Updates from: 04/02/2021 03:11:04
Category Microsoft Docs article Related commit history on GitHub Change details
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
description: "Learn how to set a password expiration policy for your organizatio
This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
+As an admin, you can make user passwords expire after a certain number of days, or set passwords to never expire. By default, passwords are set to never expire for your organization.
+
+Current research strongly indicates that mandated password changes do more harm than good. They drive users to choose weaker passwords, re-use passwords, or update old passwords in ways that are easily guessed by hackers. We recommend enabling [multi-factor authentication](../security-and-compliance/set-up-multi-factor-authentication.md).
+ You must be a [global admin](../add-users/about-admin-roles.md) to perform these steps. If you're a user, you don't have the permissions to set your password to never expire. Ask your work or school technical support to do the steps in this article for you.
-As an admin, you can make user passwords expire after a certain number of days, or set passwords to never expire.
- ## Set password expiration policy
-> [!Tip]
-> By default, passwords are set to expire in 90 days. Current research strongly indicates that mandated password changes do more harm than good. They drive users to choose weaker passwords, re-use passwords, or update old passwords in ways that are easily guessed by hackers. If setting password to never expire, we recommend enabling [multi-factor authentication](../security-and-compliance/set-up-multi-factor-authentication.md).
- Follow the steps below if you want to set user passwords to expire after a specific amount of time. 1. In the admin center, go to the **Settings** \> **Org Settings**.
compliance Advanced Audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-audit.md
To search for SearchQueryInitiatedSharePoint audit records, you can search for t
You can also run the [Search-UnifiedAuditLog -Operations SearchQueryInitiatedSharePoint](/powershell/module/exchange/search-unifiedauditlog) in Exchange Online PowerShell. > [!NOTE]
-> You must run the following command in Exchange Online PowerShell so that SearchQueryInitiatedExchange events (performed by the specified E5 user) are included in audit log search results: `Set-Mailbox <user identity> -AuditOwner @{Add="SearchQueryInitiated"}`. <br/><br/>
+> You must run the following command in Exchange Online PowerShell so that SearchQueryInitiatedSharePoint events (performed by the specified E5 user) are included in audit log search results: `Set-Mailbox <user identity> -AuditOwner @{Add="SearchQueryInitiated"}`. <br/><br/>
In a multi-geo environment, you must run the **Set-Mailbox** command in the forest where the user's mailbox is located. To identify the user's mailbox location, run the following command: `Get-Mailbox <user identity> | FL MailboxLocations`. If the `Set-Mailbox -AuditOwner @{Add="SearchQueryInitiated"}` command was previously run in the forest that's different than the one the user's mailbox is located in, then you must remove the SearchQueryInitiated value from the user's mailbox (by running `Set-Mailbox -AuditOwner @{Remove="SearchQueryInitiated"}`) and then add it to the user's mailbox in the forest where the user's mailbox is located.
Yes. As long as audit records are generated for users with the appropriate licen
**Does higher bandwidth mean better latency or higher SLA?**
-At this time, high bandwidth provides a better pipeline, especially for organizations with a high volume of auditing signals and significant consumption patterns. More bandwidth can lead to better latency. But there isn't an SLA associated with high bandwidth. Standard latencies are documented, and these latencies don't change with the release of Advanced Audit.
+At this time, high bandwidth provides a better pipeline, especially for organizations with a high volume of auditing signals and significant consumption patterns. More bandwidth can lead to better latency. But there isn't an SLA associated with high bandwidth. Standard latencies are documented, and these latencies don't change with the release of Advanced Audit.
compliance Compliance Manager Assessments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-assessments.md
There are three ways you can set up assessments:
3. [Create your own custom assessment](#create-your-own-custom-assessment). > [!NOTE]
-> Only users who hold a Global Administrator or Compliance Manager Administration role can create and modify assessments. Learn more about [roles and permissions](compliance-manager-setup.md#set-user-permissions-and-assign-roles).
+> Only users who hold a Global Administrator, Compliance Manager Administration, or Compliance Manager Assessor role can create and modify assessments. Learn more about [roles and permissions](compliance-manager-setup.md#set-user-permissions-and-assign-roles).
**Use a pre-built assessment**
compliance Compliance Manager Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-faq.md
Compliance Manager is an end-to-end solution in the Microsoft 365 compliance cen
## Are there licensing requirements for using Compliance Manager?
-Yes. The GA release of Compliance Manager contains new licensing terms. All organizations with Office 365 and Microsoft 365 licenses, and US Government Community (GCC) Moderate and GCC High customers, have access to Compliance Manager. However, the assessments available to your organization and how you manage assessment templates depends on your licensing agreement. Visit the [Microsoft 365 licensing guidance for security and compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance) for details.
+Yes. The GA release of Compliance Manager contains new licensing terms. All organizations with Office 365 and Microsoft 365 licenses, and US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers, have access to Compliance Manager. However, the assessments available to your organization and how you manage assessment templates depends on your licensing agreement. Visit the [Microsoft 365 licensing guidance for security and compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance) for details.
## If I have a high score, does it mean IΓÇÖm fully compliant?
compliance Compliance Manager Improvement Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-improvement-actions.md
Once you identify the appropriate assignee, be sure they hold a sufficient [Comp
2. In the edit status flyout pane, select the **Assigned to** box to show a **Suggested people** list of users. You can select the user from the list, or type the email address of the person you want to assign it to.
-3. Select **Save and close**. The assigned user will receive an email explaining that the improvement action has been assigned to them, with a direct link to the improvement action. (Note: US Government Community (GCC) High customers won't receive an email when actions are assigned to them.)
+3. Select **Save and close**. The assigned user will receive an email explaining that the improvement action has been assigned to them, with a direct link to the improvement action.
+> [!NOTE]
+> US Government Community (GCC) High and Department of Defense (DoD) customers won't receive an email when improvement actions are assigned to them.
The assigned user can then perform the recommended actions.
compliance Compliance Manager Mcca https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-mcca.md
MCCA can help you quickly see which improvement actions in Compliance Manger app
An additional resource for understanding MCCA is by visiting the [README instructions on GitHub](https://github.com/OfficeDev/MCCA#overview). This page provides detailed information about prerequisites and gives full installation instructions. You donΓÇÖt need a GitHub account to access this page.
-**Availability**: MCCA is available to all organizations with Office 365 and Microsoft 365 licenses and US Government Community (GCC) Moderate and GCC High customers, with plans underway to expand service to DOD customers.
+**Availability**: MCCA is available to all organizations with Office 365 and Microsoft 365 licenses and US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers.
## Install MCCA and run a report
The table below shows which roles have access to which sections of the report. O
![MCCA - roles](../media/compliance-manager-mcca-roles.png "MCCA roles") Exceptions:
-1. User won't be able to generate report for IP apart from ΓÇ£Use IRM for Exchange OnlineΓÇ¥ section.
-2. User will be able to generate report for IP apart from ΓÇ£Use IRM for Exchange OnlineΓÇ¥ section.
-3. User will be able to generate report for IP apart from ΓÇ£Enable Communication Compliance in O365ΓÇ¥ section.
-4. User won't be able to generate report for IP apart from ΓÇ£Enable Auditing in Office 365ΓÇ¥ section.
-5. User will be able generate report for IP apart from ΓÇ£Enable Auditing in Office 365ΓÇ¥ section.
+1. Users won't be able to generate report for IP apart from ΓÇ£Use IRM for Exchange OnlineΓÇ¥ section.
+2. Users will be able to generate report for IP apart from ΓÇ£Use IRM for Exchange OnlineΓÇ¥ section.
+3. Users will be able to generate report for IP apart from ΓÇ£Enable Communication Compliance in O365ΓÇ¥ section.
+4. Users won't be able to generate report for IP apart from ΓÇ£Enable Auditing in Office 365ΓÇ¥ section.
+5. Users will be able generate report for IP apart from ΓÇ£Enable Auditing in Office 365ΓÇ¥ section.
#### Solutions Summary section
compliance Compliance Manager Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md
description: "Set Microsoft Compliance Manager user permissions and roles, and c
## Who can access Compliance Manager
-Compliance Manager is available to organizations with Office 365 and Microsoft 365 licenses, and to US Government Community Cloud (GCC) Moderate and GCC High customers. Assessment availability and management capabilities depend on your licensing agreement. [View service description details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+Compliance Manager is available to organizations with Office 365 and Microsoft 365 licenses, and to US Government Community Cloud (GCC) Moderate, GCC High, and Department of Defense (DoD) customers. Assessment availability and management capabilities depend on your licensing agreement. [View service description details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
## Before you begin
Compliance Manager uses a role-based access control (RBAC) permission model. Onl
The person holding the global admin role for your organization can set user permissions for Compliance Manager. Permissions can be set in the Office 365 Security & Compliance center as well as in Azure Active Directory (Azure AD). > [!NOTE]
-> Customers in US Government Community (GCC) High environments can only set user permissions and roles for Compliance Manager in Azure AD. See below for Azure AD instructions and role type definitions.
+> Customers in US Government Community (GCC) High and Department of Defense (DoD) environments can only set user permissions and roles for Compliance Manager in Azure AD. See below for Azure AD instructions and role type definitions.
To set permissions and assign roles in the Office 365 Security & Compliance center, follow the steps below:
The table below shows the functions allowed by each role in Compliance Manager.
| :- | :-: | :: | | **Read but not edit data**| Compliance Manager Reader | Azure AD Global reader, Security reader | | **Edit data**| Compliance Manager Contribution | Compliance Administrator |
-| **Edit test results**| Compliance Manager Assessment | Compliance Administrator |
+| **Edit test results**| Compliance Manager Assessor | Compliance Administrator |
| **Manage assessments, and template and tenant data**| Compliance Manager Administration | Compliance Administrator, Compliance Data Administrator, Security Administrator | | **Assign users**| Global Administrator | Global Administrator |
The table below shows the functions allowed by each role in Compliance Manager.
The Compliance Manager settings in the Microsoft 365 compliance center allow you to enable and disable automatic testing of improvement actions. The settings also allow you to manage the data of users associated to improvement actions, including the ability to reassign improvement actions to a different user. Only people with a global administrator or Compliance Manager Administrator role can access the Compliance Manager settings. > [!NOTE]
-> The automated testing feature is not available to customers in GCC High environments because Secure Score isn't available in these environments. GCC High customers will need to manually implement and test their improvement actions.
+> The automated testing feature is not available to customers in GCC High and DoD environments because Secure Score isn't available in these environments. GCC High and DoD customers will need to manually implement and test their improvement actions.
