Updates from: 04/20/2021 03:12:12
Category Microsoft Docs article Related commit history on GitHub Change details
admin Add Another Email Alias For A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-another-email-alias-for-a-user.md
You must have [admin permissions](../add-users/about-admin-roles.md) to do this.
The user will now have a primary address and an alias. For example, all mail sent to Eliza Hoffman's primary address, Eliza@NodPublishers.com, and her alias, Sales@NodPublishers.com, will go to Eliza's Inbox.
-7. **When the user replies, the *From* address will be her primary email alias.** For example, let's say a message is sent to Sales@NodPublishers.com, and it arrives in Eliza's inbox. When Eliza replies to the message, her primary email address will appear as the sender, not Sales@NodPublishers.com.
+7. **When the user replies, the *From* address will depend on her Outlook client. Outlook on the web will use the alias at which the email was received (we'll call this the ping-pong principle). Outlook desktop will use her primary email alias.** For example, let's say a message is sent to Sales@NodPublishers.com, and it arrives in Eliza's inbox. When Eliza replies to the message using Outlook desktop, her primary email address will appear as Eliza@NodPublishers.com, not Sales@NodPublishers.com.
::: moniker-end
You must have [admin permissions](../add-users/about-admin-roles.md) to do this.
The user will now have a primary address and an alias. For example, all mail sent to Eliza Hoffman's primary address, Eliza@NodPublishers.com, and her alias, Sales@NodPublishers.com, will go to Eliza's Inbox.
-7. **When the user replies, the *From* address will be her primary email alias.** For example, let's say a message is sent to Sales@NodPublishers.com, and it arrives in Eliza's inbox. When Eliza replies to the message, her primary email address will appear as the sender, not Sales@NodPublishers.com.
+7. **When the user replies, the *From* address will depend on her Outlook client. Outlook on the web will use the alias at which the email was received (we'll call this the ping-pong principle). Outlook desktop will use her primary email alias.** For example, let's say a message is sent to Sales@NodPublishers.com, and it arrives in Eliza's inbox. When Eliza replies to the message using Outlook desktop, her primary email address will appear as Eliza@NodPublishers.com, not Sales@NodPublishers.com.
::: moniker-end
You must have [admin permissions](../add-users/about-admin-roles.md) to do this.
The user will now have a primary address and an alias. For example, all mail sent to Eliza Hoffman's primary address, Eliza@NodPublishers.com, and her alias, Sales@NodPublishers.com, will go to Eliza's Inbox.
-7. **When the user replies, the *From* address will be her primary email alias.** For example, let's say a message is sent to Sales@NodPublishers.com, and it arrives in Eliza's inbox. When Eliza replies to the message, her primary email address will appear as the sender, not Sales@NodPublishers.com.
+7. **When the user replies, the *From* address will depend on her Outlook client. Outlook on the web will use the alias at which the email was received (we'll call this the ping-pong principle). Outlook desktop will use her primary email alias.** For example, let's say a message is sent to Sales@NodPublishers.com, and it arrives in Eliza's inbox. When Eliza replies to the message using Outlook desktop, her primary email address will appear as Eliza@NodPublishers.com, not Sales@NodPublishers.com.
::: moniker-end
If you get the error message "**A parameter cannot be found that matches paramet
If you purchased your subscription from GoDaddy or another Partner, to set the new alias as the primary, you must go to the GoDaddy/partner management console.+
+## Sending email from the proxy address easily
+
+A new feature is rolling out in April 2021 that allows users to send from their aliases easily when using Outlook on the web. When the feature rolls out to a tenancy where the tenant admin uses the `Set-OrganizationConfig -SendFromAliasEnabled $true` cmdlet, users within the tenancy will get access to a list of checkboxes where each entry corresponds to an alias in their Outlook settings. Selecting an alias will make it appear in the From dropdown in the Compose form.
## Related articles
bookings Bookings Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-faq.md
Bookings is an ideal solution for both Enterprise and small business customers,
### How do I get Microsoft Bookings?
-Bookings is available in Microsoft 365 for customers with Microsoft 365 Business Premium, Microsoft 365 Business Standard, A3, A5, E3, and E5 licenses, along with an iOS and Android companion app. Bookings isn't available as a standalone app. Outlook Web App or Outlook on the web must be enabled to use Bookings, as it stores data within Outlook.
+Bookings is available for customers with Office 365 A3, A5, E3, and E5, as well as Microsoft 365 Business Standard, Microsoft 365 Business Premium, A3, A5, E3, and E5. You can use Bookings with an iOS and Android companion app. Bookings isn't available as a standalone app. Outlook Web App or Outlook on the web must be enabled to use Bookings, as it stores data within Outlook.
A Bookings license provides full functionality to the product, including creating and managing calendars. It also enables the ability for users to view and edit existing calendars, when those users are added as staff in an Administrator or Viewer role.
bookings Reporting Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/reporting-info.md
localization_priority: Normal ms.assetid: 03a9acc9-f29c-456b-9fb2-0f49474b2708
-description: "Learn how you can see a 120 day view of your Booking activity"
+description: "Learn how you can see a 4 month view of your Bookings activity"
# Reporting info for Bookings
-You can now see a 120 day view of your Booking calendar in a TSV file. TSV files are tab separated value files. You can view or edit a file like this with any text editor or spreadsheet program, such as Excel.
+You can now see a four month view of your Bookings calendar in a TSV file. The TSV file will show you four months of data, but you can select different four month periods over the course of a year.
-## See 120 days Booking activity
+This appointment level information can be used to visualize the customer activity around your Bookings calendar. TSV files are tab separated value files. You can view or edit a file like this with any text editor or spreadsheet program, such as Excel.
-1. On the Booking calendar dashboard, select Export more data as TSV.
+## See four months of Booking activity
+1. On the Bookings calendar dashboard, select **Export more data as TSV**.
+ 1. Save the file with a new name, and specify .xls or xlsx format.
-1. Open the file to see the 120 day view of your Booking calendar.
+1. Open the file to see the four month view of your Bookings calendar.
+
+1. Choose the date for your report and select **Export**.
++
+1. The downloaded report contains a new set of fields in addition to the existing fields.
+
+The report includes the following fields.
+
+ - **Date & Time**
+- **Customer Name**
+- **Customer Email**
+- **Customer Phone**
+- **Customer Address**
+- **Staff**
+- **Service**
+- **Location**
+- **Duration (minutes)**
+- **Event Type**
+
+The improved report now contains the following fields.
-The file contains a row for each event on the booking calendar for the previous 60 days, and the upcoming 60 days. Each row includes the date and time info for the event, customer name, customer email, customer phone number, customer address, staff assigned, service selected, location, and appointment duration.
+- **Pricing Type** Default pricing type set for a service when creating the service.
+- **Price** Price corresponding to the pricing type chosen.
+- **Currency** Currency type set for a business.
+- **Cc Attendees** The recipients who will be receiving the email notifications for a booking. This can be specified from the Teams app when creating a booking.
+- **Signed Up Attendees Count** How many customers booked a group booking service.
+- **Text Notifications Enabled** Whether customers can receive SMS text-related notifications.
+- **Custom Fields** All the questions and answers related to a single booking are combined in this field.
+- **Booking ID** This is helpful to identify the same bookings of a group service.
compliance Advanced Audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-audit.md
Advanced Audit helps organizations to conduct forensic and compliance investigat
- [Send](#send) -- [SearchQueryInitiatedExchange](#searchqueryinitiatedexchange)
+- [SearchQueryInitiatedExchange](#searchqueryinitiatedexchange)<sup>*</sup>
-- [SearchQueryInitiatedSharePoint](#searchqueryinitiatedsharepoint)
+- [SearchQueryInitiatedSharePoint](#searchqueryinitiatedsharepoint)<sup>*</sup>
+
+> [!NOTE]
+> <sup>*</sup> At this time, this event isn't available in Office 365 and Microsoft 365 Government environments. This includes GCC, GCC High, and DoD environments.
### MailItemsAccessed
compliance Dlp Configure Endpoints Gp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoints-gp.md
With Group Policy there isnΓÇÖt an option to monitor deployment of policies on t
- [Onboard Windows 10 devices using Mobile Device Management tools](dlp-configure-endpoints-mdm.md) - [Onboard Windows 10 devices using a local script](dlp-configure-endpoints-script.md) - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](dlp-configure-endpoints-vdi.md)-- [Run a detection test on a newly onboarded Microsoft Defender ATP devices](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint devices](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
compliance Dlp Configure Endpoints Sccm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoints-sccm.md
description: Use Configuration Manager to deploy the configuration package on de
> Microsoft 365 Endpoint data loss prevention doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading. >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).
+> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).
> > Note that it is possible to create a detection rule on a Configuration Manager application to continuously check if a device has been onboarded. An application is a different type of object than a package and program. > If a device is not yet onboarded (due to pending OOBE completion or any other reason), Configuration Manager will retry to onboard the device until the rule detects the status change.
If you use Microsoft Endpoint Configuration Manager current branch, see [Create
## Monitor device configuration
-If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Microsoft Defender ATP dashboard in the Configuration Manager console. For more information, see [Microsoft Defender Advanced Threat Protection - Monitor](/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
+If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Microsoft Defender for Endpoint dashboard in the Configuration Manager console. For more information, see [Microsoft Defender Advanced Threat Protection - Monitor](/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
If you're using System Center 2012 R2 Configuration Manager, monitoring consists of two parts:
For more information, see [Introduction to compliance settings in System Center
- [Onboard Windows 10 devices using Mobile Device Management tools](dlp-configure-endpoints-mdm.md) - [Onboard Windows 10 devices using a local script](dlp-configure-endpoints-script.md) - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](dlp-configure-endpoints-vdi.md)-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
compliance Dlp Configure Endpoints Script https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoints-script.md
You can also manually onboard individual devices to Microsoft 365 Endpoint data
8. Right-click **Command prompt** and select **Run as administrator**.
-![Window Start menu pointing to Run as administrator](../media/dlp-run-as-admin.png)
+ ![Window Start menu pointing to Run as administrator](../media/dlp-run-as-admin.png)
9. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd*
For security reasons, the package used to Offboard devices will expire 30 days a
8. Right-click **Command prompt** and select **Run as administrator**.
-![Window Start menu pointing to Run as administrator](../media/dlp-run-as-admin.png)
+ ![Window Start menu pointing to Run as administrator](../media/dlp-run-as-admin.png)
9. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*
Monitoring can also be done directly on the portal, or by using the different de
- [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](dlp-configure-endpoints-sccm.md) - [Onboard Windows 10 devices using Mobile Device Management tools](dlp-configure-endpoints-mdm.md) - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](dlp-configure-endpoints-vdi.md)-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application version required for each
|[Dynamic markings with variables](#dynamic-markings-with-variables) <sup>1</sup> | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions: <br /> - Do Not Forward](encryption-sensitivity-labels.md#let-users-assign-permissions) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes |
-|[Let users assign permissions: <br /> - Encrypt-Only](encryption-sensitivity-labels.md#let-users-assign-permissions) |2011+ | Under review | Under review | Under review | Yes |
+|[Let users assign permissions: <br /> - Encrypt-Only](encryption-sensitivity-labels.md#let-users-assign-permissions) |2011+ | Rolling out: 16.48+ | Rolling out: 4.2112.0+ | Rolling out: 4.2112.0+ | Yes |
|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Rolling out: 2101+ | 16.43+ <sup>2</sup> | Under review | Under review | Yes | |[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | Under review | Under review | Under review | Under review | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | 16.44+ <sup>2</sup> | Under review | Under review | Yes |
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
A label policy consists of:
- The users and groups that will be assigned the policy with labels. - The scope of the policy and policy settings for that scope (such as default label for files and emails).
-You can include a user in multiple label policies, and the user will see all the sensitivity labels from those policies. However, a user gets the policy settings from only the label policy with the highest priority.
+You can include a user in multiple label policies, and the user will get all the sensitivity labels and settings from those policies. If there is a conflict in settings from multiple policies, the setting from the policy with the highest priority is applied. In other words, the highest priority wins for each setting.
-If you're not seeing the label or label policy setting that you expect for a user or group, check the order of the sensitivity label policies. To reorder the label policies, select a sensitivity label policy > choose the ellipsis on the right > **Move down** or **Move up**.
+If you're not seeing the label or label policy setting behavior that you expect for a user or group, check the order of the sensitivity label policies. To reorder the label policies, select a sensitivity label policy > choose the ellipsis on the right > **Move down** or **Move up**.
