01, Blog01, Pr Where MyAlias equals the user name of the user that is currently logged on. -6. Save the file to your desktop as **UsersAndGroups.ps1**. This is a simple Windows PowerShell script. +6. Save the file to your desktop as **UsersAndGroups.ps1**, which is a simple Windows PowerShell script. YouΓÇÖre now ready to run the UsersAndGroup.ps1 script to add users and groups to multiple site collections. YouΓÇÖre now ready to run the UsersAndGroup.ps1 script to add users and groups t c:\users\MyAlias\desktop\UsersAndGroups.ps1 ``` - Where *MyAlias* equals your user name. + Where *MyAlias* equals your user name -5. Wait for the prompt to return before moving on. You will first see the groups appear as they are created. Then you will see the group list repeated as users are added. +5. Wait for the prompt to return before moving on. You initially see the groups appear as they're created. Then the group list is repeated as users are added. ## See also |
enterprise | Cross Tenant Identity Mapping | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-identity-mapping.md | Cross-Tenant Identity Mapping removes the need to export large data sets from a With Cross-Tenant Identity Mapping, data remains within the Microsoft security boundary and is securely copied directly from the source organization to the target organization using specially configured **Organization Relationships** serving as a unidirectional trust. -Using Cross-Tenant Identity Mapping will reduce mistakes when configuring target objects for a migration by automatically configuring values such as _ExchangeGuid_, _ArchiveGuid_, and all necessary _X500 proxy addresses_. +Using Cross-Tenant Identity Mapping reduces mistakes when configuring target objects for a migration by automatically configuring values such as _ExchangeGuid_, _ArchiveGuid_, and all necessary _X500 proxy addresses_. Some additional benefits of using Cross-Tenant Identity Mapping: We would like to provide information commonly asked so you may evaluate if you w - Data processing (storage, compute, transfer, etc.) is currently within the European Union, and within the Exchange Online home region of the organizations participating in the migration. - For Multi-Geo enabled organizations, the organization's home geo for Exchange Online will be used. - This feature can currently only be enabled in the worldwide Microsoft 365 offering. It doesn't work in GCC, GCC High, DoD, Office 365 by 21 Vianet, etc.-- Cross-Tenant Identity Mapping does **not** create the Mail Enabled User objects in the target tenant for you. These objects must still be created with a minimal attribute set. Once created, then Cross-Tenant Identity Mapping will decorate their attributes correctly for a mailbox migration to proceed.+- Cross-Tenant Identity Mapping does **not** create the Mail Enabled User objects in the target tenant for you. These objects must still be created with a minimal attribute set. Once created, then Cross-Tenant Identity Mapping decorates their attributes correctly for a mailbox migration to proceed. - Some familiarity with PowerShell is currently required as the feature is PowerShell-based - The feature communicates over an encrypted connection to a REST endpoint. - The feature currently requires the Global Administrator role for initial setup. This behavior may change in a future update. - Organizational Relationships are used as a dual handshake approach to ensure both organizations have authorized this transaction type to take place. - It works with cloud-only or hybrid organizations.-- Target organizations in a hybrid configuration will require Microsoft supported on-premises object management tools to modify any Mail Enabled User objects synchronized from the on-premises directory.+- Target organizations in a hybrid configuration require Microsoft supported on-premises object management tools to modify any Mail Enabled User objects synchronized from the on-premises directory. ## What does participating in the private preview entail? |
enterprise | Cross Tenant Onedrive Migration Step3 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-onedrive-migration-step3.md | description: "Step 3 of the OneDrive Cross-tenant migration feature" # Step 3: Verifying trust -This article details Step 3 in a solution designed to complete a Cross-tenant OneDrive migration. To learn more, see [Cross-tenant OneDrive migration overview](cross-tenant-onedrive-migration.md). +This step is Step 3 in a solution designed to complete a Cross-tenant OneDrive migration. To learn more, see [Cross-tenant OneDrive migration overview](cross-tenant-onedrive-migration.md). - Step 1: [Connect to the source and the target tenants](cross-tenant-onedrive-migration-step1.md) - Step 2: [Establish trust between the source and the target tenant](cross-tenant-onedrive-migration-step2.md) When verifying trust, possible values |Value|Description| |:--|:--|-|NotEstablished|Trust hasn't been requested locally.| +|NotEstablished|Trust wasn't requested locally.| |NotEstablishedByPartner|Partner hasn't requested the Trust.| |DormantByPartner|PartnerΓÇÖs requested trust is within the seven days waiting period after creation.| |CouldNotContactPartner|Couldn't contact the partner to determine status.| |
enterprise | Delay Loading Images And Javascript In Sharepoint Online | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/delay-loading-images-and-javascript-in-sharepoint-online.md | search.appverid: - SPO160 - MET150 ms.assetid: 74d327e5-755f-4135-b9a5-7b79578c1bf9-description: Learn how to decrease the load time for SharePoint Online pages by using JavaScript to delay loading images and non-essential JavaScript. +description: Learn how to decrease the load time for SharePoint Online pages by using JavaScript to delay loading images and nonessential JavaScript. # Delay loading images and JavaScript in SharePoint Online -This article describes how you can decrease the load time for SharePoint Online pages by using JavaScript to delay loading images and also by waiting to load non-essential JavaScript until after the page loads. +The article describes how you can decrease the load time for SharePoint Online pages by using JavaScript to delay loading images and also by waiting to load nonessential JavaScript until after the page loads. -Images can negatively affect page load speeds on SharePoint Online. By default, most modern Internet browsers pre-fetch images when loading an HTML page. This can cause the page to be unnecessarily slow to load if the images aren't visible on the screen until the user scrolls down. The images can block the browser from loading the visible part of the page. To work around this problem, you can use JavaScript to skip loading the images first. Also, loading non-essential JavaScript can slow download times on your SharePoint pages too. This topic describes some methods you can use to improve page load times with JavaScript in SharePoint Online. +Images can negatively affect page load speeds on SharePoint Online. By default, most modern Internet browsers prefetch images when loading an HTML page. This process can cause the page to be slow to load if the images aren't visible on the screen until the user scrolls down. The images can block the browser from loading the visible part of the page. To work around this problem, you can use JavaScript to skip loading the images first. Also, loading nonessential JavaScript can slow download times on your SharePoint pages too. This article describes some methods you can use to improve page load times with JavaScript in SharePoint Online. ## Improve page load times by delaying image loading in SharePoint Online pages by using JavaScript -You can use JavaScript to prevent a web browser from pre-fetching images. This speeds up overall document rendering. To do this you remove the value of the src attribute from the \<img\> tag and replace it with the path to a file in a data attribute such as: data-src. For example: +You can use JavaScript to prevent a web browser from prefetching images. This technique speeds up overall document rendering. To do it, you remove the value of the src attribute from the \<img\> tag and replace it with the path to a file in a data attribute such as: data-src. For example: ```html <img src="" data-src="/sites/NavigationBySearch/_catalogs/masterpage/media/microsoft-white-8.jpg" /> ``` -By using this method, the browser doesn't download the images immediately. If the image is already in the viewport, JavaScript tells the browser to retrieve the URL from the data attribute and insert it as the value for the src attribute. The image only loads as the user scrolls and it comes into view. +In this method, the browser doesn't download the images immediately. If the image is already in the viewport, JavaScript tells the browser to retrieve the URL from the data attribute and insert it as the value for the src attribute. The image only loads as the user scrolls and it comes into view. -To make all of this happen, you'll need to use JavaScript. +To perform this function, you need to use JavaScript. In a text file, define the **isElementInViewport()** function to check whether or not an element is in the part of the browser that is visible to the user. function isElementInViewport(el) { } ``` -Next, use **isElementInViewport()** in the **loadItemsInView()** function. The **loadItemsInView()** function will load all images that have a value for the data-src attribute if they are in the part of the browser that is visible to the user. Add the following function to the text file: +Next, use **isElementInViewport()** in the **loadItemsInView()** function. The **loadItemsInView()** function loads all images that have a value for the data-src attribute if they are in the part of the browser that is visible to the user. Add the following function to the text file: ```javascript function loadItemsInView() { function loadItemsInView() { } ``` -Finally, call **loadItemsInView()** from within **window.onscroll()** as shown in the following example. This ensures that any images that are in the viewport are loaded as the user needs them, but not before. Add the following to the text file: +Finally, call **loadItemsInView()** from within **window.onscroll()** as shown in the following example. This function ensures that any images that are in the viewport are loaded as the user needs them, but not before. Add the following to the text file: ```javascript //Example of calling loadItemsInView() from within window.onscroll() $(window).on("scroll", function () { ``` -For SharePoint Online, you need to attach the following function to the scroll event on the #s4-workspace \<div\> tag. This is because the window events are overridden in order to ensure the ribbon remains attached to the top of the page. +For SharePoint Online, you need to attach the following function to the scroll event on the #s4-workspace \<div\> tag because the window events are overridden in order to ensure the ribbon remains attached to the top of the page. ```javascript //Keep the ribbon at the top of the page $('#s4-workspace').on("scroll", function () { Save the text file as a JavaScript file with the extension .js, for example delayLoadImages.js. -Once you've finished writing delayLoadImages.js, you can add the contents of the file to a master page in SharePoint Online. You do this by adding a script link to the header in the master page. Once it's in a master page, the JavaScript will be applied to all pages in your SharePoint Online site that use that master page layout. Alternatively, if you intend to only use this on one page of your site, use the script editor Web Part to embed the JavaScript into the page. See these topics for more information: +Once you finish writing delayLoadImages.js, you can add the contents of the file to a master page in SharePoint Online by adding a script link to the header in the master page. Once it's in a master page, the JavaScript is applied to all pages in your SharePoint Online site that use that master page layout. Alternatively, if you intend to only use the functionality on one page of your site, use the script editor Web Part to embed the JavaScript into the page. For more information, see: - [How to: Apply a master page to a site in SharePoint 2013](/sharepoint/dev/general-development/how-to-apply-a-master-page-to-a-site-in-sharepoint) Once you've finished writing delayLoadImages.js, you can add the contents of the ### Example: Referencing the JavaScript delayLoadImages.js file from a master page in SharePoint Online -In order for this to work, you also need to reference jQuery in the master page. In the following example, you can see in the initial page load that there's only one image loaded but there are several more on the page. +For this example to work, you also need to reference jQuery in the master page. In the following example, you can see in the initial page load that there's only one image loaded but there are several more on the page. ![Screenshot showing one image loaded on page.](../media/3d177ddb-67e5-43a7-b327-c9f9566ca937.png) The following screenshot shows the rest of the images that are downloaded after ![Screenshot showing several images loaded on page.](../media/95eb2b14-f6a1-4eac-a5cb-96097e49514c.png) -Delaying image loading by using JavaScript can be an effective technique in increasing performance; however, if the technique is applied on a public website then search engines are not able to crawl the images in the same way they would crawl a regularly formed image. This can affect rankings on search engines because metadata on the image itself isn't really there until the page loads. Search engine crawlers only read the HTML and therefore won't see the images as content on the page. Images are one of the factors used to rank pages in search results. One way to work around this is to use introductory text for your images. +Delaying image loading by using JavaScript can be an effective technique in increasing performance; however, if the technique is applied on a public website then search engines aren't able to crawl the images in the same way they would crawl a regularly formed image. This technique can affect rankings on search engines because metadata on the image itself isn't there until the page loads. Search engine crawlers only read the HTML and therefore can't see the images as content on the page. Images are one of the factors used to rank pages in search results. A work-around is to use introductory text for your images. ## GitHub code sample: Injecting JavaScript to improve performance |
enterprise | Desktop Deployment Center Home | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/desktop-deployment-center-home.md | f1.keywords: Previously updated : 06/30/2023 Last updated : 04/09/2024 audience: ITPro ms.localizationpriority: medium - scotvorg - M365-subscription-management+- must-keep description: How to get to the resources equivalent to the deprecated Desktop Deployment Center. # Desktop Deployment Center (deprecated) -The body of content that comprised the Desktop Deployment Center has been deprecated. +The body of content that comprised the Desktop Deployment Center has been deprecated. Use these resources to deploy modern desktops: You can also find help for your desktop deployment from Microsoft partners and [ ## Windows and Office Deployment Lab Kit -This kit helps you plan, test, and validate your deployment and management of desktops running Windows 10 Enterprise and Microsoft 365 Apps for enterprise. The labs cover using Microsoft Endpoint Configuration Manager, Desktop Analytics, Office Customization Tool, OneDrive, Windows Autopilot and more. +This kit helps you plan, test, and validate your deployment and management of desktops running Windows 10 and 11 Enterprise and Microsoft 365 Apps for enterprise. The labs cover using Microsoft Endpoint Configuration Manager, Desktop Analytics, Office Customization Tool, OneDrive, Windows Autopilot and more. -See [Windows and Office Deployment Lab Kit](modern-desktop-deployment-and-management-lab.md) for the details. +See [Windows and Office Deployment Lab Kit](modern-desktop-deployment-and-management-lab.md) for details. |
enterprise | Dns Records For Office 365 Dod | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/dns-records-for-office-365-dod.md | hideEdit: true As part of onboarding to Office 365 DoD, you need to add your SMTP and SIP domains to your Online Services tenant. You do this using the New-MsolDomain cmdlet in Azure AD PowerShell or use the [Azure Government Portal](https://portal.azure.us) to start the process of adding the domain and proving ownership. +Once you have your domains added to your tenant and validated, use the following guidance to add the appropriate DNS records for the services. You might need to modify the below table to fit your organizationΓÇÖs needs with respect to the inbound MX record(s) and any existing Exchange Autodiscover records you have in place. We strongly recommend coordinating these DNS records with your messaging team to avoid any outages or mis-delivery of email. [!INCLUDE [Azure AD PowerShell deprecation note](~/../microsoft-365/reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)] -Once you have your domains added to your tenant and validated, use the following guidance to add the appropriate DNS records for the services below. You may need to modify the below table to fit your organizationΓÇÖs needs with respect to one or more inbound MX records and any existing Exchange Autodiscover records you have in place. We strongly recommend coordinating these DNS records with your messaging team to avoid any outages or mis-delivery of email. - ## Exchange Online | Type | Priority | Host name | Points to address or value | TTL | If you have Exchange Server on-premises, we recommend leaving your existing reco ### Exchange Online MX Record -The MX record value for your accepted domains follows a standard format as noted above: *tenant*.mail.protection.office365.us, replacing *tenant* with the first part of your default tenant name. +The MX record value for your accepted domains follows a standard format as noted previously: *tenant*.mail.protection.office365.us, replacing *tenant* with the first part of your default tenant name. For example, if your tenant name is contoso.onmicrosoft.us, youΓÇÖd use **contoso.mail.protection.office365.us** as the value for your MX record. |
enterprise | Dns Records For Office 365 Gcc High | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/dns-records-for-office-365-gcc-high.md | Title: "DNS records for Office 365 GCC High" + Title: "Domain Name System (DNS) records for Office 365 Government Community Cloud (GCC) High" hideEdit: true *This article applies to Office 365 GCC High and Microsoft 365 GCC High* -As part of onboarding to Office 365 GCC High, you need to add your SMTP and SIP domains to your Online Services tenant. You do this using the New-MsolDomain cmdlet in Azure AD PowerShell or using the [Azure Government Portal](https://portal.azure.us) to start the process of adding the domain and proving ownership. +As part of onboarding to Office 365 GCC High, you need to add your Simple Mail Transfer Protocol (SMTP) and SIP domains to your Online Services tenant. You do this using the New-MsolDomain cmdlet in Azure AD PowerShell or use the [Azure Government Portal](https://portal.azure.us) to start the process of adding the domain and proving ownership. +Once you have your domains added to your tenant and validated, use the following guidance to add the appropriate DNS records for the following services. You might need to modify the below table to fit your organizationΓÇÖs needs with respect to the inbound MX record(s) and any existing Exchange Autodiscover records you have in place. We strongly recommend coordinating these DNS records with your messaging team to avoid any outages or mis-delivery of email. [!INCLUDE [Azure AD PowerShell deprecation note](~/../microsoft-365/reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)] -Once you have your domains added to your tenant and validated, use the following guidance to add the appropriate DNS records for the services below. You may need to modify the below table to fit your organizationΓÇÖs needs with respect to one or more inbound MX records and any existing Exchange Autodiscover records you have in place. We strongly recommend coordinating these DNS records with your messaging team to avoid any outages or mis-delivery of email. - ## Exchange Online | Type | Priority | Host name | Points to address or value | TTL | If you have Exchange Server on-premises, we recommend leaving your existing reco ### Exchange Online MX Record -The MX record value for your accepted domains follows a standard format as noted above: *tenant*.mail.protection.office365.us, replacing *tenant* with the first part of your default tenant name. +The MX record value for your accepted domains follows a standard format as noted previously: *tenant*.mail.protection.office365.us, replacing *tenant* with the first part of your default tenant name. For example, if your tenant name is contoso.onmicrosoft.us, youΓÇÖd use **contoso.mail.protection.office365.us** as the value for your MX record. |
enterprise | High Availability Federated Authentication Phase 5 Configure Federated Authentic | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/high-availability-federated-authentication-phase-5-configure-federated-authentic.md | Title: "High availability federated authentication Phase 5 Configure federated a Previously updated : 11/25/2019 Last updated : 04/10/2024 audience: ITPro ms.localizationpriority: medium - scotvorg - Ent_O365+- must-keep f1.keywords: - CSH Get a digital certificate from a public certification authority with the followi - The certificate must have the private key and be stored in PFX format. -Additionally, your organization computers and devices must trust the public certification authority that is issuing the digital certificate. This trust is established by having a root certificate from the public certification authority installed in the trusted root certification authorities store on your computers and devices. Computers running Microsoft Windows typically have a set of these types of certificates installed from commonly-used certification authorities. If the root certificate from your public certification authority is not already installed, you must deploy this to the computers and devices of your organization. +Additionally, your organization computers and devices must trust the public certification authority that is issuing the digital certificate. This trust is established by having a root certificate from the public certification authority installed in the trusted root certification authorities store on your computers and devices. Computers running Microsoft Windows typically have a set of these types of certificates installed from commonly used certification authorities. If the root certificate from your public certification authority isn't already installed, you must deploy this to the computers and devices of your organization. For more information about certificate requirements for federated authentication, see [Prerequisites for federation installation and configuration](/azure/active-directory/connect/active-directory-aadconnect-prerequisites#prerequisites-for-federation-installation-and-configuration). When you receive the certificate, copy it to a folder on the C: drive of the dir ## Verify your configuration -You should now be ready to configure Microsoft Entra Connect and federated authentication for Microsoft 365. To ensure that you are, here is a checklist: +You should now be ready to configure Microsoft Entra Connect and federated authentication for Microsoft 365. To ensure that you are, here's a checklist: - Your organization's public domain is added to your Microsoft 365 subscription. You should now be ready to configure Microsoft Entra Connect and federated authe - The root certificate for the public certification authority is installed in the Trusted Root Certification Authorities store on your computers and devices. -Here is an example for the Contoso organization: +Here's an example for the Contoso organization: **An example configuration for a high availability federated authentication infrastructure in Azure** The Microsoft Entra Connect tool configures the AD FS servers, the web applicati 28. On the **Installation complete** page, click **Exit**. -Here is the final configuration, with placeholder names for the servers. +Here's the final configuration, with placeholder names for the servers. **Phase 5: The final configuration of a high availability federated authentication infrastructure in Azure** |
enterprise | Hybrid Modern Auth Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/hybrid-modern-auth-overview.md | -description: "In this article, you'll learn about Hybrid Modern Authentication and the prerequisites for use with on-premises Skype for Business and Exchange servers." +description: "In this article, you can learn about Hybrid Modern Authentication and the prerequisites for use with on-premises Skype for Business and Exchange servers." # Hybrid modern authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers _Modern Authentication_ is a method of identity management that offers more secu <a name="BKMK_WhatisModAuth"> </a> -Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server, as well as some security measures that rely on access policies that you may already be familiar with. It includes: +Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server, as well as some security measures that rely on access policies that you might already be familiar with. It includes: - **Authentication methods**: Multifactor authentication (MFA); smart card authentication; client certificate-based authentication - **Authorization methods**: Microsoft's implementation of Open Authorization (OAuth) Because Skype for Business works closely with Exchange, the sign in behavior Sky For more information about modern authentication in Office 365, see [Office 365 Client App Support - Multi-factor authentication](microsoft-365-client-support-multi-factor-authentication.md). > [!IMPORTANT]-> As of August of 2017, all new Office 365 tenants that include Skype for Business online and Exchange online will have modern authentication enabled by default. Pre-existing tenants won't have a change in their default MA state, but all new tenants automatically support the expanded set of identity features you see listed above. To check your MA status, see the [Check the modern authentication status of your on-premises environment](hybrid-modern-auth-overview.md#BKMK_CheckStatus) section. +> As of August of 2017, all new Office 365 tenants that include Skype for Business online and Exchange online will have modern authentication enabled by default. Pre-existing tenants won't have a change in their default MA state, but all new tenants automatically support the expanded set of identity features you see listed previously. To check your MA status, see the [Check the modern authentication status of your on-premises environment](hybrid-modern-auth-overview.md#BKMK_CheckStatus) section. <a name="BKMK_WhatChanges"> </a> For more information about modern authentication in Office 365, see [Office 365 When using modern authentication with on-premises Skype for Business or Exchange server, you're still *authenticating* users on-premises, but the story of *authorizing* their access to resources (like files or emails) changes. This is why, though modern authentication is about client and server communication, the steps taken during configuring MA result in evoSTS (a Security Token Service used by Microsoft Entra ID) being set as Auth Server for Skype for Business and Exchange server on-premises. -The change to evoSTS allows your on-premises servers to take advantage of OAuth (token issuance) for authorizing your clients, and also lets your on-premises use security methods common in the cloud (like Multi-factor Authentication). Additionally, the evoSTS issues tokens that allow users to request access to resources without supplying their password as part of the request. No matter where your users are homed (of online or on-premises), and no matter which location hosts the needed resource, EvoSTS will become the core of authorizing users and clients once modern authentication is configured. +The change to evoSTS allows your on-premises servers to take advantage of OAuth (token issuance) for authorizing your clients, and also lets your on-premises use security methods common in the cloud (like Multi-factor Authentication). Additionally, the evoSTS issues tokens that allow users to request access to resources without supplying their password as part of the request. No matter where your users are homed (of online or on-premises), and no matter which location hosts the needed resource, EvoSTS would become the core of authorizing users and clients once modern authentication is configured. For example, if a Skype for Business client needs to access Exchange server to get calendar information on behalf of a user, it uses the Microsoft Authentication Library (MSAL) to do so. MSAL is a code library designed to make secured resources in your directory available to client applications using OAuth security tokens. MSAL works with OAuth to verify claims and to exchange tokens (rather than passwords), to grant a user access to a resource. In the past, the authority in a transaction like this one--the server that knows how to validate user claims and issue the needed tokens--might have been a Security Token Service on-premises, or even Active Directory Federation Services. However, modern authentication centralizes that authority by using Microsoft Entra ID. -This also means that even though your Exchange server and Skype for Business environments may be entirely on-premises, the authorizing server will be online, and your on-premises environment must have the ability to create and maintain a connection to your Office 365 subscription in the Cloud (and the Microsoft Entra instance that your subscription uses as its directory). +This also means that even though your Exchange server and Skype for Business environments might be entirely on-premises, the authorizing server is online, and your on-premises environment must have the ability to create and maintain a connection to your Office 365 subscription in the Cloud (and the Microsoft Entra instance that your subscription uses as its directory). What doesn't change? Whether you're in a split-domain hybrid or using Skype for Business and Exchange server on-premises, all users must first authenticate *on-premises*. In a hybrid implementation of modern authentication, _Lyncdiscovery_ and _Autodiscovery_ both point to your on-premises server. Verify and check these items off your list before you continue: - **Exchange Server on-premises in a hybrid Office 365 environment** - - If you are using Exchange Server 2013, at least one server must have the Mailbox and Client Access server roles installed. While it is possible to install the Mailbox and Client Access roles on separate servers, we strongly recommend that you install both roles on the same server to provide more reliability and improved performance. - - If you are using Exchange server 2016 or later version, at least one server must have the Mailbox server role installed. + - If you're using Exchange Server 2013, at least one server must have the Mailbox and Client Access server roles installed. While it's possible to install the Mailbox and Client Access roles on separate servers, we strongly recommend that you install both roles on the same server to provide more reliability and improved performance. + - If you're using Exchange server 2016 or later version, at least one server must have the Mailbox server role installed. - There's no Exchange server 2007 or 2010 in the Hybrid environment.- - All Exchange servers must have the latest cumulative updates installed, see [Upgrade Exchange to the latest Cumulative Updates](/exchange/plan-and-deploy/install-cumulative-updates) to find and manage all available updates. + - All Exchange servers must have the latest cumulative updates installed. See [Upgrade Exchange to the latest Cumulative Updates](/exchange/plan-and-deploy/install-cumulative-updates) to find and manage all available updates. - **Exchange client and protocol requirements** - The availability of modern authentication is determined by the combination of the client, protocol, and configuration. If modern authentication is not supported by the client, protocol, and/or configuration, then the client will continue to use legacy authentication. + The availability of modern authentication is determined by the combination of the client, protocol, and configuration. If modern authentication isn't supported by the client, protocol, and/or configuration, then the client continues to use legacy authentication. The following clients and protocols support modern authentication with on-premises Exchange when modern authentication is enabled in the environment: |**Clients**|**Primary Protocol**|**Notes**| |:--|:--|:--|- |Outlook 2013 and later <br/> |MAPI over HTTP <br/> |MAPI over HTTP must be enabled within Exchange in order to use modern authentication with these clients (enabled or True for new installs of Exchange 2013 Service Pack 1 and above); for more information, see [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md). <br/> Ensure you are running the minimum required build of Outlook; see [Latest updates for versions of Outlook that use Windows Installer (MSI)](/officeupdates/outlook-updates-msi). <br/> | + |Outlook 2013 and later <br/> |MAPI over HTTP <br/> |MAPI over HTTP must be enabled within Exchange in order to use modern authentication with these clients (enabled or True for new installs of Exchange 2013 Service Pack 1 and above); for more information, see [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md). <br/> Ensure you're running the minimum required build of Outlook; see [Latest updates for versions of Outlook that use Windows Installer (MSI)](/officeupdates/outlook-updates-msi). <br/> | |Outlook 2016 for Mac and later <br/> |Exchange Web Services <br/> | <br/> | |Outlook for iOS and Android <br/> | Microsoft sync technology <br/> |See [Using hybrid Modern Authentication with Outlook for iOS and Android](/Exchange/clients/outlook-for-ios-and-android/use-hybrid-modern-auth) for more information. <br/> | |Exchange ActiveSync clients (for example, iOS11 Mail) <br/> |Exchange ActiveSync <br/> |For Exchange ActiveSync clients that support modern authentication, you must recreate the profile in order to switch from basic authentication to modern authentication. <br/> | - Clients and/or protocols that are not listed (for example, POP3) do not support modern authentication with on-premises Exchange and continue to use legacy authentication mechanisms even after modern authentication is enabled in the environment. + Clients and/or protocols that aren't listed (for example, POP3) don't support modern authentication with on-premises Exchange and continue to use legacy authentication mechanisms even after modern authentication is enabled in the environment. - **General prerequisites**- - Resource forest scenarios will require a two-way trust with the account forest to ensure proper SID lookups are performed during hybrid modern authentication requests. + - Resource forest scenarios require a two-way trust with the account forest to ensure proper SID lookups are performed during hybrid modern authentication requests. - If you use AD FS, you should have Windows 2012 R2 AD FS 3.0 and above for federation. - Your identity configurations are any of the types supported by Microsoft Entra Connect, such as password hash sync, pass-through authentication, and on-premises STS supported by Office 365. - You have Microsoft Entra Connect configured and functioning for user replication and sync. Verify and check these items off your list before you continue: > [!NOTE] > Hybrid modern authentication is not supported with the [Hybrid Agent](/exchange/hybrid-deployment/hybrid-agent). - - Make sure both an on-premises test user, as well as a hybrid test user homed in Office 365, can sign in to the Skype for Business desktop client (if you want to use modern authentication with Skype) and Microsoft Outlook (if you want to use modern authentication with Exchange). - - Make sure the SignInOptions setting in Microsoft Office is not configured to its most restrictive setting. For more information, see [How to allow Office to connect to the internet](/office365/troubleshoot/access-management/office-feature-disabled). + - Make sure both an on-premises test user, and a hybrid test user homed in Office 365, can sign in to the Skype for Business desktop client (if you want to use modern authentication with Skype) and Microsoft Outlook (if you want to use modern authentication with Exchange). + - Make sure the SignInOptions setting in Microsoft Office isn't configured to its most restrictive setting. For more information, see [How to allow Office to connect to the internet](/office365/troubleshoot/access-management/office-feature-disabled). ## What else do I need to know before I begin? <a name="BKMK_Whatelse"> </a> -- All the scenarios for on-premises servers involve setting up modern authentication on-premises (in fact, for Skype for Business there is a list of supported topologies) so that the server responsible for authentication and authorization is in the Microsoft Cloud (Microsoft Entra ID's security token service, called 'evoSTS'), and updating Microsoft Entra ID about the URLs or namespaces used by your on-premises installation of either Skype for Business or Exchange. Therefore, on-premises servers take on a Microsoft Cloud dependency. Taking this action could be considered configuring 'hybrid auth'.-- This article links out to others that will help you choose supported modern authentication topologies (necessary only for Skype for Business), and how-to articles that outline the setup steps, or steps to disable modern authentication, for Exchange on-premises and Skype for Business on-premises. Favorite this page in your browser if you're going to need a home-base for using modern authentication in your server environment.+- All the scenarios for on-premises servers involve setting up modern authentication on-premises (in fact, for Skype for Business there's a list of supported topologies) so that the server responsible for authentication and authorization is in the Microsoft Cloud (Microsoft Entra ID's security token service, called 'evoSTS'), and updating Microsoft Entra ID about the URLs or namespaces used by your on-premises installation of either Skype for Business or Exchange. Therefore, on-premises servers take on a Microsoft Cloud dependency. Taking this action could be considered configuring 'hybrid auth'. +- This article links out to others that help you choose supported modern authentication topologies (necessary only for Skype for Business), and how-to articles that outline the setup steps, or steps to disable modern authentication, for Exchange on-premises and Skype for Business on-premises. Favorite this page in your browser if you're going to need a home-base for using modern authentication in your server environment. ## Related Topics |
enterprise | Introduction To Performance Tuning For Sharepoint Online | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/introduction-to-performance-tuning-for-sharepoint-online.md | This article explains what specific aspects you need to consider when designing The following broad metrics for SharePoint Online provide real-world data about performance: -- How fast pages load+- The speed at which pages load -- How many round-trips required per page+- The number of round-trips required per page -- Issues with the service+- The issues with the service -- Other things that cause performance degradation+- The other things that cause performance degradation ### Conclusions reached because of the data The data tells us: - The slowest 1% of SharePoint Online pages take more than 5,000 milliseconds to load. -One simple benchmark test you can use would be to measure performance by comparing the load time of your own portal against the load time of the OneDrive for Business home page as it uses few customized features. This will often be the first step Support will ask you to complete when troubleshooting network performance issues. +One simple benchmark test you can use would be to measure performance by comparing the load time of your own portal against the load time of the OneDrive for Business home page as it uses few customized features. This step is often the first step Support asks you to complete when troubleshooting network performance issues. ## Use a standard user account when checking performance A Site Collection Administrator, Site Owner, Editor, or Contributor belong to another security groups, have more permissions, and therefore have extra elements that SharePoint loads on a page. -This is applicable to SharePoint on-premises and SharePoint Online but in an on-premises scenario the differences will not be as easily noticed as in SharePoint Online. +This scenario is applicable to SharePoint on-premises and SharePoint Online but in an on-premises scenario the differences can't be as easily noticed as in SharePoint Online. -In order to correctly evaluate how a page will perform for users, you should use a standard user account to avoid loading the authoring controls and extra traffic related to security groups. +In order to correctly evaluate how a page performs for users, you should use a standard user account to avoid loading the authoring controls and extra traffic related to security groups. ## Connection categories for performance tuning -You can categorize the connections between the server and the user into three main components. Consider these when designing SharePoint Online pages for insight into load times. +You can categorize the connections between the server and the user into three main components. Consider these components when designing SharePoint Online pages for insight into load times. - **Server** The servers that Microsoft hosts in datacenters. You can categorize the connections between the server and the user into three ma - **Browser** Where the page is loaded. -Within these three connections there are typically five reasons that cause 95% of slow pages. Each of these reasons is discussed in this article: +Within these three connections, there are typically five reasons that cause 95% of slow pages. Each of these reasons is discussed in this article: - Navigation issues Within these three connections there are typically five reasons that cause 95% o Many of the issues that affect performance with SharePoint on-premises also apply to SharePoint Online. -As you would expect, you have far more control over how servers perform with on-premises SharePoint. With SharePoint Online things are a little different. The more work you make a server do, the longer it takes to render a page. With SharePoint, the biggest culprits in this respect are complex pages with multiple web parts. +As you would expect, you have far more control over how servers perform with on-premises SharePoint. With SharePoint Online, things are a little different. The more work you make a server do, the longer it takes to render a page. With SharePoint, the biggest culprits in this respect are complex pages with multiple web parts. SharePoint Server on-premises SharePoint Online ![Screenshot of server online.](../media/46b27ded-d8a4-4287-b3e0-2603a764b8f8.png) -With SharePoint Online, certain page requests may actually end up calling multiple servers. You could end up with a matrix of requests between servers for an individual request. These interactions are expensive from a page load perspective and will make things slow. +With SharePoint Online, certain page requests might actually end up calling multiple servers. You could end up with a matrix of requests between servers for an individual request. These interactions are expensive from a page load perspective and make things slow. Examples of these server-to-server interactions are: Examples of these server-to-server interactions are: - Web to application servers -The other thing that can slow down server interactions is cache misses. Unlike on-premises SharePoint, there is a slim chance that you will hit the same server for a page that you have visited previously; this makes object caching obsolete. +The other thing that can slow down server interactions is cache misses. Unlike on-premises SharePoint, there's a slim chance that you would hit the same server for a page that you visited previously; this makes object caching obsolete. ### Network connection -With on-premises SharePoint that doesn't make use of a WAN, you may use a high-speed connection between datacenter and end users. Generally, things are easy to manage from a network perspective. +With on-premises SharePoint that doesn't make use of a WAN, you can use a high-speed connection between datacenter and end users. Generally, things are easy to manage from a network perspective. With SharePoint Online, there are a few more factors to consider; for example: With SharePoint Online, there are a few more factors to consider; for example: - The Internet -- The ISP+- The Internet Service Provider (ISP) -Regardless of which version of SharePoint (and which network) you are using, things that will typically cause the network to be busy include: +Regardless of which version of SharePoint (and which network) you're using, things that typically cause the network to be busy include: - Large payload Regardless of which version of SharePoint (and which network) you are using, thi - Large physical distance to the server -One feature that you can use in SharePoint Online is the Microsoft CDN (Content Delivery Network). A CDN is basically a distributed collection of servers deployed across multiple datacenters. With a CDN, content on pages can be hosted on a server close to the client even if the client is far away from the originating SharePoint Server. Microsoft will be using this more in the future to store local instances of pages that cannot be customized, for example the SharePoint Online admin home page. For more information about CDNs, see [Content delivery networks](content-delivery-networks.md). +One feature that you can use in SharePoint Online is the Microsoft CDN (Content Delivery Network). A CDN is basically a distributed collection of servers deployed across multiple datacenters. With a CDN, content on pages can be hosted on a server close to the client even if the client is far away from the originating SharePoint Server. Microsoft will be using this feature more in the future to store local instances of pages that can't be customized, for example the SharePoint Online admin home page. For more information about CDNs, see [Content delivery networks](content-delivery-networks.md). -Something that you need to be aware of but may not be able to do much about is the connection speed of your ISP. A simple speed test tool will tell you the connection speed. +Something that you need to be aware of but have no control over is the connection speed of your ISP. A simple speed test tool tells you the connection speed. ### Browser connection There are a few factors to consider with web browsers from a performance perspective. -Visiting complex pages will affect performance. Most browsers only have a small cache (around 90 MB), while the average web page is typically around 1.6 MB. This doesn't take long to get used up. +Visiting complex pages affects performance. Most browsers only have a small cache (around 90 MB), while the average web page is typically around 1.6 MB, which doesn't take long to get used up. -Bandwidth may also be an issue. For example, if a user is watching videos in another session, this will affect the performance of your SharePoint page. While you can't prevent users from streaming media, you can control the way a page will load for users. +Bandwidth can also be an issue. For example, if a user is watching videos in another session, it affects the performance of your SharePoint page. While you can't prevent users from streaming media, you can control the way a page loads for users. Check out the following articles for different SharePoint Online page customization techniques and other best practices to help you achieve optimal performance. |
enterprise | Manage Microsoft 365 Tenants With Windows Powershell For Delegated Access Permissio | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-microsoft-365-tenants-with-windows-powershell-for-delegated-access-permissio.md | description: In this article, learn how to use PowerShell for Microsoft 365 to m *This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.* -Windows PowerShell allows Syndication and Cloud Solution Provider (CSP) partners to easily administer and report on customer tenancy settings that are not available in the Microsoft 365 admin center. Note that Administer on Behalf Of (AOBO) permissions are required for the partner administrator account to connect to its customer tenancies. +Windows PowerShell allows Syndication and Cloud Solution Provider (CSP) partners to easily administer and report on customer tenancy settings that aren't available in the Microsoft 365 admin center. Administer on Behalf Of (AOBO) permissions are required for the partner administrator account to connect to its customer tenancies. -Delegated Access Permission (DAP) partners are Syndication and Cloud Solution Providers (CSP) Partners. They are frequently network or telecom providers to other companies. They bundle Microsoft 365 subscriptions into their service offerings to their customers. When they sell a Microsoft 365 subscription, they are automatically granted Administer On Behalf Of (AOBO) permissions to the customer tenancies so they can administer and report on the customer tenancies. +Delegated Access Permission (DAP) partners are Syndication and Cloud Solution Providers (CSP) Partners. They're frequently network or telecom providers to other companies. They bundle Microsoft 365 subscriptions into their service offerings to their customers. When they sell a Microsoft 365 subscription, they're automatically granted Administer On Behalf Of (AOBO) permissions to the customer tenancies so they can administer and report on the customer tenancies. ## What do you need to know before you begin? The procedures in this topic require you to connect to [Connect to Microsoft 365 with PowerShell](connect-to-microsoft-365-powershell.md). To list all customer tenant Ids that you have access to, run this command. Get-MsolPartnerContract -All | Select-Object TenantId ``` -This will display a listing of all your customer tenants by **TenantId**. +This displays a listing of all your customer tenants by **TenantId**. >[!Note] >PowerShell Core does not support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets with **Msol** in their name. To continue using these cmdlets, you must run them from Windows PowerShell. To get all domains for any one customer tenant, run this command. Replace _\<cu Get-MsolDomain -TenantId <customer TenantId value> ``` -If you have registered additional domains, this will return all domains associated with the customer **TenantId**. +If you have registered additional domains, this returns all domains associated with the customer **TenantId**. ### Get a mapping of all tenants and registered domains $Tenants = Get-MsolPartnerContract -All; $Tenants | foreach {$Domains = $_.Tenan ### Get all users for a tenant -This will display the **UserPrincipalName**, the **DisplayName**, and the **isLicensed** status for all users for a particular tenant. Replace _\<customer TenantId value>_ with the actual value. +This displays the **UserPrincipalName**, the **DisplayName**, and the **isLicensed** status for all users for a particular tenant. Replace _\<customer TenantId value>_ with the actual value. ```powershell Get-MsolUser -TenantID <customer TenantId value> where: - **UsageLocation**: The value for this is the two-letter ISO country/region code of the user. The country/region codes can be looked up at the[ISO Online Browsing Platform](https://go.microsoft.com/fwlink/p/?LinkId=532703). For example, the code for the United States is US, and the code for Brazil is BR. -- **LicenseAssignment**: The value for this uses this format: `syndication-account:<PROVISIONING_ID>`. For example, if you are assigning customer tenant users O365_Business_Premium licenses, the **LicenseAssignment** value looks like this: **syndication-account:O365_Business_Premium**. You will find the PROVISIONING_IDs in the Syndication Partner Portal that you have access to as a Syndication or CSP partner.+- **LicenseAssignment**: The value for this uses this format: `syndication-account:<PROVISIONING_ID>`. For example, if you're assigning customer tenant users O365_Business_Premium licenses, the **LicenseAssignment** value looks like this: **syndication-account:O365_Business_Premium**. You'll find the PROVISIONING_IDs in the Syndication Partner Portal that you have access to as a Syndication or CSP partner. #### Import the CSV file and create the users |
enterprise | Manage Skype For Business Online Policies With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-skype-for-business-online-policies-with-microsoft-365-powershell.md | EnablePublicCloudAudioVideoAccess : True EnableOutsideAccess : True ``` -In this example, the values within this policy determine what a use can or cannot do when it comes to communicating with federated users. For example, the EnableOutsideAccess property must be set to True for a user to be able to communicate with people outside the organization. Note that this property does not appear in the Microsoft 365 admin center. Instead, the property is automatically set to True or False based on the other selections that you make. The other two properties of interest are: +In this example, the values within this policy determine what a use can or can't do when it comes to communicating with federated users. For example, the EnableOutsideAccess property must be set to True for a user to be able to communicate with people outside the organization. This property doesn't appear in the Microsoft 365 admin center. Instead, the property is automatically set to True or False based on the other selections that you make. The other two properties of interest are: - **EnableFederationAccess** indicates whether the user can communicate with people from federated domains. Therefore, you don't directly change federation-related properties on user accou If you want to know whether or not someone can communicate with users from outside the organization, you have to: -- Determine which external access policy has been assigned to that user.+- Determine which external access policy is assigned to that user. -- Determine which capabilities are or are not allowed by that policy.+- Determine which capabilities are or aren't allowed by that policy. For example, you can do that by using this command: Get-CsExternalAccessPolicy -ApplicableTo "Alex Darrow" The ApplicableTo parameter limits the returned data to policies that can be assigned to the specified user (for example, Alex Darrow). Depending on licensing and usage location restrictions, that might represent a subset of all the available policies. -In some cases, properties of policies are not used with Microsoft 365, while others can only be managed by Microsoft support personnel. +In some cases, properties of policies aren't used with Microsoft 365, while others can only be managed by Microsoft support personnel. -With Skype for Business Online, users must be managed by a policy of some kind. If a valid policy-related property is blank, that means that the user in question is being managed by a global policy, which is a policy that is automatically applied to a user unless they are specifically assigned a per-user policy. Because we don't see a client policy listed for a user account, it is managed by the global policy. You can determine the global client policy with this command: +With Skype for Business Online, users must be managed by a policy of some kind. If a valid policy-related property is blank, that means that the user in question is being managed by a global policy, which is a policy that is automatically applied to a user unless they're specifically assigned a per-user policy. Because we don't see a client policy listed for a user account, it's managed by the global policy. You can determine the global client policy with this command: ```powershell Get-CsClientPolicy -Identity "Global" |
enterprise | Microsoft 365 Exo Archive Advisory | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-exo-archive-advisory.md | -We've released a new Exchange Online service advisory that informs you of auto-expanding archives attached to mailboxes at risk of reaching the 1.5TB limit on total auto-expanding archive size. These service advisories provide visibility to the mailboxes in your organization that may require admin intervention. +We released a new Exchange Online service advisory that informs you of auto-expanding archives attached to mailboxes at risk of reaching the 1.5TB limit on total auto-expanding archive size. These service advisories provide visibility to the mailboxes in your organization that can require admin intervention. -These service advisories are displayed in the Microsoft 365 admin center. To view these service advisories, go to **Health** \> **Service health** \> **Exchange Online** and then click the **Active issues** tab. +These service advisories are displayed in the Microsoft 365 admin center. To view these service advisories, go to **Health** \> **Service health** \> **Exchange Online** and then select the **Active issues** tab. ## What do these service advisories indicate? -This service advisory informs you of potential data storage limits being reached in your organization. Mailboxes with archive mailboxes that have the auto-expanding archive feature enabled may store a maximum of 1.5 TB of data in the auto-expanding archive. The service advisory contains a link under "User Impact" that shows a flyout window listing impacted mailbox GUIDs for your tenant. +This service advisory informs you of potential data storage limits being reached in your organization. Mailboxes with archive mailboxes that have the auto-expanding archive feature enabled can store a maximum of 1.5 TB of data in the auto-expanding archive. The service advisory contains a link under "User Impact" that shows a flyout window listing impacted mailbox Globally Unique Identifiers (GUIDs) for your tenant. :::image type="content" alt-text="Auto-expanding archive alert details page." source="../media/auto-expand-archive-extended-details.png" lightbox="../media/auto-expand-archive-extended-details.png"::: -Here is an example of the flyout: +Here's an example of the flyout: :::image type="content" alt-text="Auto-expanding archive alert flyout extended view." source="../media/auto-expand-archive-flyout.png" lightbox="../media/auto-expand-archive-flyout.png"::: The following list describes each column in the previous example. -- **mailboxGuid** : The GUID of the main archive for the mailbox or one of the additional storage units in the auxiliary archive ("AuxArchive").+- **mailboxGuid** : The GUID of the main archive for the mailbox or one of the other storage units in the auxiliary archive ("AuxArchive"). - **Status** : _Warning_ if the auto-expanding archive total size is over 1.2 TB but less than 1.4 TB; _Critical_ if the auto-expanding archive total size is over 1.4TB. - **SizeInGB** : The total size of the auto-expanding archive associated with the mailbox. |
enterprise | Microsoft 365 Isolation In Azure Active Directory | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-isolation-in-azure-active-directory.md | -Microsoft Entra ID was designed to host multiple tenants in a highly secure way through logical data isolation. Access to Microsoft Entra ID is gated by an authorization layer. Microsoft Entra ID isolates customers using tenant containers as security boundaries to safeguard a customer's content so that the content cannot be accessed or compromised by co-tenants. Three checks are performed by Microsoft Entra authorization layer: +Microsoft Entra ID was designed to host multiple tenants in a highly secure way through logical data isolation. Access to Microsoft Entra ID is gated by an authorization layer. Microsoft Entra ID isolates customers using tenant containers as security boundaries to safeguard a customer's content so that the content can't be accessed or compromised by co-tenants. Three checks are performed by Microsoft Entra authorization layer: - Is the principal enabled for access to Microsoft Entra tenant? - Is the principal enabled for access to data in this tenant? - Is the principal's role in this tenant authorized for the type of data access requested? -No application, user, server, or service can access Microsoft Entra ID without the proper authentication and token or certificate. Requests are rejected if they are not accompanied by proper credentials. +No application, user, server, or service can access Microsoft Entra ID without the proper authentication and token or certificate. Requests are rejected if they aren't accompanied by proper credentials. Effectively, Microsoft Entra ID hosts each tenant in its own protected container, with policies and permissions to and within the container solely owned and managed by the tenant. ![Azure container.](../media/office-365-isolation-azure-container.png) -The concept of tenant containers is deeply ingrained in the directory service at all layers, from portals all the way to persistent storage. Even when multiple Microsoft Entra tenant metadata is stored on the same physical disk, there is no relationship between the containers other than what is defined by the directory service, which in turn is dictated by the tenant administrator. There can be no direct connections to Microsoft Entra storage from any requesting application or service without first going through the authorization layer. +The concept of tenant containers is deeply ingrained in the directory service at all layers, from portals all the way to persistent storage. Even when multiple Microsoft Entra tenant metadata is stored on the same physical disk, there's no relationship between the containers other than what is defined by the directory service, which in turn is dictated by the tenant administrator. There can be no direct connections to Microsoft Entra storage from any requesting application or service without first going through the authorization layer. -In the example below, Contoso and Fabrikam both have separate, dedicated containers, and even though those containers may share some of the same underlying infrastructure, such as servers and storage, they remain separate and isolated from each other, and gated by layers of authorization and access control. +In the following example, Contoso and Fabrikam both have separate, dedicated containers, and even though those containers can share some of the same underlying infrastructure, such as servers and storage, they remain separate and isolated from each other, and gated by layers of authorization and access control. ![Azure dedicated containers.](../media/office-365-isolation-azure-dedicated-containers.png) -In addition, there are no application components that can execute from within Microsoft Entra ID, and it is not possible for one tenant to forcibly breach the integrity of another tenant, access encryption keys of another tenant, or read raw data from the server. +In addition, there are no application components that can execute from within Microsoft Entra ID, and it isn't possible for one tenant to forcibly breach the integrity of another tenant, access encryption keys of another tenant, or read raw data from the server. -By default, Microsoft Entra disallows all operations issued by identities in other tenants. Each tenant is logically isolated within Microsoft Entra ID through claims-based access controls. Reads and writes of directory data are scoped to tenant containers, and gated by an internal abstraction layer and a role-based access control (RBAC) layer, which together enforce the tenant as the security boundary. Every directory data access request is processed by these layers and every access request in Microsoft 365 is policed by the logic above. +By default, Microsoft Entra disallows all operations issued by identities in other tenants. Each tenant is logically isolated within Microsoft Entra ID through claims-based access controls. Reads and writes of directory data are scoped to tenant containers, and gated by an internal abstraction layer and a role-based access control (RBAC) layer, which together enforce the tenant as the security boundary. Every directory data access request is processed by these layers and every access request in Microsoft 365 is policed by the previous logic. -Microsoft Entra ID has North America, U.S. Government, European Union, Germany, and World Wide partitions. A tenant exists in a single partition, and partitions can contain multiple tenants. Partition information is abstracted away from users. A given partition (including all the tenants within it) is replicated to multiple datacenters. The partition for a tenant is chosen based on properties of the tenant (e.g., the country code). Secrets and other sensitive information in each partition is encrypted with a dedicated key. The keys are generated automatically when a new partition is created. +Microsoft Entra ID has North America, U.S. Government, European Union, Germany, and World Wide partitions. A tenant exists in a single partition, and partitions can contain multiple tenants. Partition information is abstracted away from users. A given partition (including all the tenants within it) is replicated to multiple datacenters. The partition for a tenant is chosen based on properties of the tenant (for example, the country code). Secrets and other sensitive information in each partition is encrypted with a dedicated key. The keys are generated automatically when a new partition is created. Microsoft Entra system functionalities are a unique instance to each user session. In addition, Microsoft Entra ID uses encryption technologies to provide isolation of shared system resources at the network level to prevent unauthorized and unintended transfer of information. |
enterprise | Microsoft 365 Networking China | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-networking-china.md | Title: "Microsoft 365 global tenant performance optimization for China users" Previously updated : 3/3/2022 Last updated : 04/10/2024 audience: Admin +- must-keep search.appverid: MET150 f1.keywords: - NOCSH China ISPs have regulated offshore connections to the global public Internet tha Packet loss and latency are detrimental to the performance of network services, especially services that require large data exchanges (such as large file transfers) or requiring near real-time performance (audio and video applications). -The goal of this topic is to provide best practices for mitigating the impact of China cross-border network congestion on Microsoft 365 services. This topic does not address other common last-mile performance issues such as issues of high packet latency due to complex routing within China carriers. +The goal of this article is to provide best practices for mitigating the impact of China cross-border network congestion on Microsoft 365 services. This article doesn't address other common last-mile performance issues such as issues of high packet latency due to complex routing within China carriers. ## Corporate network best practices Many enterprises with global Microsoft 365 tenants and users in China have imple > [!IMPORTANT] > As with all private WAN implementations, you should always consult regulatory requirements for your country and/or region to ensure that your network configuration is in compliance. -As a first step, it is crucial that you follow our benchmark network guidance at [Network planning and performance tuning for Microsoft 365](./network-planning-and-performance.md). The primary goal should be to avoid accessing global Microsoft 365 services from the Internet in China if possible. +As a first step, it's crucial that you follow our benchmark network guidance at [Network planning and performance tuning for Microsoft 365](./network-planning-and-performance.md). The primary goal should be to avoid accessing global Microsoft 365 services from the Internet in China if possible. - Leverage your existing private network to carry Microsoft 365 network traffic between China office networks and offshore locations that egress on the public Internet outside China. Almost any location outside China will provide a clear benefit. Network administrators can further optimize by egressing in areas with low-latency interconnect with the [Microsoft global network](/azure/networking/microsoft-global-network). Hong Kong Special Administrative Region, Singapore, Japan, and South Korea are examples. - Configure user devices to access the corporate network over a VPN connection to allow Microsoft 365 traffic to transit the corporate network's private offshore link. Ensure that VPN clients are either not configured to use split tunneling, or that user devices are configured to ignore split tunneling for Microsoft 365 traffic. For additional information on optimizing VPN connectivity for Teams and real-time media traffic, see [this section](#optimizing-microsoft-teams-meetings-network-performance-for-users-in-china).-- Configure your network to route all Microsoft 365 traffic across your private offshore link. If you must minimize the volume of traffic on your private link, you can choose to only route endpoints in the **Optimize** category, and allow requests to **Allow** and **Default** endpoints to transit the Internet. This will improve performance and minimize bandwidth consumption by limiting optimized traffic to critical services that are most sensitive to high latency and packet loss.+- Configure your network to route all Microsoft 365 traffic across your private offshore link. If you must minimize the volume of traffic on your private link, you can choose to only route endpoints in the **Optimize** category, and allow requests to **Allow** and **Default** endpoints to transit the Internet. This improves performance and minimize bandwidth consumption by limiting optimized traffic to critical services that are most sensitive to high latency and packet loss. - If possible, use UDP instead of TCP for live media streaming traffic, such as for Teams. UDP offers better live media streaming performance than TCP. For information about how to selectively route Microsoft 365 traffic, see [Managing Office 365 endpoints](managing-office-365-endpoints.md). For a list of all worldwide Office 365 URLs and IP addresses, see [Office 365 URLs and IP address ranges](urls-and-ip-address-ranges.md). For information about how to selectively route Microsoft 365 traffic, see [Manag Users in China who connect to global Microsoft 365 tenants from remote locations such as homes, coffee shops, hotels, and branch offices with no connection to enterprise networks can experience poor network performance because traffic between their devices and Microsoft 365 must transit China's congested cross-border network circuits. -If cross-border private networks and/or VPN access into the corporate network are not an option, per-user performance issues can still be mitigated by training your China-based users to follow these best practices. +If cross-border private networks and/or VPN access into the corporate network aren't an option, per-user performance issues can still be mitigated by training your China-based users to follow these best practices. -- Utilize rich Office clients that support caching (e.g. Outlook, Teams, OneDrive, etc.), and avoid web-based clients. Office client caching and offline access features can dramatically reduce the impact of network congestion and latency.+- Utilize rich Office clients that support caching (Outlook, Teams, OneDrive, etc.), and avoid web-based clients. Office client caching and offline access features can dramatically reduce the impact of network congestion and latency. - If your Microsoft 365 tenant has been configured with the _Audio Conferencing_ feature, Teams users can join meetings via the public switched telephone network (PSTN). For more information, see [Audio Conferencing in Office 365](/microsoftteams/audio-conferencing-in-office-365). - If users experience network performance issues, they should report to their IT department for troubleshooting, and escalate to Microsoft support if trouble with Microsoft 365 services is suspected. Not all issues are caused by cross-border network performance. You need to consider how to leverage these network improvements, given that the - Use the previous guidance for all traffic flagged for optimization except Teams meetings and calling real-time media traffic. - Route Teams meeting and calling real-time media traffic over the public internet. See the following information for specifics on identifying the real-time media network traffic. -Sending Teams real-time media audio and video traffic over the public internet, which uses the higher quality connectivity, can result in considerable cost savings, because it is free versus paying to send that traffic over a private network. There may be similar additional benefits if users are also using SDWAN or VPN clients. Some organizations may also prefer to have more of their data traverse public internet connections as a general practice. +Sending Teams real-time media audio and video traffic over the public internet, which uses the higher quality connectivity, can result in considerable cost savings, because it's free versus paying to send that traffic over a private network. There might be similar additional benefits if users are also using SDWAN or VPN clients. Some organizations might also prefer to have more of their data traverse public internet connections as a general practice. The same options could apply to SDWAN or VPN configurations. For example, a user is using an SDWAN or VPN to route Microsoft 365 traffic to the corporate network and then leveraging the private extension of that network to avoid cross-border congestion. The userΓÇÖs SDWAN or VPN can now be configured to exclude Teams meeting and calling real-time traffic from the VPN routing. This VPN configuration is referred to as split tunneling. See [VPN split tunneling for Office 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel) for more information. You can also continue to use your SDWAN or VPN for all Microsoft 365 traffic, in Users in China can take advantage of these improvements simply by connecting to the public internet service in China with a landline or mobile connection. Teams real-time media audio and video traffic on the public internet directly benefits from improved connectivity and quality. -However, data from other Microsoft 365 servicesΓÇöand other traffic in Teams, such as chat or filesΓÇöwill not directly benefit from these improvements. Users outside the organization network may still experience poor network performance for this traffic. As discussed in this article, you can mitigate these effects by using a VPN or SDWAN. You can also have your users use rich desktop clients over web clients, which support in-app caching to mitigate network issues. +However, data from other Microsoft 365 services ΓÇö and other traffic in Teams, such as chat or files ΓÇö won't directly benefit from these improvements. Users outside the organization network might still experience poor network performance for this traffic. As discussed in this article, you can mitigate these effects by using a VPN or SDWAN. You can also have your users use rich desktop clients over web clients, which support in-app caching to mitigate network issues. ### Identifying Teams real-time media network traffic |
enterprise | Multi Geo Capabilities In Onedrive And Sharepoint Online In Microsoft 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md | Title: "Multi-Geo Capabilities in OneDrive and SharePoint Online" + Title: "Multi-Geo Capabilities in OneDrive and SharePoint" Previously updated : 08/10/2020 Last updated : 04/10/2024 +- must-keep ms.localizationpriority: medium ms.assetid: 094e86f2-9ff0-40ac-af31-28fcaba00c1d-description: "Expand your Microsoft 365 presence to multiple geographic regions with multi-geo capabilities in OneDrive Online." +description: "Expand your Microsoft 365 presence to multiple geographic regions with multi-geo capabilities in OneDrive and SharePoint." -# Multi-Geo Capabilities in OneDrive and SharePoint Online +# Multi-Geo Capabilities in OneDrive and SharePoint -Multi-Geo capabilities in OneDrive and SharePoint Online enable control of shared resources like SharePoint team sites and Microsoft 365 Group mailboxes stored at rest in a specified geo location. +Multi-Geo capabilities in OneDrive and SharePoint enable control of shared resources like SharePoint team sites and Microsoft 365 Group mailboxes stored at rest in a specified geo location. Each user, Group mailbox, and SharePoint site have a Preferred Data Location (PDL) which denotes the geo location where related data is to be stored. Users' personal data (Exchange mailbox and OneDrive) along with any Microsoft 365 Groups or SharePoint sites that they create can be stored in the specified geo location to meet data residency requirements. You can [specify different administrators for each geo location](add-a-sharepoint-geo-admin.md). Users get a seamless experience when using Microsoft 365 services, including Off ## OneDrive -Each user's OneDrive can be provisioned in or [moved by an administrator](move-onedrive-between-geo-locations.md) to a satellite location in accordance with the user's PDL. Personal files are then kept in that geo location, though they can be shared with users in other geo locations. Note that administrative options found under the OneDrive tab of an active user within the Microsoft 365 admin center are currently not supported for multi-geo tenants. +Each user's OneDrive can be provisioned in or [moved by an administrator](move-onedrive-between-geo-locations.md) to a satellite location in accordance with the user's PDL. Personal files are then kept in that geo location, though they can be shared with users in other geo locations. Administrative options found under the OneDrive tab of an active user within the Microsoft 365 admin center are currently not supported for multi-geo tenants. ## SharePoint Sites and Groups Management of the Multi-Geo feature is available through the <a href="https://go When a user creates a SharePoint group-connected site in a multi-geo environment, their PDL is used to determine the geo location where the site and its associated Group mailbox are created. (If the user's PDL value hasn't been set, or has been set to geo location that hasn't been configured as a satellite location, then the site and mailbox are created in the central location.) -Microsoft 365 services other than Exchange, OneDrive, SharePoint, and Teams aren't Multi-Geo. However, Microsoft 365 Groups that are created by these services will be configured with the PDL of the creator and their Exchange Group mailbox, SharePoint site are provisioned in the corresponding geo. +Microsoft 365 services other than Exchange, OneDrive, SharePoint, and Teams aren't Multi-Geo. However, Microsoft 365 Groups that are created by these services will be configured with the PDL of the creator and their Exchange Group mailbox, SharePoint site are provisioned in the corresponding geo. ## Managing the multi-geo environment -Setting up and managing your multi-geo environment is done through the <a href="https://go.microsoft.com/fwlink/?linkid=2185219" target="_blank">SharePoint admin center</a>. +Setting up and managing your multi-geo environment is done through the <a href="https://go.microsoft.com/fwlink/?linkid=2185219" target="_blank">SharePoint admin center</a>. ![Screenshot of geo locations page in the SharePoint admin center.](../media/sharepoint-multi-geo-admin-center.png) |
enterprise | Multi Tenant People Search | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-tenant-people-search.md | Title: "Microsoft 365 multitenant Organization People Search" Previously updated : 03/13/2023 Last updated : 04/09/2024 audience: ITPro ms.localizationpriority: medium++- scotvorg +- must-keep search.appverid: - MET150 f1.keywords: description: Learn about People Search in multitenant Microsoft 365 organization # Microsoft 365 multitenant Organization People Search (public preview) -The multitenant Organization (MTO) People Search is a collaboration feature that enables search and discovery of people across multiple tenants. A tenant admin can enable cross-tenant synchronization that will allow users to be synced to another tenant and be discoverable in its global address list. Once enabled, users will be able to search and discover synced user profiles from the other tenant and view their corresponding people cards. +The multitenant Organization (MTO) People Search is a collaboration feature that enables search and discovery of people across multiple tenants. A tenant admin can enable cross-tenant synchronization that allows users to be synced to another tenant and be discoverable in its global address list. Once enabled, users are able to search and discover synced user profiles from the other tenant and view their corresponding people cards. >[!NOTE] >This Public Preview program is designed to give customers the opportunity to try out the multitenant people search feature. You can then validate the scenario and provide feedback to the product development team. The purpose of this article is to: Megan's user account has been synced from the _Fabrikam_ tenant to the target te > _Fig 2: User can view a limited people card_ - ## Known limitations - The Microsoft Teams audio and video call buttons will direct the call to the Megan's Contoso tenant Teams instance and not the Teams instance target tenant (Fabrikam). - The current experience provides limited information on the people card (basic contact information, job title and office location).-- There is no external tag to differentiate synced users and internal users. For example, if there was a megan@fabrikam and megan@Contoso there's no (External) tag to show that megan@fabrikam is a different user.+- There's no external tag to differentiate synced users and internal users. For example, if there was a megan@fabrikam and megan@Contoso there's no (External) tag to show that megan@fabrikam is a different user. - Converting an external guest into an external member or converting an external member into an external guest isn't currently supported by Teams. - ## Prerequisites -To test the MTO People Search feature, it is assumed that you already have the following settings: +To test the MTO People Search feature, it's assumed that you already have the following settings: - Two Microsoft Entra / Microsoft 365 tenants - Both tenants have the **Microsoft Entra Cross-tenant Synchronization** feature enabled |
security | Trial User Guide Defender Vulnerability Management | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md | audience: ITPro - m365-security-compliance - tier1+- essentials-get-started search.appverid: met150 |
security | Advanced Hunting Deviceevents Table | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceevents-table.md | For information on other tables in the advanced hunting schema, [see the advance | `MD5` | `string` | MD5 hash of the file that the recorded action was applied to | | `FileSize` | `long` | Size of the file in bytes | | `AccountDomain` | `string` | Domain of the account |-| `AccountName` | `string` | User name of the account | +| `AccountName` | `string` | User name of the account; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account might be shown instead | | `AccountSid` | `string` | Security Identifier (SID) of the account | | `RemoteUrl` | `string` | URL or fully qualified domain name (FQDN) that was being connected to | | `RemoteDeviceName` | `string` | Name of the device that performed a remote operation on the affected device. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. | For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessCommandLine` | `string` | Command line used to run the process that initiated the event | | `InitiatingProcessCreationTime` | `datetime` | Date and time when the process that initiated the event was started | | `InitiatingProcessAccountDomain` | `string` | Domain of the account that ran the process responsible for the event |-| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event | +| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountSid` | `string` | Security Identifier (SID) of the account that ran the process responsible for the event |-| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event | +| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID UPN of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountObjectId` | `string` | Microsoft Entra object ID of the user account that ran the process responsible for the event | | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event | | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event | |
security | Advanced Hunting Devicefileevents Table | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicefileevents-table.md | For information on other tables in the advanced hunting schema, [see the advance | `PreviousFileName` | `string` | Original name of the file that was renamed as a result of the action | | `FileSize` | `long` | Size of the file in bytes | | `InitiatingProcessAccountDomain` | `string` | Domain of the account that ran the process responsible for the event |-| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event | +| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountSid` | `string` | Security Identifier (SID) of the account that ran the process responsible for the event |-| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event | +| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID UPN of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountObjectId` | `string` | Microsoft Entra object ID of the user account that ran the process responsible for the event | | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event | | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event | |
security | Advanced Hunting Deviceimageloadevents Table | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceimageloadevents-table.md | For information on other tables in the advanced hunting schema, [see the advance | `MD5` | `string` | MD5 hash of the file that the recorded action was applied to | | `FileSize` | `long` | Size of the file in bytes | | `InitiatingProcessAccountDomain` | `string` | Domain of the account that ran the process responsible for the event |-| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event | +| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountSid` | `string` | Security Identifier (SID) of the account that ran the process responsible for the event |-| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event | +| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID UPN of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountObjectId` | `string` | Microsoft Entra object ID of the user account that ran the process responsible for the event | | `InitiatingProcessIntegrityLevel` | `string` | Integrity level of the process that initiated the event. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet download. These integrity levels influence permissions to resources. | | `InitiatingProcessTokenElevation` | `string` | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event | |
security | Advanced Hunting Devicenetworkevents Table | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicenetworkevents-table.md | For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessParentId` | `long` | Process ID (PID) of the parent process that spawned the process responsible for the event | | `InitiatingProcessParentCreationTime` | `datetime` | Date and time when the parent of the process responsible for the event was started | | `InitiatingProcessAccountDomain` | `string` | Domain of the account that ran the process responsible for the event |-| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event | +| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountSid` | `string` | Security Identifier (SID) of the account that ran the process responsible for the event |-| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event | +| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID UPN of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountObjectId` | `string` | Microsoft Entra object ID of the user account that ran the process responsible for the event | | `InitiatingProcessIntegrityLevel` | `string` | Integrity level of the process that initiated the event. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet download. These integrity levels influence permissions to resources. | | `InitiatingProcessTokenElevation` | `string` | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event | |
security | Advanced Hunting Deviceprocessevents Table | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceprocessevents-table.md | For information on other tables in the advanced hunting schema, [see the advance | `ProcessTokenElevation` | `string` | Indicates the type of token elevation applied to the newly created process. Possible values: TokenElevationTypeLimited (restricted), TokenElevationTypeDefault (standard), and TokenElevationTypeFull (elevated) | | `ProcessCreationTime` | `datetime` | Date and time the process was created | | `AccountDomain` | `string` | Domain of the account |-| `AccountName` | `string` | User name of the account | +| `AccountName` | `string` | User name of the account; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account might be shown instead | | `AccountSid` | `string` | Security Identifier (SID) of the account |-| `AccountUpn` | `string` | User principal name (UPN) of the account | +| `AccountUpn` | `string` | User principal name (UPN) of the account; if the device is registered in Microsoft Entra ID, the Entra ID UPN of the account might be shown instead | | `AccountObjectId` | `string` | Unique identifier for the account in Microsoft Entra ID | | `LogonId` | `long` | Identifier for a logon session. This identifier is unique on the same device only between restarts. | | `InitiatingProcessAccountDomain` | `string` | Domain of the account that ran the process responsible for the event |-| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event | +| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountSid` | `string` | Security Identifier (SID) of the account that ran the process responsible for the event |-| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event | +| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID UPN of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountObjectId` | `string` | Microsoft Entra object ID of the user account that ran the process responsible for the event | | `InitiatingProcessLogonId` | `long` | Identifier for a logon session of the process that initiated the event. This identifier is unique on the same device only between restarts. | | `InitiatingProcessIntegrityLevel` | `string` | Integrity level of the process that initiated the event. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet download. These integrity levels influence permissions to resources. | |
security | Advanced Hunting Deviceregistryevents Table | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceregistryevents-table.md | For information on other tables in the advanced hunting schema, [see the advance | `PreviousRegistryValueName` | `string` | Original name of the registry value before it was modified | | `PreviousRegistryValueData` | `string` | Original data of the registry value before it was modified | | `InitiatingProcessAccountDomain` | `string` | Domain of the account that ran the process responsible for the event |-| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event | +| `InitiatingProcessAccountName` | `string` | User name of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID user name of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountSid` | `string` | Security Identifier (SID) of the account that ran the process responsible for the event |-| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event | +| `InitiatingProcessAccountUpn` | `string` | User principal name (UPN) of the account that ran the process responsible for the event; if the device is registered in Microsoft Entra ID, the Entra ID UPN of the account that ran the process responsible for the event might be shown instead | | `InitiatingProcessAccountObjectId` | `string` | Microsoft Entra object ID of the user account that ran the process responsible for the event | | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated ΓÇö use the SHA1 column when available. | |
security | Compare Rbac Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/compare-rbac-roles.md | Use this table to learn about the permissions assigned by default for each workl |Global reader|Security operations \ Security data \ Security data basics (read)</br>Security posture \ Posture management \ Secure Score (read) </br>|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security posture \ Posture management \ Vulnerability management (read)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Response (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email message headers (read)</br>Authorization and settings \ Authorization (read) </br></br>_**Defender for Office and Defender for Identity only permissions**_ </br>Authorization and settings \ Security settings \ Core security settings (read)</br>Authorization and settings \ System settings (read)| |Security reader|Security operations \ Security data \ Security data basics (read)</br>Security posture \ Posture management \ Secure Score (read) </br>|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security posture \ Posture management \ Vulnerability management (read)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Response (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email message headers (read) </br></br>_**Defender for Office and Defender for Identity only permissions**_ </br>Authorization and settings \ Security settings \ Core security settings (read)</br>Authorization and settings \ System settings (read)| |Security operator|Security operations \ Security data \ Security data basics (read)</br>Security operations \ Security data \ Alerts (manage) </br>Security operations \ Security data \ Response (manage)</br>Security posture \ Posture management \ Secure Score (read)</br>Authorization and settings \ Security settings (All permissions)|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_</br>Security operations \ Security data \ Basic live response (manage)</br>Security operations \ Security data \ Advanced live response (manage)</br> Security operations \ Security data \ File collection (manage) </br>Security posture \ Posture management \ Vulnerability management (read)</br>Security posture \ Posture management \ Exception handling (manage)</br>Security posture \ Posture management \ Remediation handling (manage)</br></br>_**Defender for Office only permissions**_ </br>Security operations \ Raw data (Email & collaboration) \ Email message headers (read)</br>Authorization and settings \ System settings (Read and manage)</br></br>_**Defender for Identity only permissions**_ </br>Authorization and settings \ System settings (read)|-|Exchange Administrator|Security posture \ Posture management \ Secure Score (read) </br> Security posture \ Posture management \ Secure Score (manage)|_**Defender for Office only permissions**_ </br>Security operations \ Raw data (Email & collaboration) \ Email message headers (read)</br>Authorization and settings \ System settings (Read and manage)| +|Exchange Administrator|Security posture \ Posture management \ Secure Score (read) </br> Security posture \ Posture management \ Secure Score (manage) |_**Defender for Office only permissions**_ </br>Security operations \ Security data \ Security data basic (read) </br>Security operations \ Raw data (Email & collaboration) \ Email message headers (read) </br>Authorization and settings \ System settings (Read and manage)| |SharePoint Administrator|Security posture \ Posture management \ Secure Score (read) </br> Security posture \ Posture management \ Secure Score (manage)|not applicable| |Service Support Administrator|Security posture \ Posture management \ Secure Score (read) |not applicable| |User Administrator|Security posture \ Posture management \ Secure Score (read) |not applicable| |
security | Get Started | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-started.md | + - essentials-get-started Previously updated : 09/21/2023 Last updated : 04/10/2024 # Get started with Microsoft Defender XDR |
security | Alert Policies Defender Portal | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/alert-policies-defender-portal.md | In Microsoft 365 organizations with mailboxes in Exchange Online, alert policies ## What do you need to know before you begin? - You need to be assigned permissions before you can do the procedures in this article. You have the following options:- - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations\Security data\Alerts (manage)** and **Security operations\Security data\ Security data basics (read)**. + - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): + - _Read only access to the Alert policies page_: **Security operations / Security data / Security data basics (read)**. + - _Manage alert policies_: **Authorization and settings / Security settings / Detection tuning (manage)**. - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): - _Create and manage alert policies in the Threat management category_: Membership in the **Organization Management** or **Security Administrator** role groups. - _View alerts in the Threat management_ category: Membership in the **Security Reader** role group. |
security | Mdo Email Entity Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-email-entity-page.md | Admins can preview and download emails in Cloud mailboxes, ***if*** the mails ar > [!IMPORTANT] > Previewing and downloading emails requires a special role called **Preview**. You can assign this role in the following locations: >-> - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Raw data (email & collaboration)/Email content (read)**. +> - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Raw data (email & collaboration)/Email & collaboration content (read)**. > - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Data Investigator** or **eDiscovery Manager** role groups. Or, you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) and add the **Preview** role to it. ### Detonation details |
security | Mdo Sec Ops Guide | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-sec-ops-guide.md | The following permissions (roles and role groups) are available in Defender for - **Exchange Online** and **Email & collaboration**: Roles and role groups that grant permission specific to Microsoft Defender for Office 365. The following roles aren't available in Microsoft Entra ID, but can be important for security teams: - - **Preview** role (Email & collaboration): Assign this role to team members who need to preview or download email messages as part of investigation activities. Allows users to preview and download email messages from cloud mailboxes using [Threat Explorer (Explorer) and Real-time detections](threat-explorer-real-time-detections-about.md#about-threat-explorer-and-real-time-detections-in-microsoft-defender-for-office-365) and the [email entity page](mdo-email-entity-page.md#email-preview-and-download-for-cloud-mailboxes). + - **Preview** role (Email & collaboration): Assign this role to team members who need to preview or download email messages as part of investigation activities. Allows users to preview and download email messages from cloud mailboxes using [Threat Explorer (Explorer) or Real-time detections](threat-explorer-real-time-detections-about.md#about-threat-explorer-and-real-time-detections-in-microsoft-defender-for-office-365) and the [Email entity page](mdo-email-entity-page.md#email-preview-and-download-for-cloud-mailboxes). - By default, this role is assigned only to the following role groups: + By default, the **Preview** role is assigned only to the following role groups: - Data Investigator - eDiscovery Manager - To assign this role to a new or existing custom role group, see [Email & collaboration roles in the Microsoft Defender portal](mdo-portal-permissions.md#email--collaboration-roles-in-the-microsoft-defender-portal). + You can add users to those role groups, or you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Preview** role assigned, and add the users to the custom role group. - **Search and Purge** role (Email & collaboration): Approve the deletion of malicious messages as recommended by AIR or take manual action on messages in hunting experiences like Threat Explorer. - By default, this role is assigned only to the following role groups: + By default, the **Search and Purge** role is assigned only to the following role groups: - Data Investigator - Organization Management - To assign this role to a new or existing custom role group, see [Email & collaboration roles in the Microsoft Defender portal](mdo-portal-permissions.md#email--collaboration-roles-in-the-microsoft-defender-portal). + You can add users to those role groups, or you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and add the users to the custom role group. - **Tenant AllowBlockList Manager** (Exchange Online): Manage allow and block entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). Blocking URLs, files (using file hash) or senders is a useful response action to take when investigating malicious email that was delivered. Defender for Office 365 exposes most of its data through a set of programmatic A - [Incident API](/microsoft-365/security/defender/api-incident): Defender for Office 365 alerts and automated investigations are active parts of incidents in Microsoft Defender XDR. Security teams can focus on what's critical by grouping the full attack scope and all impacted assets together. - [Event streaming API](/microsoft-365/security/defender/streaming-api): Allows shipping of real-time events and alerts into a single data stream as they happen. Supported event types in Defender for Office 365 include:- - [EmailEvents](/microsoft-365/security/defender/advanced-hunting-emailevents-table) - - [EmailUrlInfo](/microsoft-365/security/defender/advanced-hunting-emailurlinfo-table) - [EmailAttachmentInfo](/microsoft-365/security/defender/advanced-hunting-emailattachmentinfo-table)+ - [EmailEvents](/microsoft-365/security/defender/advanced-hunting-emailevents-table) - [EmailPostDeliveryEvents](/microsoft-365/security/defender/advanced-hunting-emailpostdeliveryevents-table)+ - [EmailUrlInfo](/microsoft-365/security/defender/advanced-hunting-emailurlinfo-table) The events contain data from processing all email (including intra-org messages) in the last 30 days. |
security | Quarantine Admin Manage Messages Files | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files.md | Watch this short video to learn how to manage quarantined messages as an admin. - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell). - You need to be assigned permissions before you can do the procedures in this article. You have the following options:- - [Microsoft Defender XDR Unified role based access control (RBAC)](../defender/manage-rbac.md) (Affects the Defender portal only, not PowerShell): **Security operations / Security data / Email & collaboration quarantine (manage)**. + - [Microsoft Defender XDR Unified role based access control (RBAC)](../defender/manage-rbac.md) (Affects the Defender portal only, not PowerShell): + - _Take action on quarantined messages for all users_: **Security operations / Security data / Email & collaboration quarantine (manage)**. + - _Read-only access to quarantined messages for all users_: **Security operations / Security data / Security data basics (read)**. - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): - _Take action on quarantined messages for all users_: Membership in the **Quarantine Administrator**, **Security Administrator**, or **Organization Management** role groups. - _Submit messages from quarantine to Microsoft_: Membership in the **Quarantine Administrator** or **Security Administrator** role groups. |
security | Remediate Malicious Email Delivered Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365.md | Remediation means to take a prescribed action against a threat. Malicious email ## What you need to know before you begin - You need to be assigned permissions before you can do the procedures in this article. Admins can take the required action on email messages, but the **Search and Purge** role is required to get those actions approved. To assign the **Search and Purge** role, you have the following options:- - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Security data/Email advanced actions (manage)**. - - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Organization Management** or **Data Investigator** role groups. Or, you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) and add the **Search and Purge** role to it. + - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Security data/Email & collaboration advanced actions (manage)**. + - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Organization Management** or **Data Investigator** role groups. Or, you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and add the users to the custom role group. - Verify **Automated Investigation** is turned on at <https://security.microsoft.com/securitysettings/endpoints/integration>. |
security | Reports Email Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md | On the report page, the :::image type="icon" source="../../media/m365-cc-sc-down You need to be assigned permissions before you can view and use the reports that are described in this article. You have the following options: -- [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/System settings/manage** or **Security operations/Security data/Read-only**.+- [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Security data/Security data basics (read)** or **Authorization and settings/System settings/manage**. - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in any of the following role groups: - **Organization Management**<sup>\*</sup> - **Security Administrator** |
security | Submissions Admin | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin.md | For other ways that **admins** can report messages to Microsoft in the Defender - You open the Microsoft Defender portal at <https://security.microsoft.com/>. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>. - You need to be assigned permissions before you can do the procedures in this article. You have the following options:- - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Security data/Response (manage)** or **Security operations/Security data/Read-only**. + - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Security data/Response (manage)** or **Security operations/Security data/Security data basics (read)**. - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Security Administrator** or **Security Reader** role groups. - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership in the **Security Administrator** or **Security Reader** roles gives users the required permissions _and_ permissions for other features in Microsoft 365. |
security | Submissions User Reported Messages Custom Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox.md | After you verify that the reporting mailbox meets all of these requirements, use - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). - You need to be assigned permissions before you can do the procedures in this article. You have the following options:- - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Security data/Response (manage)** or **Security operations/Security data/Read-only**. + - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Security operations/Security data/Response (manage)** or **Security operations/Security data/Security data basics (read)**. - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Organization Management** or **Security Administrator** role groups. - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership in the **Global Administrator** or **Security Administrator** roles gives users the required permissions _and_ permissions for other features in Microsoft 365. |
security | Threat Explorer Real Time Detections About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-real-time-detections-about.md | To use Explorer or Real-time detections, you need to be assigned permissions. Yo - _Remediate malicious email_: **Security operations/Security data/Email & collaboration advanced actions (manage)**. - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): - _Full access_: Membership in the **Organization Management** or **Security Administrator** role groups. More permissions are required to do all available actions:- - _Preview and download messages_: Membership in the **Data Investigator** or **eDiscovery Manager** role groups. Or, [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the same roles as **Organization Management** or **Security Administrator**, and then add the **Preview** role. - - _Move messages in and delete messages from mailboxes_: Membership in the **Data Investigator** or **Organization Management** role groups. Or, [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the same roles as **Security Administrator**, and then add the **Search and Purge** role. + - _Preview and download messages_: Requires the **Preview** role, which is assigned only to the **Data Investigator** or **eDiscovery Manager** role groups by default. Or, you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Preview** role assigned, and add the users to the custom role group. + - _Move messages in and delete messages from mailboxes_: Requires the **Search and Purge** role, which is assigned only to the **Data Investigator** or **Organization Management** role groups by default. Or, you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and add the users to the custom role group. - _Read-only access_: Membership in the **Security Reader** role group. - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership these roles gives users the required permissions _and_ permissions for other features in Microsoft 365: - _Full access_: Membership in the **Global Administrator** or **Security Administrator** roles. - _Search for Exchange mail flow rules (transport rules) by name in Threat Explorer_: Membership in the **Security Admin** or **Security Reader** roles. - _Read-only access_: Membership in the **Global Reader** or **Security Reader** roles. + + > [!TIP] > Audit log entries are generated when admins preview or download email messages. You can search the admin audit log by user for **AdminMailAccess** activity. For instructions, see [Audit New Search](/purview/audit-new-search). |
security | Threat Explorer Threat Hunting | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-threat-hunting.md | In Threat Explorer and Real-time detections, selecting one or more messages enab - **Start new submission** - Submit to Microsoft - ┬╣ The **Move & delete** actions require the **Search and Purge** role in [Email & collaboration permissions](mdo-portal-permissions.md). By default, this role is assigned to the **Data Investigator** and **Organization Management** role groups. Members of the **Security Administrators** role group don't see these actions. You can add the members of the group to the **Data Investigator** role group, or you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and then add the members of the **Security Administrators** role group. + ┬╣ The **Move & delete** actions require the **Search and Purge** role in [Email & collaboration permissions](mdo-portal-permissions.md). By default, this role is assigned only to the **Data Investigator** and **Organization Management** role groups. You can add users to those role groups, or you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and add the users to the custom role group. - In Real-time detectionsAvailable, the available **Message actions** in the **Malware** and **Phish** views are described in the following list: - **Start new submission** The available actions in the **Take action** wizard in Threat Explorer and Real- |**Initiate automated investigation**|Γ£ö|| |**Propose remediation**|Γ£ö|Γ£ö| -┬╣ This action requires the **Search and Purge** role in [Email & collaboration permissions](mdo-portal-permissions.md). By default, this role is assigned to the **Data Investigator** and **Organization Management** role groups. Members of the **Security Administrators** role group don't see this action. You can add the members of the group to the **Data Investigator** role group, or you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and then add the members of the **Security Administrators** role group. +┬╣ This action requires the **Search and Purge** role in [Email & collaboration permissions](mdo-portal-permissions.md). By default, this role is assigned only to the **Data Investigator** and **Organization Management** role groups. You can add users to those role groups, or you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and add the users to the custom role group. 1. On the **Choose response actions** page, select one or more of the following options in the **Email message actions** section: |
test-base | Test Application With In Place Upgrade | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/test-application-with-in-place-upgrade.md | f1.keywords: NOCSH > This guide will provide instruction on how to test your application with in-place upgrade feature ### Expanded Testing Matrix with in-place upgrade+ Evaluate your app readiness for Windows 11 by testing via in-place upgrade to simulate the real enterprise update experience. You can get a comprehensive Windows 11 update readiness assessment with side-by-side comparison against Windows 10 baseline. Check below to learn how to set up your apps for the Windows 11 upgrade readiness test with a customizable flow for testing activities before and after the upgrade. > [!div class="mx-imgBorder"] > ![Demo version two of the inplace upgrade.](Media/inplace-upgrade-demo-v2.gif) ### Onboard package for in-place upgrade+ You can now onboard a package with baseline OS and target OS defined via the new Flow Driven test type to validate if the application works before and after the upgrade on the same VM. #### Step 1: Enable in-place upgrade by choosing Flow driven test in Config test step+ You should be able to find a new testing option ΓÇ£Flow driven testΓÇ¥ with clear preview note on the top info box explaining the purpose of the new feature when creating new package via either Create new package online, Create package with Intune App or Upload pre-build package.- > [!div class="mx-imgBorder"] + > [!div class="mx-imgBorder"] > ![Screenshot shows choosing flow driven test.](Media/testwithupgrade01.png) - > [!div class="mx-imgBorder"] + > [!div class="mx-imgBorder"] > ![Screenshot shows package config test.](Media/testwithupgrade02.png) > [!IMPORTANT] > When Flow Driven selected, other test type will be disabled by default to avoid overcomplicating the script setup process.- - #### Step 2: Define test scripts - In the Edit package page, user should be able to see 2 pre-generated test scripts (install/uninstall) under the folder of flowDriven with Flow driven tag followed by sequence order number. User should be able to add new script using the existing menu. - > [!div class="mx-imgBorder"] ++#### Step 2: Define test scripts ++In the Edit package page, user should be able to see 2 pre-generated test scripts (install/uninstall) under the folder of flowDriven with Flow driven tag followed by sequence order number. User should be able to add new script using the existing menu. + > [!div class="mx-imgBorder"] > ![Screenshot shows package scripts add new.](Media/testwithupgrade03.png) #### Step 3: Add test script to the test flow+ Click on the ellipse icon beside the test script should pop up function menu with option to add the script to Flow driven test list with an increased number (up to 8 scripts can be added and assigned with the tag)- > [!div class="mx-imgBorder"] + > [!div class="mx-imgBorder"] > ![Screenshot shows package scripts setting](Media/testwithupgrade04.png) #### Step 4: Define test flow+ Click on the flow driven test panel to define test flow.- > [!div class="mx-imgBorder"] - > ![Screenshot shows package scripts open flow driven.](Media/testwithupgrade05.png) + > [!div class="mx-imgBorder"] + > ![Screenshot shows package scripts open flow driven.](Media/testwithupgrade05.png) > Drag each row to reorder the scripts, opting in or out the check boxes to define if youΓÇÖd like to have the script run before the upgrade, after the upgrade or both.- > [!div class="mx-imgBorder"] + > [!div class="mx-imgBorder"] > ![Screenshot shows flow driven test](Media/testwithupgrade06.png) #### Step 5: Review the test plan-Check the automatically generated In-place Upgrade Test Flow plan to see if the sequence of the test script execution matches your expectation. - > [!div class="mx-imgBorder"] - > ![Screenshot shows test flow.](Media/testwithupgrade07.png) ++Check the automatically generated In-place Upgrade Test Flow plan to see if the sequence of the test script execution matches your expectation. + > [!div class="mx-imgBorder"] + > ![Screenshot shows test flow.](Media/testwithupgrade07.png) > Take above flow definition as example, the app will be installed on base line OS before upgrade, followed by the regression test and stayed install for the upgrade to happen, once upgraded, the regression test will be executed as the 3rd step and finally verify the uninstall only after the upgrade on the Target OS as defined. #### Step 6: Define baseline and target OS+ Once package edit is finished. Proceed to the Test matrix should see the OS update type being default to In-place upgrade. User should be able to define the supported baseline OS version (in market Windows 10) and security update baseline based on their environment/update status. Target OS currently is limited to in market Windows 11.- > [!div class="mx-imgBorder"] - > ![Screenshot shows test matrix.](Media/testwithupgrade08.png) + > [!div class="mx-imgBorder"] + > ![Screenshot shows Test matrix.](Media/testwithupgrade08.png) #### Step 7: Review + publish-Once configuration is completed. You should be able to review the overall configuration and publish. - > [!div class="mx-imgBorder"] - > ![Screenshot shows test matrix.](Media/testwithupgrade09.png) ++Once configuration is completed. You should be able to review the overall configuration and publish. + > [!div class="mx-imgBorder"] + > ![Screenshot shows Review + publish.](Media/testwithupgrade09.png) ### Review the test result+ You should be able to check the review the test results once validation run passed and actual test completed. #### Step 1: Check the package under the Test summary+ The created package should be listed under the Test summary tab.- > [!div class="mx-imgBorder"] + > [!div class="mx-imgBorder"] > ![Screenshot shows test summary.](Media/testwithupgrade10.png) #### Step 2: Check the test run summary under the Test summary drill down page+ Click the package to enter the dedicated Test summary page with In-place upgrade as the header of the summary tab. Corresponding test runs should be named with baseline OS ΓÇô target OS as below:- > [!div class="mx-imgBorder"] + > [!div class="mx-imgBorder"] > ![Screenshot shows test summary in place upgrade.](Media/testwithupgrade11.png) #### Step 3: Check the test run history under the In-place upgrade test results page-Click on the OS versions link to drill down to the new In-place upgrade test results page which can also be accessed through the left navigation panel. Validate the top filter functions works to quickly switch between different in-place upgrade test runs on the package. - > [!div class="mx-imgBorder"] ++Click on the OS versions link to drill down to the new In-place upgrade test results page which can also be accessed through the left navigation panel. Validate the top filter functions works to quickly switch between different in-place upgrade test runs on the package. + > [!div class="mx-imgBorder"] > ![Screenshot shows test summary test results.](Media/testwithupgrade12.png) ### Review the test detail+ You should be able to review the test detail to get a comprehensive assessment of the upgrade test impact. #### Step 1: Script execution tab-Click on the Script execution tab, user should be able to see the script execution result side by side for the applicationΓÇÖs test scripts before (on the baseline OS) and after the upgrade (on the target OS). - > [!div class="mx-imgBorder"] - > ![Screenshot shows test results script execution.](Media/testwithupgrade13.png) - > If a script is scheduled to be run both pre and post upgrade, the overall script status should be passed only if both pre and post upgrade script executions are successful. ++Click on the Script execution tab, user should be able to see the script execution result side by side for the applicationΓÇÖs test scripts before (on the baseline OS) and after the upgrade (on the target OS). + > [!div class="mx-imgBorder"] + > ![Screenshot shows test results Script execution.](Media/testwithupgrade13.png) + > If a script is scheduled to be run both pre and post upgrade, the overall script status should be passed only if both pre and post upgrade script executions are successful. > **Re-run test** button should be enabled to allow user to rerun the test as needed in case of infrastructure failure. #### Step 2: Memory utilization tab+ Click on the Memory utilization tab should show the memory regression curve color coded by pre-upgrade, upgrading and post upgrade.-> [!div class="mx-imgBorder"] -> ![Screenshot shows test results script execution.](Media/testwithupgrade14.png) +> [!div class="mx-imgBorder"] +> ![Screenshot shows test results Memory utilization.](Media/testwithupgrade14.png) #### Step 3: CPU utilization tab+ Click on the CPU utilization tab should show the CPU regression curve color coded by pre-upgrade, upgrading and post upgrade.-> [!div class="mx-imgBorder"] +> [!div class="mx-imgBorder"] > ![Screenshot shows test results CPU utilization.](Media/testwithupgrade15.png)------ -- |