Updates from: 04/24/2022 01:04:47
Category Microsoft Docs article Related commit history on GitHub Change details
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
Keep the following things in mind about alert aggregation:
The Role Based Access Control (RBAC) permissions assigned to users in your organization determine which alerts a user can see on the **Alerts** page. How is this accomplished? The management roles assigned to users (based on their membership in role groups in the compliance portal or the Microsoft 365 Defender portal) determine which alert categories a user can see on the **Alerts** page. Here are some examples: -- Members of the Records Management role group can view only the alerts that are generated by alert policies that are assigned the **Information governance** category.
+- Members of the Records Management role group can view only the alerts that are generated by alert policies that are assigned the **Data lifecycle management** category.
- Members of the Compliance Administrator role group can't view alerts that are generated by alert policies that are assigned the **Threat management** category.
compliance Content Search Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search-reference.md
You can use the **ItemClass** email property or the **Type** search condition to
## Searching inactive mailboxes
-You can search inactive mailboxes in a content search. To get a list of the inactive mailboxes in your organization, run the command `Get-Mailbox -InactiveMailboxOnly` in Exchange Online PowerShell. Alternatively, you can go to **Information governance** \> **Retention** in the Security & Compliance Center, and then click **More**![Navigation Bar ellipses.](../media/9723029d-e5cd-4740-b5b1-2806e4f28208.gif) \> **Inactive mailboxes**.
+You can search inactive mailboxes in a content search. To get a list of the inactive mailboxes in your organization, run the command `Get-Mailbox -InactiveMailboxOnly` in Exchange Online PowerShell. Alternatively, you can go to **Data lifecycle management** \> **Retention** in the Microsoft Purview compliance portal, and then click **More**![Navigation Bar ellipses.](../media/9723029d-e5cd-4740-b5b1-2806e4f28208.gif) \> **Inactive mailboxes**.
Here are a few things to keep in mind when searching inactive mailboxes.
compliance Delete Items In The Recoverable Items Folder Of Mailboxes On Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold.md
Run the following command in [Security & Compliance Center PowerShell](/powershe
Get-RetentionCompliancePolicy <retention policy GUID without prefix> | FL Name ```
-After you identify the retention policy, go to the **Information governance** > **Retention** page in the compliance portal, edit the retention policy that you identified in the previous step, and remove the mailbox from the list of recipients that are included in the retention policy.
+After you identify the retention policy, go to the **Data lifecycle management** > **Retention** page in the compliance portal, edit the retention policy that you identified in the previous step, and remove the mailbox from the list of recipients that are included in the retention policy.
### Organization-wide retention policies
Organization-wide, Exchange-wide, and Teams-wide retention policies are applied
Get-RetentionCompliancePolicy <retention policy GUID without prefix> | FL Name ```
-After you identify the organization-wide retention policies, go to the **Information governance** > **Retention** page in the compliance portal, edit each organization-wide retention policy that you identified in the previous step, and add the mailbox to the list of excluded recipients. Doing this will remove the user's mailbox from the retention policy.
+After you identify the organization-wide retention policies, go to the **Data lifecycle management** > **Retention** page in the compliance portal, edit each organization-wide retention policy that you identified in the previous step, and add the mailbox to the list of excluded recipients. Doing this will remove the user's mailbox from the retention policy.
> [!IMPORTANT] > After you exclude a mailbox from an organization-wide retention policy, it may take up to 24 hours to synchronize this change and remove the mailbox from the policy.
Perform the following steps (in the specified sequence) in Exchange Online Power
**Retention policies applied to specific mailboxes**
- Use the compliance portal to add the mailbox back to the retention policy. Go to the **Information governance** > **Retention** page in the compliance center, edit the retention policy, and add the mailbox back to the list of recipients that the retention policy is applied to.
+ Use the compliance portal to add the mailbox back to the retention policy. Go to the **Data lifecycle management** > **Retention** page in the compliance center, edit the retention policy, and add the mailbox back to the list of recipients that the retention policy is applied to.
**Organization-wide retention policies**
- If you removed an organization-wide or Exchange-wide retention policy by excluding it from the policy, then use the compliance portal to remove the mailbox from the list of excluded users. Go to the **Information governance** > **Retention** page in the compliance center, edit the organization-wide retention policy, and remove the mailbox from the list of excluded recipients. Doing this will reapply the retention policy to the user's mailbox.
+ If you removed an organization-wide or Exchange-wide retention policy by excluding it from the policy, then use the compliance portal to remove the mailbox from the list of excluded users. Go to the **Data lifecycle management** > **Retention** page in the compliance center, edit the organization-wide retention policy, and remove the mailbox from the list of excluded recipients. Doing this will reapply the retention policy to the user's mailbox.
**eDiscovery case holds**
compliance Filter Data When Importing Pst Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/filter-data-when-importing-pst-files.md
After you've created a PST import job, follow these steps to filter the data bef
1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> and sign in using the credentials for an administrator account in your organization.
-2. In the left pane of the compliance portal, click **Information governance** \> **Import**.
+2. In the left pane of the compliance portal, click **Data lifecycle management** \> **Import**.
The import jobs for your organization are listed on the **Import** tab. The **Analysis completed** value in the **Status** column indicates the import jobs that have been analyzed by Microsoft 365 and are ready for you to import.
compliance Use Drive Shipping To Import Pst Files To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-drive-shipping-to-import-pst-files-to-office-365.md
The first step is to download the tool and that you use in Step 2 to copy PST fi
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left navigation pane of the compliance portal, click **Information governance** \> **Import**.
+2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Import**.
> [!NOTE] > As previously stated, you have to be assigned the appropriate permissions to access the **Import** page in the compliance portal.
The next step is to create the PST Import job in the Import service in Office 36
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left navigation pane of the compliance portal, click **Information governance** \> **Import**.
+2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Import**.
3. On the **Import** tab, click ![Add Icon.](../media/ITPro-EAC-AddIcon.gif) **New import job**.
After PST files are uploaded to Azure, the status is changed to **Analysis in pr
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left navigation pane of the compliance portal, click **Information governance** \> **Import****.
+2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Import****.
3. On the **Import** tab, select the import job that you created in Step 4 and click **Import to Office 365**.
security Manage Protection Update Schedule Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md
# Manage the schedule for when protection updates should be downloaded and applied -
+> [!IMPORTANT]
+> Customers who applied the March 2022 Microsoft Defender engine update (**1.1.19100.5**) might have encountered high resource utilization (CPU and/or memory). Microsoft has released an update (**1.1.19200.5**) that resolves the bugs introduced in the earlier version. Customers are recommended to update to this new engine build of Antivirus Engine (**1.1.19200.5**). To ensure any performance issues are fully fixed, it is recommended to reboot machines after applying update. For more information, see [Monthly platform and engine versions](manage-updates-baselines-microsoft-defender-antivirus.md#monthly-platform-and-engine-versions).
**Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
security Manage Protection Updates Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md
# Manage the sources for Microsoft Defender Antivirus protection updates
+> [!IMPORTANT]
+> Customers who applied the March 2022 Microsoft Defender engine update (**1.1.19100.5**) might have encountered high resource utilization (CPU and/or memory). Microsoft has released an update (**1.1.19200.5**) that resolves the bugs introduced in the earlier version. Customers are recommended to update to this new engine build of Antivirus Engine (**1.1.19200.5**). To ensure any performance issues are fully fixed, it is recommended to reboot machines after applying update. For more information, see [Monthly platform and engine versions](manage-updates-baselines-microsoft-defender-antivirus.md#monthly-platform-and-engine-versions).
**Applies to:**
security Manage Updates Baselines Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md
ms.technology: mde Previously updated : 04/11/2022 Last updated : 04/22/2022 - M365-security-compliance - m365initiative-defender-endpoint
# Manage Microsoft Defender Antivirus updates and apply baselines
+> [!IMPORTANT]
+> Customers who applied the March 2022 Microsoft Defender engine update (**1.1.19100.5**) might have encountered high resource utilization (CPU and/or memory). Microsoft has released an update (**1.1.19200.5**) that resolves the bugs introduced in the earlier version. Customers are recommended to update to this new engine build of Antivirus Engine (**1.1.19200.5**). To ensure any performance issues are fully fixed, it is recommended to reboot machines after applying update. See [Monthly platform and engine versions](#monthly-platform-and-engine-versions) (in this article).
+ **Applies to:** - [Microsoft Defender for Endpoint Plans 1 and 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus
Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. Make sure to update your antivirus protection, even if Microsoft Defender Antivirus is running in [passive mode](microsoft-defender-antivirus-compatibility.md). There are two types of updates related to keeping Microsoft Defender Antivirus up to date: -- Security intelligence updates-- Product updates
+- [Security intelligence updates](#security-intelligence-updates)
+- [Product updates](#product-updates)
> [!TIP] > To see the most current engine, platform, and signature date, visit the [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates)
All our updates contain
- Integration improvements (Cloud, [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender)) <br/><br/> <details>
+<summary>March-2022 *UPDATE* (Platform: 4.18.2203.5 | Engine: 1.1.19200.5)</summary>
+
+*Customers who applied the March 2022 Microsoft Defender engine update (**1.1.19100.5**) might have encountered high resource utilization (CPU and/or memory). Microsoft has released an update (**1.1.19200.5**) that resolves the bugs introduced in the earlier version. Customers are recommended to update to this new engine build of Antivirus Engine (**1.1.19200.5**). To ensure any performance issues are fully fixed, it is recommended to reboot machines after applying update.*
+
+&ensp;Security intelligence update version: **1.363.817.0**<br/>
+&ensp;Released: **April 22, 2022**<br/>
+&ensp;Platform: **4.18.2203.5**<br/>
+&ensp;Engine: **1.1.19200.5**<br/>
+&ensp;Support phase: **Security and Critical Updates**<br/>
+
+Engine version: 1.1.19200.5 <br/>
+Security intelligence update version: 1.363.817.0<br/>
+
+### What's new
+
+- Resolves issues with high resource utilization (CPU and/or memory) related to the earlier March 2022 Microsoft Defender engine update (1.1.19100.5)
+
+### Known Issues
+
+No known issues
+
+<br/><br/>
+</details><details>
<summary>March-2022 (Platform: 4.18.2203.5 | Engine: 1.1.19100.5)</summary> &ensp;Security intelligence update version: **1.361.1449.0**<br/>