![Move option on the page for sensitivity label policies](../media/sensitivity-label-policy-priority.png)
enterprise Additional Office365 Ip Addresses And Urls https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls.md
Title: "Additional endpoints not included in the Office 365 IP Address and URL W
Previously updated : 04/29/2020 Last updated : 04/19/2021 audience: Admin
Apart from DNS, these are all optional for most customers unless you need the sp
| Row | Purpose | Destination | Type | |:--|:--|:--|:--| | 1 | [Import Service](https://support.office.com/article/use-network-upload-to-import-your-organization-pst-files-to-office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6) for PST and file ingestion | Refer to the [Import Service](https://support.office.com/article/use-network-upload-to-import-your-organization-pst-files-to-office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6) for additional requirements. | Uncommon outbound scenario |
-| 2 | [Microsoft Support and Recovery Assistant for Office 365](https://diagnostics.office.com/#/) | https<span>://</span>autodiscover.outlook.com <BR> <span>https://</span>officecdn.microsoft.com <BR> <span>https://</span>api.diagnostics.office.com <BR> <span>https://</span>apibasic.diagnostics.office.com <BR> <span>https://</span>autodiscover-s.outlook.com <BR> <span>https://</span>cloudcheckenabler.azurewebsites.net <BR> <span>https://</span>dcs-staging.azure-api.net <BR> <span>https://</span>login.live.com <BR> <span>https://</span>login.microsoftonline.com <BR> <span>https://</span>login.windows.net <BR> <span>https://</span>o365diagtelemetry.trafficmanager.net <BR> <span>https://</span>odc.officeapps.live.com <BR> <span>https://</span>offcatedge.azureedge.net <BR> <span>https://</span>officeapps.live.com <BR> <span>https://</span>outlook.office365.com <BR> <span>https://</span>outlookdiagnostics.azureedge.net | Outbound server traffic |
+| 2 | [Microsoft Support and Recovery Assistant for Office 365](https://diagnostics.office.com/#/) | https<span>://</span>autodiscover.outlook.com <BR> <span>https://</span>officecdn.microsoft.com <BR> <span>https://</span>api.diagnostics.office.com <BR> <span>https://</span>apibasic.diagnostics.office.com <BR> <span>https://</span>autodiscover-s.outlook.com <BR> <span>https://</span>cloudcheckenabler.azurewebsites.net <BR> <span>https://</span>login.live.com <BR> <span>https://</span>login.microsoftonline.com <BR> <span>https://</span>login.windows.net <BR> <span>https://</span>o365diagtelemetry.trafficmanager.net <BR> <span>https://</span>odc.officeapps.live.com <BR> <span>https://</span>offcatedge.azureedge.net <BR> <span>https://</span>officeapps.live.com <BR> <span>https://</span>outlook.office365.com <BR> <span>https://</span>outlookdiagnostics.azureedge.net | Outbound server traffic |
| 3 | Azure AD Connect (w/SSO option) ΓÇô WinRM & remote PowerShell | Customer STS environment (AD FS Server and AD FS Proxy) \| TCP ports 80 & 443 | Inbound server traffic | | 4 | STS such as AD FS Proxy server(s) (for federated customers only) | Customer STS (such as AD FS Proxy) \| Ports TCP 443 or TCP 49443 w/ClientTLS | Inbound server traffic | | 5 | [Exchange Online Unified Messaging/SBC integration](/exchange/voice-mail-unified-messaging/telephone-system-integration-with-um/configuration-notes-for-session-border-controllers) | Bidirectional between on-premises Session Border Controller and *.um.outlook.com | Outbound server only traffic |
Apart from DNS, these are all optional for most customers unless you need the sp
[Managing Office 365 endpoints](managing-office-365-endpoints.md)
-[Monitor Microsoft 365 connectivity](./monitor-connectivity.md?view=o365-worldwide)
+[Monitor Microsoft 365 connectivity](./monitor-connectivity.md)
[Client connectivity](https://support.office.com/article/client-connectivity-4232abcf-4ae5-43aa-bfa1-9a078a99c78b)
enterprise Ms Cloud Germany Transition Add Experience https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-add-experience.md
description: "Summary: Post-migration activities after moving from Microsoft Clo
The following sections provide post-migration activities for multiple services after moving from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter region. ## Azure AD-
-### Azure AD Connect
-**Applies to:** All customers synchronizing identities with Azure AD connect
-
-| Step(s) | Description | Impact |
-|:-|:-|:-|
-| Update Azure AD Connect. | After the cut over to Azure AD is complete, the organization is fully using Office 365 services and is no longer connected to Microsoft Cloud Deutschland. At this point, the customer needs to ensure that the delta sync process has been finalized, and after that, change the string value of `AzureInstance` from 3 (Microsoft Cloud Deutschland) to 0 in the registry path `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure AD Connect`. | Change the value of `AzureInstance`, the registry key. Failing to do so, will lead to objects not being synchronized after the Microsoft Cloud Deutschland endpoints are no longer available. |
-|||||
+<!-- This AAD Endpoints comparison table could be added to the documentation, not finally decided.
+### Azure AD Endpoints
+**Applies to:** All customers
+
+After the cut over to Azure AD is complete, the organization is fully using Office 365 services and is no longer connected to Microsoft Cloud Deutschland and the endpoints cannot be used anymore. At this point, the customer needs to ensure that all applications are using the endpoints for the new German datacenter region.
+The following table provides an overview about which endpoints will replace the previously used endpoints in Microsoft Cloud Germany (Microsoft Cloud Deutschland).
+
+|Endpoint in Microsoft Cloud Germany |Endpoint in the new German datacenter region |
+|:|:|
+|becws.microsoftonline.de<br>provisioningapi.microsoftonline.de |becws.microsoftonline.com<br>provisioningapi.microsoftonline.com |
+|adminwebservice.microsoftonline.de |adminwebservice.microsoftonline.com |
+|login.microsoftonline.de<br>logincert.microsoftonline.de<br>sts.microsoftonline.de |login.microsoftonline.com<br>login.windows.net<br>logincert.microsoftonline.com<br>accounts.accesscontrol.windows.net |
+|enterpriseregistration.microsoftonline.de |enterpriseregistration.windows.net |
+|graph.cloudapi.de |graph.windows.net |
+|graph.microsoft.de |graph.microsoft.com |
+|||
+-->
### Azure AD federated authentication with AD FS **Applies to:** All customers using federated authentication with AD FS
enterprise Ms Cloud Germany Transition Phases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-phases.md
In case you are still using SharePoint 2013 workflows, limit the use of SharePoi
Additional considerations: - If your organization still uses SharePoint 2010 workflows, they'll no longer function after December 31, 2021. SharePoint 2013 workflows will remain supported, although turned off by default for new tenants starting on November 1, 2020. After migration to the SharePoint Online service is complete, we recommend that you to move to Power Automate or other supported solutions.
-
-- Microsoft Cloud Deutschland customers whose SharePoint Online instance is not yet migrated need to stay on SharePoint Online PowerShell module/Microsoft.SharePointOnline.CSOM version 16.0.20616.12000 or below. Otherwise, connections to SharePoint Online via PowerShell or the client-side object model will fail.-
+ - Microsoft Cloud Deutschland customers whose SharePoint Online instance is not yet migrated need to stay on SharePoint Online PowerShell module/Microsoft.SharePointOnline.CSOM version 16.0.20616.12000 or below. Otherwise, connections to SharePoint Online via PowerShell or the client-side object model will fail.
- During this phase, the IP addresses behind the SharePoint URLs will change. After the transition to Office 365 Global services, the addresses for the preserved tenant URLs (for example, `contoso.sharepoint.de` and `contoso-my.sharepoint.de`) will be changed to the [Worldwide Microsoft 365 URLs and IP address ranges (SharePoint Online and OneDrive for Business)](/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#sharepoint-online-and-onedrive-for-business). - > [!NOTE] > In case you are using eDiscovery, make sure you are aware of the [eDiscovery migration experience](ms-cloud-germany-transition-add-scc.md).
The new region "Germany" is added to the organization setup. Exchange Online con
- Transition users and services from your legacy MCD URLs (`https://outlook.office.de`) to new Office 365 services URLs (`https://outlook.office365.com`). - The Exchange Online services (Outlook Web Access and Exchange Admin Center) for the new German datacenter region will be available from this phase, they will not be available before. - Users may continue to access the service through legacy MCD URLs during the migration, however they need to stop using the legacy URLs on completion of the migration.-- Users should transition to using the worldwide Office portal for Office Online features (Calendar, Mail, People). Navigation to services that aren't yet migrated to Office 365 services won't function until they are migrated.
+- Users should transition to using the worldwide Office portal for Office Online features (Calendar, Mail, People). Navigation to services that aren't yet migrated to Office 365 services won't function until they are migrated.
+- This limitation applies to background services like "My Account" as well. My Account for Global services will become available after completion of phase 9. Until this, users must use the MCD portal to manage their account settings.
- The Outlook Web App won't provide the public folder experience during migration. If you want to modify user photos during phase 5, see [Exchange Online PowerShell - Set-UserPhoto during phase 5](#exchange-online-powershell).
If you want to modify user photos during phase 5, see [Exchange Online PowerShel
### DNS Record for Autodiscover in Exchange Online **Applies to:** Customers using Exchange Online with a custom domain
-Customer-managed DNS settings for AutoDiscover that currently point to Microsoft Cloud Deutschland need to be updated to refer to the Office 365 Global endpoint on completion of the Exchange Online phase (phase 5). <br> Existing DNS entries with CNAME pointing to autodiscover-outlook.office.de need to be updated to point to **autodiscover.outlook.com**.
+Customer-managed DNS settings for Autodiscover that currently point to Microsoft Cloud Deutschland need to be updated to refer to the Office 365 Global endpoint on completion of the Exchange Online phase (phase 5). <br> Existing DNS entries with CNAME pointing to autodiscover-outlook.office.de need to be updated to point to **autodiscover.outlook.com**.
Customers who do not perform these DNS updates upon **completion of the migration phase 9** may experience service issues when the migration is finalized.
+> [!NOTE]
+> Validation errors in the Admin Center for custom domains for the Autodiscover entry can be ignored. Services will work properly only when the CNAME record has been changed to autodiscover.outlook.com.
+ ### Exchange Online PowerShell **Applies to:** Exchange Online Administrators using Exchange Online PowerShell
Using the PowerShell cmdlet **Set-UserPhoto** results in an error if a user mail
where `<user_email>` is the placeholder for the email-ID of the user mailbox. Additional considerations:
-<!--
- The statement below is not clear. What does myaccount.microsoft.com mean?
---- `myaccount.microsoft.com` will only work after the tenant cutover in phase 9. Links will produce "something went wrong" error messages until that time.> - Users of Outlook Web App that access a shared mailbox in the other environment (for example, a user in the MCD environment accesses a shared mailbox in the Global environment) will be prompted to authenticate a second time. The user must first authenticate and access their mailbox in `outlook.office.de`, then open the shared mailbox that is in `outlook.office365.com`. They'll need to authenticate a second time when accessing the shared resources that are hosted in the other service. - For existing Microsoft Cloud Deutschland customers or those in transition, when a shared mailbox is added to Outlook by using **File > Info > Add Account**, viewing calendar permissions may fail (the Outlook client attempts to use the Rest API `https://outlook.office.de/api/v2.0/Me/Calendars`). Customers who want to add an account to view calendar permissions can add the registry key as described in [User experience changes for sharing a calendar in Outlook](https://support.microsoft.com/office/user-experience-changes-for-sharing-a-calendar-in-outlook-5978620a-fe6c-422a-93b2-8f80e488fdec) to ensure this action will succeed. This registry key can be deployed organization-wide by using Group Policy.
+- All customers using an active Exchange Hybrid Configuration are not able to move mailboxes from on-premises Exchange Server to Exchange Online, neither to Microsoft Cloud Deutschland, nor to the new datacenter region in Germany. Customers need to ensure that ongoing mailbox moves have been completed prior to phase 5 and will be resumed after completion this phase.
- Ensure that all users using legacy protocols (POP3/IMAP4/SMTP) for their devices are prepared to change the endpoints in their client after their Exchange mailbox has been moved to the new German datacenter region as described in the [pre-migration steps for Exchange Online](ms-cloud-germany-transition-add-pre-work.md#exchange-online).
+- Scheduling Skype for Business meetings in Outlook Web App is not available anymore after the mailbox has been migrated. If necessary, users have to use Outlook instead.
To find out more about the differences for organizations in migration and after Exchange Online resources are migrated, review the information in [Customer experience during the migration to Office 365 services in the new German datacenter regions](ms-cloud-germany-transition-experience.md). - ## Phase 6: Exchange Online Protection / Security and Compliance **Applies to:** All customers using Exchange Online<br>
-Back-end Exchange Online Protection (EOP) features are copied to the new region "Germany".
+Back-end Exchange Online Protection (EOP) features are copied to the new region "Germany". Exchange Online enables routing from external hosts to Office 365 and historial tenant details are being migrated, which also includes back-end services for Security and Compliance features.
-| Step(s) | Description | Impact |
-|:-|:-|:-|
-| Migration of Exchange Online routing and historical message detail. | Exchange Online enables routing from external hosts to Office 365. The external MX records are transitioned to route to the EOP service. Tenant configuration and historical details are migrated. |<ul><li>MicrosoftΓÇômanaged DNS entries are updated from Office 365 Germany EOP to Office 365 services.</li><li>Customers should wait for 30 days after EOP dual write for EOP migration. Otherwise, there may be data loss.</li></ul>|
-||||
+Customers using Exchange Online capabilities only (Non-Hybrid) do not need to pay attention at this stage.
### Exchange Online Hybrid deployments **Applies to:** All customers using an active Exchange Hybrid Configuration with Exchange servers on-premises
Set-SendConnector -Identity <SendConnectorName> -TlsDomain "mail.protection.outl
**Applies to:** All customers using Skype for Business Online
-Make sure that you are familiar with the [prework for your Skype for Business Online migration](ms-cloud-germany-transition-add-pre-work.md#skype-for-business-online) procedure.
-
-<!--
- Question from ckinder
- the PowerShell command seems to be incomplete
>
+Review the [pre-migration steps for Skype for Business Online migration](ms-cloud-germany-transition-add-pre-work.md#skype-for-business-online) and make sure you completed all steps.
+In this phase, Skype for Business will be migrated to Microsoft Teams. Existing Skype for Business customers are migrated to Office 365 Global services in Europe and then transitioned to Microsoft Teams in the region "Germany" of Office 365 services.
-| Step(s) | Description | Impact |
-|:-|:-|:-|
-| Migration of Skype for Business to Teams. | Existing Skype for Business customers are migrated to Office 365 Global services in Europe and then transitioned to Microsoft Teams in the region "Germany" of Office 365 services. |<ul><li>Users won't be able to sign in to Skype for Business on the migration date. Ten days before migration, we'll post to the Admin center to let you know about when the migration will take place, and again when we begin the migration.</li><li> Policy configuration is migrated. </li><li>Users will be migrated to Teams and will no longer have Skype for Business after migration. </li><li>Users must have the Teams desktop client installed. Installation will happen during the 10 days via policy on the Skype for Business infrastructure, but if this fails, users will still need to download the client or connect with a supported browser. </li><li>Contacts and meetings will be migrated to Teams.</li><li>Users won't be able to sign in to Skype for Business between time service transitions to Office 365 services, and not until customer DNS entries are completed. </li><li>Contacts and existing meetings will continue to function as Skype for Business meetings. </li></ul>|
-||||
+- Users won't be able to sign in to Skype for Business on the migration date. Ten days before migration, the customer will receive a message in the Admin center which announces when the migration will take place, and again when the migration begins.
+- Policy configuration is migrated.
+- Users will be migrated to Teams and will no longer have access to Skype for Business after migration.
+- Users must have the Microsoft Teams desktop client installed. Installation will happen during the 10 days via policy on the Skype for Business infrastructure, but if this fails, users will still need to download the client or connect with a supported browser.
+- Contacts and meetings will be migrated to Microsoft Teams.
+- Users won't be able to sign in to Skype for Business between time service transitions to Office 365 services, and not until customer DNS entries are completed.
+- Contacts and existing meetings will continue to function as Skype for Business meetings.
-If you have to connect to Skype for Business Online with PowerShell after migration phase 9 has been completed, use the following code to connect:
+If you have to connect to Skype for Business Online with PowerShell after migration phase 9 has been completed, use the following PowerShell code to connect:
```powershell Import-Module MicrosoftTeams
In case you have line-of-business apps, make sure you have completed the [prewor
**Applies to:** All customers
-When the Office 365 tenant completes the final step of the migration [Azure AD Finalization (Phase 9)] all services are transitioned to worldwide. No application or user should be accessing resources for the tenant against any of the Microsoft Cloud Deutschland endpoints. Automatically, 30 days after the finalization completes, the Microsoft Cloud Deutschland Azure AD service will stop endpoint access for the transitioned tenant. Endpoint requests such as Authentication will fail from this point forward against the Microsoft Cloud Deutschland service.
+When the Office 365 tenant completes the final step of the migration (Azure AD Finalization (Phase 9)) all services are transitioned to worldwide. No application or user should be accessing resources for the tenant against any of the Microsoft Cloud Deutschland endpoints. Automatically, 30 days after the finalization completes, the Microsoft Cloud Deutschland Azure AD service will stop endpoint access for the transitioned tenant. Endpoint requests such as Authentication will fail from this point forward against the Microsoft Cloud Deutschland service.
| Step(s) | Description | Impact | |:-|:-|:-|
When the Office 365 tenant completes the final step of the migration [Azure AD F
| Update Azure AD application endpoints | You must update Authentication, Azure Active Directory (Azure AD) Graph, and MS Graph endpoints for your applications to those of the Microsoft Worldwide service. | 30 days after the migration finalizes, the Microsoft Cloud Deutschland endpoints will stop honoring requests; client or application traffic will fail. | ||||
+### Azure AD Connect
+**Applies to:** All customers synchronizing identities with Azure AD connect
+
+| Step(s) | Description | Impact |
+|:-|:-|:-|
+| Update Azure AD Connect. | After the cut over to Azure AD is complete, the organization is fully using Office 365 services and is no longer connected to Microsoft Cloud Deutschland. At this point, the customer needs to ensure that the delta sync process has been finalized, and after that, change the string value of `AzureInstance` from 3 (Microsoft Cloud Deutschland) to 0 in the registry path `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure AD Connect`. | Change the value of `AzureInstance`, the registry key. Failing to do so, will lead to objects not being synchronized after the Microsoft Cloud Deutschland endpoints are no longer available. |
+|||||
+ ## Post migration
-Make sure you read the [post migration activities](ms-cloud-germany-transition-add-experience.md) article and execute them accordingly.
+Make sure you read the [post migration activities](ms-cloud-germany-transition-add-experience.md) article and execute them accordingly.
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of April 12, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 4/12/2021 | [Privacy information - Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-privacy?view=o365-21vianet) | modified |
+| 4/12/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
+| 4/12/2021 | [Create a Litigation Hold](/microsoft-365/compliance/create-a-litigation-hold?view=o365-21vianet) | modified |
+| 4/12/2021 | [Create and configure retention policies to automatically retain or delete content](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot eDiscovery hold errors](/microsoft-365/compliance/hold-distribution-errors?view=o365-21vianet) | modified |
+| 4/12/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 4/12/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/12/2021 | [Register new devices yourself](/microsoft-365/managed-desktop/get-started/register-devices-self?view=o365-21vianet) | modified |
+| 4/12/2021 | [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP for Android Application license terms](/microsoft-365/security/defender-endpoint/android-terms?view=o365-21vianet) | modified |
+| 4/12/2021 | [Configure alert notifications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-email-notifications?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender for Endpoint documentation # < 60 chars](/microsoft-365/security/defender-endpoint/index?view=o365-21vianet) | modified |
+| 4/12/2021 | [App-based deployment for Microsoft Defender ATP for iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP for iOS Application license terms](/microsoft-365/security/defender-endpoint/ios-terms?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploy Microsoft Defender ATP for Linux with Ansible](/microsoft-365/security/defender-endpoint/linux-install-with-ansible?view=o365-21vianet) | modified |
+| 4/12/2021 | [Set preferences for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-21vianet) | modified |
+| 4/12/2021 | [Privacy for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-privacy?view=o365-21vianet) | modified |
+| 4/12/2021 | [Detect and block potentially unwanted applications with Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-pua?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP for Linux static proxy discovery](/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot missing events or alerts issues for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-support-events?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot installation issues for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot performance issues for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-21vianet) | modified |
+| 4/12/2021 | [How to schedule an update of the Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-update-mde-linux?view=o365-21vianet) | modified |
+| 4/12/2021 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
+| 4/12/2021 | [Live response command examples](/microsoft-365/security/defender-endpoint/live-response-command-examples?view=o365-21vianet) | modified |
+| 4/12/2021 | [Device control for macOS](/microsoft-365/security/defender-endpoint/mac-device-control-overview?view=o365-21vianet) | modified |
+| 4/12/2021 | [Manual deployment for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploying Microsoft Defender ATP for macOS with Jamf Pro](/microsoft-365/security/defender-endpoint/mac-install-with-jamf?view=o365-21vianet) | modified |
+| 4/12/2021 | [Set up device groups in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups?view=o365-21vianet) | modified |
+| 4/12/2021 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP on Android](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP for iOS overview](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
+| 4/12/2021 | [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-21vianet) | modified |
+| 4/12/2021 | [Stream Microsoft Defender for Endpoint events to your Storage account](/microsoft-365/security/defender-endpoint/raw-data-export-storage?view=o365-21vianet) | modified |
+| 4/12/2021 | [Stream Microsoft Defender for Endpoint event](/microsoft-365/security/defender-endpoint/raw-data-export?view=o365-21vianet) | modified |
+| 4/12/2021 | [Take response actions on a device in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-21vianet) | modified |
+| 4/12/2021 | [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](/microsoft-365/security/defender-endpoint/run-detection-test?view=o365-21vianet) | modified |
+| 4/12/2021 | [Check the Microsoft Defender for Endpoint service health](/microsoft-365/security/defender-endpoint/service-status?view=o365-21vianet) | modified |
+| 4/12/2021 | [Switch to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard?view=o365-21vianet) | modified |
+| 4/12/2021 | [Track and respond to emerging threats with Microsoft Defender for Endpoint threat analytics](/microsoft-365/security/defender-endpoint/threat-analytics?view=o365-21vianet) | modified |
+| 4/12/2021 | [Threat protection report in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/threat-protection-reports?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot Microsoft Defender for Endpoint live response issues](/microsoft-365/security/defender-endpoint/troubleshoot-live-response?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot Microsoft Defender for Endpoint onboarding issues](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot SIEM tool integration issues in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshoot-siem?view=o365-21vianet) | modified |
+| 4/12/2021 | [Assign device value - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-assign-device-value?view=o365-21vianet) | modified |
+| 4/12/2021 | [Create and view exceptions for security recommendations - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-exception?view=o365-21vianet) | modified |
+| 4/12/2021 | [Remediate vulnerabilities with threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-remediation?view=o365-21vianet) | modified |
+| 4/12/2021 | [Software inventory in threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-software-inventory?view=o365-21vianet) | modified |
+| 4/12/2021 | [Vulnerabilities in my organization - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-weaknesses?view=o365-21vianet) | modified |
+| 4/12/2021 | [Update alert entity API](/microsoft-365/security/defender-endpoint/update-alert?view=o365-21vianet) | modified |
+| 4/12/2021 | [Web content filtering](/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-21vianet) | modified |
+| 4/12/2021 | [Monitoring web browsing security in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/web-protection-monitoring?view=o365-21vianet) | modified |
+| 4/12/2021 | [Web protection](/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-21vianet) | modified |
+| 4/12/2021 | [Respond to web threats in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/web-protection-response?view=o365-21vianet) | modified |
+| 4/12/2021 | [Protect your organization against web threats](/microsoft-365/security/defender-endpoint/web-threat-protection?view=o365-21vianet) | modified |
+| 4/12/2021 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp?view=o365-21vianet) | modified |
+| 4/12/2021 | [Anti-spam message headers](/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-21vianet) | modified |
+| 4/12/2021 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
+| 4/12/2021 | [Understand device profiles](/microsoft-365/managed-desktop/service-description/profiles?view=o365-21vianet) | added |
+| 4/12/2021 | [Reassign device profiles](/microsoft-365/managed-desktop/working-with-managed-desktop/change-device-profile?view=o365-21vianet) | added |
+| 4/12/2021 | [Steps for Partners to register devices](/microsoft-365/managed-desktop/get-started/register-devices-partner?view=o365-21vianet) | modified |
+| 4/12/2021 | [Register existing devices yourself](/microsoft-365/managed-desktop/get-started/register-reused-devices-self?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP for Android - Privacy information](/microsoft-365/security/defender-endpoint/android-privacy?view=o365-21vianet) | modified |
+| 4/12/2021 | [Onboard non-Windows devices to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows?view=o365-21vianet) | modified |
+| 4/12/2021 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/12/2021 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 4/12/2021 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
+| 4/12/2021 | [Configure and validate exclusions for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-exclusions?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploy Microsoft Defender ATP for Linux with Puppet](/microsoft-365/security/defender-endpoint/linux-install-with-puppet?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-support-connectivity?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploy updates for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-updates?view=o365-21vianet) | modified |
+| 4/12/2021 | [Configure and validate exclusions for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-21vianet) | modified |
+| 4/12/2021 | [Intune-based deployment for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm?view=o365-21vianet) | modified |
+| 4/12/2021 | [Enroll Microsoft Defender ATP for macOS devices into Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices?view=o365-21vianet) | modified |
+| 4/12/2021 | [Set up the Microsoft Defender ATP for macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
+| 4/12/2021 | [Set preferences for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-21vianet) | modified |
+| 4/12/2021 | [Privacy for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-privacy?view=o365-21vianet) | modified |
+| 4/12/2021 | [Detect and block potentially unwanted applications with Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-pua?view=o365-21vianet) | modified |
+| 4/12/2021 | [Resources for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-resources?view=o365-21vianet) | modified |
+| 4/12/2021 | [How to schedule scans with MDATP for macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot installation issues for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-support-install?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot kernel extension issues in Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-support-kext?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot license issues for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-support-perf?view=o365-21vianet) | modified |
+| 4/12/2021 | [New configuration profiles for macOS Catalina and newer versions of macOS](/microsoft-365/security/defender-endpoint/mac-sysext-policies?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP for Mac - system extensions (Preview)](/microsoft-365/security/defender-endpoint/mac-sysext-preview?view=o365-21vianet) | modified |
+| 4/12/2021 | [Deploy updates for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-21vianet) | modified |
+| 4/12/2021 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/12/2021 | [McAfee to Microsoft Defender for Endpoint - Prepare](/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-prepare?view=o365-21vianet) | modified |
+| 4/12/2021 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |
+| 4/12/2021 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |
+| 4/12/2021 | [Microsoft Defender ATP for non-Windows platforms](/microsoft-365/security/defender-endpoint/non-windows?view=o365-21vianet) | modified |
+| 4/12/2021 | [Switch to Microsoft Defender for Endpoint - Prepare](/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare?view=o365-21vianet) | modified |
+| 4/12/2021 | [Symantec to Microsoft Defender for Endpoint - Phase 3, Onboarding](/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-onboard?view=o365-21vianet) | modified |
+| 4/12/2021 | [Symantec to Microsoft Defender for Endpoint - Phase 1, Preparing](/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-prepare?view=o365-21vianet) | modified |
+| 4/12/2021 | [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/troubleshoot-cloud-connect-mdemac?view=o365-21vianet) | modified |
+| 4/12/2021 | [Use attack surface reduction rules to prevent malware infection](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/12/2021 | [Configure device discovery](/microsoft-365/security/defender-endpoint/configure-device-discovery?view=o365-21vianet) | added |
+| 4/12/2021 | [Device discovery frequently asked questions](/microsoft-365/security/defender-endpoint/device-discovery-faq?view=o365-21vianet) | added |
+| 4/12/2021 | [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-21vianet) | added |
+| 4/12/2021 | [Microsoft Defender ATP preview features](/microsoft-365/security/defender-endpoint/preview?view=o365-21vianet) | modified |
+| 4/13/2021 | [New alert policies in Microsoft Defender for Office 365](/microsoft-365/compliance/new-defender-alert-policies?view=o365-21vianet) | added |
+| 4/13/2021 | [Manage partner relationships](/microsoft-365/commerce/manage-partners?view=o365-21vianet) | modified |
+| 4/13/2021 | [Create a Litigation Hold](/microsoft-365/compliance/create-a-litigation-hold?view=o365-21vianet) | modified |
+| 4/13/2021 | [Decryption in eDiscovery](/microsoft-365/compliance/ediscovery-decryption?view=o365-21vianet) | modified |
+| 4/13/2021 | [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/troubleshoot-cloud-connect-mdemac?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure Microsoft Defender Antivirus with Group Policy](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure Microsoft Defender Antivirus with Configuration Manager and Intune](/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Use PowerShell cmdlets to configure and run Microsoft Defender AV](/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure Microsoft Defender Antivirus with WMI](/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [CloudAppEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table?view=o365-21vianet) | modified |
+| 4/13/2021 | [Get started with Microsoft 365 Defender](/microsoft-365/security/defender/get-started?view=o365-21vianet) | modified |
+| 4/13/2021 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |
+| 4/13/2021 | [Investigate users in Microsoft 365 security center](/microsoft-365/security/defender/investigate-users?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender for Endpoint in the Microsoft 365 security center](/microsoft-365/security/defender/microsoft-365-security-center-mde?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender for Office 365 in the Microsoft 365 security center](/microsoft-365/security/defender/microsoft-365-security-center-mdo?view=o365-21vianet) | modified |
+| 4/13/2021 | [Redirecting accounts from Microsoft Defender for Endpoint to the Microsoft 365 security center](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft 365 security center overview](/microsoft-365/security/defender/overview-security-center?view=o365-21vianet) | modified |
+| 4/13/2021 | [Get started with the data loss prevention alert dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-get-started?view=o365-21vianet) | added |
+| 4/13/2021 | [Learn about the data loss prevention Alerts dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-learn?view=o365-21vianet) | added |
+| 4/13/2021 | [Configure and view alerts for data loss prevention policies](/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-21vianet) | added |
+| 4/13/2021 | [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-21vianet) | modified |
+| 4/13/2021 | [Add users and assign licenses](/microsoft-365/admin/add-users/add-users?view=o365-21vianet) | modified |
+| 4/13/2021 | [About admin roles](/microsoft-365/admin/add-users/admin-roles-page?view=o365-21vianet) | modified |
+| 4/13/2021 | [Azure Active Directory roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/azure-ad-roles-in-the-mac?view=o365-21vianet) | modified |
+| 4/13/2021 | [Create, edit, or delete a custom user view](/microsoft-365/admin/add-users/create-edit-or-delete-a-custom-user-view?view=o365-21vianet) | modified |
+| 4/13/2021 | [Delete a user from your organization](/microsoft-365/admin/add-users/delete-a-user?view=o365-21vianet) | modified |
+| 4/13/2021 | [Get access to and back up a former user's data](/microsoft-365/admin/add-users/get-access-to-and-back-up-a-former-user-s-data?view=o365-21vianet) | modified |
+| 4/13/2021 | [About Intune admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac?view=o365-21vianet) | modified |
+| 4/13/2021 | [Get started with Microsoft 365 for business](/microsoft-365/admin/admin-overview/get-started-with-office-365?view=o365-21vianet) | modified |
+| 4/13/2021 | [Export a Content Search report](/microsoft-365/compliance/export-a-content-search-report?view=o365-21vianet) | modified |
+| 4/13/2021 | [Export Content Search results](/microsoft-365/compliance/export-search-results?view=o365-21vianet) | modified |
+| 4/13/2021 | [Message Encryption (OME) version comparison](/microsoft-365/compliance/ome-version-comparison?view=o365-21vianet) | modified |
+| 4/13/2021 | [Office 365 endpoints for Germany](/microsoft-365/enterprise/microsoft-365-germany-endpoints?view=o365-21vianet) | modified |
+| 4/13/2021 | [Pre-migration activities for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
+| 4/13/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations?view=o365-21vianet) | modified |
+| 4/13/2021 | [Manage topics in the topic center in Microsoft Viva Topics](/microsoft-365/knowledge/manage-topics) | modified |
+| 4/13/2021 | [Topic center overview in Microsoft Viva Topics](/microsoft-365/knowledge/topic-center-overview) | modified |
+| 4/13/2021 | [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](/microsoft-365/security/defender-endpoint/onboard-windows-10-multi-session-device?view=o365-21vianet) | modified |
+| 4/13/2021 | [Onboarding tools and methods for Windows 10 devices](/microsoft-365/security/defender-endpoint/configure-endpoints?view=o365-21vianet) | modified |
+| 4/13/2021 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-21vianet) | modified |
+| 4/13/2021 | [Investigate entities on devices using live response in Microsoft Defender ATP](/microsoft-365/security/defender-endpoint/live-response?view=o365-21vianet) | modified |
+| 4/13/2021 | [Migrating from a third-party HIPS to ASR rules](/microsoft-365/security/defender-endpoint/migrating-asr-rules?view=o365-21vianet) | modified |
+| 4/13/2021 | [Troubleshoot problems with Network protection](/microsoft-365/security/defender-endpoint/troubleshoot-np?view=o365-21vianet) | modified |
+| 4/13/2021 | [Troubleshoot Microsoft Defender for Endpoint onboarding issues](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-21vianet) | modified |
+| 4/13/2021 | [Get relevant info about an entity with go hunt](/microsoft-365/security/defender/advanced-hunting-go-hunt?view=o365-21vianet) | modified |
+| 4/13/2021 | [Prioritize incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incident-queue?view=o365-21vianet) | modified |
+| 4/13/2021 | [Incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 4/13/2021 | [Investigate incidents in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-incidents?view=o365-21vianet) | modified |
+| 4/13/2021 | [Manage incidents in Microsoft 365 Defender](/microsoft-365/security/defender/manage-incidents?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender for Office 365 documentation # < 60 chars](/microsoft-365/security/office-365-security/index?view=o365-21vianet) | modified |
+| 4/13/2021 | [Set up a connector to archive Cisco Jabber on Oracle data in Microsoft 365](/microsoft-365/compliance/archive-ciscojabberonoracle-data?view=o365-21vianet) | added |
+| 4/13/2021 | [Set up a connector to archive Cisco Jabber on PostgreSQL data in Microsoft 365](/microsoft-365/compliance/archive-ciscojabberonpostgresql-data?view=o365-21vianet) | added |
+| 4/13/2021 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
+| 4/13/2021 | [Cloud-delivered protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Collect diagnostic data for Update Compliance and Windows Defender Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/collect-diagnostic-data-update-compliance?view=o365-21vianet) | modified |
+| 4/13/2021 | [Collect diagnostic data of Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/collect-diagnostic-data?view=o365-21vianet) | modified |
+| 4/13/2021 | [Use the command line to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Common mistakes to avoid when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Manage Windows Defender in your business](/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure scanning options for Microsoft Defender AV](/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Enable block at first sight to detect malware in seconds](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure the Microsoft Defender Antivirus cloud block timeout period](/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure device discovery](/microsoft-365/security/defender-endpoint/configure-device-discovery?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure how users can interact with Microsoft Defender AV](/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Set up exclusions for Microsoft Defender Antivirus scans](/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure local overrides for Microsoft Defender AV settings](/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure Microsoft Defender Antivirus features](/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure and validate Microsoft Defender Antivirus network connections](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure Microsoft Defender Antivirus notifications](/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure exclusions for files opened by specific processes](/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Enable and configure Microsoft Defender Antivirus protection features](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Enable and configure Microsoft Defender Antivirus protection capabilities](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure remediation for Microsoft Defender Antivirus detections](/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Run and customize scheduled and on-demand scans](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Run and customize scheduled and on-demand scans](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-windows-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Deploy and enable Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender Antivirus Virtual Desktop Infrastructure deployment guide](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Block potentially unwanted applications with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Device discovery frequently asked questions](/microsoft-365/security/defender-endpoint/device-discovery-faq?view=o365-21vianet) | modified |
+| 4/13/2021 | [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-21vianet) | modified |
+| 4/13/2021 | [Turn on cloud-delivered protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Evaluate Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
+| 4/13/2021 | [Enable the limited periodic Microsoft Defender Antivirus scanning feature](/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Apply Microsoft Defender Antivirus updates after certain events](/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Apply Microsoft Defender AV protection updates to out of date endpoints](/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Schedule Microsoft Defender Antivirus protection updates](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Manage how and where Microsoft Defender Antivirus receives updates](/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Define how mobile devices are updated by Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
+| 4/13/2021 | [Next-generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender Offline in Windows 10](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender Antivirus in the Windows Security app](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Better together - Microsoft Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats](/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified |
+| 4/13/2021 | [Hide the Microsoft Defender Antivirus interface](/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Monitor and report on Microsoft Defender Antivirus protection](/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Restore quarantined files in Microsoft Defender AV](/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Review the results of Microsoft Defender AV scans](/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Run and customize on-demand scans in Microsoft Defender AV](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Specify the cloud-delivered protection level for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Integrate Microsoft Defender for Endpoint with other Microsoft solutions](/microsoft-365/security/defender-endpoint/threat-protection-integration?view=o365-21vianet) | modified |
+| 4/13/2021 | [Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Defender AV event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Troubleshoot problems with reporting tools for Microsoft Defender AV](/microsoft-365/security/defender-endpoint/troubleshoot-reporting?view=o365-21vianet) | modified |
+| 4/13/2021 | [Why you should use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/13/2021 | [Configure and manage Microsoft Threat Experts capabilities through Microsoft 365 Defender](/microsoft-365/security/mtp/configure-microsoft-threat-experts?view=o365-21vianet) | modified |
+| 4/13/2021 | [Microsoft Threat Experts in Microsoft 365 Defender overview](/microsoft-365/security/mtp/microsoft-threat-experts?view=o365-21vianet) | modified |
+| 4/14/2021 | [Enable co-authoring for documents encrypted by sensitivity labels in Microsoft 365](/microsoft-365/compliance/sensitivity-labels-coauthoring?view=o365-21vianet) | modified |
+| 4/14/2021 | [Device discovery frequently asked questions](/microsoft-365/security/defender-endpoint/device-discovery-faq?view=o365-21vianet) | modified |
+| 4/14/2021 | [Configure and validate exclusions for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-21vianet) | modified |
+| 4/14/2021 | [Intune-based deployment for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-21vianet) | modified |
+| 4/14/2021 | [Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm?view=o365-21vianet) | modified |
+| 4/14/2021 | [Set up the Microsoft Defender ATP for macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
+| 4/14/2021 | [Privacy for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-privacy?view=o365-21vianet) | modified |
+| 4/14/2021 | [Turn on Microsoft 365 Defender in the Microsoft 365 security center](/microsoft-365/security/defender/m365d-enable?view=o365-21vianet) | modified |
+| 4/14/2021 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-21vianet) | modified |
+| 4/14/2021 | [Network connectivity in the Microsoft 365 Admin Center (preview)](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) | modified |
+| 4/14/2021 | [Manage topic discovery in Microsoft Viva Topics](/microsoft-365/knowledge/topic-experiences-discovery) | modified |
+| 4/14/2021 | [Device requirements](/microsoft-365/managed-desktop/service-description/device-requirements?view=o365-21vianet) | modified |
+| 4/14/2021 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
+| 4/14/2021 | [Contact Microsoft Defender ATP support](/microsoft-365/security/defender-endpoint/contact-support?view=o365-21vianet) | modified |
+| 4/14/2021 | [Turn on network protection](/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-21vianet) | modified |
+| 4/14/2021 | [Next-generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10?view=o365-21vianet) | modified |
+| 4/14/2021 | [Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-21vianet) | modified |
+| 4/14/2021 | [Microsoft Defender ATP on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
+| 4/14/2021 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |
+| 4/14/2021 | [Troubleshoot Microsoft Defender for Endpoint onboarding issues](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-21vianet) | modified |
+| 4/14/2021 | [Microsoft 365 security documentation # < 60 chars](/microsoft-365/security/index?view=o365-21vianet) | modified |
+| 4/14/2021 | [About the Microsoft Defender for Office 365 trial](/microsoft-365/security/office-365-security/about-defender-for-office-365-trial?view=o365-21vianet) | modified |
+| 4/14/2021 | [Anti-spoofing protection](/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-21vianet) | modified |
+| 4/14/2021 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
+| 4/14/2021 | [The Microsoft Defender for Office 365 (MDO) email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
+| 4/14/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 4/14/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 4/15/2021 | [How to Deploy Defender for Endpoint on Linux with Chef](/microsoft-365/security/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef?view=o365-21vianet) | added |
+| 4/15/2021 | [Troubleshoot performance issues](/microsoft-365/security/defender-endpoint/troubleshoot-performance-issues?view=o365-21vianet) | added |
+| 4/15/2021 | [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-21vianet) | modified |
+| 4/15/2021 | [Get incident notifications in Microsoft 365 Defender](/microsoft-365/security/defender/get-incident-notifications?view=o365-21vianet) | modified |
+| 4/15/2021 | [Prioritize incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incident-queue?view=o365-21vianet) | modified |
+| 4/15/2021 | [Incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 4/15/2021 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |
+| 4/15/2021 | [Investigate users in Microsoft 365 security center](/microsoft-365/security/defender/investigate-users?view=o365-21vianet) | modified |
+| 4/15/2021 | [Manage incidents in Microsoft 365 Defender](/microsoft-365/security/defender/manage-incidents?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft 365 Reports in the admin center - Microsoft 365 Apps usage](/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww?view=o365-21vianet) | modified |
+| 4/15/2021 | [Delete a user from your organization](/microsoft-365/admin/add-users/delete-a-user?view=o365-21vianet) | modified |
+| 4/15/2021 | [Remove a former employee](/microsoft-365/admin/add-users/remove-former-employee?view=o365-21vianet) | modified |
+| 4/15/2021 | [Using Domain Connect](/microsoft-365/admin/get-help-with-domains/domain-connect?view=o365-21vianet) | modified |
+| 4/15/2021 | [Determine if Centralized Deployment of add-ins works for your organization](/microsoft-365/admin/manage/centralized-deployment-of-add-ins?view=o365-21vianet) | modified |
+| 4/15/2021 | [Quick help Contacts](/microsoft-365/admin/misc/contacts?view=o365-21vianet) | modified |
+| 4/15/2021 | [Empower your small business with remote work](/microsoft-365/admin/misc/empower-your-small-business-with-remote-work?view=o365-21vianet) | modified |
+| 4/15/2021 | [Upgrade your Office 2010 to Microsoft 365 - Microsoft 365 admin](/microsoft-365/admin/setup/upgrade-users-to-latest-office-client?view=o365-21vianet) | modified |
+| 4/15/2021 | [Get started with Microsoft Teams in your small business](/microsoft-365/business-video/get-started-teams-small-business?view=o365-21vianet) | modified |
+| 4/15/2021 | [Close your account](/microsoft-365/commerce/close-your-account?view=o365-21vianet) | modified |
+| 4/15/2021 | [Manage software-as-a-service apps for your organization](/microsoft-365/commerce/manage-saas-apps?view=o365-21vianet) | modified |
+| 4/15/2021 | [Back up data before changing plans](/microsoft-365/commerce/subscriptions/back-up-data-before-switching-plans?view=o365-21vianet) | modified |
+| 4/15/2021 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |
+| 4/15/2021 | [Export Content Search results](/microsoft-365/compliance/export-search-results?view=o365-21vianet) | modified |
+| 4/15/2021 | [Troubleshoot eDiscovery hold errors](/microsoft-365/compliance/hold-distribution-errors?view=o365-21vianet) | modified |
+| 4/15/2021 | [Limits for content search and Core eDiscovery in the compliance center](/microsoft-365/compliance/limits-for-content-search?view=o365-21vianet) | modified |
+| 4/15/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
+| 4/15/2021 | [Network connectivity in the Microsoft 365 Admin Center (preview)](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) | modified |
+| 4/15/2021 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
+| 4/15/2021 | [Troubleshoot performance issues for Microsoft Defender for Endpoint for Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-21vianet) | modified |
+| 4/15/2021 | [Deploy updates for Microsoft Defender for Endpoint for Linux](/microsoft-365/security/defender-endpoint/linux-updates?view=o365-21vianet) | modified |
+| 4/15/2021 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-21vianet) | modified |
+| 4/15/2021 | [Configure and validate exclusions for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-21vianet) | modified |
+| 4/15/2021 | [Deploying Microsoft Defender for Endpoint for macOS with Jamf Pro](/microsoft-365/security/defender-endpoint/mac-install-with-jamf?view=o365-21vianet) | modified |
+| 4/15/2021 | [Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm?view=o365-21vianet) | modified |
+| 4/15/2021 | [Set up device groups in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups?view=o365-21vianet) | modified |
+| 4/15/2021 | [Enroll Microsoft Defender for Endpoint for macOS devices into Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices?view=o365-21vianet) | modified |
+| 4/15/2021 | [Set up the Microsoft Defender for Endpoint for macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
+| 4/15/2021 | [Set preferences for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-21vianet) | modified |
+| 4/15/2021 | [Privacy for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-privacy?view=o365-21vianet) | modified |
+| 4/15/2021 | [Detect and block potentially unwanted applications with Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-pua?view=o365-21vianet) | modified |
+| 4/15/2021 | [Resources for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-resources?view=o365-21vianet) | modified |
+| 4/15/2021 | [How to schedule scans with MDATP for macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-21vianet) | modified |
+| 4/15/2021 | [Troubleshoot installation issues for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-support-install?view=o365-21vianet) | modified |
+| 4/15/2021 | [Troubleshoot license issues for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft Defender for Endpoint for Mac - system extensions (Preview)](/microsoft-365/security/defender-endpoint/mac-sysext-preview?view=o365-21vianet) | modified |
+| 4/15/2021 | [Deploy updates for Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-21vianet) | modified |
+| 4/15/2021 | [Create and manage device groups in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/machine-groups?view=o365-21vianet) | modified |
+| 4/15/2021 | [Device health and compliance report in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/machine-reports?view=o365-21vianet) | modified |
+| 4/15/2021 | [View and organize the Microsoft Defender for Endpoint devices list](/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-21vianet) | modified |
+| 4/15/2021 | [Manage Microsoft Defender for Endpoint incidents](/microsoft-365/security/defender-endpoint/manage-incidents?view=o365-21vianet) | modified |
+| 4/15/2021 | [Manage Microsoft Defender for Endpoint suppression rules](/microsoft-365/security/defender-endpoint/manage-suppression-rules?view=o365-21vianet) | modified |
+| 4/15/2021 | [Overview of management and APIs](/microsoft-365/security/defender-endpoint/management-apis?view=o365-21vianet) | modified |
+| 4/15/2021 | [McAfee to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-onboard?view=o365-21vianet) | modified |
+| 4/15/2021 | [McAfee to Microsoft Defender for Endpoint - Prepare](/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-prepare?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-21vianet) | modified |
+| 4/15/2021 | [Supported managed security service providers](/microsoft-365/security/defender-endpoint/mssp-list?view=o365-21vianet) | modified |
+| 4/15/2021 | [Managed security service provider (MSSP) partnership opportunities](/microsoft-365/security/defender-endpoint/mssp-support?view=o365-21vianet) | modified |
+| 4/15/2021 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |
+| 4/15/2021 | [Threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft Defender for Endpoint for non-Windows platforms](/microsoft-365/security/defender-endpoint/non-windows?view=o365-21vianet) | modified |
+| 4/15/2021 | [Offboard devices from the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/offboard-machines?view=o365-21vianet) | modified |
+| 4/15/2021 | [Onboard devices to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-21vianet) | modified |
+| 4/15/2021 | [Onboard previous versions of Windows on Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-downlevel?view=o365-21vianet) | modified |
+| 4/15/2021 | [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-21vianet) | modified |
+| 4/15/2021 | [Configure and manage Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard?view=o365-21vianet) | modified |
+| 4/15/2021 | [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-21vianet) | modified |
+| 4/15/2021 | [Overview of attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/15/2021 | [Overview of endpoint detection and response capabilities](/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response?view=o365-21vianet) | modified |
+| 4/15/2021 | [Partner applications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/partner-applications?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft Defender for Endpoint partner opportunities and scenarios](/microsoft-365/security/defender-endpoint/partner-integration?view=o365-21vianet) | modified |
+| 4/15/2021 | [Prepare Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/prepare-deployment?view=o365-21vianet) | modified |
+| 4/15/2021 | [Turn on the preview experience in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/preview-settings?view=o365-21vianet) | modified |
+| 4/15/2021 | [Microsoft Defender for Endpoint preview features](/microsoft-365/security/defender-endpoint/preview?view=o365-21vianet) | modified |
+| 4/15/2021 | [Stream Microsoft Defender for Endpoint events to Azure Event Hubs](/microsoft-365/security/defender-endpoint/raw-data-export-event-hub?view=o365-21vianet) | modified |
+| 4/15/2021 | [Investigate incidents in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-incidents?view=o365-21vianet) | modified |
+| 4/15/2021 | Configure and manage Microsoft Defender for Endpoint capabilities | removed |
+| 4/15/2021 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
+| 4/15/2021 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |
+| 4/15/2021 | [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-21vianet) | modified |
+| 4/16/2021 | [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-21vianet) | added |
+| 4/16/2021 | [Microsoft Productivity Score](/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) | modified |
+| 4/16/2021 | [Configure IRM to use an on-premises AD RMS server](/microsoft-365/compliance/configure-irm-to-use-an-on-premises-ad-rms-server?view=o365-21vianet) | modified |
+| 4/16/2021 | [Configure IRM to use Azure Rights Management](/microsoft-365/compliance/configure-irm-to-use-azure-rights-management?view=o365-21vianet) | modified |
+| 4/16/2021 | [Exchange Online mail encryption with AD RMS](/microsoft-365/compliance/information-rights-management-in-exchange-online?view=o365-21vianet) | modified |
+| 4/16/2021 | Message Encryption FAQ | removed |
+| 4/16/2021 | [Set up encryption in Office 365 Enterprise](/microsoft-365/compliance/set-up-encryption?view=o365-21vianet) | modified |
+| 4/16/2021 | [Set up new Message Encryption capabilities](/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-21vianet) | modified |
+| 4/16/2021 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
+| 4/16/2021 | [Microsoft Defender ATP for Android - Privacy information](/microsoft-365/security/defender-endpoint/android-privacy?view=o365-21vianet) | modified |
+| 4/16/2021 | [Troubleshoot performance issues](/microsoft-365/security/defender-endpoint/troubleshoot-performance-issues?view=o365-21vianet) | modified |
+| 4/16/2021 | [Prioritize incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incident-queue?view=o365-21vianet) | modified |
+| 4/16/2021 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-21vianet) | modified |
+| 4/16/2021 | [Overview of data loss prevention](/microsoft-365/compliance/data-loss-prevention-policies?view=o365-21vianet) | modified |
+| 4/16/2021 | [Use sensitivity labels as conditions in DLP policies](/microsoft-365/compliance/dlp-sensitivity-label-as-condition?view=o365-21vianet) | modified |
+| 4/16/2021 | [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-21vianet) | modified |
+| 4/16/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
+| 4/16/2021 | Change nameservers to set up Microsoft with 1&1 IONOS | removed |
+| 4/16/2021 | Change nameservers to set up Microsoft with Amazon Web Services (AWS) | removed |
+| 4/16/2021 | Change nameservers to set up Microsoft with Bluehost | removed |
+| 4/16/2021 | Change nameservers to set up Microsoft with Google Domains | removed |
+| 4/16/2021 | Change nameservers to set up Microsoft with Hostgator | removed |
+| 4/16/2021 | Change nameservers to set up Microsoft with MyDomain | removed |
+| 4/16/2021 | Change nameservers to set up Microsoft with Namecheap | removed |
+| 4/16/2021 | Change nameservers to set up Microsoft with Network Solutions | removed |
+| 4/16/2021 | Create DNS records at 1&1 IONOS for Microsoft | removed |
+| 4/16/2021 | Create DNS records at 123-reg.co.uk for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Amazon Web Services (AWS) for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Cloudflare for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Crazy Domains for Microsoft | removed |
+| 4/16/2021 | Create DNS records at DNSMadeEasy for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Dreamhost for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Dyn.com for Microsoft | removed |
+| 4/16/2021 | Create DNS records at eNomCentral for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Freenom for Microsoft | removed |
+| 4/16/2021 | Create DNS records at GoDaddy for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Google Domains for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Hostgator for Microsoft | removed |
+| 4/16/2021 | Create DNS records at MyDomain for Microsoft | removed |
+| 4/16/2021 | Create DNS records at name.com for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Namecheap for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Names.co.uk for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Netregistry for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Network Solutions for Microsoft | removed |
+| 4/16/2021 | Create DNS records at OVH for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Register.com for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Register365 for Microsoft | removed |
+| 4/16/2021 | Create DNS records at web.com for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Wix for Microsoft | removed |
+| 4/16/2021 | Create DNS records at Yahoo! Small Business for Microsoft | removed |
+| 4/16/2021 | Create DNS records for Azure DNS zones | removed |
+| 4/16/2021 | Create DNS records when your domain is managed by Google (eNom) | removed |
+| 4/16/2021 | Create DNS records at easyDNS for Microsoft | removed |
+| 4/16/2021 | [Set up your domain (host-specific instructions)](/microsoft-365/admin/get-help-with-domains/set-up-your-domain-host-specific-instructions?view=o365-21vianet) | modified |
+| 4/16/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/16/2021 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-21vianet) | modified |
++ ## Week of April 05, 2021
managed-desktop Address Device Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/address-device-names.md
+
+ Title: Address device name dependency
+description: Remove dependency on device names or request an exception
++
+f1.keywords:
+- NOCSH
+
+ms.localizationpriority: normal
+++
+audience: Admin
++
+# Address device name dependency
+
+Microsoft Managed Desktop applies a standardized name format when devices are enrolled and will automatically rename devices if the name is changed later. For more info, see [Device names](../service-description/device-names.md).
+
+> [!IMPORTANT]
+> If your environment depends on specific device names (for example, to support a particular network configuration), you should investigate options to remove that dependency before enrolling in Microsoft Managed Desktop. If you must keep the name dependency, you can submit a request through the [Admin portal](../working-with-managed-desktop/admin-support.md) to disable the renaming function and use your desired name format.
managed-desktop Register Devices Self https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/register-devices-self.md
You'll need to have the data in the CSV files combined into a single file to com
`Import-CSV -Path (Get-ChildItem -Filter *.csv) | ConvertTo-Csv -NoTypeInformation | % {$_.Replace('"', '')} | Out-File .\aggregatedDevices.csv`
-#### Register devices by using the Admin Portal
+### Register devices by using the Admin Portal
In [Microsoft Endpoint Manager](https://endpoint.microsoft.com/), select **Devices** in the left navigation pane. Look for the Microsoft Managed Desktop section of the menu and select **Devices**. In the Microsoft Managed Desktop Devices workspace, Select **+ Register devices**, which opens a fly-in to register new devices.
managed-desktop Register Reused Devices Self https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/register-reused-devices-self.md
Import-CSV -Path (Get-ChildItem -Filter *.csv) | ConvertTo-Csv -NoTypeInformatio
With the hash data merged into one CSV file, you can now proceed to [register the devices](#register-devices-by-using-the-admin-portal).
-#### Register devices by using the Admin Portal
+## Register devices by using the Admin Portal
In [Microsoft Endpoint Manager](https://endpoint.microsoft.com/), select **Devices** in the left navigation pane. Look for the Microsoft Managed Desktop section of the menu and select **Devices**. In the Microsoft Managed Desktop Devices workspace, Select **+ Register devices**, which opens a fly-in to register new devices.
You can monitor the progress of device registration on the main page. Possible s
| Active | The device has been delivered to the user and they have registered with your tenant. This also indicates that they are regularly using the device. | | Inactive | The device has been delivered to the user and they have registered with your tenant. However, they have not used the device recently (in the last 7 days). |
-#### Troubleshooting device registration
+### Troubleshooting device registration
| Error message | Details | ||-|
You can monitor the progress of device registration on the main page. Possible s
| Device claimed by another organization | This device has already been claimed by another organization. Check with your device supplier. | | Unexpected error | Your request could not be automatically processed. Contact Support and provide the Request ID: <requestId> |
-### Check the image
+## Check the image
If your device has come from a Microsoft Managed Desktop partner supplier, the image should be correct. YouΓÇÖre also welcome to apply the image on your own if you prefer. To get started, contact the Microsoft representative youΓÇÖre working with and they will provide you the location and steps for applying the image.
-### Deliver the device
+## Deliver the device
> [!IMPORTANT] > Before you hand off the device to your user, make sure you have obtained and applied the [appropriate licenses](../get-ready/prerequisites.md) for that user.
managed-desktop Device Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/device-names.md
+
+ Title: Device names
+description: How Microsoft Managed Desktop manages device names
++
+f1.keywords:
+- NOCSH
+
+ms.localizationpriority: normal
+++
+audience: Admin
++
+# Device names
+
+Microsoft Managed Desktop uses Windows Autopilot, Azure Active Directory, and Microsoft Intune. For these services to work together seamlessly, devices need consistent, standardized names. Microsoft Managed Desktop applies a standardized name format (of the form *MMD-%RAND11*) when devices are enrolled. Windows Autopilot assigns these names. For more information about Autopilot, see [First-run experience with Autopilot and the Enrollment Status Page](../get-started/esp-first-run.md).
+
+## Automated name changes
+
+If a device gets renamed later, Microsoft Managed Desktop will automatically rename it to a new name in the standardized format. This process occurs every four hours. The name change takes place the next time the user restarts the device.
+
+> [!IMPORTANT]
+> If your environment depends on specific device names (for example, to support a particular network configuration), you should investigate options to remove that dependency before enrolling in Microsoft Managed Desktop. If you must keep the name dependency, you can submit a request through the [Admin portal](../working-with-managed-desktop/admin-support.md) to disable the renaming function and use your desired name format.
managed-desktop Remove Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/remove-devices.md
+
+ Title: Remove devices
+description: Remove devices from Microsoft Managed Desktop management
++
+f1.keywords:
+- NOCSH
+
+ms.localizationpriority: normal
+++
+audience: Admin
++
+# Remove devices
+
+You can remove devices from Microsoft Managed Desktop management by using the Admin portal. This action is permanent, but you can register them with Microsoft Managed Desktop again by following the [registration steps](../get-started/register-devices-self.md).
+
+When you remove a device, all of the following occur:
+
+- We remove the device from Autopilot.
+- We remove the device from all "Modern Workplace" device groups.
+- We remove the device from the **Devices** blade in the Admin portal.
+
+When you remove a device, you have the option to also remove it from Azure Active Directory (Azure AD) and Microsoft Intune.