### Set up automated testing
compliance Compliance Manager Templates List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-list.md
Read more about [how to view and manage your templates](compliance-manager-templ
- NIST 800-53 Rev.4 > [!NOTE]
-> For US Government Community (GCC) Moderate and GCC High customers, the Cybersecurity Maturity Model Certification (CMMC) Levels 1 through 5 templates are included, in addition to the templates listed above.
+> For US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers: the Cybersecurity Maturity Model Certification (CMMC) Levels 1 through 5 templates are included, in addition to the templates listed above.
## Premium templates
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
A template is a framework of controls for creating an assessment in Compliance M
#### Included and premium templates
-The templates available for use are based on your organizationΓÇÖs licensing agreement ([view licensing details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)). There are two categories of templates: included and premium.
+The templates available for use are based on your organizationΓÇÖs licensing agreement ([view licensing details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager)). There are two categories of templates: included and premium.
1. **Included templates** are available for use as part of your organizationΓÇÖs licensing agreement.
-2. **Premium templates** must be purchased in order to create assessments from them. Once purchased, you may create as many assessments from a template as needed.
+2. **Premium templates** must be purchased in order to create assessments from them. Once purchased, you may create as many assessments from a template as needed. [Learn how you can purchase premium templates](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager).
#### Active and inactive templates Templates will display an activation status as either active or inactive: - A template is considered **active** once you create an assessment from that template.-- A template is considered **inactive** if your organization isnΓÇÖt using it as the framework for an assessment.
+- A template is considered **inactive** if your organization isnΓÇÖt using it for an assessment.
When you purchase a premium template and create an assessment from it, that template is active for one year. Your purchase will automatically renew unless you cancel renewal.
For example, if your counter shows 2/5, this means your organization has activat
If your counter shows 5/2, this indicates that your organization exceeds its limits and needs to purchase 3 of the premium templates in use.
-See [Compliance Manager licensing guidance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance) for further details.
+See [Compliance Manager licensing guidance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager) for further details.
## Viewing and managing templates from the assessment templates page
compliance Compliance Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager.md
description: "Microsoft Compliance Manager helps organizations simplify and auto
## What's new: the GA release of Compliance Manager
-Compliance Manager is now generally available (GA) as an end-to-end compliance management solution inside the [Microsoft 365 compliance center](microsoft-365-compliance-center.md). With this release, Compliance Manager completes the transition from its previous location in the Microsoft Service Trust Portal. Compliance Manager is also now available to US Government Community (GCC) Moderate and GCC High customers.
+Compliance Manager is now generally available (GA) as an end-to-end compliance management solution inside the [Microsoft 365 compliance center](microsoft-365-compliance-center.md). With this release, Compliance Manager completes the transition from its previous location in the Microsoft Service Trust Portal. Compliance Manager is also available to US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers.
What began as the public preview of Compliance Score has evolved into a centralized tool with enhanced compliance management capabilities and greater ease of use. The GA release brings a larger collection of pre-built assessments to help you scale your compliance activities.
When creating assessments, youΓÇÖll assign them to a group. You can configure gr
### Templates
-Compliance Manager provides templates to help you quickly create assessments. You can modify these templates to create an assessment optimized for your needs. You can also build a custom assessment by creating a template with your own controls and actions. For example, you may want a template to cover an internal business process control, or a regional data protection standard that isnΓÇÖt covered by one of our 150+ pre-built assessment templates.
+Compliance Manager provides templates to help you quickly create assessments. You can modify these templates to create an assessment optimized for your needs. You can also build a custom assessment by creating a template with your own controls and actions. For example, you may want a template to cover an internal business process control, or a regional data protection standard that isnΓÇÖt covered by one of our 325+ pre-built assessment templates.
##### Learn more
compliance Get Started With Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
search.appverid: - MOE150 - MET150
-description: "Ready to start implementing sensitivity labels to help protect your organization's data, but not sure where to start? Read some practical guidance to help get you on your labeling journey."
+description: "Ready to deploy sensitivity labels to help protect your organization's data, but not sure where to start? Read some practical guidance to help get you on your labeling journey."
# Get started with sensitivity labels
description: "Ready to start implementing sensitivity labels to help protect you
For information about what sensitivity labels are and how they can help you protect your organization's data, see [Learn about sensitivity labels](sensitivity-labels.md).
-If you have [Azure Information Protection](/azure/information-protection/what-is-information-protection), determine whether you need to migrate labels to the unified labeling platform, and which labeling client to use:
-- [How can I determine if my tenant is on the unified labeling platform?](/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform)-- [Choose your Windows labeling solution](/azure/information-protection/rms-client/use-client#choose-your-windows-labeling-solution)
+If you have [Azure Information Protection](/azure/information-protection/what-is-information-protection) and still using Azure Information Protection labels that were managed from the Azure portal, you must migrate these labels to the [unified labeling platform](/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform). For Windows computers, you can then [choose which labeling client to use](/azure/information-protection/rms-client/use-client#choose-which-labeling-client-to-use-for-windows-computers) for your published sensitivity labels.
When you're ready to start protecting your organization's data by using sensitivity labels:
compliance Managing Holds https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/managing-holds.md
To create a non-custodial hold for an Advanced eDiscovery case:
> When you click **Choose users, groups, or teams** to specify mailboxes to place on hold, the mailbox picker that's displayed is empty. This is by design to enhance performance. To add people to this list, type a name (a minimum of 3 characters) in the search box. 1. **SharePoint Sites** - Click **Choose sites** and then click **Choose sites** again to specify SharePoint and OneDrive for Business sites to place on hold. Type the URL for each site that you want to place on hold. You can also add the URL for the SharePoint site for an Microsoft 365 Group or a Microsoft Team. Click **Choose**, and then click **Done**.
-
- See the **FAQ** section for tips on putting Microsoft 365 Groups and Microsoft Teams on hold.
> [!NOTE] > The URL for a user's OneDrive account includes their user principal name (UPN) (for example, `https://alpinehouse-my.sharepoint.com/personal/sarad_alpinehouse_onmicrosoft_com`). In the rare case that a person's UPN is changed, their OneDrive URL will also change to incorporate the new UPN. If a user's OneDrive account is part of a non-custodial hold and their UPN is changed, you need to update the hold and point to the new OneDrive URL. For more information, see [How UPN changes affect the OneDrive URL](/onedrive/upn-changes).
Keep the following things in mind about hold statistics:
## Place a hold on Microsoft Teams and Office 365 Groups
-Microsoft Teams are built on Office 365 Groups. Therefore, placing them on hold in Advanced eDiscovery is very similar.
+Microsoft Teams are built on Office 365 Groups. Therefore, placing them on hold in Advanced eDiscovery is very similar.
- **How do I map an additional Microsoft 365 Groups or Microsoft Teams site to a custodian? And what about placing a non-Custodial hold on Microsoft 365 Groups and Microsoft Teams?** Microsoft Teams are built on Microsoft 365 Groups. Therefore, placing them on hold in an eDiscovery case is very similar. Keep the following things in mind when placing Microsoft 365 Groups and Microsoft Teams on hold. - To place content located in Microsoft 365 Groups and Microsoft Teams on hold, you have to specify the mailbox and SharePoint site that associated with a group or team.
Microsoft Teams are built on Office 365 Groups. Therefore, placing them on hold
- Every Microsoft Team or team channel contains a Wiki for note-taking and collaboration. The Wiki content is automatically saved to a file with a .mht format. This file is stored in the Teams Wiki Data document library on the team's SharePoint site. You can place the content in the Wiki on hold by placing the team's SharePoint site on hold. > [!NOTE]
- > The capability to retain Wiki content for a Microsoft Team or team channel (when you place the team's SharePoint site on hold) was released on June 22, 2017. If a team site is on hold, the Wiki content will be retained starting on that date. However, if a team site is on hold and the Wiki content was deleted before June 22, 2017, the Wiki content was not retained.
+ > The capability to retain Wiki content for a Microsoft Team or team channel (when you place the team's SharePoint site on hold) was released on June 22, 2017. If a team site is on hold, the Wiki content will be retained starting on that date. However, if a team site is on hold and the Wiki content was deleted before June 22, 2017, the Wiki content was not retained.
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
Use the following table to help you identify whether to use a retention policy o
|Declare item as a record| No | Yes | |Start the retention period when labeled or based on an event | No | Yes | |Disposition review | No| Yes |
-|Proof of disposition for up to 7 years | No |Yes, when item is declared a record|
+|Proof of disposition for up to 7 years | No |Yes, when you use disposition review or item is marked a record|
|Audit admin activities| Yes | Yes| |Identify items subject to retention: <br /> - Content Search <br /> - Data classification page, content explorer, activity explorer | <br /> No <br /> No | <br /> Yes <br /> Yes|
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
Deploy this setting by using Group Policy, or by using the [Office cloud policy
### Office built-in labeling client and the Azure Information Protection client
-If users have one of the Azure Information Protection clients installed ([unified labeling client](/azure/information-protection/rms-client/aip-clientv2) or [classic client](/azure/information-protection/rms-client/aip-client)), by default, the built-in labeling client is turned off in their Office apps.
+If users have the [Azure Information Protection client installed](/azure/information-protection/rms-client/aip-clientv2), by default, the built-in labeling client is turned off in their Office apps.
To use built-in labeling rather than the Azure Information Protection client for Office apps, we recommend you use the Group Policy setting **List of managed add-ins** as documented in [No Add-ins loaded due to group policy settings for Office 2013 and Office 2016 programs](https://support.microsoft.com/help/2733070/no-add-ins-loaded-due-to-group-policy-settings-for-office-2013-and-off).
compliance Sensitivity Labels Sharepoint Onedrive Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files.md
description: "Administrators can enable sensitivity label support for Word, Exce
>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
-Enable sensitivity labels for Office files in SharePoint and OneDrive so that users can apply your [sensitivity labels](sensitivity-labels.md) in Office on the web. When this feature is enabled, users will see the **Sensitivity** button on the ribbon so they can apply labels, and see any applied label name on the status bar.
+Enable sensitivity labels for Office files in SharePoint and OneDrive so that users can apply your [sensitivity labels](sensitivity-labels.md) in Office for the web. When this feature is enabled, users will see the **Sensitivity** button on the ribbon so they can apply labels, and see any applied label name on the status bar.
Enabling this feature also results in SharePoint and OneDrive being able to process the contents of files that have been encrypted by using a sensitivity label. The label can be applied in Office for the web, or in Office desktop apps and uploaded or saved in SharePoint and OneDrive. Until you enable this feature, these services can't process encrypted files, which means that coauthoring, eDiscovery, Data Loss Prevention, search, and other collaborative features won't work for these files.
After you enable sensitivity labels for Office files in SharePoint and OneDrive,
- When users upload labeled and encrypted files to SharePoint or OneDrive, they must have at least view rights to those files. For example, they can open the files outside SharePoint. If they don't have this minimum usage right, the upload is successful but the service doesn't recognize the label and can't process the file contents. -- Use Office on the web (Word, Excel, PowerPoint) to open and edit Office files that have sensitivity labels that apply encryption. The permissions that were assigned with the encryption are enforced. You can also use [auto-labeling](apply-sensitivity-label-automatically.md) for these documents.
+- Use Office for the web (Word, Excel, PowerPoint) to open and edit Office files that have sensitivity labels that apply encryption. The permissions that were assigned with the encryption are enforced. You can also use [auto-labeling](apply-sensitivity-label-automatically.md) for these documents.
- External users can access documents that are labeled with encryption by using guest accounts. For more information, see [Support for external users and labeled content](sensitivity-labels-office-apps.md#support-for-external-users-and-labeled-content).
Use the OneDrive sync app version 19.002.0121.0008 or later on Windows, and vers
- **User access to content expires** is set to a value other than **Never**. - **Double Key Encryption** is selected.
- For labels with any of these encryption configurations, the labels aren't displayed to users in Office on the web. Additionally, the new capabilities can't be used with labeled documents that already have these encryption settings. For example, these documents won't be returned in search results, even if they are updated.
+ For labels with any of these encryption configurations, the labels aren't displayed to users in Office for the web. Additionally, the new capabilities can't be used with labeled documents that already have these encryption settings. For example, these documents won't be returned in search results, even if they are updated.
+
+- Users might experience delays in being able to open encrypted documents in the following Save As scenario: Using a desktop version of Office, a user chooses Save As for a document that has a sensitivity label that applies encryption. The user selects SharePoint or OneDrive for the location, and then immediately tries to open that document in Office for the web. If the service is still processing the encryption, the user sees a message that the document must be opened in their desktop app. If they try again in a couple of minutes, the document successfully opens in Office for the web.
- For encrypted documents, printing is not supported. - For an encrypted document that grants edit permissions to a user, copying can't be blocked in the web versions of the Office apps. -- The Azure Information Protection document tracking site is not supported.- - By default, Office desktop apps and mobile apps don't support co-authoring for files that are labeled with encryption. These apps continue to open labeled and encrypted files in exclusive editing mode. > [!NOTE] > Co-authoring is now supported in preview. For more information, see [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md). -- If an admin changes settings for a published label that's already applied to files downloaded to users' sync client, users might be unable to save changes they make to the file in their OneDrive Sync folder. This scenario applies to files that are labeled with encryption, and also when the label change is from a label that didn't apply encryption to a label that does apply encryption. Users see a [red circle with a white cross icon error](https://support.office.com/article/what-do-the-onedrive-icons-mean-11143026-8000-44f8-aaa9-67c985aa49b3), and they are asked to save new changes as a separate copy. Instead, they can close and reopen the file, or use Office on the web.
+- If an admin changes settings for a published label that's already applied to files downloaded to users' sync client, users might be unable to save changes they make to the file in their OneDrive Sync folder. This scenario applies to files that are labeled with encryption, and also when the label change is from a label that didn't apply encryption to a label that does apply encryption. Users see a [red circle with a white cross icon error](https://support.office.com/article/what-do-the-onedrive-icons-mean-11143026-8000-44f8-aaa9-67c985aa49b3), and they are asked to save new changes as a separate copy. Instead, they can close and reopen the file, or use Office for the web.
-- If a labeled document is uploaded to SharePoint or OneDrive and the label applied encryption by using an account from a service principal name, the document can't be opened in Office on the web. Example scenarios include Microsoft Cloud App Security and a file sent to Teams by email.
+- If a labeled document is uploaded to SharePoint or OneDrive and the label applied encryption by using an account from a service principal name, the document can't be opened in Office for the web. Example scenarios include Microsoft Cloud App Security and a file sent to Teams by email.
- Users can experience save problems after going offline or into a sleep mode when instead of using Office for the web, they use the desktop and mobile apps for Word, Excel, or PowerPoint. For these users, when they resume their Office app session and try to save changes, they see an upload failure message with an option to save a copy instead of saving the original file. -- Documents that have been encrypted in the following ways can't be opened in Office on the web:
+- Documents that have been encrypted in the following ways can't be opened in Office for the web:
- Encryption that uses an on-premises key ("hold your own key" or HYOK) - Encryption that was applied by using [Double Key Encryption](double-key-encryption.md) - Encryption that was applied independently from a label, for example, by directly applying a Rights Management protection template.
However, you can use both protection solutions together and the behavior is as f
- If you upload a file with a sensitivity label that applies encryption, SharePoint can't process the content of these files so coauthoring, eDiscovery, DLP, and search are not supported for these files. -- If you label a file using Office on the web, any encryption settings from the label are enforced. For these files, coauthoring, eDiscovery, DLP, and search are supported.
+- If you label a file using Office for the web, any encryption settings from the label are enforced. For these files, coauthoring, eDiscovery, DLP, and search are supported.
-- If you download a file that's labeled by using Office on the web, the label is retained and any encryption settings from the label are enforced rather than the IRM restriction settings.
+- If you download a file that's labeled by using Office for the web, the label is retained and any encryption settings from the label are enforced rather than the IRM restriction settings.
- If you download an Office or PDF file that isn't encrypted with a sensitivity label, IRM settings are applied.
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
If you use retention labels in addition to sensitivity labels, it's important to
## Sensitivity labels and Azure Information Protection
-If you have deployed labels with Azure Information Protection, use the following sections for guidance before you start to use sensitivity labels.
-
-### Azure Information Protection labels
-
-> [!NOTE]
-> Label management for Azure Information Protection labels in the Azure portal is being deprecated **March 31, 2021**. Learn more from the official [deprecation notice](https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179).
-
-If you are using Azure Information Protection labels because your tenant isn't yet on the [unified labeling platform](/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform), we recommend that you avoid creating sensitivity labels until you activate unified labeling. In this scenario, the labels you see in the Azure portal are Azure Information Protection labels rather than sensitivity labels. These labels can be used by the Azure Information Protection client (classic) on Windows computers, but can't be used by devices running macOS, iOS, or Android. To resolve this, [migrate these labels](/azure/information-protection/configure-policy-migrate-labels) to sensitivity labels.
-
-The metadata applied by both sets of labels are compatible, so you don't need to relabel documents and emails when the migration is complete.
-
-### Azure Information Protection clients
-
-When you use sensitivity labels in Microsoft 365 Apps for enterprise apps on Windows computers, you have a choice of using an Azure Information Protection client, or use labeling that's built into Office.
+When you use sensitivity labels in Microsoft 365 Apps on Windows computers, you have a choice of using labeling that's built into Office apps, or the Azure Information Protection client.
By default, built-in labeling is turned off in these apps when the Azure Information Protection client is installed. For more information, including how to change this default behavior, see [Office built-in labeling client and the Azure Information Protection client](sensitivity-labels-office-apps.md#office-built-in-labeling-client-and-the-azure-information-protection-client).
Even when you use built-in labeling in Office apps, you can also use the Azure I
If you are new to Azure Information Protection, or if you are an existing Azure Information Protection customer who has recently migrated your labels, see [Choose your Windows labeling solution](/azure/information-protection/rms-client/use-client#choose-your-windows-labeling-solution) from the Azure Information Protection documentation.
-## Sensitivity labels and Microsoft Cloud App Security
-
-By using Cloud App Security (CAS), you can discover, classify, label, and protect content in third-party services and apps, such as SalesForce, Box, or Dropbox.
-
-Cloud App Security works with both Azure Information Protection labels and sensitivity labels:
--- If the labeling admin centers have one or more sensitivity labels [published](create-sensitivity-labels.md#publish-sensitivity-labels-by-creating-a-label-policy) to at least one user: Sensitivity labels are used.
+### Azure Information Protection labels
-- If the labeling admin centers don't have sensitivity labels published: Azure Information Protection labels are used.
+> [!NOTE]
+> Label management for Azure Information Protection labels in the Azure portal was deprecated **March 31, 2021**. Learn more from the official [deprecation notice](https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179).
-For instructions to use Cloud App Security with these labels, see [Azure Information Protection integration](/cloud-app-security/azip-integration).
+If your tenant isn't yet on the [unified labeling platform](https://docs.microsoft.com/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform), you must first activate unified labeling before you can use sensitivity labels. For instructions, see [How to migrate Azure Information Protection labels to unified sensitivity labels](/azure/information-protection/configure-policy-migrate-labels).
## Sensitivity labels and the Microsoft Information Protection SDK
-Because a sensitivity label is stored as clear text in the metadata of a document, third-party apps and services can read from and write to this labeling metadata to supplement your labeling deployment. Additionally, software developers can use the [Microsoft Information Protection SDK](/information-protection/develop/overview#microsoft-information-protection-sdk) to fully support labeling and encryption capabilities across multiple platforms. To learn more, see the [General Availability announcement on the Tech Community blog](https://techcommunity.microsoft.com/t5/Microsoft-Information-Protection/Microsoft-Information-Protection-SDK-Now-Generally-Available/ba-p/263144).
+Because a sensitivity label is stored in the metadata of a document, third-party apps and services can read from and write to this labeling metadata to supplement your labeling deployment. Additionally, software developers can use the [Microsoft Information Protection SDK](/information-protection/develop/overview#microsoft-information-protection-sdk) to fully support labeling and encryption capabilities across multiple platforms. To learn more, see the [General Availability announcement on the Tech Community blog](https://techcommunity.microsoft.com/t5/Microsoft-Information-Protection/Microsoft-Information-Protection-SDK-Now-Generally-Available/ba-p/263144).
You can also learn about [partner solutions that are integrated with Microsoft Information Protection](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Microsoft-Information-Protection-showcases-integrated-partner/ba-p/262657).
enterprise Use Microsoft 365 Cdn With Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo.md
When you identify an origin, you specify whether it should be made _public_ or _
Both public and private options provide similar performance gains, but each has unique attributes and advantages.
-**Public** origins within the Office 365 CDN are accessible anonymously, and hosted assets can be accessed by anyone who has the URL to the asset. Because access to content in public origins is anonymous, you should only use them to cache non-sensitive generic content such as javascript files, scripts, icons and images.
+**Public** origins within the Office 365 CDN are accessible anonymously, and hosted assets can be accessed by anyone who has the URL to the asset. Because access to content in public origins is anonymous, you should only use them to cache non-sensitive generic content such as JavaScript files, scripts, icons and images.
**Private** origins within the Office 365 CDN provide private access to user content such as SharePoint Online document libraries, sites and proprietary images. Access to content in private origins is secured by dynamically generated tokens so it can only be accessed by users with permissions to the original document library or storage location. Private origins in the Office 365 CDN can only be used for SharePoint Online content, and you can only access assets in private origins through redirection from your SharePoint Online tenant.
You can read more about how CDN access to assets in a private origin works in [U
+ Assets exposed in a public origin are accessible by everyone anonymously. > [!IMPORTANT] > You should never place resources that contain user information or are considered sensitive to your organization in a public origin.+ + If you remove an asset from a public origin, the asset may continue to be available for up to 30 days from the cache; however, we will invalidate links to the asset in the CDN within 15 minutes.+ + When you host style sheets (CSS files) in a public origin, you can use relative paths and URIs within the code. This means that you can reference the location of background images and other objects relative to the location of the asset that's calling it.
-+ While you can construct a public origin's URL, you should proceed with caution and ensure you utilize the page context property and follow the guidance for doing so. The reason for this is that if access to the CDN becomes unavailable, the URL will not automatically resolve to your organization in SharePoint Online and might result in broken links and other errors. The URL is also subject to change wich is why it should not just be hard coded to its current value.
+++ While you can construct a public origin's URL, you should proceed with caution and ensure you utilize the page context property and follow the guidance for doing so. The reason for this is that if access to the CDN becomes unavailable, the URL will not automatically resolve to your organization in SharePoint Online and might result in broken links and other errors. The URL is also subject to change which is why it should not just be hard coded to its current value.+ + The default file types that are included for public origins are .css, .eot, .gif, .ico, .jpeg, .jpg, .js, .map, .png, .svg, .ttf, .woff and .woff2. You can specify additional file types.+ + You can configure a policy to exclude assets that have been identified by site classifications that you specify. For example, you can choose to exclude all assets that are marked as "confidential" or "restricted" even if they are an allowed file type and are located in a public origin. #### Attributes and advantages of hosting assets in private origins + Private origins can only be used for SharePoint Online assets.+ + Users can only access the assets from a private origin if they have permissions to access the container. Anonymous access to these assets is prevented.+ + Assets in private origins must be referred from the SharePoint Online tenant. Direct access to private CDN assets does not work.+ + If you remove an asset from the private origin, the asset may continue to be available for up to an hour from the cache; however, we will invalidate links to the asset in the CDN within 15 minutes of the asset's removal.+ + The default file types that are included for private origins are .gif, .ico, .jpeg, .jpg, .js, and .png. You can specify additional file types.+ + Just like with public origins, you can configure a policy to exclude assets that have been identified by site classifications that you specify even if you use wildcards to include all assets within a folder or document library. For more information about why to use the Office 365 CDN, general CDN concepts, and other Microsoft CDNs you can use with your Office 365 tenant, see [Content Delivery Networks](content-delivery-networks.md).
Complete these steps to set up and configure the CDN to host your assets in Shar
Before you make changes to the tenant CDN settings, you should retrieve the current status of the private CDN configuration in your Office 365 tenant. Connect to your tenant using the SharePoint Online Management Shell:
-``` powershell
+```powershell
Connect-SPOService -Url https://contoso-admin.sharepoint.com ``` Now use the **Get-SPOTenantCdnEnabled** cmdlet to retrieve the CDN status settings from the tenant:
-``` powershell
+```powershell
Get-SPOTenantCdnEnabled -CdnType <Public | Private> ```
The status of the CDN for the specified CdnType will output to the screen.
Use the **Set-SPOTenantCdnEnabled** cmdlet to enable your organization to use the Office 365 CDN. You can enable your organization to use public origins, private origins, or both at once. You can also configure the CDN to skip the setup of default origins when you enable it. You can always add these origins later as described in this topic.
-In Windows Powershell for SharePoint Online:
+In Windows PowerShell for SharePoint Online:
-``` powershell
+```powershell
Set-SPOTenantCdnEnabled -CdnType <Public | Private | Both> -Enable $true ``` For example, to enable your organization to use both public and private origins, type the following command:
-``` powershell
+```powershell
Set-SPOTenantCdnEnabled -CdnType Both -Enable $true ``` To enable your organization to use both public and private origins but skip setting up the default origins, type the following command:
-``` powershell
+```powershell
Set-SPOTenantCdnEnabled -CdnType Both -Enable $true -NoDefaultOrigins ```
See [Default CDN origins](use-microsoft-365-cdn-with-spo.md#default-cdn-origins)
To enable your organization to use public origins, type the following command:
-``` powershell
+```powershell
Set-SPOTenantCdnEnabled -CdnType Public -Enable $true ``` To enable your organization to use private origins, type the following command:
-``` powershell
+```powershell
Set-SPOTenantCdnEnabled -CdnType Private -Enable $true ```
Use the **Set-SPOTenantCdnPolicy** cmdlet to define static file types that can b
In Windows PowerShell for SharePoint Online:
-``` powershell
+```powershell
Set-SPOTenantCdnPolicy -CdnType <Public | Private> -PolicyType IncludeFileExtensions -PolicyValue "<Comma-separated list of file types >" ``` For example, to enable the CDN to host .css and .png files, you would enter the command:
-``` powershell
+```powershell
Set-SPOTenantCdnPolicy -CdnType Private -PolicyType IncludeFileExtensions -PolicyValue "CSS,PNG" ``` To see what file types are currently allowed by the CDN, use the **Get-SPOTenantCdnPolicies** cmdlet:
-``` powershell
+```powershell
Get-SPOTenantCdnPolicies -CdnType <Public | Private> ```
Use the **Set-SPOTenantCdnPolicy** cmdlet to exclude site classifications that y
In Windows PowerShell for SharePoint Online:
-``` powershell
+```powershell
Set-SPOTenantCdnPolicy -CdnType <Public | Private> -PolicyType ExcludeRestrictedSiteClassifications -PolicyValue "<Comma-separated list of site classifications >" ``` To see what site classifications are currently restricted, use the **Get-SPOTenantCdnPolicies** cmdlet:
-``` powershell
+```powershell
Get-SPOTenantCdnPolicies -CdnType <Public | Private> ```
Use the **Add-SPOTenantCdnOrigin** cmdlet to define an origin. You can define mu
> [!IMPORTANT] > You should never place resources that contain user information or are considered sensitive to your organization in a public origin.
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType <Public | Private> -OriginUrl <path> ``` The value of _path_ is the relative path to the library or folder that contains the assets. You can use wildcards in addition to relative paths. Origins support wildcards prepended to the URL. This allows you to create origins that span multiple sites. For example, to include all of the assets in the masterpages folder for all of your sites as a public origin within the CDN, type the following command:
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType Public -OriginUrl */masterpage ```
You can add an origin with a specific relative path. You cannot add an origin us
This example adds a private origin of the siteassets library on a specific site:
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl sites/site1/siteassets ``` This example adds a private origin of the _folder1_ folder in the site collection's site assets library:
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl sites/test/siteassets/folder1 ``` If there is a space in the path, you can either surround the path in double quotes or replace the space with the URL encoding %20. The following examples add a private origin of the _folder 1_ folder in the site collection's site assets library:
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl sites/test/siteassets/folder%201 ```
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl "sites/test/siteassets/folder 1" ```
Normally, these origins are set up for you by default when you enable the Office
+ Use the **Add-SPOTenantCdnOrigin** cmdlet to define the style library as a public origin.
-``` powershell
+ ```powershell
Add-SPOTenantCdnOrigin -CdnType Public -OriginUrl */style%20library ``` + Use the **Add-SPOTenantCdnOrigin** cmdlet to define the master pages as a public origin.
-``` powershell
+ ```powershell
Add-SPOTenantCdnOrigin -CdnType Public -OriginUrl */masterpage ```
Once you've run the command, the system synchronizes the configuration across th
+ Use the **Add-SPOTenantCdnOrigin** cmdlet to define the site assets folder as a private origin.
-``` powershell
+ ```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl */siteassets ``` + Use the **Add-SPOTenantCdnOrigin** cmdlet to define the site pages folder as a private origin.
-``` powershell
+ ```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl */sitepages ``` + Use the **Add-SPOTenantCdnOrigin** cmdlet to define the publishing images folder as a private origin.
-``` powershell
+ ```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl */publishingimages ```
Once you've run the command, the system synchronizes the configuration across th
Use the **Add-SPOTenantCdnOrigin** cmdlet to define a site collection as a private origin. For example:
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType Private -OriginUrl sites/site1/siteassets ```
If you need to retrieve the location of the origin, you can use the **Get-SPOTen
You can remove access to a folder or SharePoint library that you identified as an origin. To do this, use the **Remove-SPOTenantCdnOrigin** cmdlet.
-``` powershell
+```powershell
Remove-SPOTenantCdnOrigin -OriginUrl <path> -CdnType <Public | Private | Both> ```
Use the **Set-SPOTenantCdnEnabled** cmdlet to disable the CDN for your organizat
To disable use of public origins in the CDN, enter the following command:
-``` powershell
+```powershell
Set-SPOTenantCdnEnabled -CdnType Public -Enable $false ``` To disable use of the private origins in the CDN, enter the following command:
-``` powershell
+```powershell
Set-SPOTenantCdnEnabled -CdnType Private -Enable $false ```
Complete these steps to set up and configure the CDN to host your assets in Shar
Before you make changes to the tenant CDN settings, you should retrieve the current status of the private CDN configuration in your Office 365 tenant. Connect to your tenant using PnP PowerShell:
-``` powershell
+```powershell
Connect-PnPOnline -Url https://contoso-admin.sharepoint.com -UseWebLogin ``` Now use the **Get-PnPTenantCdnEnabled** cmdlet to retrieve the CDN status settings from the tenant:
-``` powershell
+```powershell
Get-PnPTenantCdnEnabled -CdnType <Public | Private> ```
Use the **Set-PnPTenantCdnEnabled** cmdlet to enable your organization to use th
In PnP PowerShell:
-``` powershell
+```powershell
Set-PnPTenantCdnEnabled -CdnType <Public | Private | Both> -Enable $true ``` For example, to enable your organization to use both public and private origins, type the following command:
-``` powershell
+```powershell
Set-PnPTenantCdnEnabled -CdnType Both -Enable $true ``` To enable your organization to use both public and private origins but skip setting up the default origins, type the following command:
-``` powershell
+```powershell
Set-PnPTenantCdnEnabled -CdnType Both -Enable $true -NoDefaultOrigins ```
See [Default CDN origins](use-microsoft-365-cdn-with-spo.md#default-cdn-origins)
To enable your organization to use public origins, type the following command:
-``` powershell
+```powershell
Set-PnPTenantCdnEnabled -CdnType Public -Enable $true ``` To enable your organization to use private origins, type the following command:
-``` powershell
+```powershell
Set-PnPTenantCdnEnabled -CdnType Private -Enable $true ```
Use the **Set-PnPTenantCdnPolicy** cmdlet to define static file types that can b
In PnP PowerShell:
-``` powershell
+```powershell
Set-PnPTenantCdnPolicy -CdnType <Public | Private> -PolicyType IncludeFileExtensions -PolicyValue "<Comma-separated list of file types >" ``` For example, to enable the CDN to host .css and .png files, you would enter the command:
-``` powershell
+```powershell
Set-PnPTenantCdnPolicy -CdnType Private -PolicyType IncludeFileExtensions -PolicyValue "CSS,PNG" ``` To see what file types are currently allowed by the CDN, use the **Get-PnPTenantCdnPolicies** cmdlet:
-``` powershell
+```powershell
Get-PnPTenantCdnPolicies -CdnType <Public | Private> ```
Use the **Set-PnPTenantCdnPolicy** cmdlet to exclude site classifications that y
In PnP PowerShell:
-``` powershell
+```powershell
Set-PnPTenantCdnPolicy -CdnType <Public | Private> -PolicyType ExcludeRestrictedSiteClassifications -PolicyValue "<Comma-separated list of site classifications>" ``` To see what site classifications are currently restricted, use the **Get-PnPTenantCdnPolicies** cmdlet:
-``` powershell
+```powershell
Get-PnPTenantCdnPolicies -CdnType <Public | Private> ```
Use the **Add-PnPTenantCdnOrigin** cmdlet to define an origin. You can define mu
> [!IMPORTANT] > You should never place resources that contain user information or are considered sensitive to your organization in a public origin.
-``` powershell
+```powershell
Add-PnPTenantCdnOrigin -CdnType <Public | Private> -OriginUrl <path> ``` The value of _path_ is the relative path to the library or folder that contains the assets. You can use wildcards in addition to relative paths. Origins support wildcards prepended to the URL. This allows you to create origins that span multiple sites. For example, to include all of the assets in the masterpages folder for all of your sites as a public origin within the CDN, type the following command:
-``` powershell
+```powershell
Add-PnPTenantCdnOrigin -CdnType Public -OriginUrl */masterpage ```
You can add an origin with a specific relative path. You cannot add an origin us
This example adds a private origin of the site assets library on a specific site:
-``` powershell
+```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl sites/site1/siteassets ``` This example adds a private origin of the _folder1_ folder in the site collection's site assets library:
-``` powershell
+```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl sites/test/siteassets/folder1 ``` If there is a space in the path, you can either surround the path in double quotes or replace the space with the URL encoding %20. The following examples add a private origin of the _folder 1_ folder in the site collection's site assets library:
-``` powershell
+```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl sites/test/siteassets/folder%201 ```
-``` powershell
+```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl "sites/test/siteassets/folder 1" ```
Normally, these origins are set up for you by default when you enable the Office
+ Use the **Add-PnPTenantCdnOrigin** cmdlet to define the style library as a public origin.
-``` powershell
+ ```powershell
Add-PnPTenantCdnOrigin -CdnType Public -OriginUrl */style%20library ``` + Use the **Add-PnPTenantCdnOrigin** cmdlet to define the master pages as a public origin.
-``` powershell
+ ```powershell
Add-PnPTenantCdnOrigin -CdnType Public -OriginUrl */masterpage ```
Once you've run the command, the system synchronizes the configuration across th
+ Use the **Add-PnPTenantCdnOrigin** cmdlet to define the site assets folder as a private origin.
-``` powershell
+ ```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl */siteassets ``` + Use the **Add-PnPTenantCdnOrigin** cmdlet to define the site pages folder as a private origin.
-``` powershell
+ ```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl */sitepages ``` + Use the **Add-PnPTenantCdnOrigin** cmdlet to define the publishing images folder as a private origin.
-``` powershell
+ ```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl */publishingimages ```
Once you've run the command, the system synchronizes the configuration across th
Use the **Add-PnPTenantCdnOrigin** cmdlet to define a site collection as a private origin. For example:
-``` powershell
+```powershell
Add-PnPTenantCdnOrigin -CdnType Private -OriginUrl sites/site1/siteassets ```
If you need to retrieve the location of the origin, you can use the **Get-PnPTen
You can remove access to a folder or SharePoint library that you identified as an origin. To do this, use the **Remove-PnPTenantCdnOrigin** cmdlet.
-``` powershell
+```powershell
Remove-PnPTenantCdnOrigin -OriginUrl <path> -CdnType <Public | Private | Both> ```
Use the **Set-PnPTenantCdnEnabled** cmdlet to disable the CDN for your organizat
To disable use of public origins in the CDN, enter the following command:
-``` powershell
+```powershell
Set-PnPTenantCdnEnabled -CdnType Public -Enable $false ``` To disable use of the private origins in the CDN, enter the following command:
-``` powershell
+```powershell
Set-PnPTenantCdnEnabled -CdnType Private -Enable $false ```
You can manage the state of the Office 365 CDN in your tenant using the [spo cdn
To enable the Office 365 Public CDN in your tenant execute:
-```sh
+```cli
spo cdn set --type Public --enabled true ``` To enable the Office 365 SharePoint CDN, execute:
-```sh
+```cli
spo cdn set --type Private --enabled true ```
To check if the particular type of Office 365 CDN is enabled or disabled, use th
To check if the Office 365 Public CDN is enabled, execute:
-```sh
+```cli
spo cdn get --type Public ```
spo cdn get --type Public
To view the currently configured Office 365 Public CDN origins execute:
-```sh
+```cli
spo cdn origin list --type Public ```
See [Default CDN origins](use-microsoft-365-cdn-with-spo.md#default-cdn-origins)
Use the [spo cdn origin add](https://pnp.github.io/office365-cli/cmd/spo/cdn/cdn-origin-add/) command to define a CDN origin. You can define multiple origins. The origin is a URL that points to a SharePoint library or folder that contains the assets that you want to be hosted by the CDN.
-```sh
+```cli
spo cdn origin add --type [Public | Private] --origin <path> ```
Where `path` is the relative path to the folder that contains the assets. You ca
To include all assets in the **Master Page Gallery** of all sites as a public origin, execute:
-```sh
+```cli
spo cdn origin add --type Public --origin */masterpage ``` To configure a private origin for a specific site collection, execute:
-```sh
+```cli
spo cdn origin add --type Private --origin sites/site1/siteassets ```
Use the [spo cdn origin remove](https://pnp.github.io/office365-cli/cmd/spo/cdn/
To remove a public origin from the CDN configuration, execute:
-```sh
+```cli
spo cdn origin remove --type Public --origin */masterpage ```
By default, the following file types are included in the CDN: _.css, .eot, .gif,
To add the _JSON_ file type to the default list of file types included in the public CDN, execute:
-```sh
+```cli
spo cdn policy set --type Public --policy IncludeFileExtensions --value "CSS,EOT,GIF,ICO,JPEG,JPG,JS,MAP,PNG,SVG,TTF,WOFF,JSON" ```
Use the [spo cdn policy set](https://pnp.github.io/office365-cli/cmd/spo/cdn/cdn
To exclude sites classified as _HBI_ from the public CDN, execute
-```sh
+```cli
spo cdn policy set --type Public --policy ExcludeRestrictedSiteClassifications --value "HBI" ```
spo cdn policy set --type Public --policy ExcludeRestrictedSiteClassifications -
To disable the Office 365 CDN use the `spo cdn set` command, for example:
-```sh
+```cli
spo cdn set --type Public --enabled false ```
If you want to use the full URL to the asset instead of a relative path, constru
> [!NOTE] > In general, you should not hardcode URLs directly to assets in the CDN. However, you can manually construct URLs for assets in public origins if needed. For more information, see [Hardcoding CDN URLs for public assets](use-microsoft-365-cdn-with-spo.md).
-To learn about how to verify that assets are being served from the CDN, see [How do I confirm that assets are being served by the CDN?](use-microsoft-365-cdn-with-spo.md#CDNConfirm) in the [Troubleshooting the Office 365 CDN](use-microsoft-365-cdn-with-spo.md#CDNTroubleshooting) section.
+To learn about how to verify that assets are being served from the CDN, see [How do I confirm that assets are being served by the CDN?](use-microsoft-365-cdn-with-spo.md#CDNConfirm) in [Troubleshooting the Office 365 CDN](use-microsoft-365-cdn-with-spo.md#CDNTroubleshooting).
### Using assets in public origins
If the _Publishing_ feature is not enabled for a public origin, or the asset is
For public CDN assets, the URL format will look like the following:
-``` html
+```http
https://publiccdn.sharepointonline.com/<TenantHostName>/sites/site/library/asset.png ``` Replace **TenantHostName** with your tenant name. Example:
-``` html
+```http
https://publiccdn.sharepointonline.com/contoso.sharepoint.com/sites/site/library/asset.png ```+ > [!NOTE] > The page context property should be used to construct the prefix instead of hard coding "https://publiccdn.sharepointonline.com". The URL is subject to change and should not be hard coded. If you are using display templates with Classic SharePoint Online then you can use the property "window._spPageContextInfo.publicCdnBaseUrl" in your display template for the prefix of the URL. If you are SPFx web parts for modern and classic SharePoint the you can utilize the property "this.context.pageContext.legacyPageContext.publicCdnBaseUrl". This will provide the prefix so that if it is changed then your implementation will update with it. As an example for SPFx, the URL can be constructed using the property "this.context.pageContext.legacyPageContext.publicCdnBaseUrl" + "/" + "host" + "/" + "relativeURL for the item". Please see [Using CDN in Client-side code](https://youtu.be/IH1RbQlbhIA) which is part of the [season 1 performance series](https://aka.ms/sppnp-perfvideos)
Access to assets in private origins in the Office 365 CDN is granted by tokens g
Once the access token is generated, SharePoint Online returns a custom URI to the client containing two authorization parameters _eat_ (edge authorization token) and _oat_ (origin authorization token). The structure of each token is _<'expiration time in Epoch time format'>__<'secure signature'>_. For example:
-``` html
+```http
https://privatecdn.sharepointonline.com/contoso.sharepoint.com/sites/site1/library1/folder1/image1.jpg?eat=1486154359_cc59042c5c55c90b26a2775323c7c8112718431228fe84d568a3795a63912840&oat=1486154359_7d73c2e3ba4b7b1f97242332900616db0d4ffb04312 ```
If the */clientsideassets origin is missing, SharePoint Framework solutions will
You can check to see which origins are present with the following PowerShell command:
-``` powershell
+```powershell
Get-SPOTenantCdnOrigins -CdnType Public ``` Or you can check with the Office 365 CLI:
-``` powershell
+```cli
spo cdn origin list ``` To add the origin in PowerShell:
-``` powershell
+```powershell
Add-SPOTenantCdnOrigin -CdnType Public -OriginUrl */CLIENTSIDEASSETS ``` To add the origin in the Office 365 CLI:
-``` powershell
+```cli
spo cdn origin add --origin */CLIENTSIDEASSETS ```
knowledge Restrict Access To Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/restrict-access-to-topics.md
localization_priority: None
In Microsoft Viva, stakeholders in your organization may want to make sure that specific topics aren't discovered and exposed to your licensed users. For example, you may be working on a project that you don't want to expose any information about yet. While Office 365 permissions on sites, files and other resources will prevent Topic Experiences users from viewing sensitive information in topics, there are additional safeguards to prevent specific topics from ever being discovered.
-While knowledge admins control the knowledge network settings to prevent topics from being discovered, knowledge managers and other stakeholders need to know how it is done so that they can work collaboratively.
+While knowledge admins control the settings to prevent topics from being discovered, knowledge managers and other stakeholders need to know how it is done so that they can work collaboratively.
> [!Important] > This article describes ways to prevent topics from being identified through AI or viewed in your environment as an additional security safeguard. It is important to note that in Viva Topics, users aren't allowed to view anything in a topic that they aren't allowed to access through Office 365 permissions. Even if a users is able to view a topic, its files, sites, and pages they do not have Office 365 permissions to view will not be visible to them. Making sure that permissions to sensitive files are correctly set should be your primary security safeguard. ## Prevent topics from being identified
-Knowledge admin can restrict access to specific topics by preventing them from being found in initial indexing. There are two ways to do this task in the Knowledge Network admin settings in the Microsoft 365 admin center.
+Knowledge admin can restrict access to specific topics by preventing them from being found in initial indexing. There are two ways to do this task in the Viva Topics admin settings in the Microsoft 365 admin center.
- [Select SharePoint sites to exclude from topic discovery](./topic-experiences-discovery.md#select-sharepoint-topic-sources): You can use this setting to prevent specific SharePoint sites from being crawled for topics.-- [Exclude topics by name](./topic-experiences-discovery.md#exclude-topics-by-name): Admins can use this setting to prevent specific topics from being discovered by name. In the Knowledge Network admin settings, an admin can upload a list of topics to be excluded in a CSV file. You can exclude topics that have exact or partial matches of a topic name.
+- [Exclude topics by name](./topic-experiences-discovery.md#exclude-topics-by-name): Admins can use this setting to prevent specific topics from being discovered by name. In the Viva Topics admin settings, an admin can upload a list of topics to be excluded in a CSV file. You can exclude topics that have exact or partial matches of a topic name.
## Prevent topics from being viewed by specific users
security Advanced Hunting Assignedipaddress Function https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-assignedipaddress-function.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Best Practices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-best-practices.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicealertevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-devicealertevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-deviceevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicefilecertificateinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-devicefilecertificateinfo-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicefileevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-devicefileevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceimageloadevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-deviceimageloadevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-deviceinfo-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicelogonevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-devicelogonevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicenetworkevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicenetworkinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkinfo-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceprocessevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-deviceprocessevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceregistryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-deviceregistryevents-table.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-errors.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Extend Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-extend-data.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Fileprofile Function https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-fileprofile-function.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-limits.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-overview.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Query Language https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-query-language.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Query Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-query-results.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Schema Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Shared Queries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-shared-queries.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Take Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-take-action.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Attack Simulations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-simulations.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security-+ localization_priority: Normal
security Audit Windows Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/audit-windows-defender.md
ms.sitesec: library
ms.pagetype: security localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Configure Vulnerability Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications.md
ms.prod: w10
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Custom Detection Rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/custom-detection-rules.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Custom Detections Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/custom-detections-manage.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Customize Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/customize-attack-surface-reduction.md
ms.mktglfcycl: manage
ms.sitesec: library localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Customize Exploit Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/customize-exploit-protection.md
ms.mktglfcycl: manage
ms.sitesec: library localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Enable Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md
ms.sitesec: library
ms.pagetype: security localization_priority: Normal audience: ITPro--++ ms.technology: mde
Example:
2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
-3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**.
+3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Microsoft Defender Exploit Guard** > **Attack surface reduction**.
4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section.
security Enable Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-controlled-folders.md
ms.sitesec: library
ms.pagetype: security localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Enable Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-network-protection.md
ms.mktglfcycl: manage
ms.sitesec: library ms.pagetype: security localization_priority: Normal--++ ms.technology: mde
security Evaluate Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction.md
ms.mktglfcycl: manage
ms.sitesec: library localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Evaluate Controlled Folder Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access.md
ms.mktglfcycl: manage
ms.sitesec: library localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Evaluate Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-network-protection.md
ms.mktglfcycl: manage
ms.sitesec: library localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Event Views https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/event-views.md
ms.mktglfcycl: manage
ms.sitesec: library localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Get Device Secure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-device-secure-score.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Get Discovered Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Get Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-exposure-score.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Get Machine Group Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-group-exposure-score.md
ms.prod: w10
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Get Missing Kbs Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-machine.md
ms.prod: w10
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Get Missing Kbs Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-software.md
ms.prod: w10
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Import Export Exploit Protection Emet Xml https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/import-export-exploit-protection-emet-xml.md
ms.mktglfcycl: manage
ms.sitesec: library localization_priority: Normal audience: ITPro--++ ms.technology: mde
security Mac Install With Other Mdm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm.md
Before you get started, see [the main Microsoft Defender for Endpoint for Mac pa
## Approach > [!CAUTION]
-> Currently, Microsoft oficially supports only Intune and JAMF for the deployment and management of Microsoft Defender for Endpoint for Mac. Microsoft makes no warranties, express or implied, with respect to the information provided below.
+> Currently, Microsoft officially supports only Intune and JAMF for the deployment and management of Microsoft Defender for Endpoint for Mac. Microsoft makes no warranties, express or implied, with respect to the information provided below.
If your organization uses a Mobile Device Management (MDM) solution that is not officially supported, this does not mean you are unable to deploy or run Microsoft Defender for Endpoint for Mac.
MDM uses it to deploy the settings file to **/Library/Managed Preferences/com.mi
Set up a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to allow kernel extensions provided by Microsoft.
+> [!CAUTION]
+> If your environment consists of Apple Silicon (M1) devices, these machines should not receive configuration profiles with KEXT policies.
+> Apple does not support KEXT on these machines, deployment of such profile would fail on M1 machines.
+ ### System extension policy Set up a system extension policy. Use team identifier **UBF8T346G9** and approve the following bundle identifiers:
security Mac Jamfpro Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-policies.md
You'll need to take the following steps:
These steps are applicable of macOS 10.15 (Catalina) or newer.
-1. Download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig)
+1. In the Jamf Pro dashboard, select **Computers**, then **Configuration Profiles**.
-2. Save it as `MDATP_MDAV_notification_settings.plist`.
-
-3. In the Jamf Pro dashboard, select **General**.
-
-4. Enter the following details:
-
- **General**
+2. Click **New**, and enter the following details for **Options**:
- - Name: MDATP MDAV Notification settings
- - Description: macOS 10.15 (Catalina) or newer
- - Category: None (default)
- - Distribution Method: Install Automatically(default)
- - Level: Computer Level(default)
-
- ![Image of configuration settings mdatpmdav](images/c9820a5ff84aaf21635c04a23a97ca93.png)
--
-5. Select **Upload File (PLIST file)**.
-
- ![Image of configuration settings upload plistfile](images/7f9138053dbcbf928e5182ee7b295ebe.png)
-
-
-6. Select **Choose File** > **MDATP_MDAV_Notification_Settings.plist**.
-
+ - Tab **General**:
+ - **Name**: MDATP MDAV Notification settings
+ - **Description**: macOS 10.15 (Catalina) or newer
+ - **Category**: None *(default)*
+ - **Distribution Method**: Install Automatically *(default)*
+ - **Level**: Computer Level *(default)*
- ![Image of configuration settings mdatpmdav notsettings](images/4bac6ce277aedfb4a674f2d9fcb2599a.png)
+ ![Image of configuration settings mdatpmdav](images/c9820a5ff84aaf21635c04a23a97ca93.png)
+ - Tab **Notifications**, click **Add**, and enter the following values:
+ - **Bundle ID**: `com.microsoft.wdav.tray`
+ - **Critical Alerts**: Click **Disable**
+ - **Notifications**: Click **Enable**
+ - **Banner alert type**: Select **Include** and **Temporary** *(default)*
+ - **Notifications on lock screen**: Click **Hide**
+ - **Notifications in Notification Center**: Click **Display**
+ - **Badge app icon**: Click **Display**
- ![Image of configuration settings mdatpmdav notifsettings](images/20e33b98eb54447881dc6c89e58b890f.png)
+ ![Image of configuration settings mdatpmdav notifications tray](images/7f9138053dbcbf928e5182ee7b295ebe.png)
-7. Select **Open** > **Upload**.
+ - Tab **Notifications**, click **Add** one more time, scroll down to **New Notifications Settings**
+ - **Bundle ID**: `com.microsoft.autoupdate2`
+ - Configure the rest of the settings to the same values as above
- ![Image of configuration settings upl img](images/7697c33b9fd376ae5a8023d01f9d3857.png)
+ ![Image of configuration settings mdatpmdav notifications mau](images/4bac6ce277aedfb4a674f2d9fcb2599a.png)
+ Note that now you have two 'tables' with notification configurations, one for **Bundle ID: com.microsoft.wdav.tray**, and another for **Bundle ID: com.microsoft.autoupdate2**. While you can configure alert settings per your requirements, Bundle IDs must be exactly the same as described before, and **Include** switch must be **On** for **Notifications**.
- ![Image of configuration settings upl image](images/2bda9244ec25d1526811da4ea91b1c86.png)
-
-8. Select the **Scope** tab, then select **Add**.
+3. Select the **Scope** tab, then select **Add**.
![Image of configuration settings scope add](images/441aa2ecd36abadcdd8aed03556080b5.png)
+4. Select **Contoso's Machine Group**.
-9. Select **Contoso's Machine Group**.
-
-10. Select **Add**, then select **Save**.
+5. Select **Add**, then select **Save**.
![Image of configuration settings contoso machine grp save](images/09a275e321268e5e3ac0c0865d3e2db5.png)- ![Image of configuration settings add save](images/4d2d1d4ee13d3f840f425924c3df0d51.png)
-11. Select **Done**. You'll see the new **Configuration profile**.
+6. Select **Done**. You'll see the new **Configuration profile**.
![Image of configuration setting done img](images/633ad26b8bf24ec683c98b2feb884bdf.png) ## Step 5: Configure Microsoft AutoUpdate (MAU)
These steps are applicable of macOS 10.15 (Catalina) or newer.
![Image of configuration setting donimg2](images/6c8b406ee224335a8c65d06953dc756e.png)
+Alternatively, you can download [fulldisk.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/fulldisk.mobileconfig) and upload it to JAMF Configuration Profiles as described in [Deploying Custom Configuration Profiles using Jamf Pro|Method 2: Upload a Configuration Profile to Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
## Step 7: Approve Kernel extension for Microsoft Defender for Endpoint
+> [!CAUTION]
+> Apple Silicon (M1) devices do not support KEXT. Installation of a configuration profile consisting KEXT policies will fail on these devices.
+ 1. In the **Configuration Profiles**, select **+ New**. ![A screenshot of a social media post Description automatically generated](images/6c8b406ee224335a8c65d06953dc756e.png)
These steps are applicable of macOS 10.15 (Catalina) or newer.
![Image of configuration settings doneimag](images/1c9bd3f68db20b80193dac18f33c22d0.png)
+Alternatively, you can download [kext.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/kext.mobileconfig) and upload it to JAMF Configuration Profiles as described in [Deploying Custom Configuration Profiles using Jamf Pro|Method 2: Upload a Configuration Profile to Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
## Step 8: Approve System extensions for Microsoft Defender for Endpoint
These steps are applicable of macOS 10.15 (Catalina) or newer.
As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
->[!NOTE]
->JAMF doesnΓÇÖt have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender for Endpoint for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
->As such, the following steps provide a workaround that involve signing the configuration profile.
-
-1. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig) to your device and save it as `com.microsoft.network-extension.mobileconfig`
-
-2. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMFΓÇÖs built-in certificate authority
-
-3. After the certificate is created and installed to your device, run the following command from the Terminal from a macOS device:
-
- ```bash
- $ security cms -S -N "<certificate name>" -i com.microsoft.network-extension.mobileconfig -o com.microsoft.network-extension.signed.mobileconfig
- ```
-
- ![Terminal window with command to create signed configuration](images/netext-create-profile.png)
-
-4. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button.
-
- ![Image of upload window](images/netext-upload-file.png)
+These steps are applicable of macOS 10.15 (Catalina) or newer.
-5. Select **Choose File** and select `microsoft.network-extension.signed.mobileconfig`.
+1. In the Jamf Pro dashboard, select **Computers**, then **Configuration Profiles**.
- ![Image of upload window netext choose file](images/netext-choose-file.png)
+2. Click **New**, and enter the following details for **Options**:
-6. Select **Upload**.
+ - Tab **General**:
+ - **Name**: Microsoft Defender ATP Network Extension
+ - **Description**: macOS 10.15 (Catalina) or newer
+ - **Category**: None *(default)*
+ - **Distribution Method**: Install Automatically *(default)*
+ - **Level**: Computer Level *(default)*
- ![Image of upload window netext upload file2](images/netext-upload-file2.png)
+ - Tab **Content Filter**:
+ - **Filter Name**: Microsoft Defender ATP Content Filter
+ - **Identifier**: `com.microsoft.wdav`
+ - Leave **Service Address**, **Organization**, **User Name**, **Password**, **Certificate** blank (**Include** is *not* selected)
+ - **Filter Order**: Inspector
+ - **Socket Filter**: `com.microsoft.wdav.netext`
+ - **Socket Filter Designated Requirement**: `identifier "com.microsoft.wdav.netext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`
+ - Leave **Network Filter** fields blank (**Include** is *not* selected)
-7. After uploading the file, you are redirected to a new page to finalize the creation of this profile.
+ Note that **Identifier**, **Socket Filter** and **Socket Filter Designated Requirement** exact values as specified above.
- ![Image of new configuration profile netext profile page](images/netext-profile-page.png)
+ ![Image of configuration settings mdatpmdav](images/netext-create-profile.png)
-8. Select the **Scope** tab.
+3. Select the **Scope** tab.
![Image of configuration settings sco tab](images/0df36fc308ba569db204ee32db3fb40a.png)
-9. Select **+ Add**.
+4. Select **+ Add**.
-10. Select **Computer Groups** > under **Group Name** > select **Contoso's Machine Group**.
+5. Select **Computer Groups** > under **Group Name** > select **Contoso's Machine Group**.
-11. Select **+ Add**.
+6. Select **+ Add**.
![Image of configuration settings adim](images/0dde8a4c41110dbc398c485433a81359.png)
-12. Select **Save**.
+7. Select **Save**.
![Image of configuration settings savimg netextscop](images/netext-scope.png)
-13. Select **Done**.
+8. Select **Done**.
![Image of configuration settings netextfinal](images/netext-final.png)
+Alternatively, you can download [netfilter.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/netfilter.mobileconfig) and upload it to JAMF Configuration Profiles as described in [Deploying Custom Configuration Profiles using Jamf Pro|Method 2: Upload a Configuration Profile to Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
+ ## Step 10: Schedule scans with Microsoft Defender for Endpoint for Mac Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp).
security Microsoft Defender Endpoint Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md
Title: Microsoft Defender ATP for Linux
+ Title: Microsoft Defender for Endpoint for Linux
description: Describes how to install and use Microsoft Defender ATP for Linux. keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
ms.technology: mde
This topic describes how to install, configure, update, and use Microsoft Defender for Endpoint for Linux. > [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint for Linux is likely to cause performance problems and unpredictable system errors.
+> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint for Linux is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint for Linux EDR functionality after configuring the antivirus functionality to run in [Passive mode](linux-preferences.md#enable--disable-passive-mode).
## How to install Microsoft Defender for Endpoint for Linux
If you experience any installation failures, refer to [Troubleshooting installat
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. - Audit framework (`auditd`) must be enabled.
- >[!NOTE]
- > System events captured by rules added to `audit.logs` will add to audit logs and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endopoint for Linux will be tagged with `mdatp` key.
+ > [!NOTE]
+ > System events captured by rules added to `/etc/audit/rules.d/` will add to `audit.log`(s) and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endpoint for Linux will be tagged with `mdatp` key.
### Network connections
security Microsoft Defender Endpoint Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac.md
Title: Microsoft Defender ATP for Mac
+ Title: Microsoft Defender for Endpoint for Mac
description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Mac.
-keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, big sur, catalina, mojave
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, big sur, catalina, mojave, mde for mac
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
ms.technology: mde
This topic describes how to install, configure, update, and use Defender for Endpoint for Mac. > [!CAUTION]
-> Running other third-party endpoint protection products alongside Defender for Endpoint for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
+> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint for Mac EDR functionality after configuring the antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
## WhatΓÇÖs new in the latest release
security Next Gen Threat And Vuln Mgt https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Overview Custom Detections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/overview-custom-detections.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/score.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Set Device Value https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/set-device-value.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Threat Analytics Analyst Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-analytics-analyst-reports.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-analytics.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Threat And Vuln Mgt Event Timeline https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-event-timeline.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Assign Device Value https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-assign-device-value.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Dashboard Insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-dashboard-insights.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm End Of Support Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-end-of-support-software.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Exception https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-exception.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-exposure-score.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Hunt Exposed Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-hunt-exposed-devices.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Microsoft Secure Score Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-prerequisites.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Remediation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-remediation.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Security Recommendation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-security-recommendation.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Software Inventory https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-software-inventory.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Supported Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-supported-os.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Vulnerable Devices Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-vulnerable-devices-report.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Weaknesses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-weaknesses.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Tvm Zero Day Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-zero-day-vulnerabilities.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security View Incidents Queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/view-incidents-queue.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Web Content Filtering https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-content-filtering.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Web Protection Monitoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-monitoring.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Web Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-overview.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Web Protection Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-response.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
security Web Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-threat-protection.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
ms.technology: mde
Web threat protection is part of [Web protection](web-protection-overview.md) in Defender for Endpoint. It uses [network protection](network-protection.md) to secure your devices against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect devices while they are away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md). >[!Note]
->It can take up to an hour for devices to receive new customer indicators.
+>It can take up to an hour for devices to receive new custom indicators.
## Prerequisites Web protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers.
security Advanced Hunting Alertevidence Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-alertevidence-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Alertinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-alertinfo-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Appfileevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-appfileevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Assignedipaddresses Function https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-assignedipaddresses-function.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Best Practices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-best-practices.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Cloudappevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-cloudappevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicefilecertificateinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicefilecertificateinfo-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicefileevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicefileevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceimageloadevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceimageloadevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceinfo-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicelogonevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicelogonevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicenetworkevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicenetworkevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicenetworkinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicenetworkinfo-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceprocessevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceprocessevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Deviceregistryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceregistryevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicetvmsecureconfigurationassessment Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicetvmsecureconfigurationassessmentkb Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Devicetvmsoftwarevulnerabilitieskb Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Emailattachmentinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-emailattachmentinfo-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Emailevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-emailevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Emailpostdeliveryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-emailpostdeliveryevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Emailurlinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-emailurlinfo-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-errors.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Expert Training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-expert-training.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Extend Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-extend-data.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Fileprofile Function https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-fileprofile-function.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Find Ransomware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-find-ransomware.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Go Hunt https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-go-hunt.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Identitydirectoryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identitydirectoryevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Identityinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identityinfo-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Identitylogonevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Identityqueryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identityqueryevents-table.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-limits.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Migrate From Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-migrate-from-mde.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-overview.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Query Emails Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-query-emails-devices.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Query Language https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-query-language.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Query Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-query-results.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Schema Changes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-changes.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Schema Tables https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-tables.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Shared Queries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-shared-queries.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Advanced Hunting Take Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-take-action.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Custom Detection Rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/custom-detection-rules.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Custom Detections Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/custom-detections-overview.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Get Incident Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-incident-notifications.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Incident Queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incident-queue.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Incidents Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incidents-overview.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Investigate Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-alerts.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Investigate Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-incidents.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Investigate Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-users.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ Last updated audience: ITPro
security Latest Attack Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/latest-attack-campaigns.md
- Title: Understand the latest attack campaigns and techniques with threat analytics
-description: Use threat analytics interactive reports in Microsoft 365 to assess the security posture and resilience of your organization against emerging threats.
-keywords: security, malware, Microsoft 365, M365, security center, threat analytics, Microsoft Defender ATP, cyber, security posture, emerging threats
-localization_priority: Normal
- - NOCSH
--------
-# Understand the latest attack campaigns and techniques with threat analytics
---
-Cyber threats are becoming more frequent and sophisticated. It's critical for organizations to quickly assess their security posture and resilience against specific emerging threats.
-
-**Threat analytics** is a set of interactive reports published as soon as emerging threatsΓÇönew techniques, attack campaigns, and malware outbreaksΓÇöare identified. The reports help you the assess impact of threats to your environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
-
-[Learn more about threat analytics in Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/threat-analytics).
security Manage Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/manage-incidents.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Microsoft 365 Security Center Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-mde.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ audience: ITPro
security Microsoft Secure Score History Metrics Trends https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ audience: ITPro
security Microsoft Secure Score Improvement Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-improvement-actions.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ audience: ITPro
security Microsoft Secure Score Whats Coming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-coming.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ audience: ITPro
security Microsoft Secure Score Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-new.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ audience: ITPro
security Microsoft Secure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ audience: ITPro
security Threat Analytics Analyst Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/threat-analytics-analyst-reports.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/threat-analytics.md
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ localization_priority: Normal audience: ITPro
security Tickets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/tickets.md
ms.mktglfcycl: deploy
localization_priority: Normal f1.keywords: - NOCSH--++ audience: ITPro
security Top Scoring Industry Tests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/top-scoring-industry-tests.md
ms.prod: m365-security
ms.mktglfcycl: secure ms.sitesec: library localization_priority: Priority--++ audience: ITPro
security Configure Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/configure-microsoft-threat-experts.md
**Applies to:** - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
[!INCLUDE [Prerelease](../includes/prerelease.md)]
security Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-threat-experts.md
**Applies to:** - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
[!INCLUDE [Prerelease](../includes/prerelease.md)]
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
For other ways to submit email messages, URLs, and attachments to Microsoft, see
![Attachment submission example](../../media/submission-file-flyout.PNG)
-## View admin submissions
+## View items Submitted for analysis
-In the Security & Compliance Center, go to **Threat management** \> **Submissions**, verify that you're on the **Admin submissions** tab, and then click **New submission**.
+In the Security & Compliance Center, go to **Threat management** \> **Submissions**, verify that you're on the **Submitted for analysis** tab
Near the top of the page, you can enter a start date, an end date, and (by default) you can filter by **Submission ID** (a GUID value that's assigned to every submission) by entering a value in the box and clicking ![Refresh button](../../media/scc-quarantine-refresh.png). You can enter multiple values separated by commas.
Near the top of the page, you can enter a start date, an end date, and you can f
To export the results, click **Export** near the top of the page and select **Chart data** or **Table**. In the dialog that appears, save the .csv file.
+> [!NOTE]
+> If organizations are configured to send to custom mailbox only, reported messages will not be sent for rescan and results in the User reported messages portal will always be empty.
+ ## Undo user submissions Once a user submits a suspicious email to the custom mailbox, the user and admin don't have an option to undo the submission. If the user would like to recover the email, it will be available for recovery in the Deleted Items or Junk Email folders.
On the **Custom mailbox** tab, select a message in the list, click the **Action*
- **Report malware** - **Report spam**
-![Options on the Action button](../../media/user-submission-custom-mailbox-action-button.png)
+![Options on the Action button](../../media/user-submission-custom-mailbox-action-button.png)
security Anti Phishing Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-protection.md
ms.prod: m365-security
- **Whaling** is directed at executives or other high value targets within an organization for maximum effect. -- **Business email compromise (BEC)** uses forged trusted senders (financial officers, customers, trusted partners, etc.) to trick recipients into approving payments, transferring funds, or revealing customer data.
+- **Business email compromise (BEC)** uses forged trusted senders (financial officers, customers, trusted partners, etc.) to trick recipients into approving payments, transferring funds, or revealing customer data. Learn more by watching [this video](https://www.youtube.com/watch?v=8Kn31h9HwIQ&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=2).
- **Ransomware** that encrypts your data and demands payment to decrypt it almost always starts out in phishing messages. Anti-phishing protection can't help you decrypt encrypted files, but it can help detect the initial phishing messages that are associated with the ransomware campaign. For more information about recovering from a ransomware attack, see [Recover from a ransomware attack in Microsoft 365](recover-from-ransomware.md).
security Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365.md
The following table summarizes what's included in each plan.
With Microsoft Defender for Office 365, your organization's security team can configure protection by defining policies in the Security & Compliance Center (Go to <https://protection.office.com> \> **Threat management** \> **Policy**.)
+Learn more by watching [this video](https://www.youtube.com/watch?v=vivvTmWJ_3c).
+ > [!TIP] > For a quick list of policies to define, see [Protect against threats](protect-against-threats.md).
New features are added to Microsoft Defender for Office 365 continually. To lear
- [Microsoft 365 Defender](../defender/microsoft-365-defender.md) - [Automated investigation and response (AIR) in Microsoft 365 Defender](../defender/m365d-autoir.md)
-1
+1
security Office 365 Evaluation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-evaluation.md
description: Defender for Office 365 in evaluation mode creates Defender for O
keywords: evaluate Office 365, Microsoft Defender for Office 365, office 365 evaluation, try office 365, Microsoft Defender, ATP f1.keywords: - NOCSH--++ audience: ITPro
security Set Up Anti Phishing Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-anti-phishing-policies.md
The following policy settings are available in anti-phishing policies in EOP and
## Spoof settings
-Spoofing is when the From address in an email message (the sender address that's show in email clients) doesn't match the domain of the email source. For more information about spoofing, see [Anti-spoofing protection in Microsoft 365](anti-spoofing-protection.md).
+Spoofing is when the From address in an email message (the sender address that's shown in email clients) doesn't match the domain of the email source. For more information about spoofing, see [Anti-spoofing protection in Microsoft 365](anti-spoofing-protection.md).
The following spoof settings are available in anti-phishing policies in EOP and Microsoft Defender for Office 365:
security Threat Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer.md
Tags information is also shown in the URL clicks flyout. To view it, go to Phish
> [!div class="mx-imgBorder"] > ![URL tags](../../media/tags-urls.png)
+>
+Learn more by watching [this video](https://www.youtube.com/watch?v=UoVzN0lYbfY&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=4).
## Improvements to the threat hunting experience (upcoming)
security User Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md
one among the following options:
> [!NOTE] > U.S. Government organizations (GCC, GCC-H, and DoD) can only configure **Custom mailbox**. The other two options are disabled.
+ > [!NOTE]
+ > If organizations are configured to send to custom mailbox only, reported messages will not be sent for rescan and results in the User reported messages portal will always be empty.
+ When you're finished, click **Confirm**. > [!CAUTION]
In the following example:
`3|49871234-6dc6-43e8-abcd-08d797f20abe|167.220.232.101|test@contoso.com|(test phishing submission)`
-Messages that do not follow this format will not display properly in the Submissions portal.
+Messages that do not follow this format will not display properly in the Submissions portal.
security Whats New In Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md
ms.prod: m365-security
This article lists new features in the latest release of Microsoft Defender for Office 365. Features that are currently in preview are denoted with **(preview)**.
+Learn more by watching [this video](https://www.youtube.com/watch?v=Tdz6KfruDGo&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=3).
> [!TIP] > Don't have Microsoft Defender for Office 365 yet? [Contact sales to start a trial](https://info.microsoft.com/ww-landing-M365SMB-web-contact.html).
Did you know that Microsoft Defender for Office 365 is available in two plans? [
[Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap)
-[Microsoft Defender for Office 365 Service Description](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)
+[Microsoft Defender for Office 365 Service Description](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)
solutions Information Protection Deploy Protect Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-protect-information.md
For information on other information protection capabilities outside of Microsof
Sensitivity labels from the Microsoft Information Protection framework let you classify and protect your organization's data without hindering the productivity of users and their ability to collaborate.
-![Sensitivity labels in Microsoft 365](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-labels.png)
+> [!div class="mx-imgBorder"]
+> ![Sensitivity labels in Microsoft 365](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-labels.png)
### Prerequisites for sensitivity labels
Complete these activities prior to implementing any of the sensitivity label-bas
If you are planning to use modern sensitivity labeling for email protection and existing email encryption methods like OME are in place, they can co-exist, but you should understand the scenarios in which either should be applied. See [Office 365 Message Encryption new capabilities (OME)](#office-365-message-encryption-ome-new-capabilities), which includes a table comparing modern sensitivity label-type protection with OME-based protection.
-3. Plan for integration into a broader information protection scheme. On top of coexistence with OME, current sensitivity labels can be used along-side capabilities like Microsoft 365 data loss prevention (DLP) and Microsoft Cloud App Security. See [Sensitivity Labels and Microsoft Cloud App Security](../compliance/sensitivity-labels.md#sensitivity-labels-and-microsoft-cloud-app-security) to achieve your data privacy-related information protection goals.
+3. Plan for integration into a broader information protection scheme. On top of coexistence with OME, sensitivity labels can be used along-side capabilities like Microsoft 365 data loss prevention (DLP) and Microsoft Cloud App Security. See [Microsoft Information Protection in Microsoft 365](../compliance/information-protection.md) to achieve your data privacy-related information protection goals.
4. Develop a sensitivity label classification and control scheme. See [Data Classification and Sensitivity Label Taxonomy](https://aka.ms/dataclassificationwhitepaper).
For example, you can identify any document containing a credit card number that'
You can also monitor and protect sensitive items in the locally-installed versions of Excel, PowerPoint, and Word, which include the ability to identify sensitive items and apply DLP policies. DLP provides continuous monitoring when people share content from these Office apps.
-![Supported workloads for DLP](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-supported-workloads.png)
+> [!div class="mx-imgBorder"]
+> ![Supported workloads for DLP](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-supported-workloads.png)
This figure shows an example of DLP protecting personal data.
-![Example of protecting personal data using DLP](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-dlp-example-use.png)
+> [!div class="mx-imgBorder"]
+> ![Example of protecting personal data using DLP](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-dlp-example-use.png)
DLP is used to identify a document or email containing a health record and then automatically blocks access to that document or blocks the email from being sent. DLP then notifies the recipient with a policy tip and sends an alert to the end-user and admin.
Although sensitivity labels canΓÇÖt be used in DLP policy conditions, certain pr
DLP policies are configured in the Microsoft Compliance admin center and specify the level of protection, the sensitive information type the policy is looking for, and the target workloads. Their basic components consist of identifying the protection and the types of data.
-![DLP policy configuration in Microsoft 365](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-dlp-config.png)
+> [!div class="mx-imgBorder"]
+> ![DLP policy configuration in Microsoft 365](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-dlp-config.png)
Here is an example DLP policy for awareness of GDPR.
The first configuration, Awareness, can be used as a starting point and minimum
>[!Note] >As the levels of protection increase, the ability of users to share and access information will decrease in some cases and could potentially impact their productivity or ability to complete daily tasks.
->
+ To help your employees continue to be productive in a more secure environment when increasing protection levels, take the time to train and educate them on new security policies and procedures.
Sensitivity labels can work together with DLP to provide data privacy in a highl
Once these elements are determined, you can use sensitive information types, your sensitivity labeling taxonomy, and DLP policies together. This figure shows an example.
-![Example of sensitivity labels working with DLP](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-sensitivity-lables-dlp.png)
+> [!div class="mx-imgBorder"]
+> ![Example of sensitivity labels working with DLP](../media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-sensitivity-lables-dlp.png)
[See a larger version of this image](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/information-protection-deploy-protect-information/information-protection-deploy-protect-information-sensitivity-lables-dlp.png)