-> - Apply a retention label to a document understanding model in Microsoft Syntex

-You can view the number of matches a trainable classifier has in **Content explorer** and **Trainable classifiers**. You can also provide feedback on whether an item is actually a match or not using the **Match**, **Not a Match** feedback mechanism and use that feedback to tune your classifiers. See, [Increase classifier accuracy (preview)](data-classification-increase-accuracy.md) for more information.

->[!NOTE]

->Availability for user-reported messages for organizations licensed and using [communication compliance](/microsoft-365/compliance/communication-compliance-configure#subscriptions-and-licensing) and Microsoft Teams started in May 2022. This feature will be available by August 31, 2022 for all organizations licensed and using communication compliance through July 2022. For organizations starting to use communication compliance after July 2022, user-reported messages policy availability may take up to 30 days from the date of your licensing and first use of communication compliance.

-Enabled by default in the [Teams admin center](/microsoftteams/manage-teams-in-modern-portal), the *Report a concern* option in Teams messages allows users in your organization to submit inappropriate internal personal and group chat messages for review by communication compliance reviewers for the policy. These messages are supported by a default system policy that supports reporting messages in Teams group and private chats.

-

-User reported messages from Teams chats are the only messages processed by the User-reported message policy and only the assigned reviewers for the policy can be modified. All other policy properties aren't editable. When the policy is created, the initial reviewers assigned to the policy are all members of the *Communication Compliance Admins* role group (if populated with at least one user) or all members of your organization's *Global Admin* role group. The policy creator is a randomly selected user from the *Communication Compliance Admins* role group (if populated with at least one user) or a randomly selected user from your organization's *Global Admin* role group.

-The *Report a concern* option is enabled by default and can be controlled via Teams messaging policies in the [Teams Admin Center](/microsoftteams/manage-teams-in-modern-portal). Users in your organization will automatically get the global policy, unless you create and assign a custom policy. Edit the settings in the global policy or create and assign one or more custom policies to turn on or turn off the *Report a concern* option. To learn more, see [Manage messaging policies in Teams](/microsoftteams/messaging-policies-in-teams).

-In addition, when you use [Microsoft Syntex](/microsoft-365/contentunderstanding/) and publish retention labels to SharePoint locations, you can [apply a retention label to a document understanding model](../contentunderstanding/apply-a-retention-label-to-a-model.md) so that identified documents are automatically labeled.

-You can view the number of matches a SIT or trainable classifier has in **Content explorer**. You can also provide feedback on whether an item is actually a match or not using the **Match**, **Not a Match** feedback mechanism and use that feedback to tune your classifiers. See, [Increase classifier accuracy (preview)](data-classification-increase-accuracy.md) for more information.

-# Increase classifier accuracy (preview)

-## Known limitations for this preview

-DLP policies are scoped at two different levels. The first level lets an unrestricted admin scope policies to all:

-|Actions applied at runtime|Audit|Audit|**Auth group A - BLock**|Audit|Audit|**Auth group A - Block, Auth group B - Block**|Audit|Audit|

-|Let admins apply retain and delete actions to a document understanding model, so that these are automatically applied to identified documents in a SharePoint library|[Publish retention labels and apply them in apps](create-apply-retention-labels.md)|

-Because it's an optional feature, your Global admin must set up pay-as-you-go billing to enable OCR. Refer to the instructions in [Configure Microsoft Syntex for pay-as-you-go billing in Azure](/microsoft-365/syntex/syntex-azure-billing) to add a subscription for OCR.

-> Because the Preservation Hold library is included in the site's storage quota, you might need to increase your storage when you use retention settings for SharePoint and Microsoft 365 groups.

-An email or document can have only a single retention label applied to it at a time. A retention label can be applied [manually](create-apply-retention-labels.md#manually-apply-retention-labels) by an end user or admin, or automatically by using any of the following methods:

-You can view the number of matches a SIT has in **Sensitive info types** and **Content explorer**. You can also provide feedback on whether an item is actually a match or not using the **Match**, **Not a Match** feedback mechanism and use that feedback to tune your SITs. See, [Increase classifier accuracy (preview)](data-classification-increase-accuracy.md) for more information.