+
+> [!CAUTION]
+> Removing the objects related to a device from Azure AD and Microsoft Intune is permanent. If you remove the objects, you won't be able to view or manage the devices from the Intune and Azure portals. The devices won't be able to access their company's corporate resources. Company data might be deleted from them if the devices try to sign in after they're deleted.
+
+1. In [Microsoft Endpoint Manager](https://endpoint.microsoft.com/), select **Devices** in the left navigation pane.
+2. Look for the **Microsoft Managed Desktop** section of the menu and select **Devices**.
+3. In the Microsoft Managed Desktop Devices workspace, select the devices you want to delete.
+4. Select **Device actions**, and then select **Delete Device** which opens a fly-in to remove the devices.
+5. In the fly-in, review the selected devices and then select **Remove devices**. If you want to also remove the Azure AD and Intune objects at the same time, select the check box. Device removal can take a few minutes to complete.
+
+> [!NOTE]
+> You can't remove devices that are in a **pending** registration state.
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
##### [Enable controlled folder access](enable-controlled-folders.md) ##### [Customize controlled folder access](customize-controlled-folders.md)
+#### [Device Control]()
+##### [Device Control reports](device-control-report.md)
+##### [Control USB devices](control-usb-devices-using-intune.md)
### [Device discovery]() #### [Device discovery overview](device-discovery.md)
security Common Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/common-errors.md
Title: Common Microsoft Defender ATP API errors
-description: List of common Microsoft Defender ATP API errors with descriptions.
+ Title: Common Microsoft Defender for Endpoint API errors
+description: List of common Microsoft Defender for Endpoint API errors with descriptions.
keywords: apis, mdatp api, errors, troubleshooting search.product: eADQiWindows 10XVcnh ms.prod: m365-security
security Community https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/community.md
Title: Access the Microsoft Defender for Endpoint Community Center
-description: Access the Microsoft Defender ATP Community Center to share experiences, engage, and learn about the product.
+description: Access the Microsoft Defender for Endpoint Community Center to share experiences, engage, and learn about the product.
keywords: community, community center, tech community, conversation, announcements search.product: eADQiWindows 10XVcnh search.appverid: met150
security Configure Conditional Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-conditional-access.md
Title: Configure Conditional Access in Microsoft Defender ATP
+ Title: Configure Conditional Access in Microsoft Defender for Endpoint
description: Learn about steps that you need to do in Intune, Microsoft Defender Security Center, and Azure to implement Conditional access keywords: conditional access, conditional, access, device risk, risk level, integration, intune integration search.product: eADQiWindows 10XVcnh
security Configure Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-email-notifications.md
Title: Configure alert notifications in Microsoft Defender for Endpoint description: You can use Microsoft Defender for Endpoint to configure email notification settings for security alerts, based on severity and other criteria.
-keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
+keywords: email notifications, configure alert notifications, microsoft defender for endpoint, microsoft defender for endpoint notifications, microsoft defender for endpoint alerts, windows 10 enterprise, windows 10 education
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
security Configure Endpoints Gp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-gp.md
Title: Onboard Windows 10 devices to Microsoft Defender ATP via Group Policy
+ Title: Onboard Windows 10 devices to Microsoft Defender for Endpoint via Group Policy
description: Use Group Policy to deploy the configuration package on Windows 10 devices so that they are onboarded to the service. keywords: configure devices using group policy, device management, configure Windows ATP devices, onboard Microsoft Defender for Endpoint devices, group policy search.product: eADQiWindows 10XVcnh
security Configure Endpoints Mdm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-mdm.md
For more information on using Defender for Endpoint CSP see, [WindowsAdvancedThr
> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md).
-Check out the [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP.
+Check out the [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender for Endpoint.
## Offboard and monitor devices using Mobile Device Management tools For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
security Configure Endpoints Non Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows.md
Title: Onboard non-Windows devices to the Microsoft Defender for Endpoint service
-description: Configure non-Windows devices so that they can send sensor data to the Microsoft Defender ATP service.
+description: Configure non-Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint service.
keywords: onboard non-Windows devices, macos, linux, device management, configure Windows ATP devices, configure Microsoft Defender for Endpoint devices search.product: eADQiWindows 10XVcnh search.appverid: met150
You'll need to know the exact Linux distros and macOS versions that are compatib
You'll need to take the following steps to onboard non-Windows devices: 1. Select your preferred method of onboarding:
- - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac).
+ - For macOS devices, you can choose to onboard through Microsoft Defender for Endpoint or through a third-party solution. For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac).
- For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**. 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
security Configure Endpoints Sccm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-sccm.md
If you're using System Center 2012 R2 Configuration Manager, monitoring consists
![Configuration Manager showing successful deployment with no errors](images/sccm-deployment.png)
-### Check that the devices are compliant with the Microsoft Defender ATP service
+### Check that the devices are compliant with the Microsoft Defender for Endpoint service
You can set a compliance rule for configuration item in System Center 2012 R2 Configuration Manager to monitor your deployment.
For more information, see [Introduction to compliance settings in System Center
- [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md) - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md) - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
security Configure Endpoints Vdi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-vdi.md
Title: Onboard non-persistent virtual desktop infrastructure (VDI) devices
-description: Deploy the configuration package on virtual desktop infrastructure (VDI) device so that they are onboarded to Microsoft Defender ATP the service.
+description: Deploy the configuration package on virtual desktop infrastructure (VDI) device so that they are onboarded to the Microsoft Defender for Endpoint service.
keywords: configure virtual desktop infrastructure (VDI) device, vdi, device management, configure Windows ATP endpoints, configure Microsoft Defender for Endpoint endpoints search.product: eADQiWindows 10XVcnh search.appverid: met150
security Configure Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints.md
Title: Onboarding tools and methods for Windows 10 devices
-description: Onboard Windows 10 devices so that they can send sensor data to the Microsoft Defender ATP sensor
+description: Onboard Windows 10 devices so that they can send sensor data to the Microsoft Defender for Endpoint sensor
keywords: Onboard Windows 10 devices, group policy, endpoint configuration manager, mobile device management, local script, gp, sccm, mdm, intune search.product: eADQiWindows 10XVcnh search.appverid: met150
security Configure Machines Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-machines-onboarding.md
Title: Get devices onboarded to Microsoft Defender ATP
-description: Track onboarding of Intune-managed devices to Microsoft Defender ATP and increase onboarding rate.
+ Title: Get devices onboarded to Microsoft Defender for Endpoint
+description: Track onboarding of Intune-managed devices to Microsoft Defender for Endpoint and increase onboarding rate.
keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, configuration management search.product: eADQiWindows 10XVcnh search.appverid: met150
security Configure Machines Security Baseline https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-machines-security-baseline.md
Title: Increase compliance to the Microsoft Defender ATP security baseline
-description: The Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection.
-keywords: Intune management, MDATP, WDATP, Microsoft Defender, advanced threat protection ASR, security baseline
+ Title: Increase compliance to the Microsoft Defender for Endpoint security baseline
+description: The Microsoft Defender for Endpoint security baseline sets security controls to provide optimal protection.
+keywords: Intune management, MDATP, WDATP, MDE, Microsoft Defender for Endpoint, advanced threat protection ASR, security baseline
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
Before you can deploy and track compliance to security baselines:
- [Enroll your devices to Intune management](configure-machines.md#enroll-devices-to-intune-management) - [Ensure you have the necessary permissions](configure-machines.md#obtain-required-permissions)
-## Compare the Microsoft Defender ATP and the Windows Intune security baselines
+## Compare the Microsoft Defender for Endpoint and the Windows Intune security baselines
The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure devices running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Defender for Endpoint baseline provides settings that optimize all the security controls in the Defender for Endpoint stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see: - [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)-- [Microsoft Defender ATP baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp)
+- [Microsoft Defender for Endpoint baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp)
Ideally, devices onboarded to Defender for Endpoint are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Defender for Endpoint security baseline layered on top to optimally configure the Defender for Endpoint security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
security Configure Proxy Internet https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-proxy-internet.md
Title: Configure device proxy and Internet connection settings
-description: Configure the Microsoft Defender ATP proxy and internet settings to enable communication with the cloud service.
+description: Configure the Microsoft Defender for Endpoint proxy and internet settings to enable communication with the cloud service.
keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server search.product: eADQiWindows 10XVcnh search.appverid: met150
The *.blob.core.windows.net URL endpoint can be replaced with the URLs shown in
> [!NOTE] > In the case of onboarding via Azure Security Center (ASC), multiple workspaces maybe used. You will need to perform the TestCloudConnection.exe procedure above on an onboarded machine from each workspace (to determine if there are any changes to the *.blob.core.windows.net URLs between the workspaces).
-## Verify client connectivity to Microsoft Defender ATP service URLs
+## Verify client connectivity to Microsoft Defender for Endpoint service URLs
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.
security Configure Vulnerability Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications.md
Title: Configure vulnerability email notifications in Microsoft Defender for Endpoint description: Use Microsoft Defender for Endpoint to configure email notification settings for vulnerability events.
-keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
+keywords: email notifications, configure alert notifications, microsoft defender for endpoint, microsoft defender for endpoint notifications, microsoft defender for endpoint alerts, windows 10 enterprise, windows 10 education
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10
security Connected Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/connected-applications.md
Title: Connected applications in Microsoft Defender ATP
+ Title: Connected applications in Microsoft Defender for Endpoint
-description: View connected partner applications that use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender ATP APIs.
+description: View connected partner applications that use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender for Endpoint APIs.
keywords: partners, applications, third-party, connections, sentinelone, lookout, bitdefender, corrata, morphisec, paloalto, ziften, better mobile search.product: eADQiWindows 10XVcnh search.appverid: met150
security Contact Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/contact-support.md
Title: Contact Microsoft Defender ATP support
-description: Learn how to contact Microsoft Defender ATP support
+ Title: Contact Microsoft Defender for Endpoint support
+description: Learn how to contact Microsoft Defender for Endpoint support
keywords: support, contact, premier support, solutions, problems, case search.product: eADQiWindows 10XVcnh search.appverid: met150
security Control Usb Devices Using Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune.md
+
+ Title: How to control USB devices and other removable media using Intune (Windows 10)
+description: You can configure Intune settings to reduce threats from removable storage such as USB devices.
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+localization_priority: normal
++++
+audience: ITPro
+ms.technology: mde
++
+# How to control USB devices and other removable media using Microsoft Defender for Endpoint
+
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Microsoft recommends [a layered approach to securing removable media](https://aka.ms/devicecontrolblog), and Microsoft Defender for Endpoint provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices:
+
+1. [Discover plug and play connected events for peripherals in Microsoft Defender for Endpoint advanced hunting](#discover-plug-and-play-connected-events). Identify or investigate suspicious usage activity.
+
+2. Configure to allow or block only certain removable devices and prevent threats.
+ 1. [Allow or block removable devices](#allow-or-block-removable-devices) based on granular configuration to deny write access to removable disks and approve or deny devices by using USB device IDs. Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices.
+
+ 2. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling:
+ - Microsoft Defender Antivirus real-time protection (RTP) to scan removable storage for malware.
+ - The Attack Surface Reduction (ASR) USB rule to block untrusted and unsigned processes that run from USB.
+ - Direct Memory Access (DMA) protection settings to mitigate DMA attacks, including Kernel DMA Protection for Thunderbolt and blocking DMA until a user signs in.
+
+3. [Create customized alerts and response actions](#create-customized-alerts-and-response-actions) to monitor usage of removable devices based on these plug and play events or any other Microsoft Defender for Endpoint events with [custom detection rules](/microsoft-365/security/defender-endpoint/custom-detection-rules).
+
+4. [Respond to threats](#respond-to-threats) from peripherals in real-time based on properties reported by each peripheral.
+
+>[!Note]
+>These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview.md) and [Windows Information Protection](/windows/security/information-protection/create-wip-policy-using-intune-azure.md), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. Additionally, you can [classify and protect files on Windows devices](/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview) (including their mounted USB devices) by using Microsoft Defender for Endpoint and Azure Information Protection.
+
+## Discover plug and play connected events
+
+You can view plug and play connected events in Microsoft Defender for Endpoint advanced hunting to identify suspicious usage activity or perform internal investigations.
+For examples of Defender for Endpoint advanced hunting queries, see the [Microsoft Defender for Endpoint hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries).
+
+Sample Power BI report templates are available for Microsoft Defender for Endpoint that you can use for Advanced hunting queries. With these sample templates, including one for device control, you can integrate the power of Advanced hunting into Power BI. See the [GitHub repository for PowerBI templates](https://github.com/microsoft/MDATP-PowerBI-Templates) for more information. See [Create custom reports using Power BI](/microsoft-365/security/defender-endpoint/api-power-bi) to learn more about Power BI integration.
+
+## Allow or block removable devices
+The following table describes the ways Microsoft Defender for Endpoint can allow or block removable devices based on granular configuration.
+
+| Control | Description |
+|-|-|
+| [Restrict USB drives and other peripherals](#restrict-usb-drives-and-other-peripherals) | You can allow/prevent users to install only the USB drives and other peripherals included on a list of authorized/unauthorized devices or device types. |
+| [Block installation and usage of removable storage](#block-installation-and-usage-of-removable-storage) | You can't install or use removable storage. |
+| [Allow installation and usage of specifically approved peripherals](#allow-installation-and-usage-of-specifically-approved-peripherals) | You can only install and use approved peripherals that report specific properties in their firmware. |
+| [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | You can't install or use prohibited peripherals that report specific properties in their firmware. |
+| [Allow installation and usage of specifically approved peripherals with matching device instance IDs](#allow-installation-and-usage-of-specifically-approved-peripherals-with-matching-device-instance-ids) | You can only install and use approved peripherals that match any of these device instance IDs. |
+| [Prevent installation and usage of specifically prohibited peripherals with matching device instance IDs](#prevent-installation-and-usage-of-specifically-prohibited-peripherals-with-matching-device-instance-ids) | You can't install or use prohibited peripherals that match any of these device instance IDs. |
+| [Limit services that use Bluetooth](#limit-services-that-use-bluetooth) | You can limit the services that can use Bluetooth. |
+| [Use Microsoft Defender for Endpoint baseline settings](#use-microsoft-defender-for-endpoint-baseline-settings) | You can set the recommended configuration for ATP by using the Defender for Endpoint security baseline. |
+
+### Restrict USB drives and other peripherals
+
+To prevent malware infections or data loss, an organization may restrict USB drives and other peripherals. The following table describes the ways Microsoft Defender for Endpoint can help prevent installation and usage of USB drives and other peripherals.
+
+| Control | Description
+|-|-|
+| [Allow installation and usage of USB drives and other peripherals](#allow-installation-and-usage-of-usb-drives-and-other-peripherals) | Allow users to install only the USB drives and other peripherals included on a list of authorized devices or device types |
+| [Prevent installation and usage of USB drives and other peripherals](#prevent-installation-and-usage-of-usb-drives-and-other-peripherals) | Prevent users from installing USB drives and other peripherals included on a list of unauthorized devices and device types |
+
+All of the above controls can be set through the Intune [Administrative Templates](/intune/administrative-templates-windows). The relevant policies are located here in the Intune Administrator Templates:
+
+![screenshot of list of Admin Templates](images/admintemplates.png)
+
+>[!Note]
+>Using Intune, you can apply device configuration policies to Azure AD user and/or device groups.
+The above policies can also be set through the [Device Installation CSP settings](/windows/client-management/mdm/policy-csp-deviceinstallation) and the [Device Installation GPOs](/previous-versions/dotnet/articles/bb530324(v=msdn.10)).
+
+> [!Note]
+> Always test and refine these settings with a pilot group of users and devices first before applying them in production.
+For more information about controlling USB devices, see the [Microsoft Defender for Endpoint blog](https://www.microsoft.com/security/blog/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/).
+
+#### Allow installation and usage of USB drives and other peripherals
+
+One way to approach allowing installation and usage of USB drives and other peripherals is to start by allowing everything. Afterwards, you can start reducing the allowable USB drivers and other peripherals.
+
+>[!Note]
+>Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them.
+
+1. Enable **Prevent installation of devices not described by other policy settings** to all users.
+2. Enable **Allow installation of devices using drivers that match these device setup classes** for all [device setup classes](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors).
+
+To enforce the policy for already installed devices, apply the prevent policies that have this setting.
+
+When configuring the allow device installation policy, you must allow all parent attributes as well. You can view the parents of a device by opening Device Manager and view by connection.
+
+![Devices by connection](images/devicesbyconnection.png)
+
+In this example, the following classes needed to be added: HID, Keyboard, and {36fc9e60-c465-11cf-8056-444553540000}. See [Microsoft-provided USB drivers](/windows-hardware/drivers/usbcon/supported-usb-classes) for more information.
+
+![Device host controller](images/devicehostcontroller.jpg)
+
+If you want to restrict to certain devices, remove the device setup class of the peripheral that you want to limit. Then add the device ID that you want to add. Device ID is based on the vendor ID and product ID values for a device. For information on device ID formats, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers).
+
+To find the device IDs, see [Look up device ID](#look-up-device-id).
+
+For example:
+
+1. Remove class USBDevice from the **Allow installation of devices using drivers that match these device setup**.
+2. Add the device ID to allow in the **Allow installation of device that match any of these device IDs**.
++
+#### Prevent installation and usage of USB drives and other peripherals
+
+If you want to prevent the installation of a device class or certain devices, you can use the prevent device installation policies:
+
+1. Enable **Prevent installation of devices that match any of these device IDs** and add these devices to the list.
+2. Enable **Prevent installation of devices using drivers that match these device setup classes**.
+
+> [!Note]
+> The prevent device installation policies take precedence over the allow device installation policies.
+
+The **Prevent installation of devices that match any of these device IDs** policy allows you to specify a list of devices that Windows is prevented from installing.
+
+To prevent installation of devices that match any of these device IDs:
+
+1. [Look up device ID](#look-up-device-id) for devices that you want Windows to prevent from installing.
+
+ ![Look up vendor or product ID](images/lookup-vendor-product-id.png)
+
+2. Enable **Prevent installation of devices that match any of these device IDs** and add the vendor or product IDs to the list.
+
+ ![Add vendor ID to prevent list](images/add-vendor-id-to-prevent-list.png)
+
+#### Look up device ID
+
+You can use Device Manager to look up a device ID.
+
+1. Open Device Manager.
+2. Click **View** and select **Devices by connection**.
+3. From the tree, right-click the device and select **Properties**.
+4. In the dialog box for the selected device, click the **Details** tab.
+5. Click the **Property** drop-down list and select **Hardware Ids**.
+6. Right-click the top ID value and select **Copy**.
+
+For information about Device ID formats, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers).
+
+For information on vendor IDs, see [USB members](https://www.usb.org/members).
+
+The following is an example for looking up a device vendor ID or product ID (which is part of the device ID) using PowerShell:
+
+```powershell
+Get-WMIObject -Class Win32_DiskDrive |
+Select-Object -Property *
+```
+
+The **Prevent installation of devices using drivers that match these device setup classes** policy allows you to specify device setup classes that Windows is prevented from installing.
+
+To prevent installation of particular classes of devices:
+
+1. Find the GUID of the device setup class from [System-Defined Device Setup Classes Available to Vendors](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors).
+
+2. Enable **Prevent installation of devices using drivers that match these device setup classes** and add the class GUID to the list.
+
+ > [!div class="mx-imgBorder"]
+ > ![Add device setup class to prevent list](images/Add-device-setup-class-to-prevent-list.png)
+
+### Block installation and usage of removable storage
+
+1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).
+
+2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**.
+
+ > [!div class="mx-imgBorder"]
+ > ![Create device configuration profile](images/create-device-configuration-profile.png)
+
+3. Use the following settings:
+
+ - Name: Type a name for the profile
+ - Description: Type a description
+ - Platform: Windows 10 and later
+ - Profile type: Device restrictions
+
+ > [!div class="mx-imgBorder"]
+ > ![Create profile](images/create-profile.png)
+
+4. Click **Configure** > **General**.
+
+5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**. **Removable storage** includes USB drives, whereas **USB connection (mobile only)** excludes USB charging but includes other USB connections on mobile devices only.
+
+ ![General settings](images/general-settings.png)
+
+6. Click **OK** to close **General** settings and **Device restrictions**.
+
+7. Click **Create** to save the profile.
+
+### Allow installation and usage of specifically approved peripherals
+
+Peripherals that are allowed to be installed can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses).
+Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings).
+
+### Prevent installation of specifically prohibited peripherals
+
+Microsoft Defender for Endpoint blocks installation and usage of prohibited peripherals by using either of these options:
+
+- [Administrative Templates](/intune/administrative-templates-windows) can block any device with a matching hardware ID or setup class.
+- [Device Installation CSP settings](/windows/client-management/mdm/policy-csp-deviceinstallation) with a custom profile in Intune. You can [prevent installation of specific device IDs](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids) or [prevent specific device classes](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses).
+
+### Allow installation and usage of specifically approved peripherals with matching device instance IDs
+
+Peripherals that are allowed to be installed can be specified by their [device instance IDs](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+You can allow installation and usage of approved peripherals with matching device instance IDs by configuring [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceinstanceids) policy setting.
+
+### Prevent installation and usage of specifically prohibited peripherals with matching device instance IDs
+
+Peripherals that are prohibited to be installed can be specified by their [device instance IDs](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+You can prevent installation of the prohibited peripherals with matching device instance IDs by configuring [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceinstanceids) policy setting.
+
+### Limit services that use Bluetooth
+
+Using Intune, you can limit the services that can use Bluetooth through the ["Bluetooth allowed services"](/windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist-usage-guide). The default state of "Bluetooth allowed services" settings means everything is allowed. As soon as a service is added, that becomes the allowed list. If the customer adds the Keyboards and Mice values, and doesnΓÇÖt add the file transfer GUIDs, file transfer should be blocked.
+
+> [!div class="mx-imgBorder"]
+> ![screenshot of Bluetooth settings page](images/bluetooth.png)
+
+### Use Microsoft Defender for Endpoint baseline settings
+
+The Microsoft Defender for Endpoint baseline settings represent the recommended configuration for threat protection. Configuration settings for baseline are located in the edit profile page of the configuration settings.
+
+> [!div class="mx-imgBorder"]
+> ![Baselines in MEM](images/baselines.png)
+
+## Prevent threats from removable storage
+
+Removable storage devices can introduce additional security risk to your organization. Microsoft Defender for Endpoint can help identify and block malicious files on removable storage devices.
+
+Microsoft Defender for Endpoint can also prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device.
+
+Note that if you block USB devices or any other device classes using the device installation policies, connected devices, such as phones, can still charge.
+
+>[!NOTE]
+>Always test and refine these settings with a pilot group of users and devices first before widely distributing to your organization.
+
+The following table describes the ways Microsoft Defender for Endpoint can help prevent threats from removable storage.
+
+For more information about controlling USB devices, see the [Microsoft Defender for Endpoint blog](https://aka.ms/devicecontrolblog).
+
+| Control | Description |
+|-|-|
+| [Enable Microsoft Defender Antivirus Scanning](#enable-microsoft-defender-antivirus-scanning) | Enable Microsoft Defender Antivirus scanning for real-time protection or scheduled scans.|
+| [Block untrusted and unsigned processes on USB peripherals](#block-untrusted-and-unsigned-processes-on-usb-peripherals) | Block USB files that are unsigned or untrusted. |
+| [Protect against Direct Memory Access (DMA) attacks](#protect-against-direct-memory-access-dma-attacks) | Configure settings to protect against DMA attacks. |
+
+>[!NOTE]
+>Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them.
+
+### Enable Microsoft Defender Antivirus Scanning
+
+Protecting authorized removable storage with Microsoft Defender Antivirus requires [enabling real-time protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) or scheduling scans and configuring removable drives for scans.
+
+- If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](/samples/browse/?redirectedfrom=TechNet-Gallery) of a USB drive after it is mounted, so that Microsoft Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices.
+
+- If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting.
+
+>[!NOTE]
+>We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Microsoft Defender Antivirus** > **Real-time monitoring**.
+
+<!-- Need to build out point in the preceding note.
+-->
+
+### Block untrusted and unsigned processes on USB peripherals
+
+End-users might plug in removable devices that are infected with malware.
+To prevent infections, a company can block USB files that are unsigned or untrusted.
+Alternatively, companies can leverage the audit feature of [attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) to monitor the activity of untrusted and unsigned processes that execute on a USB peripheral.
+This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively.
+With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards.
+Affected file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files.
+
+These settings require [enabling real-time protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus).
+
+1. Sign in to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/).
+
+2. Click **Devices** > **Windows** > **Configuration Policies** > **Create profile**.
+
+ ![Create device configuration profile](images/create-device-configuration-profile.png)
+
+3. Use the following settings:
+ - Platform: Windows 10 and later
+ - Profile type: Device restrictions
+
+ > [!div class="mx-imgBorder"]
+ > ![Create endpoint protection profile](images/create-endpoint-protection-profile.png)
+
+4. Click **Create**.
+
+5. For **Unsigned and untrusted processes that run from USB**, choose **Block**.
+
+ ![Block untrusted processes](images/block-untrusted-processes.png)
+
+6. Click **OK** to close settings and **Device restrictions**.
+
+### Protect against Direct Memory Access (DMA) attacks
+
+DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks:
+
+1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users.
+
+ Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for peripherals that don't support device memory isolation (also known as DMA-remapping). Memory isolation allows the OS to leverage the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral (memory sandboxing). In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
+
+ Peripherals that support device memory isolation can always connect. Peripherals that don't can be blocked, allowed, or allowed only after the user signs in (default).
+
+2. On Windows 10 systems that do not support Kernel DMA Protection, you can:
+
+ - [Block DMA until a user signs in](/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess)
+ - [Block all connections via the Thunderbolt ports (including USB devices)](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d)
+
+## Create customized alerts and response actions
+
+You can create custom alerts and response actions with the WDATP Connector and the custom detection rules:
+
+**Wdatp Connector response Actions:**
+
+**Investigate:** Initiate investigations, collect investigation package, and isolate a machine.
+
+**Threat Scanning** on USB devices.
+
+**Restrict execution of all applications** on the machine except a predefined set
+MDATP connector is one of over 200 pre-defined connectors including Outlook, Teams, Slack, etc. Custom connectors can be built.
+- [More information on WDATP Connector Response Actions](/connectors/wdatp/)
+
+**Custom Detection Rules Response Action:**
+Both machine and file level actions can be applied.
+- [More information on Custom Detection Rules Response Actions](/microsoft-365/security/defender-endpoint/custom-detection-rules)
+
+For information on device control related advance hunting events and examples on how to create custom alerts, see [Advanced hunting updates: USB events, machine-level actions, and schema changes](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Advanced-hunting-updates-USB-events-machine-level-actions-and/ba-p/824152).
+
+## Respond to threats
+
+You can create custom alerts and automatic response actions with the [Microsoft Defender for Endpoint Custom Detection Rules](/microsoft-365/security/defender-endpoint/custom-detection-rules). Response actions within the custom detection cover both machine and file level actions. You can also create alerts and automatic response actions using [PowerApps](https://powerapps.microsoft.com/) and [Flow](https://flow.microsoft.com/) with the [Microsoft Defender for Endpoint connector](/connectors/wdatp/). The connector supports actions for investigation, threat scanning, and restricting running applications. It is one of over 200 pre-defined connectors including Outlook, Teams, Slack, and more. Custom connectors can also be built. See [Connectors](/connectors/) to learn more about connectors.
+
+For example, using either approach, you can automatically have the Microsoft Defender Antivirus run when a USB device is mounted onto a machine.
+
+## Related topics
+
+- [Configure real-time protection for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
+- [Defender/AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning)
+- [Policy/DeviceInstallation CSP](/windows/client-management/mdm/policy-csp-deviceinstallation)
+- [Perform a custom scan of a removable device](/samples/browse/?redirectedfrom=TechNet-Gallery)
+- [Device Control PowerBI Template for custom reporting](https://github.com/microsoft/MDATP-PowerBI-Templates)
+- [BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview.md)
+- [Windows Information Protection](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md)
security Data Storage Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/data-storage-privacy.md
Title: Microsoft Defender for Endpoint data storage and privacy description: Learn about how Microsoft Defender for Endpoint handles privacy and data that it collects.
-keywords: Microsoft Defender for Endpoint, Microsoft Defender ATP, data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
+keywords: Microsoft Defender for Endpoint, Microsoft Defender for Endpoint, data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
security Deployment Rings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-rings.md
Identify a small number of test machines in your environment to onboard to the s
### Pilot
-Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service. In this ring, identify several devices to onboard and based on the exit criteria you define, decide to proceed to the next deployment ring.
+Microsoft Defender for Endpoint supports a variety of endpoints that you can onboard to the service. In this ring, identify several devices to onboard and based on the exit criteria you define, decide to proceed to the next deployment ring.
The following table shows the supported endpoints and the corresponding tool you can use to onboard devices to the service.
The following table shows the supported endpoints and the corresponding tool you
At this stage, you can use the [Plan deployment](deployment-strategy.md) material to help you plan your deployment.
-Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.
+Use the following material to select the appropriate Microsoft Defender for Endpoint architecture that best suites your organization.
|**Item**|**Description**| |:--|:--|
-|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.pdf)<br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: <ul><li> Cloud-native </li><li> Co-management </li><li> On-premise</li><li>Evaluation and local onboarding</li>
+|[![Thumb image for Microsoft Defender for Endpoint deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.pdf)<br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/security/defender-endpoint/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: <ul><li> Cloud-native </li><li> Co-management </li><li> On-premise</li><li>Evaluation and local onboarding</li>
security Detect Block Potentially Unwanted Apps Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
audience: ITPro
ms.technology: mde+ # Detect and block potentially unwanted applications [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/) - [Microsoft Edge](/microsoft-edge/deploy/microsoft-edge)
-> [!NOTE]
-> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices.
-
-Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender for Endpoint, due to certain kinds of undesirable behavior.
+Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software that might be unexpected or unwanted. PUA is not considered a virus, malware, or other type of threat, but it might perform actions on endpoints that adversely affect endpoint performance or use. The term *PUA* can also refer to an application that has a poor reputation, as assessed by Microsoft Defender for Endpoint, due to certain kinds of undesirable behavior.
Here are some examples: - **Advertising software** that displays advertisements or promotions, including software that inserts advertisements to webpages.-- **Bundling software** that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualify as PUA.
+- **Bundling software** that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualifies as PUA.
- **Evasion software** that actively tries to evade detection by security products, including software that behaves differently in the presence of security products. > [!TIP] > For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](/windows/security/threat-protection/intelligence/criteria).
-Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up. PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016.
+Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up. PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016. In Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA for Enterprise (E5) devices by default.
## Microsoft Edge
The [new Microsoft Edge](https://support.microsoft.com/microsoft-edge/get-to-kno
Although potentially unwanted application protection in Microsoft Edge (Chromium-based, version 80.0.361.50) is turned off by default, it can easily be turned on from within the browser.
-1. Select the ellipses, and then choose **Settings**.
+1. In your Edge browser, select the ellipses, and then choose **Settings**.
+ 2. Select **Privacy, search, and services**.+ 3. Under the **Security** section, turn on **Block potentially unwanted apps**. > [!TIP]
In Chromium-based Edge with PUA protection turned on, Microsoft Defender SmartSc
Security admins can [configure](/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft Defender SmartScreen available, including [one for blocking PUA](/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can [configure Microsoft Defender SmartScreen](/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.
-Although Microsoft Defender for Endpoint has its own block list based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](/microsoft-365/security/defender-endpoint/manage-indicators) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen respects the new settings.
+Although Microsoft Defender for Endpoint has its own blocklist based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](manage-indicators.md) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen respects the new settings.
## Microsoft Defender Antivirus
For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
Set-MpPreference -PUAProtection Enabled ```
-Setting the value for this cmdlet to `Enabled` turns the feature on if it has been disabled.
+Setting the value for this cmdlet to `Enabled` turns on the feature if it has been disabled.
##### To set PUA protection to audit mode
We recommend keeping PUA protection turned on. However, you can turn it off by u
Set-MpPreference -PUAProtection Disabled ```
-Setting the value for this cmdlet to `Disabled` turns the feature off if it has been enabled.
+Setting the value for this cmdlet to `Disabled` turns off the feature if it has been enabled.
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
You can turn on email notifications to receive mail about PUA detections.
See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for details on viewing Microsoft Defender Antivirus events. PUA events are recorded under event ID **1160**.
+If you're using Microsoft Defender for Endpoint, you can use an advanced hunting query to view PUA events. Here's an example query:
+
+```console
+DeviceEvents
+| where ActionType == "AntivirusDetection"
+| extend x = parse_json(AdditionalFields)
+| evaluate bag_unpack(x)
+| where ThreatName startswith_cs 'PUA:'
+| project Timestamp, DeviceName, FolderPath, FileName, SHA256, ThreatName, WasExecutingWhileDetected, WasRemediated
+```
+ ## Excluding files Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be added to an exclusion list.
security Device Control Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-report.md
+
+ Title: Protect your organizationΓÇÖs data with device control
+description: Monitor your organization's data security through device control reports.
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+localization_priority: normal
+++++
+audience: ITPro
+ms.technology: mde
+
+# Protect your organizationΓÇÖs data with device control
+
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Microsoft Defender for Endpoint device control protects against data loss, by monitoring and controlling media use by devices in your organization, such as the use of removable storage devices and USB drives.
+
+With the device control report, you can view events that relate to media usage, such as:
+
+- **Audit events:** Shows the number of audit events that occur when external media is connected.
+- **Policy events:** Shows the number of policy events that occur when a device control policy is triggered.
+
+> [!NOTE]
+> The audit event to track media usage is enabled by default for devices onboarded to Microsoft Defender for Endpoint.
+
+## Understanding the audit events
+
+The audit events include:
+
+- **USB drive mount and unmount:** Audit events that are generated when a USB drive is mounted or unmounted.
+- **PnP:** Plug and Play audit events are generated when removable storage, a printer, or Bluetooth media is connected.
+
+## Monitor device control security
+
+Device control in Microsoft Defender for Endpoint empowers security administrators with tools that enable them to track their organizationΓÇÖs device control security through reports. You can find the device control report in the Microsoft 365 security center by going to **Reports > Device protection**.
+
+The Device protection card on the **Reports** dashboard shows the number of audit events generated by media type, over the last 180 days.
+
+> [!div class="mx-imgBorder"]
+> ![DeviceControlReportCard](images/devicecontrolcard.png)
+
+The **View details** button shows more media usage data in the **device control report** page.
+
+The page provides a dashboard with aggregated number of events per type and a list of events. Administrators can filter on time range, media class name, and device ID.
+
+> [!div class="mx-imgBorder"]
+> ![DeviceControlReportDetails](images/Detaileddevicecontrolreport.png)
+
+When you select an event, a flyout appears that shows you more information:
+
+- **General details:** Date, Action mode, and the policy of this event.
+- **Media information:** Media information includes Media name, Class name, Class GUID, Device ID, Vendor ID, Volume, Serial number, and Bus type.
+- **Location details:** Device name and MDATP device ID.
+
+> [!div class="mx-imgBorder"]
+> ![FilterOnDeviceControlReport](images/devicecontrolreportfilter.png)
+
+To see real-time activity for this media across the organization, select the **Open Advanced hunting** button. This includes an embedded, pre-defined query.
+
+> [!div class="mx-imgBorder"]
+> ![QueryOnDeviceControlReport](images/Devicecontrolreportquery.png)
+
+To see the security of the device, select the **Open device page** button on the flyout. This button opens the device entity page.
+
+> [!div class="mx-imgBorder"]
+> ![DeviceEntityPage](images/Devicesecuritypage.png)
+
+## Reporting delays
+
+The device control report can have a 12-hour delay from the time a media connection occurs to the time the event is reflected in the card or in the domain list.
security Edr In Block Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/edr-in-block-mode.md
Title: Endpoint detection and response in block mode description: Learn about endpoint detection and response in block mode
-keywords: Microsoft Defender ATP, mde, EDR in block mode, passive mode blocking
+keywords: Microsoft Defender for Endpoint, mde, EDR in block mode, passive mode blocking
search.product: eADQiWindows 10XVcnh ms.pagetype: security
security Evaluation Lab https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluation-lab.md
You can access the lab from the menu. In the navigation menu, select **Evaluatio
![Image of the evaluation lab on the menu](images/evaluation-lab-menu.png) >[!NOTE]
->- Each environment is provisioned with a limited set of test devices.
>- Depending the type of environment structure you select, devices will be available for the specified number of hours from the day of activation.
->- When you've used up the provisioned devices, no new devices are provided. A deleted device does not refresh the available test device count.
->- Given the limited resources, itΓÇÖs advisable to use the devices carefully.
+>- Each environment is provisioned with a limited set of test devices. When you've used up the provisioned devices, no new devices are provided. A deleted device does not refresh the available test device count.
+>- You can no longer use the lab when the resources have been used up. It does not reset nor refresh.
+>- It is advisable to use the resources carefully.The lab resources are limited. They will not reset nor refresh.
Already have a lab? Make sure to enable the new threat simulators and have active devices.
security Fix Unhealthy Sensors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors.md
The following suggested actions can help fix issues related to a misconfigured d
- [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)</br> The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service. -- [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)</br>
+- [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-for-endpoint-service-urls)</br>
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender for Endpoint service URLs. If you took corrective actions and the device status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
Follow theses actions to correct known issues related to a misconfigured device
- [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)</br> The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service. -- [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)</br>
+- [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-for-endpoint-service-urls)</br>
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender for Endpoint service URLs. - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)</br>
security Get Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines.md
Title: List machines API
-description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender ATP cloud.
+description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender for Endpoint cloud.
keywords: apis, graph api, supported apis, get, devices search.product: eADQiWindows 10XVcnh ms.prod: w10
security Get Package Sas Uri https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-package-sas-uri.md
Get a URI that allows downloading of an [Investigation package](collect-investig
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Access the Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name :|:|:
Delegated (work or school account) | Machine.CollectForensics | 'Collect forensi
>- The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information) ## HTTP request
-```
+
+```http
GET https://api.securitycenter.microsoft.com/api/machineactions/{machine action id}/getPackageUri ```
Authorization | String | Bearer {token}. **Required**.
## Request body+ Empty ## Response+ If successful, this method returns 200, Ok response code with object that holds the link to the package in the ΓÇ£valueΓÇ¥ parameter. This link is valid for a very short time and should be used immediately for downloading the package to a local storage.
If successful, this method returns 200, Ok response code with object that holds
Here is an example of the request.
-```
+```http
GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri ```
GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525c
Here is an example of the response.
-```
+```http
HTTP/1.1 200 Ok Content-type: application/json
Content-type: application/json
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String", "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" }-- ```
security Get Started Partner Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-started-partner-integration.md
Title: Become a Microsoft Defender for Endpoint partner
-description: Learn the steps and requirements to integrate your solution with Microsoft Defender ATP and be a partner
+description: Learn the steps and requirements to integrate your solution with Microsoft Defender for Endpoint and be a partner
keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal search.product: eADQiWindows 10XVcnh search.appverid: met150
security Microsoft Defender Antivirus Compatibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility.md
The following table summarizes what happens with Microsoft Defender Antivirus wh
If you are using Windows Server, version 1803 or newer, or Windows Server 2019, you can set Microsoft Defender Antivirus to passive mode by setting the following registry key: - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`-- Name: `ForcePassiveMode`
+- Name: `ForceDefenderPassiveMode`
- Type: `REG_DWORD` - Value: `1`
The table in this section summarizes the functionality and features that are ava
- [EDR in block mode](edr-in-block-mode.md) - [Configure Endpoint Protection](/mem/configmgr/protect/deploy-use/endpoint-protection-configure) - [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)-- [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about)
+- [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about)
security Microsoft Defender Antivirus On Windows Server https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server.md
If you are using a non-Microsoft antivirus product as your primary antivirus sol
If you are using Windows Server, version 1803 or Windows Server 2019, you can set Microsoft Defender Antivirus to passive mode by setting the following registry key: - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`-- Name: `ForcePassiveMode`
+- Name: `ForceDefenderPassiveMode`
- Type: `REG_DWORD` - Value: `1`
Uninstall-WindowsFeature -Name Windows-Defender
## See also - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)-- [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md)
+- [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md)
security Overview Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction.md
Help reduce your attack surfaces, by minimizing the places where your organizati
Article | Description -|- [Attack surface reduction](./attack-surface-reduction.md) | Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus).
-[Hardware-based isolation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites.
-[Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md) | Use application control so that your applications must earn trust in order to run.
+[Hardware-based isolation](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites.
+[Application control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) | Use application control so that your applications must earn trust in order to run.
[Exploit protection](./exploit-protection.md) | Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions. [Network protection](./network-protection.md) | Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus) [Web protection](./web-protection-overview.md) | Secure your devices against web threats and help you regulate unwanted content. [Controlled folder access](./controlled-folders.md) | Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Microsoft Defender Antivirus)
-[Network firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md) | Prevent unauthorized traffic from flowing to or from your organization's devices with two-way network traffic filtering.
+[Network firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security) | Prevent unauthorized traffic from flowing to or from your organization's devices with two-way network traffic filtering.
[Attack surface reduction FAQ](./attack-surface-reduction-faq.md) | Frequently asked questions about Attack surface reduction rules, licensing, and more.
security Troubleshoot Collect Support Log https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log.md
This topic provides instructions on how to run the tool via Live Response.
GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDEClientAnalyzerResult.zip" -auto ```
- ![Image of commands](images/analyzer-commands.png)
+ [ ![Image of commands](images/analyzer-commands.png) ](images/analyzer-commands.png#lightbox)
>[!NOTE]
This topic provides instructions on how to run the tool via Live Response.
> GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDEClientAnalyzerResult.zip" -auto > ``` >
-> - For more information on gathering data locally on a machine in case the machine isn't communicating with Microsoft Defender for Endpoint cloud services, or does not appear in Microsoft Defender for Endpoint portal as expected, see [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls).
+> - For more information on gathering data locally on a machine in case the machine isn't communicating with Microsoft Defender for Endpoint cloud services, or does not appear in Microsoft Defender for Endpoint portal as expected, see [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-for-endpoint-service-urls).
security Troubleshoot Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-onboarding.md
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to repo
WinHTTP is independent of the Internet browsing proxy settings and other user context applications and must be able to detect the proxy servers that are available in your particular environment.
-To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls) topic.
+To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-for-endpoint-service-urls) topic.
If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) topic.
security Incident Queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incident-queue.md
Here's the typical workflow for responding to incidents:
- Containment: Reducing any additional impact on your tenant. - Eradication: Removing the security threat.
- - Recovery: Restoring your tenant resources to the state they were in before the attack.
+ - Recovery: Restoring your tenant resources to the state they were in before the incident.
3. After you resolve the incident, take the time to: