Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
threat-intelligence | Learn How To Access Microsoft Defender Threat Intelligence And Make Customizations In Your Portal | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md | Title: 'Quickstart: Accessing the Microsoft Defender Threat Intelligence (Defender TI) Portal' -description: 'In this quickstart, learn how to configure your profile and preferences and access Defender TIΓÇÖs help resources using Microsoft Defender Threat Intelligence (Defender TI).' + Title: 'Quickstart: Accessing Microsoft Defender Threat Intelligence (Defender TI)' +description: In this quickstart, learn how to access Microsoft Defender Threat Intelligence (Defender TI) in the Microsoft Defender portal, as well as configure your profile and preferences and access help resources in the Defender portal. Previously updated : 08/02/2022 Last updated : 04/19/2024 -# Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations in your portal +# Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations -Understanding how to adjust your theme in Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs Portal will make it easier on your eyes when using our platform. Additionally, this guide will walk you through how to enable sources for enrichment, so you can see more results when performing searches in our platform. You will also learn how to successfully login and logout of Defender TI. +>[!IMPORTANT] +> On June 30, 2024, The Microsoft Defender Threat Intelligence (Defender TI) standalone portal (https://ti.defender.microsoft.com) will be retired and will no longer be accessible. Customers can continue using Defender TI in the [Microsoft Defender portal](https://aka.ms/mdti-intel-explorer) or with [Microsoft Copilot for Security](security-copilot-and-defender-threat-intelligence.md). [Learn more](https://aka.ms/mdti-standaloneportal) -![Ti Overview HomePage Chrome Screenshot](media/tiOverviewHomePageChromeScreenshot.png) +This guide walks you through how to access Microsoft Threat Intelligence (Defender TI) from the Microsoft Defender portal, adjust the portalΓÇÖs theme to make it easier on your eyes when using it, and find sources for enrichment so you can see more results when gathering threat intelligence. ++ :::image type="content" source="/defender/threat-intelligence/media/quickstart-intel-explorer.png" alt-text="Screenshot of the Microsoft Defender Threat Intelligence Intel explorer in the Microsoft Defender portal." lightbox="/defender/threat-intelligence/media/quickstart-intel-explorer.png"::: ## Prerequisites -- A Microsoft Entra ID or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)-- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.+- A Microsoft Entra ID or personal Microsoft account. [Sign in or create an account](https://signup.microsoft.com/) +- A Defender TI premium license. > [!NOTE]- > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering. --## Open Defender TIΓÇÖs Threat Intelligence Home Page --- Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).-- Complete Microsoft authentication to access portal.--## Access Defender TIΓÇÖs ΓÇÿProfile and PreferencesΓÇÖ to adjust your theme + > Users without a Defender TI premium license can still access our free Defender TI offering. -1. Click on the ΓÇÿProfile and PreferencesΓÇÖ icon in the upper right-hand corner of the Defender Threat Intelligence Portal. +## Open Defender TI in the Microsoft Defender portal - ![Accessing TI Portal User Profile and Preferences](media/accessingTiPortalUserProfileandPreferences.png) +1. Access the [Defender portal](https://security.microsoft.com/) and complete the Microsoft authentication process. [Learn more about the Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal) +2. Navigate to **Threat intelligence**. You can access Defender TI in the following pages: + - Intel profiles + - Intel explorer + - Intel projects -2. Select ΓÇÿDarkΓÇÖ theme. Notice how ΓÇÿLightΓÇÖ is your default theme. + :::image type="content" source="/defender/threat-intelligence/media/quickstart-navigation.png" alt-text="Screenshot of the Microsoft Defender portal with the Threat intelligence navigation links highlighted." lightbox="/defender/threat-intelligence/media/quickstart-navigation.png"::: +## Adjust the Defender portalΓÇÖs display theme to dark or light mode - ![Accessing TI Portal Dark Theme](media/accessingTiPortalDarkTheme.png) +By default, the Defender portalΓÇÖs display theme is set to light mode. To switch to dark mode, on the Defender portal, navigate to **Home** then select **Dark mode** on the upper right-right corner of the home page. + +![Partial screenshot of the Defender portal home page with the Dark mode icon hightlighted.](media/quickstart-dark-mode.png) -3. Repeat step 1 and select ΓÇÿHigh ContrastΓÇÖ theme. +To switch back to light mode, select **Light mode** in the same upper-right hand corner of the home page. - ![Accessing TI Portal High Contrast Theme](media/accessingTiPortalHighContrastTheme.png) +![Partial screenshot of the Defender portal home page with the Light mode icon hightlighted.](media/quickstart-light-mode.png) -4. Repeat step 1 and select ΓÇÿLightΓÇÖ theme. - ![Accessing TI Portal Light Theme](media/accessingTiPortalLightTheme.png) +## Get help and learn about Defender TI support resources -## Access Defender TIΓÇÖs ΓÇÿHelpΓÇÖ icon to learn about your Defender TI Microsoft Support resources +Select the **Help** icon in the upper right-hand corner of the Defender portal. The side panel displays a search bar where you can type your problem or support question. -1. Click on the ΓÇÿHelpΓÇÖ icon in the upper right-hand corner to the left of the ΓÇÿProfile and PreferencesΓÇÖ icon. - ![Accessing TI Portal Help](media/accessingTiPortalHelp.png) +You can also review MicrosoftΓÇÖs [licensing resources](https://www.microsoft.com/licensing/docs) and [privacy statement](https://privacy.microsoft.com/privacystatement) by selecting **Legal** and **Privacy & Cookies**, respectively, at the lower right hand of the **Help** side panel. -2. Review your Defender TI Microsoft Support resources. +## Sign out of the Defender portal - - Here you will find Defender TIΓÇÖs Support email address as well as a link to our Privacy Statement. +1. Select the **My account** icon in the upper right-hand corner of the Defender portal. +2. Select **Sign out**. -## Access Defender TIΓÇÖs ΓÇÿProfile and PreferencesΓÇÖ to logout of the Defender Threat Intelligence Portal --1. Click on the ΓÇÿProfile and PreferencesΓÇÖ icon in the upper right-hand corner of the Defender Threat Intelligence Portal. --2. Select ΓÇÿLogoutΓÇÖ. -- ![Accessing TI Portal Logout](media/accessingTiPortalLogout.png) ## Clean up resources There are no resources to clean up in this section. -## Next steps --For more information, see: +### See also -[ΓÇÿWhat is Microsoft Defender Threat Intelligence (Defender TI)?ΓÇÖ](index.md) +- [What is Microsoft Defender Threat Intelligence (Defender TI)?](index.md) |
admin | Feedback User Control | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/feedback-user-control.md | If your users are using one of Microsoft's apps and wish to provide feedback, th ### In-product surveys -Users can rate their experience and provide additional information about their experience via system-initiated survey prompts. These prompts occur within the Microsoft 365 products from time to time. When prompted, users can choose if they want to provide feedback. The survey prompts typically appears at the bottom right of the app. If the user decides to provide feedback, dismisses the prompt, or lets the prompt disappear on its own, that user will not see the survey again for some time. Microsoft also leverages a governance process to limit the number of these system-initiated surveys. The intent of governance is to ensure users aren't overwhelmed by the number of survey prompts. +Users can rate their experience and provide additional information about their experience via system-initiated survey prompts. These prompts occur within the Microsoft 365 products from time to time. When prompted, users can choose if they want to provide feedback. The survey prompts typically appears at the bottom right of the app. If the user decides to provide feedback, dismisses the prompt, or lets the prompt disappear on its own, that user won't see the survey again for some time. Microsoft also leverages a governance process to limit the number of these system-initiated surveys. The intent of governance is to ensure users aren't overwhelmed by the number of survey prompts. :::image type="content" source="../../media/feedback-love.png" alt-text="Screenshot: Example of in-product feedback request"::: When a user submits feedback, app information is usually collected along with ap - **Channel** Channel of Microsoft product related to the feedback. - **App Build** Build number of Microsoft product that was captured on submission. - **App Language** Language of Microsoft product that was captured on submission.-- **Attachments** Were any attachments (i.e screenshots, files) collected as part of the feedback? (Yes/No).+- **Attachments** Were any attachments (i.e. screenshots, files) collected as part of the feedback? (Yes/No). - **TenantId** If feedback is submitted from a Microsoft Entra account, which TenantId was associated. - **App module** Information about app modules that may have caused a recent crash, where applicable.-- **Optional Diagnostic data** If you are opted in, this data will be included with the feedback. [Learn more](/deployoffice/privacy/optional-diagnostic-data).+- **Optional Diagnostic data** If you're opted in, this data will be included with the feedback. [Learn more](/deployoffice/privacy/optional-diagnostic-data). If you've enabled the corresponding policies, we may allow users to submit screenshots, attachments, content samples, and logs to help us debug and resolve problems the user may be running into. Microsoft uses this data to debug and resolve problems that may be challenging or impossible to resolve without this additional information. Users choose whether or not this content and data is submitted to Microsoft. - Screenshots: Captures of the userΓÇÖs screen at the time they submitted feedback. Example: the screen including the dialog box from which the user is submitting feedback. - Attachments: Files the user can choose to attach to their feedback. Example: the file they were working on when they encountered a problem. - Content samples: Portions of content from the customerΓÇÖs document or interactions with Microsoft services. Example: the prompt the user sent to an AI service and the response the user received back from that AI service.-- Log files: Additional log files that are not included in Overview of diagnostic log files for Office - Microsoft Support and that may include the userΓÇÖs name or contents of the userΓÇÖs files. Examples: logs that include the element of the customerΓÇÖs file that is preventing the file from saving.+- Log files: Additional log files that aren't included in Overview of diagnostic log files for Office - Microsoft Support and that may include the userΓÇÖs name or contents of the userΓÇÖs files. Examples: logs that include the element of the customerΓÇÖs file that is preventing the file from saving. ++> [!NOTE] +> For information about what feedback data is collected about Microsoft Copilot with Microsoft 365 apps, see [Providing feedback about Microsoft Copilot with Microsoft 365 apps](https://support.microsoft.com/topic/c481c26a-e01a-4be3-bdd0-aee0b0b2a423). ## How can I see my user's feedback? -To meet MicrosoftΓÇÖs legal obligations to customers, we've added an experience in the Microsoft 365 admin center that lets administrators view, delete, and export the feedback data for their organizations. As part of their data controller responsibility, customers own all user feedback data and this functionality will assist administrators to provide direct transparency into their usersΓÇÖ experiences with Microsoft 365 products and enable user feedback data to be provided as part of any Data Subject Request. Global admins and compliance data administrators now have the ability to view, export and delete user feedback. All other administrators, as well as readers, are able to view and export feedback data but can't perform compliance related tasks or see information about who posted the feedback (such as user name, email, or device name). To access your organization's feedback data, sign in to the Microsoft 365 admin center and customize navigation to show the health node. Access this experience by selecting **Product Feedback** under the Health node. +To meet MicrosoftΓÇÖs legal obligations to customers, we've added an experience in the Microsoft 365 admin center that lets administrators view, delete, and export the feedback data for their organizations. As part of their data controller responsibility, customers own all user feedback data and this functionality will assist administrators to provide direct transparency into their usersΓÇÖ experiences with Microsoft 365 products and enable user feedback data to be provided as part of any Data Subject Request. Global admins and compliance data administrators now have the ability to view, export, and delete user feedback. All other administrators, as well as readers, are able to view and export feedback data but can't perform compliance related tasks or see information about who posted the feedback (such as user name, email, or device name). To access your organization's feedback data, sign in to the Microsoft 365 admin center and customize navigation to show the health node. Access this experience by selecting **Product Feedback** under the Health node. :::image type="content" source="../../media/manage-feedback-3.jpg" alt-text="Product feedback in the Microsoft 365 admin center"::: |
enterprise | Microsoft 365 Network Connectivity Principles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-network-connectivity-principles.md | In this article, you'll learn about: - [Microsoft 365 architecture](microsoft-365-network-connectivity-principles.md#BKMK_Architecture) as it applies to customer connectivity to the cloud - Updated [Microsoft 365 connectivity principles](microsoft-365-network-connectivity-principles.md#BKMK_Principles) and strategies for optimizing network traffic and the end-user experience - The [Office 365 Endpoints web service](microsoft-365-network-connectivity-principles.md#BKMK_WebSvc), which allows network administrators to consume a structured list of endpoints for use in network optimization-- [New Office 365 endpoint categories](microsoft-365-network-connectivity-principles.md#BKMK_Categories) and optimization guidance+- Guidance for [optimizing connectivity to Microsoft 365 services](#BKMK_OptmizeConnectivity) - [Comparing network perimeter security with endpoint security](microsoft-365-network-connectivity-principles.md#BKMK_SecurityComparison) - [Incremental optimization](microsoft-365-network-connectivity-principles.md#BKMK_IncOpt) options for Microsoft 365 traffic - The [Microsoft 365 connectivity test](https://aka.ms/netonboard), a new tool for testing basic connectivity to Microsoft 365 The primary goal in the network design should be to minimize latency by reducing Identifying Microsoft 365 network traffic is the first step in being able to differentiate that traffic from generic Internet-bound network traffic. Microsoft 365 connectivity can be optimized by implementing a combination of approaches like network route optimization, firewall rules, browser proxy settings. Additionally, bypassing of network inspection devices for certain endpoints is also beneficial. -Previous Microsoft 365 optimization guidance divided Microsoft 365 endpoints into two categories, **Required** and **Optional**. As endpoints have been added to support new Microsoft 365 services and features, we have reorganized Microsoft 365 endpoints into three categories: **Optimize**, **Allow**, and **Default**. Guidelines for each category apply to all endpoints in the category, making optimizations easier to understand and implement. - -For more information on Microsoft 365 endpoint categories and optimization methods, see the [New Office 365 endpoint categories](microsoft-365-network-connectivity-principles.md#BKMK_Categories) section. +For more information on Microsoft 365 optimization methods, see the [optimizing connectivity to Microsoft 365 services](#BKMK_OptmizeConnectivity) section. Microsoft now publishes all Microsoft 365 endpoints as a web service and provides guidance on how best to use this data. For more information on how to fetch and work with Microsoft 365 endpoints, see the article [Office 365 URLs and IP address ranges](https://support.office.com/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). As a general rule of thumb, the shortest, most direct route between user and clo To ensure that Microsoft 365 connectivity isn't subject to network hairpins even in the local egress case, check whether the ISP that is used to provide Internet egress for the user location has a direct peering relationship with the Microsoft Global Network in close proximity to that location. You might also want to configure egress routing to send trusted Microsoft 365 traffic directly. This is as opposed to proxying or tunneling through a third-party cloud or cloud-based network security vendor that processes your Internet-bound traffic. Local DNS name resolution of Microsoft 365 endpoints helps to ensure that in addition to direct routing, the closest Microsoft 365 entry points are being used for user connections. -If you use cloud-based network or security services for your Microsoft 365 traffic, ensure that the result of the hairpin is evaluated and its affect on Microsoft 365 performance is understood. This can be done by examining the number and locations of service provider locations through which the traffic is forwarded in relationship to number of your branch offices and Microsoft Global Network peering points, quality of the network peering relationship of the service provider with your ISP and Microsoft, and the performance affect of backhauling in the service provider infrastructure. +If you use cloud-based network or security services for your Microsoft 365 traffic, ensure that the result of the hairpin is evaluated and its effect on Microsoft 365 performance is understood. This can be done by examining the number and locations of service provider locations through which the traffic is forwarded in relationship to number of your branch offices and Microsoft Global Network peering points, quality of the network peering relationship of the service provider with your ISP and Microsoft, and the performance effect of backhauling in the service provider infrastructure. -Due to the large number of distributed locations with Microsoft 365 entry points and their proximity to end-users, routing Microsoft 365 traffic to any third-party network or security provider can have an adverse affect on Microsoft 365 connections if the provider network isn't configured for optimal Microsoft 365 peering. +Due to the large number of distributed locations with Microsoft 365 entry points and their proximity to end-users, routing Microsoft 365 traffic to any third-party network or security provider can have an adverse effect on Microsoft 365 connections if the provider network isn't configured for optimal Microsoft 365 peering. <a name="BKMK_P4"> </a> ### Assess bypassing proxies, traffic inspection devices, and duplicate security technologies Microsoft is transparent about datacenter security, operational security, and ri For more information on Microsoft datacenter and Global Network security, see the [Microsoft Trust Center](https://www.microsoft.com/trustcenter/security). -## New Office 365 endpoint categories -<a name="BKMK_Categories"> </a> --Office 365 endpoints represent a varied set of network addresses and subnets. Endpoints might be URLs, IP addresses or IP ranges, and some endpoints are listed with specific TCP/UDP ports. URLs can either be an FQDN like *account.office.net*, or a wildcard URL like *\*.office365.com*. - -> [!NOTE] -> The locations of Office 365 endpoints within the network are not directly related to the location of the Microsoft 365 tenant data. For this reason, customers should look at Microsoft 365 as a distributed and global service and should not attempt to block network connections to Office 365 endpoints based on geographical criteria. - -In our previous guidance for managing Microsoft 365 traffic, endpoints were organized into two categories, **Required** and **Optional**. Endpoints within each category required different optimization depending on the criticality of the service. Many customers faced challenges in justifying the application of the same network optimizations to the full list of Office 365 URLs and IP addresses. - -In the new model, endpoints are segregated into three categories, **Optimize**, **Allow**, and **Default**, providing a priority-based pivot on where to focus network optimization efforts to realize the best performance improvements and return on investment. The endpoints are consolidated in the above categories based on the sensitivity of the effective user experience to network quality, volume, and performance envelope of scenarios and ease of implementation. Recommended optimizations can be applied the same way to all endpoints in a given category. - -- **Optimize** endpoints are required for connectivity to every Office 365 service and represent over 75% of Office 365 bandwidth, connections, and volume of data. These endpoints represent Office 365 scenarios that are the most sensitive to network performance, latency, and availability. All endpoints are hosted in Microsoft datacenters. The rate of change to the endpoints in this category is expected to be much lower than for the endpoints in the other two categories. This category includes a small (on the order of ~10) set of key URLs and a defined set of IP subnets dedicated to core Office 365 workloads such as Exchange Online, SharePoint Online, Skype for Business Online, and Microsoft Teams.+## Optimizing connectivity to Microsoft 365 services +<a name="BKMK_OptmizeConnectivity"> </a> +Microsoft 365 services are a collection of dynamic, interdependent, and deeply integrated products, applications, and services. When configuring and optimizing connectivity to Microsoft 365 services, it is not feasible to link specific endpoints (domains) with a few Microsoft 365 scenarios to implement allow-listing at the network level. Microsoft does not support selective allow-listing as it causes connectivity and service incidents for users. Network administrators should therefore always apply Microsoft 365 guidelines for network allow-listing and common network optimizations to the full set of required network endpoints (domains) that are [published](microsoft-365-ip-web-service.md) and updated regularly. While we are simplifying Microsoft 365 network endpoints in response to customer feedback, network administrators should be aware of the following core patterns in the existing set of endpoints today: + - Where possible, the published domain endpoints will include wildcards to significantly lower the network configuration effort for customers. + - Microsoft 365 announced a domain consolidation initiative (cloud.microsoft), providing customers a way to simplify their network configurations and automatically accrue network optimizations for this domain to many current and future Microsoft 365 services. + - Exclusive use of cloud.microsoft root domain for security isolation and specific functions. This enables customer network and security teams to trust Microsoft 365 domains, while improving connectivity to those endpoints and avoiding unnecessary network security processing. + - Certain endpoint definitions specify unique IP prefixes corresponding to their domains. This feature supports customers with intricate network structures, enabling them to apply precise network optimizations by utilizing IP prefix details. - A condensed list of well-defined critical endpoints should help you to plan and implement high value network optimizations for these destinations faster and easier. +The following network configurations are recommended for all **ΓÇ£RequiredΓÇ¥** Microsoft 365 network endpoints (domains) and categories: + - Explicitly permitting Microsoft 365 network endpoints in the network devices and services that user connections go through (e.g., network perimeter security devices like proxies, firewalls, DNS, cloud-based network security solutions, etc.) + - Bypass Microsoft 365 domains from TLS decryption, traffic interception, deep packet inspection, and network packet and content filtering. Note that many outcomes that customers are using these network technologies for in the context of untrusted/unmanaged applications can be achieved by Microsoft 365 security features natively. + - Direct internet access should be prioritized for the Microsoft 365 domains by reducing reliance on wide area network (WAN) backhauling, avoiding network hairpins, and enabling a more efficient internet egress local to the users and directly to the Microsoft network. + - Ensure that DNS name resolution occurs close to the network egress to ensure that connections are served through the most optimal Microsoft 365 front door. + - Prioritize Microsoft 365 connections along the network path, ensuring capacity and quality of service for Microsoft 365 experiences. + - Bypass traffic intermediation devices such as proxies and VPN services. - Examples of *Optimize* endpoints include *https://outlook.office365.com*, *https://\<tenant\>.sharepoint.com*, and *https://\<tenant\>-my.sharepoint.com*. +Customers with complex network topologies, implementing network optimizations like custom routing, IP based proxy bypass, and split tunnel VPN may require IP prefix information in addition to domains. To facilitate these customer scenarios Microsoft 365 network endpoints are grouped into categories to prioritize and ease the configuration of these additional network optimizations. Network endpoints classified under the **ΓÇ£OptimizeΓÇ¥** and **ΓÇ£AllowΓÇ¥** categories carry high traffic volumes and are sensitive to network latency and performance, and customers may want to optimize connectivity to those first. Network endpoints under the **ΓÇ£OptimizeΓÇ¥** and **ΓÇ£AllowΓÇ¥** categories have IP addresses listed along with domains. Network endpoints classified under the **ΓÇ£DefaultΓÇ¥** category do not have IP addresses associated with them as they are more dynamic in nature and IP addresses change over time. - Optimization methods include: +### Additional network considerations +When optimizing connectivity to Microsoft 365, certain network configurations may have a negative impact on Microsoft 365 availability, interoperability, performance, and user experience. Microsoft has not tested the following network scenarios with our services, and they are known to cause connectivity issues. + - TLS termination or deep packet inspection of any M365 domains with customer proxies or other types of network devices or services [(Use third-party network devices or solutions with Microsoft 365 - Microsoft 365 | Microsoft Learn)](/troubleshoot/miscellaneous/office-365-third-party-network-devices). + - Blocking specific protocols or protocol versions such as QUIC, WebSocketΓÇÖs, etc. by intermediate network infrastructure or service. + - Forcing downgrade or failover of protocols (such as UDP --> TCP, TLS1.3 --> TLS1.2 --> TLS1.1) used between client applications and Microsoft 365 services. + - Routing connections through network infrastructure applying its own authentication such as proxy authentication. - - Bypass *Optimize* endpoints on network devices and services that perform traffic interception, TLS decryption, deep packet inspection, and content filtering. - - Bypass on-premises proxy devices and cloud-based proxy services commonly used for generic Internet browsing. - - Prioritize the evaluation of these endpoints as fully trusted by your network infrastructure and perimeter systems. - - Prioritize reduction or elimination of WAN backhauling, and facilitate direct distributed Internet-based egress for these endpoints as close to users/branch locations as possible. - - Facilitate direct connectivity to these cloud endpoints for VPN users by implementing split tunneling. - - Ensure that IP addresses returned by DNS name resolution match the routing egress path for these endpoints. - - Prioritize these endpoints for SD-WAN integration for direct, minimal latency routing into the nearest Internet peering point of the Microsoft global network. +We recommend that customers avoid using these network techniques to traffic destined to Microsoft 365 domains and bypass these for Microsoft 365 connections. -- **Allow** endpoints are required for connectivity to specific Office 365 services and features, but aren't as sensitive to network performance and latency as those in the *Optimize* category. The overall network footprint of these endpoints from the standpoint of bandwidth and connection count is also smaller. These endpoints are dedicated to Office 365 and are hosted in Microsoft datacenters. They represent a broad set of Office 365 micro-services and their dependencies (on the order of ~100 URLs) and are expected to change at a higher rate than those in the *Optimize* category. Not all endpoints in this category are associated with defined dedicated IP subnets.+Microsoft recommends setting up an automated system to download and apply the M365 network endpoint list regularly. Please refer to [Change management for Microsoft 365 IP addresses and URLs for more information](managing-office-365-endpoints.md#change-management-for-microsoft-365-ip-addresses-and-urls). - Network optimizations for *Allow* endpoints can improve the Office 365 user experience, but some customers might choose to scope those optimizations more narrowly to minimize changes to their network. -- Examples of *Allow* endpoints include *https://\*.protection.outlook.com* and *https://accounts.accesscontrol.windows.net*. -- Optimization methods include: -- - Bypass *Allow* endpoints on network devices and services that perform traffic interception, TLS decryption, deep packet inspection, and content filtering. - - Prioritize the evaluation of these endpoints as fully trusted by your network infrastructure and perimeter systems. - - Prioritize reduction or elimination of WAN backhauling, and facilitate direct distributed Internet-based egress for these endpoints as close to users/branch locations as possible. - - Ensure that IP addresses returned by DNS name resolution match the routing egress path for these endpoints. - - Prioritize these endpoints for SD-WAN integration for direct, minimal latency routing into the nearest Internet peering point of the Microsoft global network. --- **Default** endpoints represent Office 365 services and dependencies that don't require any optimization, and can be treated by customer networks as normal Internet bound traffic. Some endpoints in this category might not be hosted in Microsoft datacenters. Examples include *https://odc.officeapps.live.com* and *`https://appexsin.stb.s-msn.com`*.--For more information about Office 365 network optimization techniques, see the article [Managing Office 365 endpoints](managing-office-365-endpoints.md). - ## Comparing network perimeter security with endpoint security <a name="BKMK_SecurityComparison"> </a> We have represented the ideal network connectivity model for SaaS earlier in thi The methods you'll use to optimize Microsoft 365 traffic varies depending on your network topology and the network devices you have implemented. Large enterprises with many locations and complex network security practices need to develop a strategy that includes most or all of the principles listed in the [Microsoft 365 connectivity principles](microsoft-365-network-connectivity-principles.md#BKMK_Principles) section, while smaller organizations might only need to consider one or two. -You can approach optimization as an incremental process, applying each method successively. The following table lists key optimization methods in order of their affect on latency and reliability for the largest number of users. +You can approach optimization as an incremental process, applying each method successively. The following table lists key optimization methods in order of their effect on latency and reliability for the largest number of users. |**Optimization method**|**Description**|**Impact**| |:--|:--|:--| |
enterprise | Urls And Ip Address Ranges | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md | Data columns shown are: - **Category**: Shows whether the endpoint set is categorized as **Optimize**, **Allow**, or **Default**. This column also lists which endpoint sets are required to have network connectivity. For endpoint sets that aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity. - You can read about these categories and guidance for their management in [New Microsoft 365 endpoint categories](microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories). + You can read about these categories and guidance for their management in [New Microsoft 365 endpoint categories](microsoft-365-network-connectivity-principles.md#optimizing-connectivity-to-microsoft-365-services). - **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute is not supported for this endpoint set. |
frontline | Flw Choose Scenarios | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-choose-scenarios.md | Use these scenario overviews to start envisioning what your organization can do | Item | Description | |:--|:--|-|[![Microsoft 365 for frontline worker scenarios.](media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.| +|[![Microsoft 365 for frontline worker scenarios.](media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated April 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.| ## Communications Communications solutions connect your frontline workers and allow them to collab | Scenario | Description | Services | Teams apps | | | | | |-| [Team communication and collaboration](flw-team-collaboration.md) | Help your frontline workforce communicate within their store, shift, or team with Microsoft Teams. Viva Connections helps you create a dashboard that puts the information they need front and center on their devices, so they can reach out whenever they need to. | Teams<br>Outlook<br>SharePoint<br>Power Platform and Power Apps | Approvals, Chat, Files, Lists, Meet, Praise, Shifts, Tasks, Walkie Talkie, Viva Connections| +| [Team communication and collaboration](flw-team-collaboration.md) | Help your frontline workforce communicate within their store, shift, or team with Microsoft Teams. Viva Connections helps you create a dashboard that puts the information they need front and center on their devices, so they can reach out whenever they need to. | Teams<br>Outlook<br>SharePoint<br>Power Platform and Power Apps | Approvals, Chat, Files, Lists, Meet, Planner, Praise, Shifts, Walkie Talkie, Viva Connections| | [Corporate communications](flw-corp-comms.md) | Employee engagement is a significant contributor to workplace satisfaction, loyalty, and productivity at any organization. Learn how to keep everyone informed and engaged using SharePoint, Teams, and Viva Engage. Bring it all together with Viva Connections. | Teams<br>Outlook<br>SharePoint | Meet, Viva Engage, Viva Connections | ## Wellbeing & engagement Drive operational efficiency by digitizing paper-based processes and automating | Scenario | Description | Services | Teams apps | | | | | |-| [Simplify business processes](simplify-business-processes.md) | Use task publishing to create standard processes across sites, lists to manage information and track ongoing processes, and streamline requests with Approvals. Automated workflows can speed up and automate actions, like collecting data or routing notifications. | Teams<br>Power Platform | Tasks, Lists, Approvals | +| [Simplify business processes](simplify-business-processes.md) | Use [task publishing](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json#task-publishing) to create standard processes across sites, Lists to manage information and track ongoing processes, and streamline requests with Approvals. Automated workflows can speed up and automate actions, like collecting data or routing notifications. | Teams<br>Power Platform | Planner, Lists, Approvals | ## Virtual Appointments |
frontline | Flw Licensing Options | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-licensing-options.md | With this example, you can mix license types for the two types of workers in you | Frontline workers need quick access to tools that help them work with customers: | Information workers need tools to support their tasks like: | | -- | -- | | Frontline workers need access to information on the go - they have Microsoft 365 apps on phones or tablets. | Information workers write, edit, and share documents and have Microsoft 365 apps on desktops or laptops, plus mobile apps on phones and tablets. |-| Frontline workers communicate on the go with Teams chat, schedule work with Shifts, check off to-do items with Tasks, and track items in Lists, along with other Teams functionality. | Information workers communicate over Teams with chat, meet, and call, and use other Teams apps (depending on the specific license). | +| Frontline workers communicate on the go with Teams chat, schedule work with Shifts, check off tasks with Planner, and track items in Lists, along with other Teams functionality. | Information workers communicate over Teams with chat, meet, and calls, and use other Teams apps (depending on the specific license). | | Frontline workers can find organization-wide resources, communications, or training with SharePoint, OneDrive, Viva Connections, and Viva Engage. | Information workers create or consume team or organization-wide resources and communications with included Microsoft 365 services (depending on the specific license). | For a detailed comparison of what's included in Microsoft 365 plans for enterprises, see the [Modern work plan comparison](https://go.microsoft.com/fwlink/p/?linkid=2139145) table. |
frontline | Flw Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-overview.md | Foster an inclusive company culture and increase employee wellbeing while making ## Increase frontline operational efficiency -Microsoft 365 includes apps like Lists, Tasks, and Approvals that can help you streamline operations and bring them from paper-based to digitally tracked processes. You can enhance these by adding workflow automation, custom apps, and business data tracking with Power Automate, Power Apps, and Power BI from the Power Platform. Extend even further with solutions provided by our partners in the digital ecosystem. +Microsoft 365 includes apps like Lists, Planner, and Approvals that can help you streamline operations and bring them from paper-based to digitally tracked processes. You can enhance these by adding workflow automation, custom apps, and business data tracking with Power Automate, Power Apps, and Power BI from the Power Platform. Extend even further with solutions provided by our partners in the digital ecosystem. Enhance workforce management with [Shifts](shifts-for-teams-landing-page.md), the schedule management tool in Teams that keeps your frontline workforce connected and in sync. [Shifts connectors](shifts-connectors.md) enable you to integrate Shifts with your workforce management (WFM) system. After you set up a connection, your frontline workers can seamlessly view and manage their schedules in your WFM system from within Shifts. |
frontline | Flw Scenario Posters | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-scenario-posters.md | To learn more about how Microsoft 365 can help your frontline workers, see [Choo | Item | Description | |:--|:--|-|[![Microsoft 365 for frontline worker scenarios.](media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.| +|[![Microsoft 365 for frontline worker scenarios.](media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated April 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.| ## Scenarios for healthcare organizations Use the following poster to start envisioning what your organization can do with | Item | Description | |:--|:--|-|[![Microsoft 365 for frontline workers: Healthcare scenarios.](media/m365-frontline-healthcare-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.| +|[![Microsoft 365 for frontline workers: Healthcare scenarios.](media/m365-frontline-healthcare-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated April 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.| ## Scenarios for retail organizations Use the following poster to start envisioning what your organization can do with | Item | Description | |:--|:--|-|[![Microsoft 365 for frontline workers: Retail scenarios.](media/m365-frontline-retail-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.| +|[![Microsoft 365 for frontline workers: Retail scenarios.](media/m365-frontline-retail-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated April 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.| ## See also |
frontline | Flw Setup Microsoft 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-setup-microsoft-365.md | The table below shows Teams applications commonly utilized in frontline solution **Scenarios and apps** -| Scenario | Approvals | Virtual Appointments or Bookings | Lists | Praise | Shifts | Tasks | Updates | +| Scenario | Approvals | Virtual Appointments or Bookings | Lists | Praise | Shifts | Planner | Updates | | :- | :-: | :-: | :-: | :-: | :-: | :-: | :-: | | [Team communication and collaboration](flw-team-collaboration.md) | ✅ | | ✅ | ✅ | | ✅ | ✅ | | [Corporate communications](flw-corp-comms.md) | | | | | | | | |
frontline | Flw Team Collaboration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-team-collaboration.md | Your team can use apps in Teams to coordinate and collaborate with each other on - [Create, manage, and share schedules with Shifts](#create-manage-and-share-schedules-with-shifts) - [Keep in touch with Walkie Talkie](#keep-in-touch-with-walkie-talkie) - [Boost morale with Praise](#boost-morale-with-praise)-- [Track and monitor work with Tasks](#track-and-monitor-work-with-tasks)+- [Track and monitor work with Planner](#track-and-monitor-work-with-planner) - [Streamline approvals with Approvals](#streamline-approvals-with-approvals) - [Check in on progress with Updates](#check-in-on-progress-with-updates) - [Create a personalized experience with Viva Connections](#create-a-personalized-experience-with-viva-connections) Learn how to [manage the Praise app for your organization](/microsoftteams/manag Share this [Praise video training](https://support.microsoft.com/office/communication-and-praise-7d37ef80-542b-42e5-aa01-0fabbaa634b6) with your users. -### Track and monitor work with Tasks +### Track and monitor work with Planner -Use Tasks in Teams to track to-do items for your whole frontline team. Store managers and employees can create, assign, and schedule tasks, categorize tasks, and update status at any time from any device running Teams. IT pros and admins can also publish tasks to specific teams for your organization. For example, you could publish a set of tasks for daily cleaning or steps to set up a new display. +Use Planner in Teams to track tasks for your whole frontline team. Store managers and employees can create, assign, and schedule tasks, categorize tasks, and update status at any time from any device running Teams. IT pros and admins can also publish tasks to specific teams for your organization. For example, you could publish a set of tasks for daily cleaning or steps to set up a new display. |Industry |Example | |:--|:-| Use Tasks in Teams to track to-do items for your whole frontline team. Store man |Financial services |A bank manager can assign mortgage specialists a task to review and get familiar with new rates or policies. | |Manufacturing |A supervisor can assign a worker a task to inspect a new batch of products. | -Learn how to [manage the Tasks app for your organization](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). +Learn how to [manage the Planner app for your organization](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). -Share this [Tasks video training](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) with your users. +Share the [Planner in Teams help & learning](https://support.microsoft.com/office/getting-started-with-planner-in-teams-7a5e58f1-2cee-41b0-a41d-55d512c4a59c) with your users. ### Streamline approvals with Approvals |
frontline | Pin Teams Apps Based On License | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/pin-teams-apps-based-on-license.md | With the tailored frontline app experience, your frontline workers get the most Apps are pinned to the app bar, which is the bar at the bottom of the Teams mobile clients (iOS and Android) and on the side of the Teams desktop client. The following apps are pinned for users who have an [F license](https://www.microsoft.com/microsoft-365/enterprise/frontline#office-SKUChooser-0dbn8nt): -- [Viva Connections](#viva-connections) [Learn what Viva Connections is](https://support.microsoft.com/office/your-intranet-is-now-in-microsoft-teams-8b4e7f76-f305-49a9-b6d2-09378476f95b)+- [Viva Connections](#viva-connections) - [Activity](https://support.microsoft.com/office/explore-the-activity-feed-in-teams-91c635a1-644a-4c60-9c98-233db3e13a56) - [Chat](https://support.microsoft.com/office/get-started-with-chat-0b506ce2-eb6d-4fca-9668-e56980ba755e) - [Teams](https://support.microsoft.com/office/teams-and-channels-in-microsoft-teams-c6d0e61d-a61e-44a6-a972-04f2a8fa4155) - [Walkie Talkie](https://support.microsoft.com/office/get-started-with-teams-walkie-talkie-25bdc3d5-bbb2-41b7-89bf-650fae0c8e0c)-- [Tasks](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070)+- [Planner](https://support.microsoft.com/office/getting-started-with-planner-in-teams-7a5e58f1-2cee-41b0-a41d-55d512c4a59c) - [Shifts](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) - [Approvals](https://support.microsoft.com/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3) Apps are pinned to the app bar, which is the bar at the bottom of the Teams mobi > [!NOTE] > The **User pinning** setting must be turned on in the global (org-wide default) [app setup policy](/microsoftteams/teams-app-setup-policies) for this feature to take effect. -The tailored frontline app experience is controlled by the **Show tailored apps** org-wide app setting on the [Manage apps](/microsoftteams/manage-apps#manage-org-wide-app-settings) page of the Teams admin center. If the feature is on, all users in your organization who have an F license will get the tailored app experience. +The tailored frontline app experience is controlled by the **Show tailored apps** org-wide app setting on the [Manage apps](/microsoftteams/manage-apps#manage-org-wide-app-settings) page of the Teams admin center. If the feature is on, all users in your organization who have an F license get the tailored app experience. Keep in mind that any custom [app setup policies](/microsoftteams/teams-app-setup-policies) assigned to users take precedence. This means that if a user already has a custom app setup policy assigned to them, the user gets the configuration that's defined in the custom app setup policy. To learn more about how the feature works with Teams app policies, including the global app setup policy, see the [Scenarios](#scenarios) section later in this article. The feature is off. | The frontline worker gets the apps defined in the global Viva Connections is part of the tailored apps experience. Frontline users who see the tailored app experience will have Viva Connections pinned in the first position on both mobile and desktop. -This experience includes a default dashboard with relevant frontline cards such as Tasks, Shifts, Approvals, and Top News that can be customized to fit the needs of your organization. If your organization has already set up a Viva Connections home site, it will take precedence over the default experience. +This experience includes a default dashboard with relevant frontline cards such as Shifts, Planner, Approvals, and Top News that can be customized to fit the needs of your organization. If your organization already set up a Viva Connections home site, it takes precedence over the default experience. ++ [Learn more about Viva Connections](https://support.microsoft.com/office/access-and-use-the-viva-connections-app-in-microsoft-teams-8b4e7f76-f305-49a9-b6d2-09378476f95b). ## Related articles - [Manage the Walkie Talkie app in Teams](/microsoftteams/walkie-talkie?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json)-- [Manage the Tasks app in Teams](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json)+- [Manage the Planner app in Teams](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) - [Manage the Shifts app in Teams](/microsoftteams/expand-teams-across-your-org/shifts/manage-the-shifts-app-for-your-organization-in-teams?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) - [Manage the Approvals app in Teams](/microsoftteams/approval-admin?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json)+- [Overview of Viva Connections](/viva/connections/viva-connections-overview) - [Manage app setup policies in Teams](/microsoftteams/teams-app-setup-policies) - [Manage app permission policies in Teams](/microsoftteams/teams-app-permission-policies) |
frontline | Simplify Business Processes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/simplify-business-processes.md | Teams includes many apps to help you and your frontline workforce manage their d |Task |App |Manage this capability |End-user training | |--||--|| |Create and update schedules for your frontline teams. Your workers can view their own and their team's schedules, request shifts, swap shifts, clock in and out, and more. |Shifts |[Manage Shifts](shifts-for-teams-landing-page.md). |[Shifts video training](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) |-|Publish and track tasks for your workers so they know what needs to be done every day. |Tasks |[Manage the Tasks app](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). |[Tasks video training](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) | +|Publish and track tasks for your workers so they know what needs to be done every day. |Planner |[Manage the Planner app](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). |[Planner help & learning](https://support.microsoft.com/office/getting-started-with-planner-in-teams-7a5e58f1-2cee-41b0-a41d-55d512c4a59c)| |Easily make and sign off on approval requests. |Approvals | [Manage the Approvals app](/microsoftteams/approval-admin?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). |[Approvals video training](https://support.microsoft.com/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3?wt.mc_id=otc_microsoft_teams) |-|Check in on recurring responsibilities and track the progress of larger tasks. |Updates | [Manage the Updates app](/microsoftteams/manage-updates-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). | [Updates video training](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) | +|Check in on recurring responsibilities that happen on a regular basis or in-the-moment updates. |Updates | [Manage the Updates app](/microsoftteams/manage-updates-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). | [Updates video training](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) | |Make custom lists to keep track of everything else. |Lists |[Manage the Lists app](/microsoftteams/manage-lists-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). |[Lists video training](https://support.microsoft.com/office/create-a-list-from-the-lists-app-b5e0b7f8-136f-425f-a108-699586f8e8bd) | [Learn more about how your frontline team can communicate and collaborate with Microsoft Teams apps](flw-team-collaboration.md#apps-in-teams). |
frontline | Switch From Enterprise To Frontline | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/switch-from-enterprise-to-frontline.md | Some key differences include: - F plans don't include Office desktop apps or the Outlook desktop app. - F plans are limited to devices with integrated screens smaller than 10.9 inches on Office mobile apps.-- F plans [pin frontline worker apps](pin-teams-apps-based-on-license.md) like Walkie Talkie, Tasks, Shifts, and Approvals by default in Microsoft Teams.+- F plans [pin frontline worker apps](pin-teams-apps-based-on-license.md) like Walkie Talkie, Shifts, Planner, and Approvals by default in Microsoft Teams. In this section, we've included more information about these key differences and highlighted some additional differences to pay attention to. Keep in mind that this isn't a comprehensive list. To learn more: |
frontline | Teams For Financial Services | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/teams-for-financial-services.md | Microsoft 365 and Teams offer capabilities that help financial services organiza Bring associates and management together across branches to collaborate and streamline operations with Teams and Teams apps. -**Key apps and capabilities:** Shifts, Walkie Talkie, Tasks, Approvals, Praise, Lists, Updates, Viva Connections, Chat, Files +**Key apps and capabilities:** Shifts, Walkie Talkie, Planner, Approvals, Praise, Lists, Updates, Viva Connections, Chat, Files **Additional More information: [Corporate communications with frontline workers](flw-corp-com ### Apps and services for financial services -Ensure that your workers can communicate, collaborate, and deliver great customer service with Teams apps like Shifts, Tasks, Lists, Praise, and more. You can determine which apps are available for your users by enabling them in the Teams admin center or by using a team template. Learn more about [managing Teams apps](/microsoftteams/manage-apps). +Ensure that your workers can communicate, collaborate, and deliver great customer service with Teams apps like Shifts, Planner, Lists, Praise, and more. You can determine which apps are available for your users by enabling them in the Teams admin center or by using a team template. Learn more about [managing Teams apps](/microsoftteams/manage-apps). For financial services environments, the following apps and services can help you transform your business processes and support communication. For financial services environments, the following apps and services can help yo | Documents and files | Share standard operating procedures, regulatory compliance policies, company policies, and financial product fact sheets. | [Teams and SharePoint integration](/sharepoint/teams-connected-sites) | [Share files](https://support.microsoft.com/office/upload-and-share-files-57b669db-678e-424e-b0a0-15d19215cb12) | | Praise | Recognize coworkers for great teamwork with the Praise app. | [Manage the Praise app](/microsoftteams/manage-praise-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Send Praise to people](https://support.microsoft.com/office/send-praise-to-people-50f26b47-565f-40fe-8642-5ca2a5ed261e) | | Shifts | Create and manage schedules and clock in and out with Shifts. | [Shifts for frontline workers](shifts-for-teams-landing-page.md) | [Use Shifts](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) |-| Tasks | Help employees know what they should focus on when not with customers by assigning tasks. Your corporate office can use [task publishing](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json#task-publishing) to send out tasks to locations and track progress across those locations. | [Manage the Tasks app](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Tasks](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) | +| Planner | Help employees know what they should focus on when not with customers by assigning tasks. Your corporate office can use [task publishing](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json#task-publishing) to send out tasks to locations and track progress across those locations. | [Manage the Planner app](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Planner](https://support.microsoft.com/office/getting-started-with-planner-in-teams-7a5e58f1-2cee-41b0-a41d-55d512c4a59c) | | Updates | Check in on recurring or one-off priorities such as daily counts. Managers can create templates for employees to fill out and submit. | [Manage the Updates app](/microsoftteams/manage-updates-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Updates](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) | | Virtual Appointments| Schedule and manage virtual consultations with clients, view analytics, and more, in the Virtual Appointments app.| [Manage the Virtual Appointments app](/microsoftteams/manage-virtual-appointments-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [What is the Virtual Appointments app?](https://support.microsoft.com/topic/22df0079-e6d9-4225-bc65-22747fb2cb5f) | | Viva Connections | Viva Connections creates an experience in Teams that connects employees with tools, news, and resources. Employees can view a tailored news feed from your organization and a personalized dashboard with the resources they need. | [Overview of Viva Connections](/viva/connections/viva-connections-overview) | Use [Viva Connections](https://support.microsoft.com/office/your-intranet-is-now-in-microsoft-teams-8b4e7f76-f305-49a9-b6d2-09378476f95b) | |
frontline | Teams For Manufacturing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/teams-for-manufacturing.md | More information: [Frontline team collaboration](flw-team-collaboration.md) and - Create and manage schedules for your employees with Shifts - Check in on recurring and one-off priorities with Updates - Streamline approvals with the Approvals app-- Assign and keep track of tasks with the Tasks app+- Assign and keep track of tasks with the Planner app -**Key apps:** Approvals, Shifts, Updates, Tasks +**Key apps:** Approvals, Shifts, Updates, Planner More information: [Frontline team collaboration](flw-team-collaboration.md) and [Shifts](shifts-for-teams-landing-page.md) More information: [Training and onboarding](flw-onboarding-training.md) ### Apps and services for manufacturing -Ensure that your workers can communicate, collaborate, and deliver great products with apps like Shifts, Tasks, Lists, Praise, and more. You can determine which apps are available for your users by enabling them in the Teams admin center or by using a team template. Learn more about [managing Teams apps](/microsoftteams/manage-apps). +Ensure that your workers can communicate, collaborate, and deliver great products with apps like Shifts, Planner, Lists, Praise, and more. You can determine which apps are available for your users by enabling them in the Teams admin center or by using a team template. Learn more about [managing Teams apps](/microsoftteams/manage-apps). For manufacturing environments, the following apps and services can help you transform your business processes and support communication. For manufacturing environments, the following apps and services can help you tra | Documents and files | Share standard operating procedures, manuals, diagrams, inspection records, and more. | [Teams and SharePoint integration](/sharepoint/teams-connected-sites) | [Share files](https://support.microsoft.com/office/upload-and-share-files-57b669db-678e-424e-b0a0-15d19215cb12) | | Praise | Recognize coworkers for great teamwork with the Praise app. | [Manage the Praise app](/microsoftteams/manage-praise-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Send Praise to people](https://support.microsoft.com/office/send-praise-to-people-50f26b47-565f-40fe-8642-5ca2a5ed261e) | | Shifts | Create and manage schedules and clock in and out with Shifts. |[Shifts for frontline workers](shifts-for-teams-landing-page.md) | [Use Shifts](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) |-| Tasks | Supervisors can assign tasks to let workers know what to focus on. Your organization's central office can use [task publishing](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json#task-publishing) to send out tasks to locations and track progress across those locations. | [Manage the Tasks app](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Tasks](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) | +| Planner | Supervisors can assign tasks to let workers know what to focus on. Your organization's central office can use [task publishing](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json#task-publishing) to send out tasks to locations and track progress across those locations. | [Manage the Planner app](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Planner](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) | | Updates | Check in on recurring and one-off priorities such as machinery repairs and inspections. Supervisors can create templates for employees to fill out and submit. | [Manage the Updates app](/microsoftteams/manage-updates-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Updates](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) | | Viva Connections | Viva Connections creates an experience in Teams that connects employees with tools, news, and resources. Employees can view a tailored news feed from your organization and a personalized dashboard with the resources they need. For example, you could create a Manuals card so your operators can easily find all the necessary manuals. | [Overview of Viva Connections](/viva/connections/viva-connections-overview) | [Use Viva Connections](https://support.microsoft.com/office/your-intranet-is-now-in-microsoft-teams-8b4e7f76-f305-49a9-b6d2-09378476f95b) | | Viva Learning | Provide initial and ongoing training to make sure your employees are up-to-date with their skills and knowledge base. | [Overview of Viva Learning](/viva/learning/overview-viva-learning) | [Use Viva Learning](https://support.microsoft.com/office/viva-learning-preview-01bfed12-c327-41e0-a68f-7fa527dcc98a) | |
frontline | Teams For Retail Landing Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/teams-for-retail-landing-page.md | Use the following poster to start envisioning what your organization can do with | Item | Description | |:--|:--|-|[![Microsoft 365 for frontline workers: Retail scenarios.](media/m365-frontline-retail-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.| +|[![Microsoft 365 for frontline workers: Retail scenarios.](media/m365-frontline-retail-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated April 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.| <!-- ### Video overviews Watch the following video to see how you can simplify business processes in reta Bring in-store associates and management together to collaborate and streamline operations with Teams and Teams apps. -**Key apps and capabilities:** Shifts, Walkie Talkie, Tasks, Approvals, Praise, Lists, Updates, Viva Connections, Chat, Files +**Key apps and capabilities:** Shifts, Walkie Talkie, Planner, Approvals, Praise, Lists, Updates, Viva Connections, Chat, Files **Additional More information: [Frontline team collaboration](flw-team-collaboration.md) Staff members can communicate and collaboration across multiple stores in a region, or with headquarters using the same tools and apps you use within your store. -**Key apps and capabilities:** Shifts, Walkie Talkie, Tasks, Approvals, Praise, Lists, Updates, Viva Connections, Viva Engage, Chat, Files +**Key apps and capabilities:** Shifts, Walkie Talkie, Planner, Approvals, Praise, Lists, Updates, Viva Connections, Viva Engage, Chat, Files **Additional You can use Teams apps, Power Apps, and Power BI to simplify business processes. - Conduct store walks and inventories with Power Apps. - Track key performance indicators (KPIs) with Power BI reports. -**Key apps:** Shifts, Tasks, Lists, Approvals +**Key apps:** Shifts, Planner, Lists, Approvals **Additional More information: [Onboard new employees](flw-onboarding-training.md) ### Apps and services for retail -Ensure that your workers can communicate, collaborate, and deliver great customer service with apps like Shifts, Walkie Talkie, Tasks, Lists, Praise, and more. You can determine which apps are available for your users by enabling them in the Teams admin center or by using a team template. Learn more about [managing Teams apps](/microsoftteams/manage-apps). +Ensure that your workers can communicate, collaborate, and deliver great customer service with apps like Shifts, Walkie Talkie, Planner, Lists, Praise, and more. You can determine which apps are available for your users by enabling them in the Teams admin center or by using a team template. Learn more about [managing Teams apps](/microsoftteams/manage-apps). For retail environments, the following apps and services can help you transform your business processes and support communication. For retail environments, the following apps and services can help you transform | Praise | Recognize coworkers for great teamwork with the Praise app. | [Manage the Praise app](/microsoftteams/manage-praise-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Send Praise to people](https://support.microsoft.com/office/send-praise-to-people-50f26b47-565f-40fe-8642-5ca2a5ed261e) | | RealWear devices | Handsfree communication with devices. | [Microsoft Teams for RealWear](/microsoftteams/flw-realwear?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Microsoft Teams for RealWear](https://support.microsoft.com/office/using-microsoft-teams-for-realwear-af20d232-d18c-476f-8031-843a4edccd5f) | | Shifts | Create and manage schedules and clock in and out with Shifts. | [Shifts for frontline workers](shifts-for-teams-landing-page.md) | [Use Shifts](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) |-| Tasks | Help employees know what they should focus on when not with customers by assigning tasks. Operations can use [task publishing](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json#task-publishing) to send out tasks to locations and track progress across those locations. | [Manage the Tasks app](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Tasks](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) | +| Planner | Help employees know what they should focus on when not with customers by assigning tasks. Operations can use [task publishing](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json#task-publishing) to send out tasks to locations and track progress across those locations. | [Manage the Planner app](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Planner](https://support.microsoft.com/office/getting-started-with-planner-in-teams-7a5e58f1-2cee-41b0-a41d-55d512c4a59c) | | Updates | Check in on recurring or one-off priorities such as daily cleaning. Managers can create templates for employees to fill out and submit. | [Manage the Updates app](/microsoftteams/manage-updates-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Updates](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) | | Walkie Talkie | Instant push-to-talk communication that's not constrained by geography like standard two-way radios.| [Manage the Walkie Talkie app](/microsoftteams/walkie-talkie?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [Use Walkie Talkie](https://support.microsoft.com/office/get-started-with-teams-walkie-talkie-25bdc3d5-bbb2-41b7-89bf-650fae0c8e0c) | | Virtual Appointments|Schedule and manage virtual fittings and consultations, view analytics, and more, in the Virtual Appointments app.| [Manage the Virtual Appointments app](/microsoftteams/manage-virtual-appointments-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) | [What is the Virtual Appointments app?](https://support.microsoft.com/topic/22df0079-e6d9-4225-bc65-22747fb2cb5f) | For retail environments, the following apps and services can help you transform Create teams that include a predefined set of settings, channels, tabs, and preinstalled apps for communication and collaboration within an individual store, with a region, or between headquarters and your staff wherever they are. -- The **Organize a store** template includes channels for General, Shift Handoff, Store Readiness, and Learning, and includes the Approvals, Tasks, and Wiki apps.-- The **Retail for managers** template includes channels for General, Operations, and Learning, and includes a Wiki tab.+- The **Manage a Store** template includes channels for General, Shift Handoff, Store Readiness, and Learning, and apps such as Approvals, Lists, Shifts, Planner, and more. +- The **Retail for Managers** template includes channels for General, Operations, and Learning, and apps such as Approvals, Planner, and more. You can also [create a custom template](/microsoftteams/create-a-team-template) to include the apps your store needs. To learn more, see [Use retail team templates](/microsoftteams/get-started-with-retail-teams-templates?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) |
frontline | Teams In Hc | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/teams-in-hc.md | Use the following poster to start envisioning what your organization can do with | Item | Description | |:--|:--|-|[![Microsoft 365 for frontline workers: Healthcare scenarios.](media/m365-frontline-healthcare-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.| +|[![Microsoft 365 for frontline workers: Healthcare scenarios.](media/m365-frontline-healthcare-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated April 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.| ## Provide seamless virtual visits Here's an example list, which was set up for patient rounding. To learn more, see [Manage the Lists app for your organization in Teams](/microsoftteams/manage-lists-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). -### Track and monitor tasks with the Tasks app +### Track and monitor tasks with the Planner app -Use [Tasks](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) in Teams to track to do items for your whole health team. Your health team can create, assign, and schedule tasks, categorize tasks, and update status at any time, from any device running Teams. IT pros and admins can also publish tasks to specific teams for your organization. For example, you could publish a set of tasks for new safety protocols or a new intake step to be used across a hospital. +Use [Planner](https://support.microsoft.com/office/getting-started-with-planner-in-teams-7a5e58f1-2cee-41b0-a41d-55d512c4a59c) in Teams to track to do items for your whole health team. Your health team can create, assign, and schedule tasks, categorize tasks, and update status at any time, from any device running Teams. IT pros and admins can also publish tasks to specific teams for your organization. For example, you could publish a set of tasks for new safety protocols or a new intake step to be used across a hospital. -To learn more, see [Manage the Tasks app for your organization in Microsoft Teams](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). +To learn more, see [Manage the Planner app for your organization in Microsoft Teams](/microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). ### Streamline approvals with the Approvals app To learn more, see [Shifts for frontline workers](shifts-for-teams-landing-page. There are many resources available to help all of the users in your organization get comfortable with using Teams: - Check out the [Teams adoption center](https://adoption.microsoft.com/microsoft-teams/) for advice on rolling out Teams if you're just starting your organization's journey with Teams, or expanding Teams to more areas of your organization.-- Get help and training for your users on how to perform basic tasks in Teams on the [Teams help & learning site](https://support.microsoft.com/teams), including [quick training videos](https://support.microsoft.com/office/microsoft-teams-video-training-4f108e54-240b-4351-8084-b1089f0d21d7). This site also has help and training for the Teams apps, including [Virtual Appointments](https://support.microsoft.com/office/what-is-virtual-appointments-22df0079-e6d9-4225-bc65-22747fb2cb5f), [Lists](https://support.microsoft.com/office/get-started-with-lists-in-teams-c971e46b-b36c-491b-9c35-efeddd0297db), [Tasks](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070), [Approvals](https://support.microsoft.com/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3), and [Shifts](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821).+- Get help and training for your users on how to perform basic tasks in Teams on the [Teams help & learning site](https://support.microsoft.com/teams), including [quick training videos](https://support.microsoft.com/office/microsoft-teams-video-training-4f108e54-240b-4351-8084-b1089f0d21d7). This site also has help and training for the Teams apps, including [Virtual Appointments](https://support.microsoft.com/office/what-is-virtual-appointments-22df0079-e6d9-4225-bc65-22747fb2cb5f), [Lists](https://support.microsoft.com/office/get-started-with-lists-in-teams-c971e46b-b36c-491b-9c35-efeddd0297db), [Planner](https://support.microsoft.com/office/getting-started-with-planner-in-teams-7a5e58f1-2cee-41b0-a41d-55d512c4a59c), [Approvals](https://support.microsoft.com/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3), and [Shifts](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821). |
lighthouse | M365 Lighthouse Data Collection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-data-collection.md | The following table summarizes the types of data that Lighthouse collects from c | Data category | Data source | Data scope | Data purpose | | - | - | - |- |-|Cloud PC management | Windows 365 | Various types of data related to Cloud PC device and user management, such as: <ul><li>Metadata of Cloud PC devices, such as device name, device ID, device group, device status, and device configuration </li><li>Metadata of cloud PC users, such as username, user ID, user group, user role, and user assignment</li><li> Metadata of cloud PC connections, such as connection name, connection type, connection status, and connection details</li></ul> | Helps MSPs manage Cloud PC devices and users across customer tenants.<br/><br/>Helps MSPs measure and improve Cloud PC performance and user experience across customer tenants.| -| Device management | Microsoft Intune | Various types of data related to device enrollment, device compliance, app protection, and device configuration, such as:<ul><li>Metadata of enrolled devices</li><li>Metadata of app protection policies</li><li>Metadata of device configuration profiles</li></ul> <br>Comparison of device compliance status and app protection policies with the baseline configuration | Helps MSPs manage devices across customer tenants.<br/><br/>Helps MSPs measure and improve device compliance and app protection across customer tenants.| -| Device performance | Endpoint analytics |Metadata of device performance, such as device name, device ID, device group, startup performance score, restart frequency, sign-in duration, battery life, and app reliability<br/><br/>Metadata of device recommendations, such as name, type, impact, status, and details | Helps MSPs manage device performance across customer tenants.<br/><br/>Helps MSPs measure and improve device productivity and user experience across customer tenants. | -| Email security | Microsoft Defender for Office 365 | Metadata of quarantined messages, such as sender, recipient, subject, date, reason for quarantine, and release status<br/><br/>Metadata of email threats, such as threat type, threat severity, and threat action | Helps MSPs manage quarantined messages across customer tenants.<br/><br/>Helps MSPs measure and improve email security and anti-phishing across customer tenants. | +|Cloud PC management | Windows 365 | Various types of data related to Cloud PC device and user management, such as: <ul><li>Metadata of Cloud PC devices, such as device name, device ID, device group, device status, and device configuration </li><li>Metadata of cloud PC users, such as username, user ID, user group, user role, and user assignment</li><li> Metadata of cloud PC connections, such as connection name, connection type, connection status, and connection details</li></ul> | Helps MSPs manage Cloud PC devices and users across customer tenants.<br><br>Helps MSPs measure and improve Cloud PC performance and user experience across customer tenants.| +| Device management | Microsoft Intune | Various types of data related to device enrollment, device compliance, app protection, and device configuration, such as:<ul><li>Metadata of enrolled devices</li><li>Metadata of app protection policies</li><li>Metadata of device configuration profiles</li></ul> <br>Comparison of device compliance status and app protection policies with the baseline configuration | Helps MSPs manage devices across customer tenants.<br><br>Helps MSPs measure and improve device compliance and app protection across customer tenants.| +| Device performance | Endpoint analytics |Metadata of device performance, such as device name, device ID, device group, startup performance score, restart frequency, sign-in duration, battery life, and app reliability<br><br>Metadata of device recommendations, such as name, type, impact, status, and details | Helps MSPs manage device performance across customer tenants.<br><br>Helps MSPs measure and improve device productivity and user experience across customer tenants. | +| App management* (Preview) | Microsoft 365 Apps admin center | Metadata related to Microsoft 365 apps management, such as update channel, build and version number, and installed Microsoft 365 apps and add-ins.<br><br>Metadata of Office devices, such as OS, storage, RAM, system architecture (for example, 64-bit), last signed-in user, devices on an unsupported build, devices not on the latest build, and devices using cloud update. | Helps MSPs manage Microsoft 365 app health across customer tenants.<br><br>Helps MSPs measure and improve Office device productivity and Microsoft 365 app user experience across customer tenants. | +| Email security | Microsoft Defender for Office 365 | Metadata of quarantined messages, such as sender, recipient, subject, date, reason for quarantine, and release status<br><br>Metadata of email threats, such as threat type, threat severity, and threat action | Helps MSPs manage quarantined messages across customer tenants.<br><br>Helps MSPs measure and improve email security and anti-phishing across customer tenants. | | Identity and access management | Exchange Online | Metadata of shared mailboxes, such as email address and name | Helps MSPs manage shared mailboxes across customer tenants. |-| Identity and access management | Microsoft Entra | Various types of data related to identity and access management, security and compliance, and device and user management, such as:<br><ul><li>User and tenant identity information</li><li>User and tenant license information</li><li>User and tenant security information</li><li>User MFA/SSPR information</li><li>Conditional access policies</li><li>Risky users</li><li>User and group information for assignment</li></ul><br>Comparison of Microsoft Entra data with the baseline configuration | Helps MSPs manage various aspects of Microsoft Entra across customer tenants.<br/><br/>Helps MSPs measure and improve identity and access management, security and compliance, and device and user management across customer tenants. | +| Identity and access management | Microsoft Entra | Various types of data related to identity and access management, security and compliance, and device and user management, such as:<br><ul><li>User and tenant identity information</li><li>User and tenant license information</li><li>User and tenant security information</li><li>User MFA/SSPR information</li><li>Conditional access policies</li><li>Risky users</li><li>User and group information for assignment</li></ul><br>Comparison of Microsoft Entra data with the baseline configuration | Helps MSPs manage various aspects of Microsoft Entra across customer tenants.<br><br>Helps MSPs measure and improve identity and access management, security and compliance, and device and user management across customer tenants. | | Security posture | Microsoft Secure Score | All security recommendations and actions | Helps MSPs assess and improve the security posture of customer tenants. |-| Threat protection | Microsoft Defender for Business | Metadata of enrolled devices, such as device name, device type, and device ID<br/><br/>Metadata of threat and vulnerability information, such as threat name (for example, Trojan: Win32/Emotet), threat severity (for example, high), threat category (for example, malware), threat status (for example, active or resolved), threat action (for example, quarantine or allow), vulnerability name (for example, CVE-2021-1234), vulnerability severity (for example, critical), vulnerability category (for example, remote code execution), vulnerability exposure score (for example, 8.5 out of 10), and vulnerability remediation status (for example, pending or completed) | Helps MSPs monitor and protect devices from threats.<br/><br/>Helps MSPs measure and improve device security and vulnerability management across customer tenants. | +| Threat protection | Microsoft Defender for Business | Metadata of enrolled devices, such as device name, device type, and device ID<br><br>Metadata of threat and vulnerability information, such as threat name (for example, Trojan: Win32/Emotet), threat severity (for example, high), threat category (for example, malware), threat status (for example, active or resolved), threat action (for example, quarantine or allow), vulnerability name (for example, CVE-2021-1234), vulnerability severity (for example, critical), vulnerability category (for example, remote code execution), vulnerability exposure score (for example, 8.5 out of 10), and vulnerability remediation status (for example, pending or completed) | Helps MSPs monitor and protect devices from threats.<br><br>Helps MSPs measure and improve device security and vulnerability management across customer tenants. | ++\* This data category is in Preview, doesn't apply to everyone, and is subject to change. ## Data not collected |
security | Android Configure Mam | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure-mam.md | Web protection helps to secure devices against web threats and protect users fro 2. Provide a name and description to uniquely identify the policy. Target the policy to **'Selected apps'** and search for **'Microsoft Defender Endpoint for Android'**. Click the entry and then click **Select** and then **Next**. -3. Add the key and value from the following table. Ensure that the **"DefenderMAMConfigs"** key is present in every policy that you create using Managed Apps route. For Managed Devices route, this key shouldn't exist. When you're done, click **Next**. +1. Add the key and value from the following table. Ensure that the **"DefenderMAMConfigs"** key is present in every policy that you create using Managed Apps route. For Managed Devices route, this key shouldn't exist. When you're done, click **Next**. | Key | Value Type | Default (true-enable, false-disable) | Description | | | | | |- | `DefenderNetworkProtectionEnable` | Integer | 0 | 1 - Enable , 0 - Disable ; This setting is used by IT admins to enable or disable the network protection capabilities in the defender app| - |`DefenderAllowlistedCACertificates`| String | None | None-Disable; This setting is managed by an admin to establish trust for root CA and self signed certificates.| - |`DefenderCertificateDetection`|Integer| 1 |0 - Disable , 1 - Audit mode , 2 - Enable ; When network protection is enabled, Audit mode for certificate detection is enabled by default. In audit mode, notification alerts are sent to SOC admins, but no end user notifications are displayed to the user when Defender detects a bad certificate. Admins can disable this detection with 0 as the value and enable full feature functionality by setting 2 as the value. When this feature is enabled with value as 2, end user notifications are sent to the user when Defender detects a bad certificate. Alerts are also sent to SOC Admins. | - | `DefenderOpenNetworkDetection` | Integer | 0 | 1 - enable, 0 - disable; This setting is managed by IT Admins to enable or disable open network detection informational alerts with no end user detection experience. | - | `DefenderEndUserTrustFlowEnable` | String | false | true - enable, false - disable; This setting is used by IT admins to enable or disable the end user in-app experience to trust and untrust the unsecure and suspicious networks. | - | `DefenderNetworkProtectionAutoRemediation` | String | true | true - enable, false - disable; This setting is used by the IT admin to enable or disable the remediation alerts that are sent when a user performs remediation activities like switching to safer Wi-Fi access points or deleting suspicious certificates detected by Defender. | - | `DefenderNetworkProtectionPrivacy` | String | true | true - enable, false - disable; This setting is managed by IT admins to enable or disable privacy in network protection. | -+ | `DefenderNetworkProtectionEnable` | Integer | 0 | 1 - Enable, 0 - Disable; This setting is used by IT admins to enable or disable the network protection capabilities in the defender app.| + |`DefenderAllowlistedCACertificates`| String | None | None-Disable; This setting is used by IT admins to establish trust for root CA and self-signed certificates.| + |`DefenderCertificateDetection`|Integer| 0 |2-Enable, 1 - Audit mode, 0 - Disable; When this feature is enabled with value as 2, end user notifications are sent to the user when Defender detects a bad certificate. Alerts are also sent to SOC Admins. In audit mode (1), notification alerts are sent to SOC admins, but no end user notifications are displayed to the user when Defender detects a bad certificate. Admins can disable this detection with 0 as the value and enable full feature functionality by setting 2 as the value. | + | `DefenderOpenNetworkDetection` | Integer | 0 |2-Enable, 1 - Audit mode, 0 - Disable; This setting is used by IT Admins to enable or disable open network detection. By default, the open network detection is disabled with value as 0 and defender does not send end user notifications or alerts to SOC admins in security portal. If switched to audit mode with value 1, notification alert is sent to SOC admin, but no end user notification is displayed to the user when defender detects an open network. If it's enabled with value 2, then end user notification is displayed and also alerts to SOC admins is sent.| + | `DefenderEndUserTrustFlowEnable` | Integer | 0 | 1 - Enable, 0 - Disable; This setting is used by IT admins to enable or disable the end user in-app experience to trust and untrust the unsecure and suspicious networks. | + | `DefenderNetworkProtectionAutoRemediation` | Integer | 1 | 1 - Enable, 0 - Disable; This setting is used by IT admins to enable or disable the remediation alerts that are sent when a user performs remediation activities like switching to safer Wi-Fi access points or deleting suspicious certificates detected by Defender. | + | `DefenderNetworkProtectionPrivacy` | Integer | 1 | 1 - Enable, 0 - Disable; This setting is used by IT admins to enable or disable privacy in network protection. If privacy is disabled with value 0, then user consent is shown to share the malicious wifi or certs data. If its in enabled state with value 1, then no user consent is shown and no app data is collected.| + 4. Include or exclude the groups you want the policy to apply to. Proceed to review and submit the policy. > [!NOTE] Use the following steps to configure the Device tags: ## Related topics - [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md)+ - [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md) |
security | Ios Whatsnew | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-whatsnew.md | Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.]( > [!IMPORTANT] > ## Network Protection ΓÇô Update-> Network protection feature will soon be enabled by default for all users. The update will be rolled out in a phased manner. As a result, users will be able to see Network Protection Card in the Defender app along with App Protection and Web Protection. Users are also required to provide Location permission to complete the set up. For more information, see [Network Protection](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-network-protection). -+> Network protection feature will soon be enabled by default for all users. The update will be rolled out in a phased manner. As a result, users will be able to see Network Protection Card in the Defender app along with App Protection and Web Protection. Users are also required to provide **Local Network** permission. This permission is needed to enhance the existing rogue wifi detection. For more information, see [Network Protection](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-network-protection). ## Device Tagging Mobile Device Tagging is now generally available. This feature enables bulk tagging the mobile devices by allowing the admins to set up tags via Intune. Admin can configure the device tags through Intune via configuration policies and push them to user's devices. Once the User installs and activates Defender, the client app passes the device tags to the Security Portal. The Device tags appear against the devices in the Device Inventory. For more information, read [Configure Device Tagging](/microsoft-365/security/defender-endpoint/ios-configure-features#device-tagging). |
security | Mde Linux Deployment On Sap | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-linux-deployment-on-sap.md | description: Deployment guidance for Microsoft Defender for Endpoint on Linux fo + ms.localizationpriority: medium audience: ITPro+- partner-contribution # Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) This article provides deployment guidance for Microsoft Defender for Endpoint on Linux for SAP. This article includes recommended SAP OSS (Online Services System) notes, the system requirements, prerequisites, important configuration settings, recommended antivirus exclusions, and guidance on scheduling antivirus scans. -Conventional security defenses that have been commonly used to protect SAP systems such as isolating infrastructure behind firewalls and limiting interactive operating system logons are no longer considered sufficient to mitigate modern sophisticated threats. It's essential to deploy modern defenses to detect and contain threats in real-time. SAP applications unlike most other workloads require basic assessment and validation before deploying Microsoft Defender for Endpoint. The Enterprise Security administrators should contact the SAP Basis Team prior to deploying Defender for Endpoint. The SAP Basis Team should be cross trained with a basic level of knowledge about Defender for Endpoint. +Conventional security defenses that have been commonly used to protect SAP systems such as isolating infrastructure behind firewalls and limiting interactive operating system logons are no longer considered sufficient to mitigate modern sophisticated threats. It's essential to deploy modern defenses to detect and contain threats in real-time. SAP applications unlike most other workloads require basic assessment and validation before deploying Microsoft Defender for Endpoint. The enterprise security administrators should contact the SAP Basis team prior to deploying Defender for Endpoint. The SAP Basis Team should be cross trained with a basic level of knowledge about Defender for Endpoint. ## Recommended SAP OSS Notes Conventional security defenses that have been commonly used to protect SAP syste - Microsoft Defender for Endpoint [version](./linux-whatsnew.md) >= 101.23082.0009 | Release version: 30.123082.0009 or higher must be deployed. - Microsoft Defender for Endpoint on Linux supports all the [Linux releases](microsoft-defender-endpoint-linux.md#system-requirements) used by SAP applications. - Microsoft Defender for Endpoint on Linux requires connectivity to [specific Internet endpoints](microsoft-defender-endpoint-linux.md#network-connections) from VMs to update antivirus Definitions.-- Microsoft Defender for Endpoint on Linux requires some crontab (or other task scheduler) entries to schedule scans, log rotation, and Microsoft Defender for Endpoint updates. Enterprise Security teams normally manage these entries. Refer to [How to schedule an update of the Microsoft Defender for Endpoint (Linux) | Microsoft Learn](linux-update-mde-linux.md).+- Microsoft Defender for Endpoint on Linux requires some crontab (or other task scheduler) entries to schedule scans, log rotation, and Microsoft Defender for Endpoint updates. Enterprise Security teams normally manage these entries. Refer to [How to schedule an update of the Microsoft Defender for Endpoint (Linux)](linux-update-mde-linux.md). The default configuration option for deployment as an Azure Extension for AntiVirus (AV) will be Passive Mode. This means that the AV component of Microsoft Defender for Endpoint won't intercept IO calls. It's recommended to run Microsoft Defender for Endpoint in Passive Mode on all SAP applications and to schedule a scan once per day. In this mode: The default configuration option for deployment as an Azure Extension for AntiVi - **Security intelligence updates are turned on**: Alerts are available on security administrator's tenant. The Linux crontab is typically used to schedule Microsoft Defender for Endpoint AV scan and log rotation tasks:-[How to schedule scans with Microsoft Defender for Endpoint (Linux) | Microsoft Learn](linux-schedule-scan-mde.md) +[How to schedule scans with Microsoft Defender for Endpoint (Linux)](linux-schedule-scan-mde.md) Endpoint Detection and Response (EDR) functionality is active whenever Microsoft Defender for Endpoint on Linux is installed. There's no simple way to disable EDR functionality through command line or configuration. For more information on troubleshooting EDR, see the sections [Useful Commands](#useful-commands) and [Useful Links](#useful-links). It's recommended to initially exclude: - The entire contents of the TRANS directory - The entire contents of directories for standalone engines such as TREX - Hana ΓÇô exclude /hana/shared, /hana/data, and /hana/log - see Note 1730930-- SQL Server ΓÇô [Configure antivirus software to work with SQL Server - SQL Server | Microsoft Learn](/troubleshoot/sql/database-engine/security/antivirus-and-sql-server)+- SQL Server ΓÇô [Configure antivirus software to work with SQL Server - SQL Server](/troubleshoot/sql/database-engine/security/antivirus-and-sql-server) - Oracle ΓÇô See How To Configure Anti-Virus On Oracle Database Server (Doc ID 782354.1) - DB2 ΓÇô [https://www.ibm.com/support/pages/which-db2-directories-exclude-linux-anti-virus-software](https://www.ibm.com/support/pages/which-db2-directories-exclude-linux-anti-virus-software) - SAP ASE ΓÇô contact SAP sudo azsecd status The following articles detail how to configure AV exclusions for processes, files, and folders per individual VM: -- [Set up exclusions for Microsoft Defender Antivirus scans | Microsoft Learn](configure-exclusions-microsoft-defender-antivirus.md)-- [Common mistakes to avoid when defining exclusions | Microsoft Learn](common-exclusion-mistakes-microsoft-defender-antivirus.md)+- [Set up exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +- [Common mistakes to avoid when defining exclusions](common-exclusion-mistakes-microsoft-defender-antivirus.md) ## Scheduling a Daily AV Scan The recommended configuration for SAP applications disables real-time interception of IO calls for AV scanning. The recommended setting is passive mode in which real_time_protection_enabled = false. -The following link details how to schedule a scan: [How to schedule scans with Microsoft Defender for Endpoint (Linux) | Microsoft Learn](linux-schedule-scan-mde.md). +The following link details how to schedule a scan: [How to schedule scans with Microsoft Defender for Endpoint (Linux)](linux-schedule-scan-mde.md). Large SAP systems might have more than 20 SAP application servers each with a connection to the SAPMNT NFS share. Twenty or more application servers simultaneously scanning the same NFS server will likely overload the NFS server. By default, Defender for Endpoint on Linux doesn't scan NFS sources. sudo mdatp diagnostic create ## Useful Links - Microsoft Endpoint Manager doesn't support Linux at this time-- [Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Endpoint Manager | Microsoft Learn](security-config-management.md)-- [Microsoft Defender for Endpoint Linux - Configuration and Operation Command List - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-defender-for-endpoint-linux-configuration-and/ba-p/1577902)-- [Deploying Microsoft Defender for Endpoint on Linux Servers. - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/deploying-microsoft-defender-for-endpoint-on-linux-servers/ba-p/1560326)-- [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux | Microsoft Docs](linux-support-connectivity.md#run-the-connectivity-test)-- [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux | Microsoft Docs](linux-support-perf.md#troubleshoot-performance-issues-using-microsoft-defender-for-endpoint-client-analyzer)++- [Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Endpoint Manager](security-config-management.md) ++- [Microsoft Tech Community: Microsoft Defender for Endpoint Linux - Configuration and Operation Command List](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-defender-for-endpoint-linux-configuration-and/ba-p/1577902) ++- [Microsoft Tech Community: Deploying Microsoft Defender for Endpoint on Linux Servers](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/deploying-microsoft-defender-for-endpoint-on-linux-servers/ba-p/1560326) ++- [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux](linux-support-connectivity.md#run-the-connectivity-test) ++- [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](linux-support-perf.md#troubleshoot-performance-issues-using-microsoft-defender-for-endpoint-client-analyzer) |
security | Mde Sap Windows Server | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-sap-windows-server.md | + + Title: "Microsoft Defender Endpoint on Windows Server with SAP" +description: Understand how Microsoft Defender for Endpoint with EDR and other advanced security capabilities interacts with SAP applications. +++ Last updated : 04/17/2024++++ms.localizationpriority: normal +++- partner-contribution ++search.appverid: MET150 +f1.keywords: NOCSH +audience: ITPro + ++# Microsoft Defender for Endpoint on Windows Server with SAP ++**Applies to:** ++- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) ++If your organization uses SAP, it's essential to understand the compatibility and support between [antivirus](microsoft-defender-antivirus-on-windows-server.md) and [EDR](overview-endpoint-detection-response.md) in Microsoft Defender for Endpoint and your SAP applications. This article helps you understand the support provided by SAP for endpoint protection security solutions like Defender for Endpoint and how they interact with SAP applications. ++This article applies to Microsoft Defender for Endpoint running on Windows Server with SAP applications such, as NetWeaver, S4 Hana, and SAP standalone engines, such as LiveCache. In this article, we focus on antivirus and EDR capabilities in Defender for Endpoint. For an overview of all of the Defender for Endpoint capabilities, see [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md). ++This article doesn't cover SAP client software, such as SAPGUI or Microsoft Defender Antivirus on Windows client devices. ++## Enterprise security and your SAP Basis team ++Enterprise security is a specialist role and the activities described in this article should be planned as a joint activity between your enterprise security team and the SAP Basis team. The enterprise security team needs to coordinate with the SAP Basis team and jointly design the Defender for Endpoint configuration and analyze any exclusions. ++### Get an overview of Defender for Endpoint ++Defender for Endpoint is a component of [Microsoft Defender XDR](/microsoft-365/security/defender/), and can be integrated with your SIEM/SOAR solution. ++Before you begin to plan or deploy Defender for Endpoint on Windows Server with SAP, take a moment to get an overview of Defender for Endpoint. The following video provides an overview: ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4wDob] ++For more detailed information about Defender for Endpoint and Microsoft security offerings, see the following resources: ++- [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) +- [Microsoft Security documentation and training - Security documentation](/security/) ++Defender for Endpoint includes capabilities that are beyond the scope of this article. In this article, we focus on two main areas: ++- **Next-generation protection** (which includes antivirus protection). [Next-generation protection](/microsoft-365/security/defender-endpoint/next-generation-protection) is an antivirus product like other antivirus solutions for Windows environments. +- **Endpoint Detection and Response** (EDR). [EDR capabilities](overview-endpoint-detection-response.md) detect suspicious activity and system calls, and provide an extra layer of protection against threats that bypassed antivirus protection. ++Microsoft and other security software vendors track threats and provide trend information. For information, see [Cyberthreats, viruses, and malware - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/threats). ++> [!NOTE] +> For information on Microsoft Defender for SAP on Linux, see [Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP](/microsoft-365/security/defender-endpoint/mde-linux-deployment-on-sap). Defender for Endpoint on Linux is significantly different than the Windows version. ++## SAP support statement on Defender for Endpoint and other security solutions ++SAP provides basic documentation for conventional file scan antivirus solutions. Conventional file scan antivirus solutions compare file signatures against a database of known threats. When an infected file is identified, the antivirus software typically alerts and quarantines the file. The mechanisms and behavior of file scan antivirus solutions are reasonably well known and are predictable; therefore, SAP support can provide a basic level of support for SAP applications interacting with file scan antivirus software. ++File based threats are now only one possible vector for malicious software. Fileless malware and malware that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised devices. Traditional antivirus security solutions aren't sufficient to stop such attacks. Artificial intelligence (AI) and device learning (ML) backed capabilities, such as behavioral blocking and containment are required. Security software such as Defender for Endpoint has advanced threat protection features to mitigate modern threats. ++Defender for Endpoint is continuously monitoring operating system calls, such as file read, file write, create socket, and other process level operations. The Defender for Endpoint EDR sensor acquires opportunistic locks on local NTFS files systems and is, therefore, unlikely to impact applications. Opportunistic locks aren't possible on remote network file systems. In rare cases, a lock could cause general nonspecific errors, such as *Access Denied* in SAP applications. ++SAP isn't able to provide any level of support for EDR/XDR software like [Microsoft Defender XDR](../defender/microsoft-365-defender.md) or [Defender for Endpoint](microsoft-defender-endpoint.md). The mechanisms in such solutions are adaptive; therefore, they're not predictable. Further, issues are potentially not reproducible. When problems are identified on systems running advanced security solutions, SAP recommends disabling the security software and then attempting to reproduce the problem. A support case can then be raised with the security software vendor. ++For more information about the SAP Support policy, see [3356389 - Antivirus or other security software affecting SAP operations](https://me.sap.com/notes/3356389). ++## Recommended SAP OSS Notes ++Here's a list of SAP articles you can use as needed: ++- [3356389 - Antivirus or other security software affecting SAP operations - SAP for Me](https://me.sap.com/notes/3356389) ++- [106267 - Virus scanner software on Windows - SAP for Me](https://me.sap.com/notes/106267) ++- [690449 - Transport buffer lock file (.LOB) remains blocked on Windows - SAP for Me](https://me.sap.com/notes/690449) ++- [2311946 - Filesystem errors on Windows - SAP for Me](https://me.sap.com/notes/2311946) ++- [2496239 - Ransomware / malware on Windows - SAP for Me](https://me.sap.com/notes/2496239) ++- [1497394 - Which files and directories should be excluded from an antivirus scan for SAP BusinessObjects Business Intelligence Platform products in Windows? - SAP for Me](https://me.sap.com/notes/1497394/E) ++## SAP applications on Windows Server: Top 10 recommendations ++1. **Limit access to SAP servers, block network ports, and take all other common security protection measures**. This first step is essential. The threat landscape has evolved from file-based viruses to file-less complex and sophisticated threats. Actions, such as **blocking ports and limiting logon/access** to VMs are **no longer considered sufficient** to fully mitigate modern threats. ++2. **Deploy Defender for Endpoint to nonproductive systems first before deploying to production systems**. Deploying Defender for Endpoint directly to production systems without testing is highly risky and can lead to downtime. If you can't delay deploying Defender for Endpoint to your production systems, consider temporarily disabling [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) and [real-time protection](configure-protection-features-microsoft-defender-antivirus.md). ++3. **Remember that real-time protection is enabled by default in Windows Server**. If problems are identified that might be related to Defender for Endpoint, it's recommended to [configure exclusions](defender-endpoint-antivirus-exclusions.md) and/or [open a support case](contact-support.md) via the Microsoft Defender portal. ++4. **Have the SAP Basis team and your security team work together on Defender for Endpoint deployment**. The two teams need to jointly create a phased deployment, testing, and monitoring plan. ++5. **Use tools like PerfMon (Windows) to create a performance baseline before deploying and activating Defender for Endpoint**. Compare the performance utilization before and after activating Defender for Endpoint. See [perfmon](/windows-server/administration/windows-commands/perfmon). ++6. **Deploy the latest version of Defender for Endpoint and use the latest releases of Windows**, ideally Windows Server 2019 or newer. See [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md). ++7. **Configure certain exclusions for Microsoft Defender Antivirus**. These include: ++ - DBMS data files, log files, and temp files, including disks containing backup files + - The entire contents of the SAPMNT directory + - The entire contents of the SAPLOC directory + - The entire contents of the TRANS directory + - The entire contents of directories for standalone engines such as TREX + + Advanced users can consider using [contextual file and folder exclusions](configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md). + + For more information about DBMS exclusions, use the following resources: ++ - **SQL Server**: [Configure antivirus software to work with SQL Server](/troubleshoot/sql/database-engine/security/antivirus-and-sql-server) + - **Oracle**: [How To Configure Anti-Virus On Oracle Database Server (Doc ID 782354.1)](https://support.oracle.com/knowledge/Oracle%20Database%20Products/782354_1.html) + - **DB2** ΓÇô [Which DB2 directories to exclude from Linux Anti-virus software](https://www.ibm.com/support/pages/which-db2-directories-exclude-linux-anti-virus-software) (use the same commands on Windows Server) + - **SAP ASE**: Contact SAP + - **MaxDB**: Contact SAP ++8. **Verify Defender for Endpoint settings**. Microsoft Defender Antivirus with SAP applications should have the following settings in most cases: ++ - `AntivirusEnabled : True` + - `AntivirusSignatureAge : 0` + - `BehaviorMonitorEnabled : True` + - `DefenderSignaturesOutOfDate : False` + - `IsTamperProtected : True` + - `RealTimeProtectionEnabled : True` ++9. **Use tools, such as [Intune](/mem/intune/protect/endpoint-security) or [Defender for Endpoint security settings management](/mem/intune/protect/mde-security-integration) to set up Defender for Endpoint**. Such tools can help ensure that Defender for Endpoint is configured correctly and uniformly deployed. ++ To use Defender for Endpoint security settings management, in the Microsoft Defender portal, go to **Endpoints** > **Configuration management** > **Endpoint security policies**, and then select **Create new Policy**. For more information, see [Manage endpoint security policies in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/manage-security-policies). ++10. **Use the latest release of Defender for Endpoint**. Several new features are being implemented in Defender for Endpoint on Windows, and these features were tested with SAP systems. These new features reduce blocking and lower CPU consumption. For more information about new features, see [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md). ++## Deployment methodology ++SAP and Microsoft both don't recommend deploying Defender for Endpoint on Windows directly to all development, QAS, and production systems simultaneously, and/or without careful testing and monitoring. Customers who deployed Defender for Endpoint and other similar software in an uncontrolled manner without adequate testing experienced system downtime as a result. ++Defender for Endpoint on Windows and any other software or configuration change should be deployed into development systems first, validated in QAS, and only then deployed into production environments. ++Using tools, such as [Defender for Endpoint security settings management](/mem/intune/protect/mde-security-integration) to deploy Defender for Endpoint to an entire SAP landscape without testing is likely to cause downtime. ++Here's a list of what to check: ++1. **Deploy Defender for Endpoint with [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) enabled**. If issues arise, enable [troubleshooting mode](enable-troubleshooting-mode.md), disable [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md), disable [real-time protection](configure-protection-features-microsoft-defender-antivirus.md), and configure [scheduled scans](schedule-antivirus-scans.md). ++2. **Exclude DBMS files and executables** following your DBMS vendor recommendations. ++3. **Analyze SAPMNT, SAP TRANS_DIR, Spool, and Job Log directories**. If there are more than 100,000 files, consider archiving to reduce the number of files. ++4. **Confirm the performance limits and quotas of the shared file system used for SAPMNT**. The SMB share source could be a NetApp appliance, a Windows Server shared disk, or Azure Files SMB. ++5. **Configure exclusions so that all SAP application servers aren't scanning the SAPMNT share simultaneously**, as it could overload your shared storage server. ++6. **In general, host interface files on a dedicated non-SAP file server**. Interface files are recognized as an attack vector. Real-time protection should be activated on this dedicated file server. SAP Servers should never be used as file servers for interface files. ++ > [!NOTE] + > Some large SAP systems have more than 20 SAP application servers each with a connection to the same SAPMNT SMB share. 20 application servers simultaneously scanning the same SMB server may overload the SMB server. It is recommended to exclude SAPMNT from regular scans. +> +## Important configuration settings for Defender for Endpoint on Windows Server with SAP ++1. **Get an overview of [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md)**. In particular, review information about [next-generation protection](next-generation-protection.md) and [EDR](overview-endpoint-detection-response.md). ++ > [!NOTE] + > The term *Defender* is sometimes used to refer to an entire suite of products and solutions. See [What is Microsoft Defender XDR?](/microsoft-365/security/defender/microsoft-365-defender). In this article, we focus on antivirus and EDR capabilities in Defender for Endpoint. + +2. **Check the status of Microsoft Defender Antivirus**. Open Command Prompt, and then run these PowerShell commands: ++ - `Get-MpComputerStatus` + - `Get-MpPreference` ++ The most significant settings for SAP are as follows: ++ ```powershell ++ Get-MpPreference |Select-Object -Property DisableCpuThrottleOnIdleScans, DisableRealtimeMonitoring, DisableScanningMappedNetworkDrivesForFullScan , DisableScanningNetworkFiles, ExclusionPath, MAPSReporting ++ Get-MpComputerStatus |Select-Object -Property AMRunningMode, AntivirusEnabled, BehaviorMonitorEnabled, IsTamperProtected , OnAccessProtectionEnabled, RealTimeProtectionEnabled ++ ``` + +3. **Check the status of EDR**. Open Command Prompt, and then run the following command: ++ `PS C:\Windows\System32> Get-Service -Name sense | FL *` ++ You should see output that resembles the following code snippet: ++ ```powershell ++ Name : sense + RequiredServices : {} + CanPauseAndContinue : False + CanShutdown : False + CanStop : False + DisplayName : Windows Defender Advanced Threat Protection Service + DependentServices : {} + MachineName : . + ServiceName : sense + ServicesDependedOn : {} + ServiceHandle : + Status : Running + ServiceType : Win32OwnProcess + StartType : Automatic + Site : + Container : ++ ``` ++ The values you want to see are `Status: Running` and `StartType: Automatic`. + + For more information about the output, see [Review events and errors using Event Viewer](event-error-codes.md). ++4. **Make sure that Microsoft Defender Antivirus is up to date**. The best way to make sure your antivirus protection is up to date is by using Windows Update. If you encounter issues or get an error, contact your security team. ++ For more information about updates, see [Microsoft Defender Antivirus security intelligence and product updates](microsoft-defender-antivirus-updates.md). ++5. **Make sure [behavior monitoring](behavioral-blocking-containment.md) is turned on**. If tamper protection is enabled, behavior monitoring is turned on by default. Use the default configuration of tamper protection enabled, behavior monitoring enabled, and real-time monitoring enabled unless a specific problem is identified. ++ For more information, see [Built-in protection helps guard against ransomware](built-in-protection.md). ++6. **Make sure [real-time protection is enabled](configure-real-time-protection-microsoft-defender-antivirus.md)**. The current recommendation for Defender for Endpoint on Windows is to enable real-time scanning, with tamper protection enabled, behavior monitoring enabled, and real-time monitoring enabled, unless a specific problem is identified. ++ For more information, see [Built-in protection helps guard against ransomware](built-in-protection.md). ++7. **Keep in mind how scans work with network shares**. By default, the Microsoft Defender Antivirus component on Windows scans SMB shared network file systems (for example, a Windows server share `\\server\smb-share` or a NetApp share) when these files are accessed by processes. ++ [Defender for Endpoint EDR](overview-endpoint-detection-response.md) on Windows might scan SMB shared network file systems. The EDR sensor scans certain files that are identified as interesting for EDR analysis during file modification, delete, and move operations. ++ Defender for Endpoint on Linux doesn't scan NFS file systems during [scheduled scans](linux-schedule-scan-mde.md). ++8. **Troubleshoot sense health or reliability issues**. To troubleshoot such issues, use the [Defender for Endpoint Client Analyzer tool](overview-client-analyzer.md). The Defender for Endpoint Client Analyzer can be useful when diagnosing sensor health or reliability issues on onboarded devices running either Windows, Linux, or macOS. Get the latest version of the Defender for Endpoint Client Analyzer here: [https://aka.ms/MDEAnalyzer](https://aka.ms/MDEAnalyzer). ++9. **Open a support case** if you need help. See [Contact Microsoft Defender for Endpoint support](contact-support.md). ++10. **If you're using production SAP VMs with [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction), keep in mind that Defender for Cloud deploys the Defender for Endpoint extension to all VMs**. If a VM isn't onboarded to Defender for Endpoint, it could be used as an attack vector. If you need more time to test Defender for Endpoint before deplying to your production environment, [contact support](contact-support.md). ++## Useful Commands: Microsoft Defender for Endpoint with SAP on Windows Server ++The following sections describe how to confirm or configure Defender for Endpoint settings by using PowerShell and Command Prompt: ++### Update Microsoft Defender Antivirus definitions manually ++Use Windows Update, or run the following command: ++`PS C:\Program Files\Windows Defender> .\MpCmdRun.exe -SignatureUpdate` ++You should see an output that resembles the following code snippet: ++```properties ++Signature update started . . . +Service Version: 4.18.23050.9 +Engine Version: 1.1.23060.1005 +AntiSpyware Signature Version: 1.393.925.0 +Antivirus Signature Version: 1.393.925.0 +Signature update finished. +PS C:\Program Files\Windows Defender> ++``` ++Another option is to use this command: ++`PS C:\Program Files\Windows Defender> Update-MpSignature` ++For more information about these commands, see the following resources: ++- [MpCmdRun.exe](command-line-arguments-microsoft-defender-antivirus.md) +- [Update-MpSignature](/powershell/module/defender/update-mpsignature?view=windowsserver2022-ps&preserve-view=true) ++### Determine whether EDR in block mode is turned on ++[EDR in block mode](edr-in-block-mode.md) provides added protection from malicious artifacts when Microsoft Defender Antivirus isn't the primary antivirus product and is running in passive mode. You can determine whether EDR in block mode is enabled by running the following command: ++`Get-MPComputerStatus|select AMRunningMode` ++There are two modes: Normal and Passive Mode. Testing with SAP systems was done only with `AMRunningMode = Normal` for SAP systems. ++For more information about this command, see [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus?view=windowsserver2022-ps&preserve-view=true). ++### Configure antivirus exclusions ++Before you configure exclusions, make sure that the SAP Basis team coordinates with your security team. Exclusions should be configured centrally and not at the VM level. Exclusions such as the shared SAPMNT file system should be excluded via a policy using the Intune admin tool. ++To view exclusions, use the following command: ++`Get-MpPreference | Select-Object -Property ExclusionPath` ++For more information about this command, see [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus?view=windowsserver2022-ps&preserve-view=true). ++For more information about exclusions, see the following resources: ++- [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md) +- [Configure custom exclusions for Microsoft Defender Antivirus](configure-exclusions-microsoft-defender-antivirus.md) +- [Contextual file and folder exclusions](configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md) ++### Configure EDR exclusions ++It isn't recommended to exclude files, paths, or processes from EDR as such exclusions comprise the protection from modern nonfile based threats. If necessary, open a support case with Microsoft Support via the Microsoft Defender portal specifying executables and/or paths to exclude. See [Contact Microsoft Defender for Endpoint support](contact-support.md). ++### Completely disable Defender for Endpoint on Windows for testing purposes ++> [!CAUTION] +> It is not recommended to disable security software unless there is no alternative to solve or isolate a problem. ++Defender for Endpoint should be configured with [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) turned on. To temporarily disable Defender for Endpoint to isolate problems, it's recommended to use [troubleshooting mode](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode). ++To shut down various subcomponents of the Microsoft Defender Antivirus solution, run the following commands: ++```powershell ++Set-MPPreference -DisableTamperProtection $true +Set-MpPreference -DisableRealtimeMonitoring $true +Set-MpPreference -DisableBehaviorMonitoring $true +Set-MpPreference -MAPSReporting Disabled +Set-MpPreference -DisableIOAVProtection $true +Set-MpPreference -EnableNetworkProtection Disabled ++``` ++For more information about these commands, see [Set-MpPreference](/powershell/module/defender/set-mppreference?view=windowsserver2022-ps&preserve-view=true). ++> [!IMPORTANT] +> You can't turn off EDR subcomponents on a device. The only way to turn off EDR is to [offboard the device](configure-endpoints-script.md#offboard-devices-using-a-local-script). ++To turn off [cloud-delivered protection](cloud-protection-microsoft-defender-antivirus.md) (Microsoft Advanced Protection Service, or MAPS), run the following commands: ++```powershell ++PowerShell Set-MpPreference -MAPSReporting 0ΓÇï +PowerShell Set-MpPreference -MAPSReporting DisabledΓÇï ++``` ++For more information about cloud-delivered protection, see the following resources: ++- [Cloud protection and Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md) +- [Cloud protection and sample submission at Microsoft Defender Antivirus](cloud-protection-microsoft-antivirus-sample-submission.md) (if you're considering whether to use automatic sample submission with your security policies) ++## Related articles ++- [Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP](mde-linux-deployment-on-sap.md) ++- [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server.md) ++- [Overview of endpoint detection and response](overview-endpoint-detection-response.md) |
security | Microsoft Defender Antivirus Windows | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md | The following table summarizes Microsoft Defender Antivirus processes and servic | **Microsoft Defender Antivirus command-line utility** | - **Processes** tab: N/A <br/>- **Details** tab: `MpCmdRun.exe` <br/>- **Services** tab: N/A | | **Microsoft Security Client Policy Configuration Tool** | - **Processes** tab: N/A <br/>- **Details** tab: `ConfigSecurityPolicy.exe` <br/>- **Services** tab: N/A | +To learn more about the Microsoft Defender Core service, please visit [Microsoft Defender Core service overview](/microsoft-365/security/defender-endpoint/microsoft-defender-core-service-overview). + For [Microsoft Endpoint Data Loss Prevention](/purview/endpoint-dlp-getting-started) (Endpoint DLP), the following table summarizes processes and services. You can view them in Task Manager in Windows. | Process or service | Where to view its status | For [Microsoft Endpoint Data Loss Prevention](/purview/endpoint-dlp-getting-star | **Microsoft Endpoint DLP service** <br/>(`MDDlpSvc`) | - **Processes** tab: `MpDlpService.exe` <br/>- **Details** tab: `MpDlpService.exe` <br/>- **Services** tab: `Microsoft Data Loss Prevention Service` | | **Microsoft Endpoint DLP command-line utility** | - **Processes** tab: N/A <br/>- **Details** tab: `MpDlpCmd.exe` <br/>- **Services** tab: N/A | -## Microsoft Defender Core service --To enhance your endpoint security experience, Microsoft is releasing the Microsoft Defender Core service to help with the stability and performance of Microsoft Defender Antivirus. For customers who are using Microsoft Endpoint Data Loss Prevention in the small, medium, and enterprise business sectors, Microsoft is splitting the codebase to its own service. --The Microsoft Defender Core service is releasing with [Microsoft Defender Antivirus platform version 4.18.23110.2009](./msda-updates-previous-versions-technical-upgrade-support.md#october-2023-platform-418231002009--engine-11231002009). --- Rollout begins in November 2023 to prerelease customers, with plans to release to all enterprise customers in the coming months.--- Enterprise customers should allow the following URLs:- - `*.events.data.microsoft.com` - - `*.endpoint.security.microsoft.com` - - `*.ecs.office.com` --- Enterprise U.S. Government customers should allow the following URLs:- - `*.events.data.microsoft.com` - - `*.endpoint.security.microsoft.us (GCC-H & DoD)` - - `*.gccmod.ecs.office.com (GCC-M)` - - `*.config.ecs.gov.teams.microsoft.us (GCC-H)` - - `*.config.ecs.dod.teams.microsoft.us (DoD)` - -- If you're using [Application Control for Windows](/windows/security/application-security/application-control/windows-defender-application-control/wdac), or you're running non-Microsoft antivirus or endpoint detection and response software, make sure to add the processes mentioned earlier to your allow list. --- Consumers need not take any actions to prepare. - ## Comparing active mode, passive mode, and disabled mode The following table describes what to expect when Microsoft Defender Antivirus is in active mode, passive mode, or disabled. |
security | Msda Updates Previous Versions Technical Upgrade Support | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md | Microsoft regularly releases [security intelligence updates and product updates - Improved performance of [on-access scanning](configure-advanced-scan-types-microsoft-defender-antivirus.md) of files with Mark of the Web (MoTW) - Added support for Active Directory device groups with [device control](device-control-overview.md) - Fixed an issue so that [ASROnlyPerRuleExclusions](/windows/client-management/mdm/defender-csp#configurationasronlyperruleexclusions) don't apply during an engine reboot-- [Microsoft Defender Core service](microsoft-defender-antivirus-windows.md#microsoft-defender-core-service) is generally available for consumer devices and is coming soon for business customers.+- [Microsoft Defender Core service overview](microsoft-defender-core-service-overview.md) is generally available for consumer devices and is coming soon for business customers. - Fixed an issue with device control so that device control policies remain enforced when a platform update requires a reboot - Improved performance of [device control for printing scenarios](device-control-policies.md) - Fixed truncation issue in the output of [MpCmdRun.exe -scan](command-line-arguments-microsoft-defender-antivirus.md) (processing Unicode characters) |
security | Network Protection Linux | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection-linux.md | You can use web content filtering for testing with Network protection for Linux. - Licensing: Microsoft Defender for Endpoint tenant (can be trial) and platform specific requirements found in [Microsoft Defender for Endpoint for non-Windows platforms](non-windows.md#licensing-requirements) - Onboarded Machines: - **Minimum Linux version**: For a list of supported distributions, see [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md).- - **Microsoft Defender for Endpoint Linux client version**: 101.78.13 -insiderSlow(Preview) -+ - **Microsoft Defender for Endpoint Linux client version**: 101.78.13 -insiderFast(Preview) + ## Instructions Deploy Linux manually, see [Deploy Microsoft Defender for Endpoint on Linux manually](linux-install-manually.md) -The following example shows the sequence of commands needed to the mdatp package on ubuntu 20.04 for insiders-Slow channel. +The following example shows the sequence of commands needed to the mdatp package on ubuntu 20.04 for insiders-Fast channel. ```bash-curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/20.04/insiders-slow.list -sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-insiders-slow.list +curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/20.04/insiders-fast.list +sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-insiders-fast.list sudo apt-get install gpg curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - sudo apt-get install apt-transport-https |
security | Whats New In Microsoft Defender Endpoint | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md | Two new ASR rules are now in public preview: ## November 2023 -- [Microsoft Defender Core service](microsoft-defender-antivirus-windows.md#microsoft-defender-core-service) is now available for consumers and is planned to begin rolling out to enterprise customers in early 2024.+- [Microsoft Defender Core service overview](microsoft-defender-core-service-overview.md) is now available for consumers and is planned to begin rolling out to enterprise customers in early 2024. - The [Microsoft Defender for Endpoint plug-in for Windows Subsystem for Linux (WSL)](/microsoft-365/security/defender-endpoint/mde-plugin-wsl) is now available in public preview. - Support for [mixed-license scenarios](defender-endpoint-subscription-settings.md) is now generally available in Defender for Endpoint. |
security | Microsoft Sentinel Onboard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-sentinel-onboard.md | Before you begin, review the feature documentation to understand the product cha - [Microsoft Sentinel in the Microsoft Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal) - [Advanced hunting in the Microsoft Defender portal](advanced-hunting-microsoft-defender.md) - [Automation with the unified security operations platform](/azure/sentinel/automation#automation-with-the-unified-security-operations-platform)- - [Incident response in the Microsoft Defender portal](incidents-overview.md) - - [Prioritize incidents in the Microsoft Defender portal](incident-queue.md) The Microsoft Defender portal supports a single Microsoft Entra tenant and the connection to one workspace at a time. In the context of this article, a workspace is a Log Analytics workspace with Microsoft Sentinel enabled. |
security | Scc Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/scc-permissions.md | description: Admins can learn about the roles and role groups in Microsoft Defen - seo-marvel-apr2020 Previously updated : 11/14/2023 Last updated : 04/18/2024 # Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview Managing permissions in Defender for Office 365 or Microsoft Purview gives users |**Data Catalog Curators**|Perform create, read, modify, and delete actions on catalog data objects and establish relationships between objects.|Data Map Reader <br/><br/> Data Map Writer| |**Data Estate Insights Admins**|Provides admin access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader <br/><br/> Insights Writer| |**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|+|**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator| |**Data Investigator**|Perform searches on mailboxes, SharePoint Online sites, and OneDrive for Business locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge| |**Data Source Administrators**|Manage data sources and data scans.|Credential Reader <br/><br/> Credential Writer <br/><br/> Scan Reader <br/><br/> Scan Writer <br/><br/> Source Reader <br/><br/> Source Writer| |**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](/purview/ediscovery-assign-permissions).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Scope Manager| Managing permissions in Defender for Office 365 or Microsoft Purview gives users > [!NOTE] > <sup>1</sup> This role group doesn't assign members the permissions necessary to search the audit log or to use any reports that might include Exchange data, such as the DLP or Defender for Office 365 reports. To search the audit log or to view all reports, a user has to be assigned permissions in Exchange Online. This action is required because the underlying cmdlet that's used to search the audit log is an Exchange Online cmdlet. Global admins can search the audit log and view all reports because they're automatically added as members of the Organization Management role group in Exchange Online. For more information, see [Search the audit log in the compliance portal](/purview/audit-log-search). -## Roles in Microsoft Defender for Office 365 and Microsoft Purview compliance +## Roles in Microsoft Defender for Office 365 and Microsoft Purview The table in this section lists the available roles and the role groups that they're assigned to by default. Roles that aren't assigned to the Organization Management role group by default |**Data Classification Feedback Reviewer**<sup>\*</sup>|Allows reviewing feedback from classifiers in feedback explorer.|Compliance Administrator| |**Data Classification List Viewer**<sup>\*</sup>|View the list of files in content explorer.|Content Explorer List Viewer <br/><br/> Information Protection <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators <br/><br/> Privacy Management <br/><br/> Privacy Management Analysts <br/><br/> Privacy Management Investigators <br/><br/> Privacy Management Viewers| |**Data Connector Admin**|Create and manage connectors to import and archive non-Microsoft data in Microsoft 365.|Communication Compliance <br/><br/> Communication Compliance Administrators <br/><br/> Compliance Administrator <br/><br/> Compliance Manager Administrators <br/><br/> Compliance Manager Assessors <br/><br/> Compliance Manager Contributors <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Admins <br/><br/> Organization Management|+|**Data Governance Administrator**|Delegates the first level of access for business domain creators and other application-level permissions.|Data Governance| |**Data Investigation Management**<sup>\*</sup>|Create, edit, delete, and control access to data investigation.|Compliance Administrator <br/><br/> Data Investigator| |**Data Map Reader**<sup>\*</sup>|Read actions on data map objects.|Compliance Administrator <br/><br/> Data Catalog Curators <br/><br/> Estate Insights Admins <br/><br/> Data Estate Insights Readers <br/><br/> Information Protection <br/><br/> Information Protection Admins <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators| |**Data Map Writer**<sup>\*</sup>|Create, read, modify, and delete actions on data map objects and establish relationships between objects.|Data Catalog Curators| |
security | Submissions Admin | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin.md | For other ways that **admins** can report messages to Microsoft in the Defender - **Choose at least one recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email bypassed scanning due to user or organization policies or override. - **Why are you submitting this message to Microsoft?**: Select one of the following values:- - **It appears suspicious**: Select this value if you're unsure and you want a verdict from Microsoft, select **Submit**, and then go to Step 6. + - **It appears suspicious**: Select this value only when you don't know or you're unsure of the message verdict and you would like to get a verdict from Microsoft. Select **Submit**, and then go to Step 6. or - - **I've confirmed it's a threat**: Select this value if you're sure that the item is malicious, and then select one of the following values in the **Choose a category** section that appears: + - **I've confirmed it's a threat**: In all other cases, select this value after you've already determined the message verdict as malicious. Select one of the following values in the **Choose a category** section that appears: - **Phish** - **Malware** - **Spam** After a few moments, the block entry is available on the **URL** tab on the **Te - **Choose at least one recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email was blocked due to user or organization policies or overrides. - **Why are you submitting this message to Microsoft?**: Select one of the following values:- - **It appears clean**: Select this value if you're unsure and you want a verdict from Microsoft, select **Submit**, and then go to Step 6. + - **It appears clean**: Select this value only when you don't know or you're unsure of the message verdict and you would like to get a verdict from Microsoft. Select **Submit**, and then go to Step 6. or - - **I've confirmed it's clean**: Select this value if you're sure that the item is clean, and then select **Next** + - **I've confirmed it's clean**: In all other cases, select this value after you've already determined the message verdict as clean. Select **Next**. :::image type="content" source="../../media/admin-submission-email-allow.png" alt-text="Submit a false positive (good) email to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-email-allow.png"::: |
solutions | Empower People To Work Remotely Remote Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-remote-access.md | Microsoft 365 traffic must take an indirect route through your organization, whi With split tunneling, you can configure your VPN client to exclude specific types of traffic from being sent over the VPN connection to the organization network. -To optimize access to Microsoft 365 cloud resources, configure your split tunneling VPN clients to exclude traffic to the **Optimize** category Microsoft 365 endpoints over the VPN connection. For more information, see [Office 365 endpoint categories](../enterprise/microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories). See [this list](../enterprise/urls-and-ip-address-ranges.md) of Optimize category endpoints. +To optimize access to Microsoft 365 cloud resources, configure your split tunneling VPN clients to exclude traffic to the **Optimize** category Microsoft 365 endpoints over the VPN connection. For more information, see [Office 365 endpoint categories](../enterprise/microsoft-365-network-connectivity-principles.md#optimizing-connectivity-to-microsoft-365-services). See [this list](../enterprise/urls-and-ip-address-ranges.md) of Optimize category endpoints. Here is the resulting traffic flow, in which most of the traffic to Microsoft 365 cloud apps bypasses the VPN connection. |
solutions | Networking Design Principles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/networking-design-principles.md | In this article, [Ed Fisher](https://www.linkedin.com/in/edfisher/), Security & ## About the author -![Ed Fisher photo.](../media/solutions-architecture-center/ed-fisher-networking.jpg) +![Screenshot of Ed Fisher photo.](../media/solutions-architecture-center/ed-fisher-networking.jpg) I'm currently a Principal Technical Specialist in our Retail and Consumer Goods team, focusing on Security & Compliance. I've worked with customers moving to Office 365 for the past ten years. I've worked with smaller shops with a handful of locations to government agencies and enterprises with millions of users distributed around the world, and many other customers in between, with the majority having tens of thousands of users, multiple locations in various parts of the world, the need for a higher degree of security, and a multitude of compliance requirements. I have helped hundreds of enterprises and millions of users move to the cloud safely and securely. When you don't permit outbound UDP traffic from clients to the service, they can But it isn't. All connections to Office 365 are over TLS. We have been offering TLS 1.2 for quite a while now and will be disabling older versions soon because legacy clients still use them and that's a risk. -Forcing a TLS connection, or 32 of them, to go over a VPN before they then go to the service doesn't add security. It does add latency and reduces overall throughput. In some VPN solutions, it even forces UDP to tunnel through TCP, which again will have a very negative impact on streaming traffic. And, unless you're doing TLS inspection, there's no upside, all downside. A very common theme among customers, now that most of their workforce is remote, is that they're seeing significant bandwidth and performance impacts from making all their users connect using a VPN, instead of configuring split tunneling for access to [Optimize category Office 365 endpoints](../enterprise/microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories). +Forcing a TLS connection, or 32 of them, to go over a VPN before they then go to the service doesn't add security. It does add latency and reduces overall throughput. In some VPN solutions, it even forces UDP to tunnel through TCP, which again will have a very negative impact on streaming traffic. And, unless you're doing TLS inspection, there's no upside, all downside. A very common theme among customers, now that most of their workforce is remote, is that they're seeing significant bandwidth and performance impacts from making all their users connect using a VPN, instead of configuring split tunneling for access to [Optimize category Office 365 endpoints](../enterprise/microsoft-365-network-connectivity-principles.md#optimizing-connectivity-to-microsoft-365-services). It's an easy fix to do split tunneling and it's one you should do. For more, make sure you review [Optimize Office 365 connectivity for remote users using VPN split tunneling](../enterprise/microsoft-365-vpn-split-tunnel.md). It's an easy fix to do split tunneling and it's one you should do. For more, mak Many times, the reason bad choices are made comes from a combination of (1) not knowing how the service works, (2) trying to adhere to company policies that were written before adopting the cloud, and (3) security teams who may not be easily convinced that there's more than one way to accomplish their goals. Hopefully the above, and the links below, will help with the first. Executive sponsorship may be required to get past the second. Addressing the security policies' goals, rather than their methods, helps with the third. From conditional access to content moderation, DLP to information protection, endpoint validation to zero-day threatsΓÇöany end goal a reasonable security policy may have can be accomplished with what is available in Office 365, and without any dependency upon on-premises network gear, forced VPN tunnels, and TLS break and inspect. -Other times, hardware that was sized and purchased before the organization started to move to the cloud simply cannot be scaled up to handle the new traffic patterns and loads. If you truly must route all traffic through a single egress point, and/or proxy it, be prepared to upgrade network equipment and bandwidth accordingly. Carefully monitor utilization on both, as the experience won't diminish slowly as more users onboard. Everything will be fine until the tipping point is reached, then everyone suffers. +Other times, hardware that was sized and purchased before the organization started to move to the cloud simply can't be scaled up to handle the new traffic patterns and loads. If you truly must route all traffic through a single egress point, and/or proxy it, be prepared to upgrade network equipment and bandwidth accordingly. Carefully monitor utilization on both, as the experience won't diminish slowly as more users onboard. Everything is fine until the tipping point is reached, then everyone suffers. ## Exceptions to the rules If your organization requires [tenant restrictions](/azure/active-directory/manage-apps/tenant-restrictions), you'll need to use a proxy with TLS break and inspect to force some traffic through the proxy, but you don't have to force all traffic through it. It's not an all or nothing proposition, so pay attention to what does need to be modified by the proxy. -If you're going to permit split tunneling but also use a proxy for general web traffic, make sure your PAC file defines what must go direct as well as how you define interesting traffic for what goes through the VPN tunnel. We offer sample PAC files at [https://aka.ms/ipaddrs](../enterprise/urls-and-ip-address-ranges.md) that will make this easier to manage. +If you're going to permit split tunneling but also use a proxy for general web traffic, make sure your PAC file defines what must go direct as well as how you define interesting traffic for what goes through the VPN tunnel. We offer sample PAC files at [https://aka.ms/ipaddrs](../enterprise/urls-and-ip-address-ranges.md) that makes this easier to manage. ## Conclusion |
solutions | Tenant Management Networking | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-networking.md | In this illustration, Microsoft 365 traffic must take an indirect route through With split tunneling, you can configure your VPN client to exclude specific types of traffic from being sent over the VPN connection to the organization network. -To optimize access to Microsoft 365 cloud resources, configure your split tunneling VPN clients to exclude traffic to the **Optimize** category Microsoft 365 endpoints over the VPN connection. For more information, see [Office 365 endpoint categories](../enterprise/microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories) and [the lists](../enterprise/microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) of Optimize category endpoints for split tunneling. +To optimize access to Microsoft 365 cloud resources, configure your split tunneling VPN clients to exclude traffic to the **Optimize** category Microsoft 365 endpoints over the VPN connection. For more information, see [Office 365 endpoint categories](../enterprise/microsoft-365-network-connectivity-principles.md#optimizing-connectivity-to-microsoft-365-services) and [the lists](../enterprise/microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) of Optimize category endpoints for split tunneling. Here is the resulting traffic flow for split tunneling, in which most of the traffic to Microsoft 365 cloud apps bypasses the VPN connection. |