-For Office apps older than version 2302 (Current Channel and Semi-Annual Enterprise Channel) or version 2303 (Monthly Enterprise Channel), to prevent the AIP add-in from loading in Office apps, use the Group Policy setting **List of managed add-ins** as documented in [No Add-ins loaded due to group policy settings for Office 2013 and Office 2016 programs](https://support.microsoft.com/help/2733070/no-add-ins-loaded-due-to-group-policy-settings-for-office-2013-and-off).

-Deploy this setting by using Group Policy, or by using the [Cloud Policy service for Microsoft 365](/DeployOffice/overview-office-cloud-policy-service).

-> If you use the Group Policy setting **Use the Sensitivity feature in Office to apply and view sensitivity labels** and set this to **1**, there are some situations where the AIP add-in might still load in Office apps. Blocking the add-in from loading in each app prevents this happening.

-If after making these changes the **Sensitivity** button doesn't display on the Office ribbon, check whether sensitivity labeling has been [turned off](sensitivity-labels-office-apps.md#if-you-need-to-turn-off-built-in-labeling-in-office-apps-on-windows) with the **Use the Sensitivity feature in Office to apply and view sensitivity labels** setting. Although this isn't the default configuration for Office apps, an administrator might have explicitly set this configuration by using Group Policy or by directly editing the registry.

-> If you've previously set the value of **Use the Sensitivity feature in Office to apply and view sensitivity labels** to **0** (or used the equivalent registry key of **UseOfficeForLabelling**) to disable built-in labeling because you wanted to use the AIP add-in: Going forward, if you don't configure the new setting that's described in this section, you won't be able to use sensitivity labeling with either the AIP add-in or built-in labeling.

-Starting with version 2302 (Current Channel and Semi-Annual Enterprise Channel) and version 2303 (Monthly Enterprise Channel) of the Office apps, the AIP add-in is disabled by default. To enable it, you must configure a new Office setting under **User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings**:

-Deploy this setting by using Group Policy, or by using the [Cloud Policy service for Microsoft 365](/DeployOffice/overview-office-cloud-policy-service).

-1. The security setting **Use the Sensitivity feature in Office to apply and view sensitivity labels**, must be **0**, or not configured.

-If both of these conditions are met but you need to turn off the built-in labels in Windows Office apps, use the following Group Policy setting:

-1. Navigate to **User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings**.

-2. Set **Use the Sensitivity feature in Office to apply and view sensitivity labels** to **0**.

-If you later need to revert this configuration, change the value to **1**. You might also need to change this value to 1 if the **Sensitivity** button isn't displayed on the ribbon as expected. For example, a previous administrator turned this labeling setting off.

-

-Deploy this setting by using Group Policy, or by using the [Cloud Policy service for Microsoft 365](/DeployOffice/overview-office-cloud-policy-service). The setting takes effect when these Office apps restart.

-If you need to disable the PDF support in Office apps for Word, Excel, and PowerPoint, you can do so by using an Office setting under **User Configuration/Administrative Templates/Microsoft Office 2016/Microsoft Save As PDF and Save As XPS add-ins**:

-### Licensing Requirements

-### Eligibility

-The Advanced Data Residency ("ADR") add-on is intended for enterprise customers of Microsoft 365 who have comprehensive data residency requirements. To be eligible to purchase ADR, customers must meet two pre-requisites:

-

-Geographic and channel availability will be updated as available.

-Customers must cover 100% of paid users above with ADR add-on license for tenant to receive data residency for ADR workloads.

-### Mixed/Hybrid Tenants:

-A customer is defined as "mixed" or "hybrid" if they have multiple license types including both Commercial/Public Sector (for example, E3, E5) **and** Education (for example, A1, A3, etc.) licenses in their subscription.

-Mixed/Hybrid customers have rights to purchase full ADR add-on for only the paid portion of Microsoft 365 SKUs and not obligated to cover free subscription types. However, they must cover the paid education seats with ADR (Microsoft 365 A3/A5, Office 365 A3/A5).

-If all of a customer's tenant data covered by the Advanced Data Residency feature isn't already stored at rest within their eligible _Local Region Geography_, then a data migration to the _Local Region Geography_ will be required. If all of a customer's tenant data covered by the Advanced Data Residency feature is already stored at rest within their eligible _Local Region Geography_, then no data migration to the _Local Region Geography_ will be required.

-After a customer has received their Advanced Data Residency licenses, then the customer will need to signal they're ready for their data migration to begin, if one is necessary. To signal your tenant is ready for its data migration, the customer administrator will visit the Data Location section of the Microsoft 365 Admin Console within the Settings -> Org Settings -> Organization Profile area. From here the customer administrator will be able to see the current location of their data-at-rest and what _Local Region Geography_ their customer data will be migrated to, Please Note: Data migration won't begin until the customer administrator has executed this task. Further, the migration expectation discussed elsewhere in this documentation won't start being tracked until this task has been executed by the customer administrator.

-During the migration process, Microsoft temporarily copies your address book data into Microsoft global resources where it's encrypted and only used to support business continuity and disaster recovery operations (BCDR). After Microsoft has completed the mailbox data moves, Microsoft deletes that temporary data from the global resources. Microsoft continues to invest in global and regional resources regularly. In calendar year 2023, Microsoft plans to utilize regional resources for BCDR purposes during the migration process.

-### FAQ

-#### How do enterprise customers purchase the Microsoft 365 Advanced Data Residency add-on?

-<details><summary>Click to expand</summary>

-Eligible enterprise customers should contact their Microsoft account team or Enterprise Agreement licensing partner to facilitate a purchase of Advanced Data Residency add-on. Web Direct customers should purchase through their online account.

-</details>

-#### What does the launch of ADR mean for the Move Program?

-<details><summary>Click to expand</summary>

-The Advanced Data Residency and Move Program efforts will exist simultaneously for a limited time and have different customer commitments. The Move Program is limited to Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. ADR includes these and more workloads. The Move program was terminated with the launch of the Qatar local datacenter and won't be available for any future local datacenters. Advanced Data Residency customers receive prioritized migration services over Move Program customers. See the Migration Expectation section for more detail.

-</details>

-#### How can I move my data to my country with Advanced Data Residency? What does the process look like?

-<details><summary>Click to expand</summary>

-The first step is to purchase the ADR SKU, refer to [ADR Eligibility](advanced-data-residency.md#eligibility). Once you have purchased ADR, you'll receive a notification via Message Center (in the tenant admin center) outlining the purchase confirmation. After you confirm readiness to begin migrations 12-month expectation to migrate all your customer at-rest data, as it relates to the workloads listed above, will begin. From there all workloads migrating customer data will provide notifications to the tenant admin via Message Center (two messages each; one at the start and end of the migration process).

-</details>

-| IN | India | APC²| APC²| APC²|

-## Week of March 13, 2023

-| Published On |Topic title | Change |

-|||--|

-| 3/13/2023 | [Manage your Microsoft Defender for Endpoint subscription settings across client devices](/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?view=o365-worldwide) | added |

-| 3/13/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified |

-| 3/13/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified |

-| 3/13/2023 | [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings?view=o365-worldwide) | modified |

-| 3/13/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | modified |

-| 3/13/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified |

-| 3/13/2023 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified |

-| 3/13/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified |

-| 3/13/2023 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-worldwide) | modified |

-| 3/13/2023 | [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) | modified |

-| 3/13/2023 | [Create custom roles with Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/create-custom-rbac-roles?view=o365-worldwide) | modified |

-| 3/13/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified |

-| 3/13/2023 | [Edit or delete roles Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/edit-delete-rbac-roles?view=o365-worldwide) | modified |

-| 3/13/2023 | [Step 4. Evaluate Microsoft Defender for Endpoint overview, including reviewing the architecture](/microsoft-365/security/defender/eval-defender-endpoint-overview?view=o365-worldwide) | modified |

-| 3/13/2023 | [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-worldwide) | modified |

-| 3/13/2023 | [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-worldwide) | modified |

-| 3/13/2023 | [Run an attack simulation in a Microsoft 365 Defender pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-worldwide) | modified |

-| 3/13/2023 | [Review architecture requirements and the structure for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-architecture?view=o365-worldwide) | modified |

-| 3/13/2023 | [Step 5. Evaluate Microsoft Defender for Cloud Apps overview](/microsoft-365/security/defender/eval-defender-mcas-overview?view=o365-worldwide) | modified |

-| 3/13/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified |

-| 3/13/2023 | [Redirecting accounts from Microsoft Defender for Endpoint to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide) | modified |

-| 3/13/2023 | [Redirecting accounts from Microsoft Defender for Identity to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mdi-redirection?view=o365-worldwide) | modified |

-| 3/13/2023 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) | modified |

-| 3/13/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified |

-| 3/13/2023 | [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) | modified |

-| 3/13/2023 | [Detecting human-operated ransomware attacks with Microsoft 365 Defender](/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide) | modified |

-| 3/13/2023 | [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-worldwide) | modified |

-| 3/13/2023 | [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) | modified |

-| 3/13/2023 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) | modified |

-| 3/13/2023 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) | modified |

-| 3/13/2023 | [Microsoft Defender for Office 365 data retention](/microsoft-365/security/office-365-security/mdo-data-retention?view=o365-worldwide) | modified |

-| 3/13/2023 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) | modified |

-| 3/13/2023 | [SIEM integration with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti?view=o365-worldwide) | modified |

-| 3/13/2023 | [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified |

-| 3/13/2023 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) | modified |

-| 3/13/2023 | [Configure teams with protection for sensitive data](/microsoft-365/solutions/configure-teams-sensitive-protection?view=o365-worldwide) | modified |

-| 3/13/2023 | [Configure Teams with three tiers of file sharing security](/microsoft-365/solutions/configure-teams-three-tiers-protection?view=o365-worldwide) | modified |

-| 3/13/2023 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-worldwide) | modified |

-| 3/13/2023 | Configure a team with security isolation by using a unique sensitivity label | removed |

-| 3/13/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

-| 3/14/2023 | [Increase threat protection for Microsoft 365 for business](/microsoft-365/admin/security-and-compliance/increase-threat-protection?view=o365-worldwide) | modified |

-| 3/14/2023 | [How to secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | added |

-| 3/14/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified |

-| 3/14/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified |

-| 3/14/2023 | [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions?view=o365-worldwide) | modified |

-| 3/14/2023 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-worldwide) | modified |

-| 3/14/2023 | [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) | modified |

-| 3/14/2023 | [Create custom roles with Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/create-custom-rbac-roles?view=o365-worldwide) | modified |

-| 3/14/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified |

-| 3/14/2023 | [Edit or delete roles Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/edit-delete-rbac-roles?view=o365-worldwide) | modified |

-| 3/14/2023 | [Step 4. Evaluate Microsoft Defender for Endpoint overview, including reviewing the architecture](/microsoft-365/security/defender/eval-defender-endpoint-overview?view=o365-worldwide) | modified |

-| 3/14/2023 | [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-worldwide) | modified |

-| 3/14/2023 | [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-worldwide) | modified |

-| 3/14/2023 | [Run an attack simulation in a Microsoft 365 Defender pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-worldwide) | modified |

-| 3/14/2023 | [Review architecture requirements and the structure for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-architecture?view=o365-worldwide) | modified |

-| 3/14/2023 | [Step 5. Evaluate Microsoft Defender for Cloud Apps overview](/microsoft-365/security/defender/eval-defender-mcas-overview?view=o365-worldwide) | modified |

-| 3/14/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified |

-| 3/14/2023 | [Redirecting accounts from Microsoft Defender for Endpoint to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide) | modified |

-| 3/14/2023 | [Redirecting accounts from Microsoft Defender for Identity to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mdi-redirection?view=o365-worldwide) | modified |

-| 3/14/2023 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) | modified |

-| 3/14/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified |

-| 3/14/2023 | [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) | modified |

-| 3/14/2023 | [Detecting human-operated ransomware attacks with Microsoft 365 Defender](/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide) | modified |

-| 3/14/2023 | [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-worldwide) | modified |

-| 3/14/2023 | [Microsoft Defender for Office 365 data retention](/microsoft-365/security/office-365-security/mdo-data-retention?view=o365-worldwide) | modified |

-| 3/14/2023 | [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified |

-| 3/14/2023 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) | modified |

-| 3/14/2023 | [Configure teams with protection for sensitive data](/microsoft-365/solutions/configure-teams-sensitive-protection?view=o365-worldwide) | modified |

-| 3/14/2023 | [Configure Teams with three tiers of file sharing security](/microsoft-365/solutions/configure-teams-three-tiers-protection?view=o365-worldwide) | modified |

-| 3/14/2023 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-worldwide) | modified |

-| 3/14/2023 | [Set up secure file and document sharing and collaboration with Teams in Microsoft 365](/microsoft-365/solutions/setup-secure-collaboration-with-teams?view=o365-worldwide) | modified |

-| 3/14/2023 | [Map fields of a modern template to library columns in Microsoft Syntex](/microsoft-365/syntex/content-assembly-map-fields) | added |

-| 3/14/2023 | [Connect your DNS records at GoDaddy to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-godaddy?view=o365-worldwide) | modified |

-| 3/14/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

-| 3/14/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified |

-| 3/14/2023 | [Use Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo?view=o365-worldwide) | modified |

-| 3/14/2023 | [Use the command line to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus?view=o365-worldwide) | modified |

-| 3/14/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified |

-| 3/14/2023 | [Monitor and report on Microsoft Defender Antivirus protection](/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus?view=o365-worldwide) | modified |

-| 3/14/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified |

-| 3/14/2023 | [Customize controlled folder access](/microsoft-365/security/defender-endpoint/customize-controlled-folders?view=o365-worldwide) | modified |

-| 3/14/2023 | [Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) | modified |

-| 3/14/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | modified |

-| 3/15/2023 | [Microsoft Purview Insider Risk Management and Communication Compliance privacy guide](/microsoft-365/compliance/insider-risk-solution-privacy?view=o365-worldwide) | added |

-| 3/15/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | renamed |

-| 3/15/2023 | [Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender (Preview)](/microsoft-365/security/defender/microsoft-365-security-mda-redirection?view=o365-worldwide) | added |

-| 3/15/2023 | How to secure your business data with Microsoft 365 for business | removed |

-| 3/15/2023 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) | modified |

-| 3/15/2023 | [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) | modified |

-| 3/15/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified |

-| 3/15/2023 | [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) | modified |

-| 3/15/2023 | [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) | modified |

-| 3/15/2023 | [Compare Microsoft Defender Vulnerability Management plans and capabilities](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide) | modified |

-| 3/15/2023 | [Enable the Report Message or the Report Phishing add-ins](/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure?view=o365-worldwide) | modified |

-| 3/15/2023 | [Top 12 tasks for security teams to support working from home](/microsoft-365/security/top-security-tasks-for-remote-work?view=o365-worldwide) | modified |

-| 3/16/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

-| 3/15/2023 | [Select the domain to use for email from Microsoft 365 products](/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products?view=o365-worldwide) | added |

-| 3/15/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified |

-| 3/15/2023 | [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) | modified |

-| 3/15/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified |

-| 3/15/2023 | [Train your custom model in Microsoft Syntex](/microsoft-365/syntex/train-model) | modified |

-| 3/17/2023 | [Train an unstructured document processing model in Microsoft Syntex](/microsoft-365/syntex/create-a-classifier) | modified |

-| 3/16/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified |

-| 3/16/2023 | [Detailed properties in the audit log](/microsoft-365/compliance/audit-log-detailed-properties?view=o365-worldwide) | modified |

-| 3/16/2023 | [Search the audit log to troubleshoot common scenarios](/microsoft-365/compliance/audit-troubleshooting-scenarios?view=o365-worldwide) | modified |

-| 3/16/2023 | [Free trial of Microsoft Purview compliance solutions](/microsoft-365/compliance/compliance-easy-trials?view=o365-worldwide) | modified |

-| 3/17/2023 | [Get started with insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified |

-| 3/17/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified |

-| 3/17/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified |

-

-> [!IMPORTANT]

-> The default state for the Attack Surface Reduction (ASR) rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" will change from **Not Configured** to **Configured** and the default mode set to **Block**. All other ASR rules will remain in their default state: **Not Configured**. Additional filtering logic has already been incorporated in the rule to reduce end user notifications. Customers can configure the rule to **Audit**, **Warn** or **Disabled** modes, which will override the default mode. The functionality of this rule is the same, whether the rule is configured in the on-by-default mode, or if you enable Block mode manually.

-You can specify individual files or folders (using folder paths or the full path to the file to be excluded). An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service continues to trigger events until the service is stopped and restarted.

-| extend InternetFacingReason = extractjson("$.InternetFacingReason", InternetFacingInfo, typeof(string)), InternetFacingLocalPort = extractjson("$.InternetFacingLocalPort", InternetFacingInfo, typeof(int)), InternetFacingScannedPublicPort = extractjson("$.InternetFacingScannedPublicPort", InternetFacingInfo, typeof(int)), InternetFacingScannedPublicIp = extractjson("$.InternetFacingScannedPublicIp", InternetFacingInfo, typeof(string)), InternetFacingLocalIp = extractjson("$.InternetFacingLocalIp", InternetFacingInfo, typeof(string)),   InternetFacingTransportProtocol=extractjson("$.InternetFacingTransportProtocol", InternetFacingInfo, typeof(string)), InternetFacingLastSeen = extractjson("$.InternetFacingLastSeen", InternetFacingInfo, typeof(datetime))

-DeviceNetworkEvents

-| where Timestamp > ago(7d)

-| where DeviceId == ""

-| where not(InitiatingProcessCommandLine has_any ("TaniumClient.exe", "ZSATunnel.exe", "MsSense.exe"))

-| where ActionType =="InboundConnectionAccepted"

-| extend LocalIP = replace(@"::ffff:", "", LocalIP),RemoteIP = replace(@"::ffff:", "", RemoteIP)

-| where LocalIP!= RemoteIP and RemoteIP !in~ ("::", "::1", "0.0.0.0", "127.0.0.1") and not(ipv4_is_private( RemoteIP ))

-| project-reorder DeviceId, LocalIP, LocalPort, RemoteIP, RemotePort, InitiatingProcessCommandLine, InitiatingProcessId, DeviceName

-# Deploy Microsoft Defender for Endpoint on iOS with Mobile Application Manager

-

- 1. Open the configuration profile from the path `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`.

- ```JSON

- },

- "cloudService": {

- "enabled": true,

- "diagnosticLevel": "optional",

- "automaticSampleSubmissionConsent": "safe",

- "automaticDefinitionUpdateEnabled": true,

- "proxy": "http://proxy.server:port/"

- "edr": {

- "groupIds":"GroupIdExample",

- "tags": [

- {

- "key": "GROUP",

- "value": "Tag"

- }

- ]

- }

- }

- ```

-

-

-```console

-# Remediate a registry value (the double backslash \\ indicates a registry value versus key)

-remediate registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SPStartup

-```

-keywords: migration, Microsoft Defender for Endpoint, antivirus, passive mode, setup process

-ms.sitesec: library

-ms.pagetype: security

-|[Windows 11](/windows/whats-new/windows-11-overview) <br/><br/>Windows 10, [version 1803](/lifecycle/announcements/windows-server-1803-end-of-servicing) or later (See [Windows 10 release information](/windows/release-health/release-information))<br/><br/>Windows 10, version 1703 or 1709 with [KB4493441](https://support.microsoft.com/help/4493441) installed |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCM.exe`<br/><br/>`C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection`|

-Certain exclusions for Defender for Endpoint must be defined in your existing non-Microsoft endpoint protection solution. Make sure to add the following exclusions:

-`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`

-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCnCProxy.exe`

-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`

-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`

-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCM.exe`

-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exe`

-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSC.exe`

-`C:\Program Files\Windows Defender Advanced Threat Protection\Classification\SenseCE.exe`

-`C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection`

-The `UrlClickEvents` table in the advanced hunting schema contains information about [Safe Links](../office-365-security/safe-links-about.md) clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps. UrlClickEvents is currently in public preview for Microsoft 365 Commercial customers and not available yet for GCC, GCC High, or DoD.

-| `Workload` | `string` | The application from which the user clicked on the link, with the values being Email, Office and Teams|

-The columns `NetworkMessageId` and `RecipientEmailAddress` must be present in the query output to apply actions to email messages.

-# Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)

-### Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender (preview)

-You can route accounts to Microsoft 365 Defender by enabling automatic redirection from the former Microsoft Defender for Cloud Apps portal. For more information, see [Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender (Preview)](microsoft-365-security-mda-redirection.md).

-You can also use the Microsoft 365 Defender APIs to query the Microsoft 365 Defender incidents and alerts data in your tenant. A custom app can filter the data, filter it based on custom settings, and then provide a filtered list of links to alerts and incidents that you can easily select to go right to that alert or incident. See [List incidents API in Microsoft 365 Defender| Microsoft Docs](/api-list-incidents.md). You can also integrate your SIEM with Microsoft Defender, see [Integrate your SIEM tools with Microsoft 365 Defender](/configure-siem-defender.md).

-[Advanced hunting](/advanced-hunting-overview.md) is a query-based threat hunting tool that lets you explore and inspect events in your network to locate threat indicators and entities. This flexible and customizable analysis tool enables unconstrained hunting for both known and potential threats. Microsoft 365 Defender also supports using a custom query to create [custom detection rules](/custom-detections-overview.md), which create alerts based on a query can be and scheduled to run automatically.

-5. Determine the set of [custom tags](/manage-incidents.md) or standards to create new one to identify incidents that are known to be part of a larger, coordinated ransomware attack

- - **Add default X-header text (*AddXHeader*)**: The X-header value `X-CustomSpam: This message was filtered by the custom spam filter option` is added to the message. You can use this value in Inbox rules or mail flow rules (also known as transport rules) to affect the delivery of the message.

-|**Starting point**|[Require MFA always for guests and external users](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Create this new policy and configure: <ul><li>For **Assignments > Users and groups > Include**, choose **Select users and groups**, and then select **All guest and external users**.</li><li>For **Assignments > Conditions > Sign-in risk** and select atleast one Sign-in risk level this policy will apply to. </li></ul>|

-|**Organization Management**¹|Members can control permissions for accessing features in these portals, and also manage settings for device management, data loss prevention, reports, and preservation. <br/><br/> Users who are not global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM). <br/><br/> Global admins are automatically added as members of this role group, but you won't see them in the output of the [Get-RoleGroupMember](/powershell/module/exchange/get-rolegroupmember) cmdlet in [Security & Compliance PowerShell](/powershell/module/exchange/get-rolegroupmember).|Audit Logs <br/><br/> Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Compliance Administrator <br/><br/> Compliance Manager Administration <br/><br/> Compliance Search <br/><br/> Data Connector Admin <br/><br/> Device Management <br/><br/> DLP Compliance Management <br/><br/> Hold <br/><br/> IB Compliance Management <br/><br/> Insider Risk Management Admin <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> Quarantine <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Role Management <br/><br/> Scope Manager <br/><br/> Search And Purge <br/><br/> Security Administrator <br/><br/> Security Reader <br/><br/> Sensitivity Label Administrator <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> Tag Contributor <br/><br/> Tag Manager <br/><br/> Tag Reader <br/><br/> View-Only Audit Logs <br/><br/> View-Only Case <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management|

-|**Security Administrator**|Members have access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <br/><br/> By default, this role group may not appear to have any members. However, the Security Administrator role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Administrator role from Azure Active Directory. <br/><br/> To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). If you edit this role group in these portals (membership or roles), those changes apply only to the security and compliance areas and not to any other services. <br/><br/> This role group includes all of the read-only permissions of the Security reader role, plus a number of additional administrative permissions for the same

-|**Security Operator**|Members can manage security alerts, and also view reports and settings of security features.|Compliance Search <br/><br/> Manage Alerts <br/><br/> Security Reader <br/><br/> Tag Contributor <br/><br/> Tag Reader <br/><br/> Tenant AllowBlockList Manager <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts|

-|**Tag Contributor**|View and update membership of existing user tags.|Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator|