Updates from: 04/27/2021 03:37:31
Category Microsoft Docs article Related commit history on GitHub Change details
admin Add New Employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-new-employee.md
Just like Facebook, Amazon, or Gmail, your employee signs in to use Microsoft 36
## Step 4: Help your employee get started
-Share with them the [Employee quick setup for Microsoft 365](https://support.microsoft.com/office/b9700090-ce64-4046-ab92-ce8488a7bc0f) to sign in, install software, set up email, and more.
+Share with them the [Employee quick setup for Microsoft 365](../../business-video/employee-quick-setup.md) to sign in, install software, set up email, and more.
And here's a quick reference to help get them started:
admin Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md
You can use any of the following methods to add multiple users at the same time:
## Next steps
-After you add a user, you get an email notification from Microsoft. The email contains the person's user ID and password so they can sign in to Microsoft 365. Use your normal process for communicating new passwords. Share the [Employee quickstart guide](https://support.microsoft.com/office/b9700090-ce64-4046-ab92-ce8488a7bc0f) with your new users to set up things, like how to [download and install Office apps on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and how to [set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
+After you add a user, you get an email notification from Microsoft. The email contains the person's user ID and password so they can sign in to Microsoft 365. Use your normal process for communicating new passwords. Share the [Employee quickstart guide](../../business-video/employee-quick-setup.md) with your new users to set up things, like how to [download and install Office apps on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and how to [set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
## Related content
admin Assign Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md
When you add new users, if you don't assign them an admin role then they are in
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfO]
-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
## Assign admin roles
admin Change A User Name And Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/change-a-user-name-and-email-address.md
Watch a short video about changing a user's email address. <br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1SJuc]
-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
You must be a [global admin](about-admin-roles.md) to do these steps.
admin Let Users Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
You must be an [global admin or password administrator](about-admin-roles.md) to
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3AY8S]
-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
## Steps: Let people reset their own passwords
These steps turn on self-service password reset for everyone in your business.
[Set an individual user's password to never expire](set-password-to-never-expire.md)
-[Microsoft 365 Business training videos](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816)
+[Microsoft 365 Business training videos](../../business-video/index.yml)
admin Remove Former Employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee.md
Watch a short video about removing an employee. <br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfR]
-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
To prevent an employee from logging in:
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
Watch a short video about resetting user passwords.<br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FVVP]
-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
## Steps: Reset a business password for a user
Try this article: [I forgot the username or password for the account I use with
[Remove a former employee](remove-former-employee.md)
-[Microsoft 365 for business training videos](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816)
+[Microsoft 365 for business training videos](../../business-video/index.yml)
admin Restore User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/restore-user.md
Here are a couple of tips:
- Make sure licenses are available to assign to the account. -- If your business uses Active Directory, see [How to troubleshoot deleted user accounts in Office 365](https://support.microsoft.com/kb/2619308) for instructions on restoring a user account.
+- If your business uses Active Directory, see [How to troubleshoot deleted user accounts in Office 365](/office365/troubleshoot/active-directory/restore-deleted-user-accounts.md) for instructions on restoring a user account.
## Restore one or more user accounts
admin About The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/about-the-admin-center.md
Watch a short video about the admin center. <br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWfvDL]
-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
## How to get to the admin center
Here are the features and settings you'll find in the left-hand navigation of th
- [Manage a Microsoft 365 group](../create-groups/manage-groups.md)
-## See also
+## Related content
-[Microsoft 365 for business training videos](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816)
+[Microsoft 365 for business training videos](../../business-video/index.yml) (links)
admin Admin Mobile App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md
From the left navigation menu, go to **Settings** > **Notifications**. You can m
Email [feedback365@microsoft.com](mailto:feedback365@microsoft.com) to report an issue with the app. Or you can give feedback at the bottom of this article.
-## See also
+## Related content
-[Microsoft 365 for business training videos](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816)
+[Microsoft 365 for business training videos](../../business-video/index.yml) (links)
admin Get Started With Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/get-started-with-office-365.md
Your organization recently got Microsoft 365, and now you need to use it so you
## Training resources for your users -- [Employee quick start](https://support.microsoft.com/office/b9700090-ce64-4046-ab92-ce8488a7bc0f)
-
+- [Employee quick start](../../business-video/employee-quick-setup.md)
+ - [Office Training Center](https://support.microsoft.com/office/b8f02f81-ec85-4493-a39b-4c48e6bc4bfb) - [Where to sign in](https://support.microsoft.com/office/e9eb7d51-5430-4929-91ab-6157c5a050b4)
admin Sign Up For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
Watch a short video about choosing a Microsoft 365 for business plan.<br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/906be77d-ded6-48fb-a25f-da110f787282]
-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
Need help with choosing a plan? Sales consultants are available to answer your questions. Go to [Compare all products](https://products.office.com/compare-all-microsoft-office-products?tab=2) and choose one of the contact support options listed at the left side of the page.
You don't need to cancel your trial. If you don't buy the trial subscription, it
> [!IMPORTANT] > When you sign up, be sure to choose the best payment option for your organization. Changing payment options involves calling billing support.
-## See also
+## Related content
-[Microsoft 365 for business training videos](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816)
+[Microsoft 365 for business training videos](../../business-video/index.yml) (links)
admin Create Device Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-device-security-policies.md
You can use Basic Mobility and Security to create device policies that help prot
- Learn about the devices, mobile device apps, and security settings that Basic Mobility and Security supports. See [Capabilities of Basic Mobility and Security](capabilities.md). - Create security groups that include Microsoft 365 users that you want to deploy policies to and for users that you might want to exclude from being blocked access to Microsoft 365. We recommend that before you deploy a new policy to your organization, you test the policy by deploying it to a small number of users. You can create and use a security group that includes just yourself or a small number Microsoft 365 users that can test the policy for you. To learn more about security groups, see [Create, edit, or delete a security group](../email/create-edit-or-delete-a-security-group.md).-- To create and deploy Basic Mobility and Security policies in Microsoft 365, you need to be a Microsoft 365 global admin. For more info, see [Permissions in the Security & Compliance Center](https://support.microsoft.com/office/d10608af-7934-490a-818e-e68f17d0e9c1).
+- To create and deploy Basic Mobility and Security policies in Microsoft 365, you need to be a Microsoft 365 global admin. For more info, see [Permissions in the Security & Compliance Center](../../security/office-365-security/permissions-in-the-security-and-compliance-center.md).
- Before you deploy policies, let your organization know the potential impacts of enrolling a device in Basic Mobility and Security. Depending on how you set up the policies, noncompliant devices can be blocked from accessing Microsoft 365 and data, including installed applications, photos, and personal information on an enrolled device, and data can be deleted. >[!NOTE]
The policy is pushed to the mobile device of each user the policy applies to the
## Step 4: Block email access for unsupported devices
-To help secure your organization information, you should block app access to Microsoft 365 email for mobile devices that aren't supported by Basic Mobility and Security. For a list of supported devices, see [Supported devices](https://support.microsoft.com/office/capabilities-of-basic-mobility-and-security-a1da44e5-7475-4992-be91-9ccec25905b0#bkmk_supporteddevices).
+To help secure your organization information, you should block app access to Microsoft 365 email for mobile devices that aren't supported by Basic Mobility and Security. For a list of supported devices, see [Supported devices](../../admin/basic-mobility-security/capabilities.md).
**To block app access:**
admin Frequently Asked Questions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/frequently-asked-questions.md
For more details, see [Set up Basic Mobility and Security](set-up.md).
## IΓÇÖm trying to set up Basic Mobility and Security but it seems stuck. The Microsoft 365 Service Health has been showing ΓÇ£provisioningΓÇ¥ for a while. What can I do?
-It may take some time to get the service ready for you. When provisioning is complete, you'll see the Basic Mobility and Security page. If you've waited 24 hours and the status is still provisioning, please contact Support and we'll help figure out what the issue is. For support options, see [Still need help?](https://support.microsoft.com/office/frequently-asked-questions-about-basic-mobility-and-security-3871f99c-c9db-4a23-86f9-902c1b02f58d#bkmk_needhelp).
+It may take some time to get the service ready for you. When provisioning is complete, you'll see the Basic Mobility and Security page. If you've waited 24 hours and the status is still provisioning, please contact Support and we'll help figure out what the issue is.
## What can I do if device enrollment fails?
Basic Mobility and Security is hosted by the Intune service. It is a subset of
## How do policies work for Basic Mobility and Security? How do I set them up? Disable them?
-After you complete initial setup for Basic Mobility and Security, you create policies and apply them to groups of users in the Security & Compliance Center. Policies require users of the policies to enroll their devices in Basic Mobility and Security before the device can be used to access Microsoft 365 data. The policies that you set up determine settings for mobile devices, for example, how often passwords must be reset or whether data encryption is required. For more information, see [Create device security policies in Basic Mobility and Security](create-device-security-policies.md) and [Microsoft 365 compliance center](https://support.microsoft.com/office/7e696a40-b86b-4a20-afcc-559218b7b1b8).
+After you complete initial setup for Basic Mobility and Security, you create policies and apply them to groups of users in the Security & Compliance Center. Policies require users of the policies to enroll their devices in Basic Mobility and Security before the device can be used to access Microsoft 365 data. The policies that you set up determine settings for mobile devices, for example, how often passwords must be reset or whether data encryption is required. For more information, see [Create device security policies in Basic Mobility and Security](create-device-security-policies.md) and [Microsoft 365 compliance center](../../compliance/microsoft-365-compliance-center.md).
For step-by-step instructions for creating and deploying device policies, see [Create device security policies in Basic Mobility and Security](create-device-security-policies.md).
admin Manage Enrolled Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices.md
description: "Basic Mobility and Security can help you secure and manage mobile
The built-in mobile device management for Microsoft 365 helps you secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones. The first step is to sign in to Microsoft 365 and set up Basic Mobility and Security. For more info, see [Set up Basic Mobility and Security](set-up.md).
-After you've set it up, the people in your organization must enroll their devices in the service. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md). Then you can use Basic Mobility and Security to help manage devices in your organization. For example, you can use device security policies to help limit email access or other services, view devices reports, and remotely wipe a device. You'll typically go to the Security & Compliance Center to do these tasks. For more info, see [Microsoft 365 compliance center](https://support.microsoft.com/office/7e696a40-b86b-4a20-afcc-559218b7b1b8).
+After you've set it up, the people in your organization must enroll their devices in the service. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md). Then you can use Basic Mobility and Security to help manage devices in your organization. For example, you can use device security policies to help limit email access or other services, view devices reports, and remotely wipe a device. You'll typically go to the Security & Compliance Center to do these tasks. For more info, see [Microsoft 365 compliance center](../../compliance/microsoft-365-compliance-center.md).
## Device management tasks To get to the device management panel, follow these steps:
-1. Go to theΓÇ»[Microsoft 365 admin center](https://support.microsoft.com/office/758befc4-0888-4009-9f14-0d147402fd23).
+1. Go to theΓÇ»[Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).
2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
After you've got Basic Mobility and Security set up, here are some ways you can
|Block unsupported devices from accessing Exchange email using Exchange ActiveSync |In the Device Management panel, selectΓÇ» **Block**. | |Set up device policies like password requirements and security settings |In the Device Management panel, select **Device security policies**ΓÇ»>ΓÇ»**Add +**. For more info, seeΓÇ»[Create device security policies in Basic Mobility and Security](create-device-security-policies.md).| |View list of blocked devices |In the Device Management panel, underΓÇ» **Select a view**ΓÇ» selectΓÇ» **Blocked**. |
-|Unblock noncompliant or unsupported device for a user or group of users |Pick one of the following to unblock devices:<br/>- Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > **Groups**, and then select group name. Select **Edit members and admins**.<br/>- Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name, and then select **Edit** > **Deployment**.<br/>- Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name and then select **Edit** > **Access requirements**. Select  **Allow access and report violation**.<br/>- To unblock a noncompliant or unsupported device for a user or a group of users, go to Security & Compliance Center > **Security policies** > **Device management** > **Manage device access settings**. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. For more info, see [Create, edit, or delete a security group in the Microsoft 365 admin center](https://support.microsoft.com/office/55c96b32-e086-4c9e-948b-a018b44510cb).|
-|Remove users so their devices are no longer managed by Basic Mobility and Security |To remove the user, edit the security group that has device management policies for Basic Mobility and Security. For more info, seeΓÇ» [Create, edit, or delete a security group in the Microsoft 365 admin center](https://support.microsoft.com/office/55c96b32-e086-4c9e-948b-a018b44510cb).<br/>To remove Basic Mobility and Security from all your Microsoft 365 users, see [Turn off Basic Mobility and Security](turn-off.md).|
+|Unblock noncompliant or unsupported device for a user or group of users |Pick one of the following to unblock devices:<br/>- Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > **Groups**, and then select group name. Select **Edit members and admins**.<br/>- Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name, and then select **Edit** > **Deployment**.<br/>- Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name and then select **Edit** > **Access requirements**. Select  **Allow access and report violation**.<br/>- To unblock a noncompliant or unsupported device for a user or a group of users, go to Security & Compliance Center > **Security policies** > **Device management** > **Manage device access settings**. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. For more info, see [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).|
+|Remove users so their devices are no longer managed by Basic Mobility and Security |To remove the user, edit the security group that has device management policies for Basic Mobility and Security. For more info, seeΓÇ» [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).<br/>To remove Basic Mobility and Security from all your Microsoft 365 users, see [Turn off Basic Mobility and Security](turn-off.md).|
Live (v14)
admin Turn Off https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/turn-off.md
To effectively turn off Basic Mobility and Security, you remove groups of people
These options remove Basic Mobility and Security enforcement for devices in your organization. Unfortunately, you can't simply "unprovision" Basic Mobility and Security after you've set it up. >[!IMPORTANT]
->Be aware of the impact on users' devices when you remove user security groups from policies or remove the policies themselves. For example, email profiles and cached emails might be removed, depending on the device. For more info, seeΓÇ» [What happens when you delete a policy or remove a user from the policy?](https://support.microsoft.com/office/create-device-security-policies-in-basic-mobility-and-security-d310f556-8bfb-497b-9bd7-fe3c36ea2fd6#bkmk_changeimpact)
+>Be aware of the impact on users' devices when you remove user security groups from policies or remove the policies themselves. For example, email profiles and cached emails might be removed, depending on the device. For more info, seeΓÇ» [What happens when you delete a policy or remove a user from the policy?](../../admin/basic-mobility-security/create-device-security-policies.md)
## Remove user security groups from Basic Mobility and Security device policies
admin Wipe Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/wipe-mobile-device.md
Mobile devices can store sensitive organizational information and provide access
## Wipe a mobile device
-1. Go to theΓÇ»[Microsoft 365 admin center](https://support.microsoft.com/office/758befc4-0888-4009-9f14-0d147402fd23).
+1. Go to theΓÇ»[Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).
2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
admin Compare Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
Users with permissions to the group mailbox can send as or send on behalf of the
Currently it's not possible to migrate a shared mailbox to a Microsoft 365 group. Is this something you want? Let us know. **[Vote here](https://go.microsoft.com/fwlink/?linkid=871518)**.
-## Related articles
+## Related content
-[Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2)
+[Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2) (article)
-[Why you should upgrade your distribution lists to groups in Outlook](https://support.microsoft.com/office/7fb3d880-593b-4909-aafa-950dd50ce188)
+[Why you should upgrade your distribution lists to groups in Outlook](https://support.microsoft.com/office/7fb3d880-593b-4909-aafa-950dd50ce188) (article)
admin Transfer Data Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/transfer-data-manually.md
There are several ways to save or transfer team site data:
- You can save the old site as a template and import the template into the new site. -- To transfer documents, first manually recreate your hierarchy on the new site. Then you can open both SharePoint team sites at the same time, open both document libraries with Windows Explorer, and copy and paste the documents. See [Video: Copy or move library files by using Open with Explorer](https://support.microsoft.com/office/c7c20284-bc94-47f4-9728-d28e9daf0790).
+- To transfer documents, first manually recreate your hierarchy on the new site. Then you can open both SharePoint team sites at the same time, open both document libraries with Windows Explorer, and copy and paste the documents. See [Video: Copy or move library files by using Open with Explorer](../../business-video/store-files.md).
- To transfer list data, save a [list template](https://support.microsoft.com/office/c3884ad1-bc49-44b8-b3d6-3bc6a01eb393), and use the saved template to re-create the list on the new site. -- To save a document library or list content from a SharePoint Online environment (OneDrive for Business or team sites) to file shares or to a local computer, see [Information about manual migration of SharePoint Online content](https://support.microsoft.com/kb/2783484).
+- To save a document library or list content from a SharePoint Online environment (OneDrive for Business or team sites) to file shares or to a local computer, see [Information about manual migration of SharePoint Online content](/sharepoint/troubleshoot/migration-tool/content-manual-migration).
## Transfer users' data between subscriptions
admin Assign Licenses To Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/assign-licenses-to-users.md
You can invite guest users to collaborate with your organization in the Azure Ac
## Next steps
-If your users don't yet have the Office apps installed, you can share the [Employee quick start guide](https://support.microsoft.com/office/b9700090-ce64-4046-ab92-ce8488a7bc0f) with your users to set up things, like [how to download and install Microsoft 365 or Office 2019 on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and [how to set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
+If your users don't yet have the Office apps installed, you can share the [Employee quick start guide](../../business-video/employee-quick-setup.md) with your users to set up things, like [how to download and install Microsoft 365 or Office 2019 on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and [how to set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
## Related content
admin Empower Your Small Business With Remote Work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/empower-your-small-business-with-remote-work.md
As businesses adapt to the increased need to have people work remotely and conne
In light of the COVID-19 (Novel Coronavirus) outbreak, many business owners are finding themselves with a completely remote work staff. Here's what you can do to make a transition to remote work safe, secure, and productive.
-For more information, see [Get started with Microsoft Teams in your small business](https://support.microsoft.com/office/get-started-with-microsoft-teams-in-your-small-business-184f1aba-2f91-43f0-86e1-9fae607e24f6).
+For more information, see [Get started with Microsoft Teams in your small business](../../business-video/get-started-teams-small-business.md).
-Already have a subscription but need to get set up? See [Microsoft 365 small business training](https://support.microsoft.com/office/set-up-your-small-business-6ab4bbcd-79cf-4000-a0bd-d42ce4d12816).
+Already have a subscription but need to get set up? See [Microsoft 365 small business training](../../business-video/index.yml).
## Connect with employees and customers
You can still connect with employees, customers, clients, and partners, even if
Host audio, video, and web meetings with employees, customers, or partners through Microsoft Teams.
-For more information, see [Host online meetings](https://support.microsoft.com/topic/host-online-meetings-for-your-business-d5101f5c-30e3-4097-bb10-6d2fdeb9cf53) and [Chat with employees and customers](https://support.microsoft.com/office/chat-with-employees-and-customers-65748808-a403-462c-a6e1-b169e5bc6c92).
+For more information, see [Host online meetings](../../business-video/start-and-pin-chats.md) and [Chat with employees and customers](https://support.microsoft.com/office/chat-with-employees-and-customers-65748808-a403-462c-a6e1-b169e5bc6c92).
### Store and share files Put your business documents in the cloud and share them securely, both internally and externally.
-For more information, see this [Overview of sharing business files](https://support.microsoft.com/topic/share-your-business-files-overview-6725104a-6df7-4778-99c4-c06217dffecc) and [Upload and share files](https://support.microsoft.com/office/upload-and-share-files-57b669db-678e-424e-b0a0-15d19215cb12).
+For more information, see this [Overview of sharing business files](../../business-video/overview-file-sharing.md) and [Upload and share files](https://support.microsoft.com/office/upload-and-share-files-57b669db-678e-424e-b0a0-15d19215cb12).
### Collaborate with customers Invite employees and customers to a team so you can work directly with them to coordinate and collaborate all in one place.
-For more information, see [Create a team](https://support.microsoft.com/office/create-a-team-with-guests-11fbb083-52ee-434d-8c6e-63711fdafac7) and [Enable guest access](https://docs.microsoft.com/MicrosoftTeams/guest-joins).
+For more information, see [Create a team](../../business-video/team-with-guests.md) and [Enable guest access](/MicrosoftTeams/guest-access).
## Manage and secure your business to run remotely
Just a few steps can help you keep your business secure, even with remote emplo
Use multi-factor authentication to protect your data and devices.
-For more information, see [Turn on multi-factor authentication](https://support.microsoft.com/office/secure-employee-accounts-with-mfa-in-microsoft-365-business-e12187b8-216a-4490-9e3b-df34a06fb787).
+For more information, see [Turn on multi-factor authentication](../../business-video/turn-on-mfa.md).
### Secure your devices Remotely manage PCs and phones​ and ensure that they are protected and up-to-date. Requires Microsoft 365 Business.
-For more information, see [Manage devices](https://support.microsoft.com/office/manage-policies-for-windows-10-pcs-5b5aec9e-e267-463a-bc39-54753375e579).
+For more information, see [Manage devices](../../business-video/secure-win-10-pro-devices.md).
### More for admins and partners
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
A few months ago, we added a setting that lets you manage the What's New message
### Docs, training, and videos (June) -- [Getting started with Teams](https://support.microsoft.com/office/184f1aba-2f91-43f0-86e1-9fae607e24f6)
+- [Getting started with Teams](../business-video/get-started-teams-small-business.md)
## May 2020
We've got two updates for Groups this month:
#### For your users -- [Schedule a meeting](https://support.microsoft.com/office/c61b4f61-ee62-4a06-8bf7-0a1cd302700a)
+- [Schedule a meeting](../business-video/schedule-guest-meeting.md)
- [Join a Teams meeting](https://support.microsoft.com/office/078e9868-f1aa-4414-8bb9-ee88e9236ee4)-- [Create an org-wide team](https://support.microsoft.com/office/037bb27a-bcc9-48fe-8d72-44d9482420a3)-- [Create a Team with guests](https://support.microsoft.com/office/11fbb083-52ee-434d-8c6e-63711fdafac7)-- [Join a Team as a guest](https://support.microsoft.com/office/928d1eef-61e2-49ec-b754-c2fe86b34824)-- [Create a group email address](https://support.microsoft.com/office/ded875f9-a9de-437f-b559-2ae4f235bb2b)
+- [Create an org-wide team](../business-video/org-wide-team.md)
+- [Create a Team with guests](../business-video/team-with-guests.md)
+- [Join a Team as a guest](../business-video/join-team-guest.md)
+- [Create a group email address](../business-video/group-email.md)
#### For admins and business owners - [Empower your small business with remote work](https://support.microsoft.com/office/9b91a85a-39b4-40a6-a590-0f9bea0ba8e6)-- [Running a remote small business](https://support.microsoft.com/office/9ac1a0f1-789b-4143-b954-5821d5d89298)-- [Sign up for Microsoft Business Basic](https://support.microsoft.com/office/9ac1a0f1-789b-4143-b954-5821d5d89298)-- [Setting up two-factor sign-in](https://support.microsoft.com/office/9ac1a0f1-789b-4143-b954-5821d5d89298)
+- [Running a remote small business](../business-video/sign-up.md)
+- [Sign up for Microsoft Business Basic](../business-video/sign-up.md)
+- [Setting up two-factor sign-in](../business-video/sign-up.md)
## March 2020
commerce Australia https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/australia.md
Bank: Citibank, N.A. Sydney\
SWIFT Code: CITIAU2X\ BSB Code: 248053\ Account Number: 100001074\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Austria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/austria.md
SWIFT Code: CITIIE2X\
IBAN Code: IE81CITI99005170000124\ Account Number: 70000124\ Account Name: MICROSOFT+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Belgium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/belgium.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE54CITI99005170000125\ Account Number: 70000125\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Canada https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/canada.md
Bank: Citibank N.A., Canadian Branch​\
Routing Number: 032820012\ BIC/SWIFT Code: CITICATTBCH\ Account Number: 3003600001\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Denmark https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/denmark.md
IBAN Code: GB19CITI18500812207613\
Account Number: 12207613\ Account Name: MICROSOFT
-If you have an invoice billed by **Microsoft Danmark ApS** for orders and consumption starting March 1, 2021, use this bank information:
+If you have an invoice billed by **Microsoft Denmark ApS** for orders and consumption starting March 1, 2021, use this bank information:
Bank: Citibank Europe plc\ SWIFT Code: CITIIE2X\ IBAN Code: IE27CITI99005170000126\ Account Number: 70000126\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Finland https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/finland.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE97CITI99005170000127\ Account Number: 70000127\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce France https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/france.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE11CITI99005170000123\ Account Number: 70000123\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Germany https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/germany.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE38CITI99005170000122\ Account Number: 70000122\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Netherlands https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/netherlands.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE70CITI99005170000128\ Account Number: 70000128\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Norway https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/norway.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE43CITI99005170000129\ Account Number: 70000129\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Sweden https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/sweden.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE86CITI99005170000131\ Account Number: 70000131\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce Switzerland https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/switzerland.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE59CITI99005170000132\ Account Number: 70000132\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
commerce United Kingdom https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/pay/united-kingdom.md
Bank: Citibank Europe plc\
SWIFT Code: CITIIE2X\ IBAN Code: IE65CITI99005170000121\ Account Number: 70000121\
-Account Name: MICROSOFT
+Account Name: MICROSOFT
+
+Invoices issued from a local Microsoft Subsidiary are issued with the standard rate of VAT/Sales Tax/GST and deemed a domestic supply of services for VAT/Sales Tax/GST purposes.
compliance Create And Manage Inactive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-inactive-mailboxes.md
search.appverid:
ms.assetid: 296a02bd-ebde-4022-900e-547acf38ddd7 - seo-marvel-apr2020
-description: Learn how to to retain the contents of deleted mailboxes by using the inactive mailboxes feature in Office 365.
+description: "Retain the contents of deleted mailboxes by using the inactive mailboxes feature in Microsoft 365."
# Create and manage inactive mailboxes
Microsoft 365 makes it possible for you to retain the contents of deleted mailbo
- If a Litigation Hold or a retention policy (that's configured to retain or retain and then delete content) isn't applied to a mailbox before it's deleted, the contents of the mailbox won't be retained or discoverable. However, the deleted mailbox can be recovered within 30 days of deletion, but the mailbox and its contents will be permanently deleted after 30 days if it isn't recovered. -- For more information about Litigation Hold, see [In-Place Hold and Litigation Hold](/exchange/security-and-compliance/in-place-and-litigation-holds). For more information about retention policies, see [Learn about retention policies and retention labels](retention.md).
+- For more information about Litigation Hold, see [Litigation Hold](/exchange/security-and-compliance/in-place-and-litigation-holds). For more information about retention policies, see [Learn about retention policies and retention labels](retention.md).
## Create an inactive mailbox
If a hold is already placed on a mailbox, or if a retention policy is already ap
For step-by-step procedures for placing a mailbox on Litigation Hold or applying a retention policy, see: -- [Place a mailbox on Litigation Hold](./create-a-litigation-hold.md)
-
-- [Learn about retention policies and retention labels in Office 365](retention.md)
-
+- [Place a mailbox on Litigation Hold](create-a-litigation-hold.md)
+
+- [Learn about retention policies and retention labels](retention.md)
+ > [!NOTE]
-> For Litigation Holds and retention policies, you can create an indefinite hold or on a time-based hold. In an indefinite hold, the contents of the inactive mailbox will be retained forever, or until the hold is removed or until the hold duration is changed. After the hold or retention policy is removed (assuming that the mailbox was deleted more than 30 days ago), the inactive mailbox will be marked for permanent deletion and the contents of the mailbox will no longer be retained or discoverable. In a time-based hold or retention policy, you specify the duration of the hold. This duration is on a per-item basis and is calculated from the date a mailbox item was received or created. After the hold expires for a mailbox item, and that item moved to or is located in the Recoverable Items folder in the inactive mailbox, the item is permanently deleted (purged) from the inactive mailbox after the deleted item retention period expires.
+> For Litigation Holds and retention policies, you can create an indefinite hold or on a time-based hold. In an indefinite hold, the contents of the inactive mailbox will be retained forever, or until the hold is removed or until the hold duration is changed. After the hold or retention policy is removed (assuming that the mailbox was deleted more than 30 days ago), the inactive mailbox will be marked for permanent deletion and the contents of the mailbox will no longer be retained or discoverable. In a time-based hold or retention policy, you specify the duration of the hold. This duration is on a per-item basis and is calculated from the date a mailbox item was received or created. After the hold expires for a mailbox item, and that item moved to or is located in the Recoverable Items folder in the inactive mailbox, the item is permanently deleted (purged) from the inactive mailbox after the deleted item retention period expires.
### Step 2: Delete the mailbox
After the mailbox is placed on hold or a retention policy is applied to it, the
> [!NOTE] > You can also delete the mailbox by using the **Remove-Mailbox** cmdlet in Exchange Online PowerShell. For more information, see [Delete or restore user mailboxes in Exchange Online](/exchange/recipients-in-exchange-online/delete-or-restore-mailboxes). - ## View a list of inactive mailboxes To view a list of the inactive mailboxes in your organization:
-
-1. Go to [https://protection.office.com](https://protection.office.com) and sign in using the credentials for an administrator account in your organization.
-
-2. Click **Information governance** > **Retention**.
-
-3. On the **Retention** page, click **More**![Navigation Bar ellipses](../media/9723029d-e5cd-4740-b5b1-2806e4f28208.gif), and then click **Inactive mailboxes**.
-
- ![On the Retention page, click More and then click Inactive mailboxes to display a list of inactive mailboxes](../media/761bd90c-3e37-48f9-b1b9-479e90fea267.png)
-
- The **Inactive mailboxes** page is displayed. Note the total number of inactive mailboxes in your organization is displayed.
-
- ![A list of all inactive mailboxes in your organization is displayed](../media/57d9d183-0c6c-4bd8-82e7-115f7b7b6de7.png)
-
+
+1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
+
+2. In the left navigation pane of the Microsoft 365 compliance center, click **Show all**, and then click **Information governance > Retention**.
+
+ ![Click the Inactive Mailbox button on the Retention page](../media/MCCInactiveMailboxes1.png)
+
+3. On the **Retention** page, click **Inactive mailbox** to display a list of inactive mailboxes.
+
+4. Select an inactive mailbox to display a flyout page with information about the inactive mailbox.
+
+ ![The flyout page displays details about the inactive mailbox](../media/MCCInactiveMailboxes2.png)
+
+You can click ![Export search results icon](../media/47205c65-babd-4b3a-bd7b-98dfd92883ba.png) **Export** to view or download a CSV file that contains additional information about the inactive mailboxes in your organization.
+ Alternatively, you can run the following command in Exchange Online PowerShell to display the list of inactive mailboxes. ```powershell Get-Mailbox -InactiveMailboxOnly | FT DisplayName,PrimarySMTPAddress,WhenSoftDeleted ```
-You can click ![Export search results icon](../media/47205c65-babd-4b3a-bd7b-98dfd92883ba.png) **Export** to view or download a CSV file that contains additional information about the inactive mailboxes in your organization.
-
You can also run the following command to export the list of inactive mailboxes and other information to a CSV file. In this example, the CSV file is created in the current directory. ```powershell
Get-Mailbox -InactiveMailboxOnly | Select Displayname,PrimarySMTPAddress,Disting
``` > [!NOTE]
-> It's possible that an inactive mailbox may have the same SMTP address as an active user mailbox. In this case, the value of the **DistinguishedName** or **ExchangeGuid** property can be used to uniquely identify an inactive mailbox.
+> It's possible that an inactive mailbox may have the same SMTP address as an active user mailbox. In this case, the value of the **DistinguishedName** or **ExchangeGuid** property can be used to uniquely identify an inactive mailbox.
## Search and export the contents of an inactive mailbox You can access the contents of the inactive mailbox by using the Content Search tool in the Security & Compliance Center. When you search an inactive mailbox, you can create a keyword search query to search for specific items or you can return the entire contents of the inactive mailbox. You can preview the search results or export the search results to an Outlook Data (PST) file or as individual email messages. For step-by-step procedures for searching mailboxes and exporting search results, see the following topics: -- [Content Search in Office 365](content-search.md)
-
-- [Export Content Search results](export-search-results.md)
-
+- [Content search](content-search.md)
+
+- [Export search results](export-search-results.md)
+ Here are a few things to keep in mind when searching inactive mailboxes. - If a content search includes a user mailbox and that mailbox is made inactive, the content search will continue to search the inactive mailbox when you rerun the search after it becomes inactive.
-
+ - In some cases, a user may have an active mailbox and an inactive mailbox that have the same SMTP address. In this case, only the specific mailbox that you select as a location for a content search will be searched. In other words, if you add a user's mailbox to a search, you can't assume that both their active and inactive mailboxes will be searched; only the mailbox that you explicitly add to the search will be searched.
-
+ - We strongly recommend that you avoid having an active mailbox and inactive mailbox with the same SMTP address. If you need to reuse the SMTP address that is currently assigned to an inactive mailbox, we recommend that you recover the inactive mailbox or restore the contents of an inactive mailbox to an active mailbox (or the archive of an active mailbox), and then delete the inactive mailbox.
-
+ ## Change the hold duration for an inactive mailbox After a mailbox is made inactive, you can change the duration of the hold or the retention policy applied to the inactive mailbox. For step-by-step procedures, see [Change the hold duration for an inactive mailbox in Office 365](change-the-hold-duration-for-an-inactive-mailbox.md).
If another employee takes on the job responsibilities of a former employee, or i
## Delete an inactive mailbox
-If you no longer need to retain the contents of an inactive mailbox, you can permanently delete the inactive mailbox by removing the hold or removing the retention policy applied to the inactive mailbox. If the mailbox was deleted more than 30 days ago, the mailbox will be marked for permanent deletion after you remove the hold, and the mailbox will become non-recoverable. If the mailbox was deleted within the last 30 days, you can still recover the mailbox after removing the hold or retention policy. For step-by-step procedures for removing a hold or a retention policy to permanently delete an inactive mailbox, see [Delete an inactive mailbox](delete-an-inactive-mailbox.md).
+If you no longer need to retain the contents of an inactive mailbox, you can permanently delete the inactive mailbox by removing the hold or removing the retention policy applied to the inactive mailbox. If the mailbox was deleted more than 30 days ago, the mailbox will be marked for permanent deletion after you remove the hold, and the mailbox will become non-recoverable. If the mailbox was deleted within the last 30 days, you can still recover the mailbox after removing the hold or retention policy. For step-by-step procedures for removing a hold or a retention policy to permanently delete an inactive mailbox, see [Delete an inactive mailbox](delete-an-inactive-mailbox.md).
compliance Ediscovery Troubleshooting Common Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-troubleshooting-common-issues.md
This is a client-side issue and in order to remediate it, please attempt the fol
1. Try using another client/machine to download.
-2. Make sure to download to a local drive.
+2. Remove old searches that are no longer needed using [Remove-ComplianceSearch][/powershell/module/exchange/remove-compliancesearch] cmdlet.
-3. Make sure the virus scanner is not running.
+3. Make sure to download to a local drive.
-4. Make sure that no other export is downloading to the same folder or any parent folder.
+4. Make sure the virus scanner is not running.
-5. If the previous steps did not work, disable zipping and de-duplication.
+5. Make sure that no other export is downloading to the same folder or any parent folder.
-6. If this works then the issue is due to a local virus scanner or a disk issue.
+6. If the previous steps did not work, disable zipping and de-duplication.
+
+7. If this works then the issue is due to a local virus scanner or a disk issue.
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Here are a few of the changes to Microsoft 365 compliance solutions and content
### Data connectors -- **Private keys** support has been added to [Bloomberg Message](https://docs.microsoft.com/microsoft-365/compliance/archive-bloomberg-message-data#set-up-a-connector-using-public-keys) data, [ICE Chat](https://docs.microsoft.com/microsoft-365/compliance/archive-icechat-data#set-up-a-connector-using-public-keys) data, and [Instant Bloomberg](https://docs.microsoft.com/microsoft-365/compliance/archive-instant-bloomberg-data#set-up-a-connector-using-public-keys) data connectors.
+- **Private keys**. Support for private keys has been added to [Bloomberg Message](https://docs.microsoft.com/microsoft-365/compliance/archive-bloomberg-message-data#set-up-a-connector-using-public-keys) data, [ICE Chat](https://docs.microsoft.com/microsoft-365/compliance/archive-icechat-data#set-up-a-connector-using-public-keys) data, and [Instant Bloomberg](https://docs.microsoft.com/microsoft-365/compliance/archive-instant-bloomberg-data#set-up-a-connector-using-public-keys) data connectors.
### Data loss prevention
The following topics were updated or added to support these new features:ΓÇïΓÇï
- [Review data with the insider risk content explorer](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-content-explorer) - [Manage the workflow with the Users Dashboard](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-users)
-### Microsoft Information Protection
--- **Microsoft Information Protection in Microsoft 365**. [Updated information](https://docs.microsoft.com/microsoft-365/compliance/information-protection) for new capabilities.-
-### Retention Policies and retention labels
+### Records management
-- **[Learn about retention policies and retention labels](https://docs.microsoft.com/microsoft-365/compliance/retention)**. Information added to explain a Teams message that a message was removed by a retention policy. This link and the system message in Teams provides new documentation, [Teams messages about retention policies](https://support.microsoft.com/office/teams-messages-about-retention-policies-c151fa2f-1558-4cf9-8e51-854e925b483b).-- **[Learn about retention for SharePoint and OneDrive](https://docs.microsoft.com/microsoft-365/compliance/retention-policies-sharepoint)**. Clarifies the retention inheritance behavior when you apply a retention label to a supported list item that has a document attachment, and also that items in the Preservation Hold library are always retained for a minimum of 30 days.-- **[Use file plan to manage retention labels](https://docs.microsoft.com/microsoft-365/compliance/file-plan-manager)**. A new release of file plan removes or improves the previous length restrictions for import.-- **[Create retention labels and apply them in apps](https://docs.microsoft.com/microsoft-365/compliance/create-apply-retention-labels)**. New section for deleting retention labels, that also appears in "Automatically apply a retention label to retain or delete content". This new section includes information about a new release rolling out in preview that supports deleting labels that mark items as records.
+- **File plan improvements**. An update to [file plan](file-plan-manager.md) removes or improves the previous length restrictions for import.
+- **Delete retention labels for records**. A preview release supports the ability to [delete retention labels](create-apply-retention-labels.md#deleting-retention-labels) that mark items as records.
### Sensitive information types
Content was added or updated in the following topics:
### Sensitivity labels -- **[Learn about sensitivity labels](https://docs.microsoft.com/microsoft-365/compliance/sensitivity-labels)**. (updated; added a note to the top of the page for end users who are searching for documentation about sensitivity labels that admins have published for them. Also updated the information about sensitivity labels support for US government tenants now supported for DoD environments)-- **[Restrict access to content by using sensitivity labels to apply encryption](https://docs.microsoft.com/microsoft-365/compliance/encryption-sensitivity-labels)**. (updated; the section Let users assign permissions includes the newly released option, Encrypt-Only)-- **[Manage sensitivity labels in Office apps](https://docs.microsoft.com/microsoft-365/compliance/sensitivity-labels-office-apps)**. (updated; new entry in the Outlook capabilities table for the new Encrypt-Only option. For mandatory labeling, most of the initially supported platforms are no longer in preview. Added a note to explain when you use mandatory labeling with the default label setting, users are prompted to apply a sensitivity label more often when they use built-in labeling than when they use the Azure Information Protection unified labeling client. This article also updates the Office built-in labeling client and the Azure Information Protection client section, with updated guidance to disable the unified labeling client by using the Group Policy setting "List of managed add-ins" for each app rather than the Group Policy setting "Use the Sensitivity feature in Office to apply and view sensitivity labels".)
+- **DoD support**. Support for US government tenants with DoD environments.
+- **Encrypt-Only for Outlook**. Encryption options for Outlook now include Encrypt-Only when you select [Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions).
+- **Enforcing built-in labels in Office apps**. Updated [guidance](sensitivity-labels-office-apps.md#office-built-in-labeling-client-and-the-azure-information-protection-client) how to enforce built-in labels in Office apps when you have the Azure Information Protection unified labeling client installed.
## February 2021
Content was added or updated in the following topics:
- Azure and Microsoft 365 operated by 21Vianet in China) - [Configure IRM to use an on-premises AD RMS server](https://docs.microsoft.com/microsoft-365/compliance/configure-irm-to-use-an-on-premises-ad-rms-server). Support for this service in an Exchange hybrid environment has been deprecated.
-### Retention policies and retention labels
-
-Content was added or updated in the following topics:
--- [Learn about retention for Teams](https://docs.microsoft.com/microsoft-365/compliance/retention-policies-teams)-- [Automatically apply a retention label to retain or delete content](https://docs.microsoft.com/microsoft-365/compliance/apply-retention-labels-automatically)- ### Sensitive Information Types Content was added or updated in the following topics:
Content was added or updated in the following topics:
Content was added or updated in the following topics: -- [Apply a sensitivity label to content automatically](https://docs.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically)-- [Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and SharePoint sites](https://docs.microsoft.com/microsoft-365/compliance/sensitivity-labels-teams-groups-sites). The option for external sharing from SharePoint sites is now released as generally available. Additionally, the Microsoft 365 admin center and Planner now support applying sensitivity labels that are configured for Microsoft Teams, Microsoft 365 groups, and SharePoint sites.-- [Enable sensitivity labels for Office files in SharePoint and OneDrive](https://docs.microsoft.com/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files)-- [Manage sensitivity labels in Office apps](https://docs.microsoft.com/microsoft-365/compliance/sensitivity-labels-office-apps)-- [Enable co-authoring for files encrypted with sensitivity labels](https://docs.microsoft.com/microsoft-365/compliance/sensitivity-labels-coauthoring). Announced as public preview at Ignite 2021, this new article explains the metadata changes that accompany this new feature, prerequisites, limitations, and how to enable the feature for a test tenant.
+- **SharePoint external sharing**. For [container labels](sensitivity-labels-teams-groups-sites.md) the option for external sharing from SharePoint sites is now released as generally available. Additionally, the Microsoft 365 admin center and Planner now support applying these sensitivity labels.
+- **Co-authoring and AutoSave**. Support for [co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for encrypted files is released as preview for testing in non-production tenants.
## January 2021
enterprise Microsoft 365 Connectivity Telemetry https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-connectivity-telemetry.md
+
+ Title: "Microsoft 365 Connectivity Telemetry"
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Ent_O365
+- Strat_O365_Enterprise
+f1.keywords:
+- CSH
+
+ - Adm_O365
+ - seo-marvel-apr2020
+search.appverid:
+- MET150
+- BCS160
+ms.assetid: f5ee6c33-bcd7-4b0b-b0f8-dc1d9fb8d132
+description: This article contains information about Microsoft 365 Connectivity Telemetry.
++
+# Microsoft 365 Connectivity Telemetry
+
+This article is in progress.
+
enterprise Modern Desktop Deployment And Management Lab https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab.md
Title: Windows and Office deployment lab kit f1.keywords: - NOCSH--++ Previously updated : 08/10/2020 Last updated : 04/26/2021 ms.audience: ITPro
Detailed lab guides take you through multiple deployment and management scenario
[Download the Windows and Office Deployment Lab Kit](https://www.microsoft.com/evalcenter/evaluate-lab-kit).
-* The installed baseline version 2002 can be updated to Version 2010 using and in-console update. Please use a broad bandwidth Internet connection to download this content and allow 30-45 minutes for automatic provisioning. The lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available memory and 300 GB of free space is recommended. The kit expires May 2, 2021. A new version will be published prior to expiration.
+* The installed baseline version 2002 can be updated to Version 2010 using and in-console update. Please use a broad bandwidth Internet connection to download this content and allow 30-45 minutes for automatic provisioning. The lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available memory and 300 GB of free space is recommended. The kit expires July 22, 2021. A new version will be published prior to expiration.
## Additional guidance - [Desktop Deployment series videos from Microsoft Mechanics](https://www.aka.ms/watchhowtoshift)- - [Microsoft Endpoint Configuration Manager OS Deployment](/mem/configmgr/osd/understand/introduction-to-operating-system-deployment)- - [Plan for Windows 10 deployment](/windows/deployment/planning/index)- - [Deployment guide for Microsoft 365 Apps](/deployoffice/deployment-guide-microsoft-365-apps)- - [Getting Started with Intune](/intune/get-started-evaluation) ## Related resources - [Introducing Microsoft 365](https://www.microsoft.com/microsoft-365/default.aspx)- - [Office 365 for business](https://products.office.com/business/office)- - [Introducing Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security)- - [Windows 10 for enterprise](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise)-
- - [Windows 10 for small and medium business](https://www.microsoft.com/WindowsForBusiness/windows-for-small-business)
+ - [Windows 10 for small and medium business](https://www.microsoft.com/WindowsForBusiness/windows-for-small-business)
enterprise Ms Cloud Germany Transition Phases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-phases.md
In this phase, Skype for Business will be migrated to Microsoft Teams. Existing
- Contacts and meetings will be migrated to Microsoft Teams. - Users won't be able to sign in to Skype for Business between time service transitions to Office 365 services, and not until customer DNS entries are completed. - Contacts and existing meetings will continue to function as Skype for Business meetings.-- The web browser version of Microsoft Teams will not work after phase 9 has been completed.
+- The web browser version of Microsoft Teams will not work until phase 9 has been completed.
If you have to connect to Skype for Business Online with PowerShell after migration phase 9 has been completed, use the following PowerShell code to connect:
enterprise O365 Data Locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/o365-data-locations.md
-
+ Title: "Microsoft 365 data locations"
New Microsoft 365 tenants are defaulted to Geo based on the country of the billi
| Workplace Analytics | United States | </p></details>
-## Bosnia
+## Bosnia and Herzegovina
<details><summary>Click to expand</summary><p> | Service | Location |
New Microsoft 365 tenants are defaulted to Geo based on the country of the billi
| Whiteboard | United States | | Forms | United States | | Workplace Analytics | United States |
-</p></details>
+</p></details>
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of April 19, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 4/19/2021 | [Reporting information for Microsoft Bookings](/microsoft-365/bookings/reporting-info?view=o365-21vianet) | modified |
+| 4/19/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/19/2021 | [Additional endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls?view=o365-21vianet) | modified |
+| 4/19/2021 | [Prioritize incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incident-queue?view=o365-21vianet) | modified |
+| 4/19/2021 | [Address device name dependency](/microsoft-365/managed-desktop/get-ready/address-device-names?view=o365-21vianet) | added |
+| 4/19/2021 | [Device names](/microsoft-365/managed-desktop/service-description/device-names?view=o365-21vianet) | added |
+| 4/19/2021 | [Remove devices](/microsoft-365/managed-desktop/working-with-managed-desktop/remove-devices?view=o365-21vianet) | added |
+| 4/19/2021 | [How to control USB devices and other removable media using Intune (Windows 10)](/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune?view=o365-21vianet) | added |
+| 4/19/2021 | [Protect your organizationΓÇÖs data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-21vianet) | added |
+| 4/19/2021 | [Onboard Windows 10 devices using a local script](/microsoft-365/compliance/dlp-configure-endpoints-script?view=o365-21vianet) | modified |
+| 4/19/2021 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |
+| 4/19/2021 | [Register new devices yourself](/microsoft-365/managed-desktop/get-started/register-devices-self?view=o365-21vianet) | modified |
+| 4/19/2021 | [Register existing devices yourself](/microsoft-365/managed-desktop/get-started/register-reused-devices-self?view=o365-21vianet) | modified |
+| 4/19/2021 | [Common Microsoft Defender for Endpoint API errors](/microsoft-365/security/defender-endpoint/common-errors?view=o365-21vianet) | modified |
+| 4/19/2021 | [Access the Microsoft Defender for Endpoint Community Center](/microsoft-365/security/defender-endpoint/community?view=o365-21vianet) | modified |
+| 4/19/2021 | [Configure Conditional Access in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-21vianet) | modified |
+| 4/19/2021 | [Configure alert notifications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-email-notifications?view=o365-21vianet) | modified |
+| 4/19/2021 | [Onboard Windows 10 devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-21vianet) | modified |
+| 4/19/2021 | [Onboard Windows 10 devices using Mobile Device Management tools](/microsoft-365/security/defender-endpoint/configure-endpoints-mdm?view=o365-21vianet) | modified |
+| 4/19/2021 | [Onboard non-Windows devices to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows?view=o365-21vianet) | modified |
+| 4/19/2021 | [Onboard Windows 10 devices using Configuration Manager](/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-21vianet) | modified |
+| 4/19/2021 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-21vianet) | modified |
+| 4/19/2021 | [Onboarding tools and methods for Windows 10 devices](/microsoft-365/security/defender-endpoint/configure-endpoints?view=o365-21vianet) | modified |
+| 4/19/2021 | [Get devices onboarded to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-machines-onboarding?view=o365-21vianet) | modified |
+| 4/19/2021 | [Increase compliance to the Microsoft Defender for Endpoint security baseline](/microsoft-365/security/defender-endpoint/configure-machines-security-baseline?view=o365-21vianet) | modified |
+| 4/19/2021 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |
+| 4/19/2021 | [Configure vulnerability email notifications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications?view=o365-21vianet) | modified |
+| 4/19/2021 | [Connected applications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/connected-applications?view=o365-21vianet) | modified |
+| 4/19/2021 | [Contact Microsoft Defender for Endpoint support](/microsoft-365/security/defender-endpoint/contact-support?view=o365-21vianet) | modified |
+| 4/19/2021 | [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-21vianet) | modified |
+| 4/19/2021 | [Deploy Microsoft Defender for Endpoint in rings](/microsoft-365/security/defender-endpoint/deployment-rings?view=o365-21vianet) | modified |
+| 4/19/2021 | [Block potentially unwanted applications with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/19/2021 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-21vianet) | modified |
+| 4/19/2021 | [Microsoft Defender for Endpoint evaluation lab](/microsoft-365/security/defender-endpoint/evaluation-lab?view=o365-21vianet) | modified |
+| 4/19/2021 | [Fix unhealthy sensors in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors?view=o365-21vianet) | modified |
+| 4/19/2021 | [List machines API](/microsoft-365/security/defender-endpoint/get-machines?view=o365-21vianet) | modified |
+| 4/19/2021 | [Get package SAS URI API](/microsoft-365/security/defender-endpoint/get-package-sas-uri?view=o365-21vianet) | modified |
+| 4/19/2021 | [Become a Microsoft Defender for Endpoint partner](/microsoft-365/security/defender-endpoint/get-started-partner-integration?view=o365-21vianet) | modified |
+| 4/19/2021 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
+| 4/19/2021 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | modified |
+| 4/19/2021 | [Overview of attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/19/2021 | [Collect support logs in Microsoft Defender for Endpoints using live response](/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log?view=o365-21vianet) | modified |
+| 4/19/2021 | [Troubleshoot Microsoft Defender for Endpoint onboarding issues](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-21vianet) | modified |
+| 4/20/2021 | [Labeling actions reported in Activity explorer](/microsoft-365/compliance/data-classification-activity-explorer-available-events?view=o365-21vianet) | added |
+| 4/20/2021 | [Get started with activity explorer](/microsoft-365/compliance/data-classification-activity-explorer?view=o365-21vianet) | modified |
+| 4/20/2021 | [Learn about data classification](/microsoft-365/compliance/data-classification-overview?view=o365-21vianet) | modified |
+| 4/20/2021 | [Post-migration activities for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-experience?view=o365-21vianet) | modified |
+| 4/20/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 4/20/2021 | [Provide feedback on Microsoft 365 Defender](/microsoft-365/security/defender/feedback?view=o365-21vianet) | modified |
+| 4/20/2021 | [Compliance options for Microsoft 365 groups, Teams, and SharePoint collaboration](/microsoft-365/solutions/groups-teams-compliance-governance?view=o365-21vianet) | modified |
+| 4/20/2021 | [About shared mailboxes](/microsoft-365/admin/email/about-shared-mailboxes?view=o365-21vianet) | modified |
+| 4/20/2021 | [Set the password expiration policy for your organization](/microsoft-365/admin/manage/set-password-expiration-policy?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft Productivity Score - Content collaboration](/microsoft-365/admin/productivity/content-collaboration?view=o365-worldwide) | modified |
+| 4/20/2021 | [Add a domain](/microsoft-365/business-video/add-domain?view=o365-worldwide) | modified |
+| 4/20/2021 | [Change a user's name or email address](/microsoft-365/business-video/change-user-name-email?view=o365-worldwide) | modified |
+| 4/20/2021 | [Join a team as a guest](/microsoft-365/business-video/join-team-guest?view=o365-21vianet) | modified |
+| 4/20/2021 | [Let users reset their passwords](/microsoft-365/business-video/set-up-self-serve-password-reset?view=o365-worldwide) | modified |
+| 4/20/2021 | [Create a shared calendar](/microsoft-365/business-video/shared-calendar?view=o365-21vianet) | modified |
+| 4/20/2021 | [Stop auto-forwarding emails](/microsoft-365/business-video/stop-email-auto-forward?view=o365-worldwide) | modified |
+| 4/20/2021 | [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-21vianet) | modified |
+| 4/20/2021 | [Manage topics in the topic center in Microsoft Viva Topics](/microsoft-365/knowledge/manage-topics) | modified |
+| 4/20/2021 | [Topic center overview in Microsoft Viva Topics](/microsoft-365/knowledge/topic-center-overview) | modified |
+| 4/20/2021 | [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-21vianet) | modified |
+| 4/20/2021 | [Check the health state of the sensor in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/check-sensor-status?view=o365-21vianet) | modified |
+| 4/20/2021 | [Client behavioral blocking](/microsoft-365/security/defender-endpoint/client-behavioral-blocking?view=o365-21vianet) | modified |
+| 4/20/2021 | [Configure Conditional Access in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-21vianet) | modified |
+| 4/20/2021 | [Get devices onboarded to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-machines-onboarding?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-21vianet) | modified |
+| 4/20/2021 | [Block potentially unwanted applications with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/20/2021 | [Information protection in Windows overview](/microsoft-365/security/defender-endpoint/information-protection-in-windows-overview?view=o365-21vianet) | modified |
+| 4/20/2021 | [Investigate connection events that occur behind forward proxies](/microsoft-365/security/defender-endpoint/investigate-behind-proxy?view=o365-21vianet) | modified |
+| 4/20/2021 | [Investigate incidents in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/investigate-incidents?view=o365-21vianet) | modified |
+| 4/20/2021 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 4/20/2021 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft Defender for Endpoint on iOS Application license terms](/microsoft-365/security/defender-endpoint/ios-terms?view=o365-21vianet) | modified |
+| 4/20/2021 | [How to Deploy Defender for Endpoint on Linux with Chef](/microsoft-365/security/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef?view=o365-21vianet) | modified |
+| 4/20/2021 | [Configure and validate exclusions for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-exclusions?view=o365-21vianet) | modified |
+| 4/20/2021 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
+| 4/20/2021 | [Deploy Microsoft Defender for Endpoint on Linux with Ansible](/microsoft-365/security/defender-endpoint/linux-install-with-ansible?view=o365-21vianet) | modified |
+| 4/20/2021 | [Deploy Microsoft Defender for Endpoint on Linux with Puppet](/microsoft-365/security/defender-endpoint/linux-install-with-puppet?view=o365-21vianet) | modified |
+| 4/20/2021 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-21vianet) | modified |
+| 4/20/2021 | [Privacy for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-privacy?view=o365-21vianet) | modified |
+| 4/20/2021 | [Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-pua?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft Defender for Endpoint on Linux resources](/microsoft-365/security/defender-endpoint/linux-resources?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft Defender for Endpoint on Linux static proxy discovery](/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration?view=o365-21vianet) | modified |
+| 4/20/2021 | [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-connectivity?view=o365-21vianet) | modified |
+| 4/20/2021 | [Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-events?view=o365-21vianet) | modified |
+| 4/20/2021 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-21vianet) | modified |
+| 4/20/2021 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-21vianet) | modified |
+| 4/20/2021 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
+| 4/20/2021 | [Pull Microsoft Defender for Endpoint detections using REST API](/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api?view=o365-21vianet) | modified |
+| 4/20/2021 | [Overview of Microsoft 365 Defender APIs](/microsoft-365/security/defender/api-overview?view=o365-21vianet) | modified |
+| 4/20/2021 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft 365 Defender # < 60 chars](/microsoft-365/security/defender/index?view=o365-21vianet) | modified |
+| 4/20/2021 | [Microsoft 365 security center overview](/microsoft-365/security/defender/overview-security-center?view=o365-21vianet) | modified |
+| 4/21/2021 | [Ways to contact support for business products - Admin Help](/microsoft-365/admin/contact-support-for-business-products?view=o365-21vianet) | modified |
+| 4/21/2021 | [Business Assist for Microsoft 365](/microsoft-365/admin/misc/business-assist?view=o365-21vianet) | modified |
+| 4/21/2021 | [About registration numbers and under review notifications](/microsoft-365/commerce/about-registration-numbers?view=o365-21vianet) | modified |
+| 4/21/2021 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
+| 4/21/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 4/21/2021 | [Set up Microsoft Viva Topics](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
+| 4/21/2021 | [Microsoft 365 Security for Business Decision Makers (BDMs)](/microsoft-365/security/microsoft-365-security-for-bdm?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceAlertEvents table in the advanced hunting schema](/microsoft-365/security/defender-endpoint/advanced-hunting-devicealertevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [Overview of advanced hunting in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-hunting-overview?view=o365-21vianet) | modified |
+| 4/21/2021 | [Advanced hunting schema reference](/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference?view=o365-21vianet) | modified |
+| 4/21/2021 | [View and organize the Microsoft Defender for Endpoint Alerts queue](/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Android - Privacy information](/microsoft-365/security/defender-endpoint/android-privacy?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Android Application license terms](/microsoft-365/security/defender-endpoint/android-terms?view=o365-21vianet) | modified |
+| 4/21/2021 | [API Explorer in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/api-explorer?view=o365-21vianet) | modified |
+| 4/21/2021 | [Hello World for Microsoft Defender for Endpoint API](/microsoft-365/security/defender-endpoint/api-hello-world?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint Flow connector](/microsoft-365/security/defender-endpoint/api-microsoft-flow?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint detections API fields](/microsoft-365/security/defender-endpoint/api-portal-mapping?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint APIs connection to Power BI](/microsoft-365/security/defender-endpoint/api-power-bi?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint API release notes](/microsoft-365/security/defender-endpoint/api-release-notes?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint API license and terms of use](/microsoft-365/security/defender-endpoint/api-terms-of-use?view=o365-21vianet) | modified |
+| 4/21/2021 | [Access the Microsoft Defender for Endpoint APIs](/microsoft-365/security/defender-endpoint/apis-intro?view=o365-21vianet) | modified |
+| 4/21/2021 | [Experience Microsoft Defender for Endpoint through simulated attacks](/microsoft-365/security/defender-endpoint/attack-simulations?view=o365-21vianet) | modified |
+| 4/21/2021 | [Attack surface reduction frequently asked questions (FAQ)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq?view=o365-21vianet) | modified |
+| 4/21/2021 | [Use attack surface reduction rules to prevent malware infection](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/21/2021 | [Use automated investigations to investigate and remediate threats](/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-21vianet) | modified |
+| 4/21/2021 | [Automation levels in automated investigation and remediation](/microsoft-365/security/defender-endpoint/automation-levels?view=o365-21vianet) | modified |
+| 4/21/2021 | [Behavioral blocking and containment](/microsoft-365/security/defender-endpoint/behavioral-blocking-containment?view=o365-21vianet) | modified |
+| 4/21/2021 | [Client behavioral blocking](/microsoft-365/security/defender-endpoint/client-behavioral-blocking?view=o365-21vianet) | modified |
+| 4/21/2021 | [Common Microsoft Defender for Endpoint API errors](/microsoft-365/security/defender-endpoint/common-errors?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure alert notifications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-email-notifications?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard Windows 10 devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard Windows 10 devices using Mobile Device Management tools](/microsoft-365/security/defender-endpoint/configure-endpoints-mdm?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard non-Windows devices to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard Windows 10 devices using Configuration Manager](/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard Windows 10 devices using a local script](/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-21vianet) | modified |
+| 4/21/2021 | [Optimize ASR rule deployment and detections](/microsoft-365/security/defender-endpoint/configure-machines-asr?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get devices onboarded to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-machines-onboarding?view=o365-21vianet) | modified |
+| 4/21/2021 | [Increase compliance to the Microsoft Defender for Endpoint security baseline](/microsoft-365/security/defender-endpoint/configure-machines-security-baseline?view=o365-21vianet) | modified |
+| 4/21/2021 | [Ensure your devices are configured properly](/microsoft-365/security/defender-endpoint/configure-machines?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure vulnerability email notifications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications?view=o365-21vianet) | modified |
+| 4/21/2021 | [Contact Microsoft Defender for Endpoint support for US Government customers](/microsoft-365/security/defender-endpoint/contact-support-usgov?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender Antivirus compatibility with Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-compatibility?view=o365-21vianet) | modified |
+| 4/21/2021 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint evaluation lab](/microsoft-365/security/defender-endpoint/evaluation-lab?view=o365-21vianet) | modified |
+| 4/21/2021 | [Review events and errors using Event Viewer](/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-21vianet) | modified |
+| 4/21/2021 | [Fix unhealthy sensors in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors?view=o365-21vianet) | modified |
+| 4/21/2021 | [List all recommendations](/microsoft-365/security/defender-endpoint/get-all-recommendations?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get all vulnerabilities by machine and software](/microsoft-365/security/defender-endpoint/get-all-vulnerabilities-by-machines?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get all vulnerabilities](/microsoft-365/security/defender-endpoint/get-all-vulnerabilities?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get discovered vulnerabilities](/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get installed software](/microsoft-365/security/defender-endpoint/get-installed-software?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get RBAC machine groups collection API](/microsoft-365/security/defender-endpoint/get-machinegroups-collection?view=o365-21vianet) | modified |
+| 4/21/2021 | [List devices by software](/microsoft-365/security/defender-endpoint/get-machines-by-software?view=o365-21vianet) | modified |
+| 4/21/2021 | [List devices by vulnerability](/microsoft-365/security/defender-endpoint/get-machines-by-vulnerability?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get missing KBs by device ID](/microsoft-365/security/defender-endpoint/get-missing-kbs-machine?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get missing KBs by software ID](/microsoft-365/security/defender-endpoint/get-missing-kbs-software?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get security recommendations](/microsoft-365/security/defender-endpoint/get-security-recommendations?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get software by Id](/microsoft-365/security/defender-endpoint/get-software-by-id?view=o365-21vianet) | modified |
+| 4/21/2021 | [List software version distribution](/microsoft-365/security/defender-endpoint/get-software-ver-distribution?view=o365-21vianet) | modified |
+| 4/21/2021 | [List software](/microsoft-365/security/defender-endpoint/get-software?view=o365-21vianet) | modified |
+| 4/21/2021 | [List vulnerabilities by software](/microsoft-365/security/defender-endpoint/get-vuln-by-software?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get vulnerability by ID](/microsoft-365/security/defender-endpoint/get-vulnerability-by-id?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov?view=o365-21vianet) | modified |
+| 4/21/2021 | [Grant access to managed security service provider (MSSP)](/microsoft-365/security/defender-endpoint/grant-mssp-access?view=o365-21vianet) | modified |
+| 4/21/2021 | [Information protection in Windows overview](/microsoft-365/security/defender-endpoint/information-protection-in-windows-overview?view=o365-21vianet) | modified |
+| 4/21/2021 | [Investigate Microsoft Defender for Endpoint domains](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-21vianet) | modified |
+| 4/21/2021 | [Investigate an IP address associated with an alert](/microsoft-365/security/defender-endpoint/investigate-ip?view=o365-21vianet) | modified |
+| 4/21/2021 | [Investigate devices in the Defender for Endpoint Devices list](/microsoft-365/security/defender-endpoint/investigate-machines?view=o365-21vianet) | modified |
+| 4/21/2021 | [Investigate a user account in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/investigate-user?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 4/21/2021 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |
+| 4/21/2021 | [Privacy information - Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-privacy?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on iOS Application license terms](/microsoft-365/security/defender-endpoint/ios-terms?view=o365-21vianet) | modified |
+| 4/21/2021 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure and validate exclusions for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-exclusions?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploy Microsoft Defender for Endpoint on Linux with Ansible](/microsoft-365/security/defender-endpoint/linux-install-with-ansible?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploy Microsoft Defender for Endpoint on Linux with Puppet](/microsoft-365/security/defender-endpoint/linux-install-with-puppet?view=o365-21vianet) | modified |
+| 4/21/2021 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-21vianet) | modified |
+| 4/21/2021 | [Privacy for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-privacy?view=o365-21vianet) | modified |
+| 4/21/2021 | [Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-pua?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Linux resources](/microsoft-365/security/defender-endpoint/linux-resources?view=o365-21vianet) | modified |
+| 4/21/2021 | [How to schedule scans with Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-schedule-scan-atp?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Linux static proxy discovery](/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-connectivity?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-events?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-21vianet) | modified |
+| 4/21/2021 | [How to schedule an update of the Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-update-mde-linux?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploy updates for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-updates?view=o365-21vianet) | modified |
+| 4/21/2021 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
+| 4/21/2021 | [Examples of device control policies for Intune](/microsoft-365/security/defender-endpoint/mac-device-control-intune?view=o365-21vianet) | modified |
+| 4/21/2021 | [Examples of device control policies for JAMF](/microsoft-365/security/defender-endpoint/mac-device-control-jamf?view=o365-21vianet) | modified |
+| 4/21/2021 | [Device control for macOS](/microsoft-365/security/defender-endpoint/mac-device-control-overview?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure and validate exclusions for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-21vianet) | modified |
+| 4/21/2021 | [Log in to Jamf Pro](/microsoft-365/security/defender-endpoint/mac-install-jamfpro-login?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manual deployment for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-21vianet) | modified |
+| 4/21/2021 | [Intune-based deployment for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploying Microsoft Defender for Endpoint on macOS with Jamf Pro](/microsoft-365/security/defender-endpoint/mac-install-with-jamf?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm?view=o365-21vianet) | modified |
+| 4/21/2021 | [Set up device groups in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups?view=o365-21vianet) | modified |
+| 4/21/2021 | [Enroll Microsoft Defender for Endpoint on macOS devices into Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices?view=o365-21vianet) | modified |
+| 4/21/2021 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
+| 4/21/2021 | [Set preferences for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-21vianet) | modified |
+| 4/21/2021 | [Privacy for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-privacy?view=o365-21vianet) | modified |
+| 4/21/2021 | [Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-pua?view=o365-21vianet) | modified |
+| 4/21/2021 | [Resources for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-resources?view=o365-21vianet) | modified |
+| 4/21/2021 | [How to schedule scans with Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-install?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot kernel extension issues in Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-support-kext?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot license issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-support-perf?view=o365-21vianet) | modified |
+| 4/21/2021 | [New configuration profiles for macOS Catalina and newer versions of macOS](/microsoft-365/security/defender-endpoint/mac-sysext-policies?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Mac - system extensions (Preview)](/microsoft-365/security/defender-endpoint/mac-sysext-preview?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-21vianet) | modified |
+| 4/21/2021 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage Microsoft Defender for Endpoint using Configuration Manager](/microsoft-365/security/defender-endpoint/manage-atp-post-migration-configuration-manager?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage Microsoft Defender for Endpoint using Group Policy Objects](/microsoft-365/security/defender-endpoint/manage-atp-post-migration-group-policy-objects?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage Microsoft Defender for Endpoint using Intune](/microsoft-365/security/defender-endpoint/manage-atp-post-migration-intune?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage Microsoft Defender for Endpoint using PowerShell, WMI, and MPCmdRun.exe](/microsoft-365/security/defender-endpoint/manage-atp-post-migration-other-tools?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage Microsoft Defender for Endpoint post migration](/microsoft-365/security/defender-endpoint/manage-atp-post-migration?view=o365-21vianet) | modified |
+| 4/21/2021 | [Overview of management and APIs](/microsoft-365/security/defender-endpoint/management-apis?view=o365-21vianet) | modified |
+| 4/21/2021 | [Migrate from McAfee to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-migration?view=o365-21vianet) | modified |
+| 4/21/2021 | [McAfee to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-onboard?view=o365-21vianet) | modified |
+| 4/21/2021 | [McAfee to Microsoft Defender for Endpoint - Prepare](/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-prepare?view=o365-21vianet) | modified |
+| 4/21/2021 | [McAfee to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-setup?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-21vianet) | modified |
+| 4/21/2021 | [Migrating from a third-party HIPS to ASR rules](/microsoft-365/security/defender-endpoint/migrating-asr-rules?view=o365-21vianet) | modified |
+| 4/21/2021 | [Migration guides to make the switch to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/migration-guides?view=o365-21vianet) | modified |
+| 4/21/2021 | [Threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt?view=o365-21vianet) | modified |
+| 4/21/2021 | [Offboard machine API](/microsoft-365/security/defender-endpoint/offboard-machine-api?view=o365-21vianet) | modified |
+| 4/21/2021 | [Offboard devices from the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/offboard-machines?view=o365-21vianet) | modified |
+| 4/21/2021 | [Threat Protection (Windows 10)](/microsoft-365/security/defender-endpoint/old-index?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard devices to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure and manage Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboarding using Microsoft Endpoint Configuration Manager](/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboarding using Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager?view=o365-21vianet) | modified |
+| 4/21/2021 | [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-21vianet) | modified |
+| 4/21/2021 | [Overview of attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/21/2021 | [Overview of endpoint detection and response capabilities](/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response?view=o365-21vianet) | modified |
+| 4/21/2021 | [Supported Microsoft Defender for Endpoint response APIs](/microsoft-365/security/defender-endpoint/supported-response-apis?view=o365-21vianet) | modified |
+| 4/21/2021 | [Switch to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard?view=o365-21vianet) | modified |
+| 4/21/2021 | [Switch to Microsoft Defender for Endpoint - Prepare](/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare?view=o365-21vianet) | modified |
+| 4/21/2021 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup?view=o365-21vianet) | modified |
+| 4/21/2021 | [Symantec to Microsoft Defender for Endpoint - Phase 3, Onboarding](/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-onboard?view=o365-21vianet) | modified |
+| 4/21/2021 | [Symantec to Microsoft Defender for Endpoint - Phase 1, Preparing](/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-prepare?view=o365-21vianet) | modified |
+| 4/21/2021 | [Symantec to Microsoft Defender for Endpoint - Phase 2, Setting Up](/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-setup?view=o365-21vianet) | modified |
+| 4/21/2021 | [Migrate from Symantec to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-migration?view=o365-21vianet) | modified |
+| 4/21/2021 | [Understand the analyst report section in threat analytics](/microsoft-365/security/defender-endpoint/threat-analytics-analyst-reports?view=o365-21vianet) | modified |
+| 4/21/2021 | [Event timeline in threat and vulnerability management](/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-event-timeline?view=o365-21vianet) | modified |
+| 4/21/2021 | [Integrate Microsoft Defender for Endpoint with other Microsoft solutions](/microsoft-365/security/defender-endpoint/threat-protection-integration?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender Security Center time zone settings](/microsoft-365/security/defender-endpoint/time-settings?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot problems with attack surface reduction rules](/microsoft-365/security/defender-endpoint/troubleshoot-asr?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/troubleshoot-cloud-connect-mdemac?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot Microsoft Defender for Endpoint service issues](/microsoft-365/security/defender-endpoint/troubleshoot-mdatp?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot problems with Network protection](/microsoft-365/security/defender-endpoint/troubleshoot-np?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot Microsoft Defender for Endpoint onboarding issues](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-21vianet) | modified |
+| 4/21/2021 | [Assign device value - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-assign-device-value?view=o365-21vianet) | modified |
+| 4/21/2021 | [Dashboard insights - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-dashboard-insights?view=o365-21vianet) | modified |
+| 4/21/2021 | [Plan for end-of-support software and software versions](/microsoft-365/security/defender-endpoint/tvm-end-of-support-software?view=o365-21vianet) | modified |
+| 4/21/2021 | [Create and view exceptions for security recommendations - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-exception?view=o365-21vianet) | modified |
+| 4/21/2021 | [Exposure score in threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-exposure-score?view=o365-21vianet) | modified |
+| 4/21/2021 | [Hunt for exposed devices](/microsoft-365/security/defender-endpoint/tvm-hunt-exposed-devices?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Secure Score for Devices](/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices?view=o365-21vianet) | modified |
+| 4/21/2021 | [Prerequisites & permissions - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-prerequisites?view=o365-21vianet) | modified |
+| 4/21/2021 | [Remediate vulnerabilities with threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-remediation?view=o365-21vianet) | modified |
+| 4/21/2021 | [Security recommendations by threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-security-recommendation?view=o365-21vianet) | modified |
+| 4/21/2021 | [Software inventory in threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-software-inventory?view=o365-21vianet) | modified |
+| 4/21/2021 | [Supported operating systems and platforms for threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-supported-os?view=o365-21vianet) | modified |
+| 4/21/2021 | [Vulnerable devices report - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-vulnerable-devices-report?view=o365-21vianet) | modified |
+| 4/21/2021 | [Vulnerabilities in my organization - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-weaknesses?view=o365-21vianet) | modified |
+| 4/21/2021 | [Mitigate zero-day vulnerabilities - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-zero-day-vulnerabilities?view=o365-21vianet) | modified |
+| 4/21/2021 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp?view=o365-21vianet) | modified |
+| 4/21/2021 | [AADSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-aadsignineventsbeta-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [AADSpnSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-aadspnsignineventsbeta-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [AlertEvidence table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-alertevidence-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [AlertInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-alertinfo-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [AppFileEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-appfileevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [AssignedIPAddresses() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-assignedipaddresses-function?view=o365-21vianet) | modified |
+| 4/21/2021 | [Advanced hunting query best practices in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-best-practices?view=o365-21vianet) | modified |
+| 4/21/2021 | [CloudAppEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceFileCertificateInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicefilecertificateinfo-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceFileEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicefileevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceFromIP() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-devicefromip-function?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceImageLoadEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceimageloadevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceLogonEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicelogonevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceNetworkEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicenetworkevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceNetworkInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicenetworkinfo-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceProcessEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceprocessevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceRegistryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceregistryevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessment-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceTvmSoftwareInventory table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareinventory-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceTvmSoftwareInventory table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceTvmSoftwareVulnerabilities table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilities-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [EmailAttachmentInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailattachmentinfo-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [EmailEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [EmailPostDeliveryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailpostdeliveryevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [EmailUrlInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailurlinfo-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [Handle errors in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-errors?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get expert training on advanced hunting](/microsoft-365/security/defender/advanced-hunting-expert-training?view=o365-21vianet) | modified |
+| 4/21/2021 | [Extend advanced hunting coverage with the right settings](/microsoft-365/security/defender/advanced-hunting-extend-data?view=o365-21vianet) | modified |
+| 4/21/2021 | [FileProfile() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-fileprofile-function?view=o365-21vianet) | modified |
+| 4/21/2021 | [Find ransomware with advanced hunting](/microsoft-365/security/defender/advanced-hunting-find-ransomware?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get relevant info about an entity with go hunt](/microsoft-365/security/defender/advanced-hunting-go-hunt?view=o365-21vianet) | modified |
+| 4/21/2021 | [IdentityDirectoryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identitydirectoryevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [IdentityInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identityinfo-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [IdentityLogonEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [IdentityQueryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identityqueryevents-table?view=o365-21vianet) | modified |
+| 4/21/2021 | [Advanced hunting quotas and usage parameters in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-limits?view=o365-21vianet) | modified |
+| 4/21/2021 | [Migrate advanced hunting queries from Microsoft Defender for Endpoint](/microsoft-365/security/defender/advanced-hunting-migrate-from-mde?view=o365-21vianet) | modified |
+| 4/21/2021 | [Overview - Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview?view=o365-21vianet) | modified |
+| 4/21/2021 | [Hunt for threats across devices, emails, apps, and identities with advanced hunting](/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-21vianet) | modified |
+| 4/21/2021 | [Learn the advanced hunting query language in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-language?view=o365-21vianet) | modified |
+| 4/21/2021 | [Work with advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-results?view=o365-21vianet) | modified |
+| 4/21/2021 | [Naming changes in the Microsoft 365 Defender advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-schema-changes?view=o365-21vianet) | modified |
+| 4/21/2021 | [Data tables in the Microsoft 365 Defender advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-schema-tables?view=o365-21vianet) | modified |
+| 4/21/2021 | [Use shared queries in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-shared-queries?view=o365-21vianet) | modified |
+| 4/21/2021 | [Take action on advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-take-action?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft 365 Defender advanced hunting API](/microsoft-365/security/defender/api-advanced-hunting?view=o365-21vianet) | modified |
+| 4/21/2021 | [Other security and threat protection APIs](/microsoft-365/security/defender/api-articles?view=o365-21vianet) | modified |
+| 4/21/2021 | [Common Microsoft 365 Defender REST API error codes](/microsoft-365/security/defender/api-error-codes?view=o365-21vianet) | modified |
+| 4/21/2021 | [List incidents API in Microsoft 365 Defender](/microsoft-365/security/defender/api-list-incidents?view=o365-21vianet) | modified |
+| 4/21/2021 | [Supported Microsoft 365 Defender APIs](/microsoft-365/security/defender/api-supported?view=o365-21vianet) | modified |
+| 4/21/2021 | [Configure Microsoft 365 Defender pillars for the trial lab or pilot environment](/microsoft-365/security/defender/config-m365d-eval?view=o365-21vianet) | modified |
+| 4/21/2021 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-21vianet) | modified |
+| 4/21/2021 | [Overview of custom detections in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detections-overview?view=o365-21vianet) | modified |
+| 4/21/2021 | [Custom roles for role-based access control](/microsoft-365/security/defender/custom-roles?view=o365-21vianet) | modified |
+| 4/21/2021 | [Deploy services supported by Microsoft 365 Defender](/microsoft-365/security/defender/deploy-supported-services?view=o365-21vianet) | modified |
+| 4/21/2021 | [Device profile in Microsoft 365 security portal](/microsoft-365/security/defender/device-profile?view=o365-21vianet) | modified |
+| 4/21/2021 | [Generate a test Microsoft 365 Defender alert](/microsoft-365/security/defender/generate-test-alert?view=o365-21vianet) | modified |
+| 4/21/2021 | [Frequently asked questions when turning on Microsoft 365 Defender](/microsoft-365/security/defender/m365d-enable-faq?view=o365-21vianet) | modified |
+| 4/21/2021 | [Turn on Microsoft 365 Defender in the Microsoft 365 security center](/microsoft-365/security/defender/m365d-enable?view=o365-21vianet) | modified |
+| 4/21/2021 | [Evaluate Microsoft 365 Defender](/microsoft-365/security/defender/m365d-evaluation?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage access to Microsoft 365 Defender data in the Microsoft 365 security center](/microsoft-365/security/defender/m365d-permissions?view=o365-21vianet) | modified |
+| 4/21/2021 | [Summarizing your pilot Microsoft 365 Defender project results](/microsoft-365/security/defender/m365d-pilot-close?view=o365-21vianet) | modified |
+| 4/21/2021 | [Planning your pilot Microsoft 365 Defender project](/microsoft-365/security/defender/m365d-pilot-plan?view=o365-21vianet) | modified |
+| 4/21/2021 | [Run your Microsoft 365 Defender attack simulations](/microsoft-365/security/defender/m365d-pilot-simulate?view=o365-21vianet) | modified |
+| 4/21/2021 | [Run your pilot Microsoft 365 Defender project](/microsoft-365/security/defender/m365d-pilot?view=o365-21vianet) | modified |
+| 4/21/2021 | [Set the time zone for Microsoft 365 Defender features](/microsoft-365/security/defender/m365d-time-zone?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Endpoint in the Microsoft 365 security center](/microsoft-365/security/defender/microsoft-365-security-center-mde?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft Defender for Office 365 in the Microsoft 365 security center](/microsoft-365/security/defender/microsoft-365-security-center-mdo?view=o365-21vianet) | modified |
+| 4/21/2021 | [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-21vianet) | modified |
+| 4/21/2021 | [Provide managed security service provider (MSSP) access](/microsoft-365/security/defender/mssp-access?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft security portals and admin centers](/microsoft-365/security/defender/portals?view=o365-21vianet) | modified |
+| 4/21/2021 | [Prepare your Microsoft 365 Defender trial lab environment](/microsoft-365/security/defender/prepare-m365d-eval?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft 365 Defender prerequisites](/microsoft-365/security/defender/prerequisites?view=o365-21vianet) | modified |
+| 4/21/2021 | [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-21vianet) | modified |
+| 4/21/2021 | [Top scoring in industry tests - Microsoft 365 Defender](/microsoft-365/security/defender/top-scoring-industry-tests?view=o365-21vianet) | modified |
+| 4/21/2021 | [Troubleshoot Microsoft 365 Defender service issues](/microsoft-365/security/defender/troubleshoot?view=o365-21vianet) | modified |
+| 4/21/2021 | [What's new in Microsoft 365 Defender](/microsoft-365/security/defender/whats-new?view=o365-21vianet) | modified |
+| 4/21/2021 | [Address compromised user accounts with automated investigation and response](/microsoft-365/security/office-365-security/address-compromised-users-quickly?view=o365-21vianet) | modified |
+| 4/21/2021 | [Custom reporting solutions with automated investigation and response](/microsoft-365/security/office-365-security/air-custom-reporting?view=o365-21vianet) | modified |
+| 4/21/2021 | [Remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-remediation-actions?view=o365-21vianet) | modified |
+| 4/21/2021 | [Review and manage remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions?view=o365-21vianet) | modified |
+| 4/21/2021 | [View the results of an automated investigation in Microsoft 365](/microsoft-365/security/office-365-security/air-view-investigation-results?view=o365-21vianet) | modified |
+| 4/21/2021 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
+| 4/21/2021 | [Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint](/microsoft-365/security/office-365-security/integrate-office-365-ti-with-mde?view=o365-21vianet) | modified |
+| 4/21/2021 | [Investigate malicious email that was delivered in Office 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
+| 4/21/2021 | [The Microsoft Defender for Office 365 (MDO) email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
+| 4/21/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 4/21/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 4/21/2021 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
+| 4/21/2021 | [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365?view=o365-21vianet) | modified |
+| 4/21/2021 | [Top 12 tasks for security teams to support working from home](/microsoft-365/security/top-security-tasks-for-remote-work?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft 365 infographics for users](/microsoft-365/solutions/infographics-for-users?view=o365-21vianet) | added |
+| 4/21/2021 | [Microsoft 365 Reports in the admin center - Microsoft 365 groups](/microsoft-365/admin/activity-reports/office-365-groups-ww?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft 365 Reports in the admin center - Microsoft 365 groups](/microsoft-365/admin/activity-reports/office-365-groups?view=o365-21vianet) | modified |
+| 4/21/2021 | Buy or try subscriptions for Office 365 operated by 21Vianet | removed |
+| 4/21/2021 | View your bill or get a Fapiao in Office 365 operated by 21Vianet | removed |
+| 4/21/2021 | [Online meetings overview](/microsoft-365/business-video/overview-online-meetings?view=o365-21vianet) | modified |
+| 4/21/2021 | [Enable domain-joined Windows 10 devices to be managed by Microsoft 365 for business](/microsoft-365/business/manage-windows-devices?view=o365-21vianet) | modified |
+| 4/21/2021 | [View your bill or invoice](/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice?view=o365-21vianet) | modified |
+| 4/21/2021 | Switch Microsoft 365 for business plans manually | removed |
+| 4/21/2021 | Switch to a different Microsoft 365 for business plan | removed |
+| 4/21/2021 | [Upgrade to a different business plan](/microsoft-365/commerce/subscriptions/upgrade-to-different-plan?view=o365-21vianet) | modified |
+| 4/21/2021 | Why can't I switch Microsoft 365 for business plans? | removed |
+| 4/21/2021 | [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365?view=o365-21vianet) | modified |
+| 4/21/2021 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
+| 4/21/2021 | [Use a PowerShell script to search the audit log](/microsoft-365/compliance/audit-log-search-script?view=o365-21vianet) | modified |
+| 4/21/2021 | [Delete items in the Recoverable Items folder of cloud mailbox's on hold](/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-21vianet) | modified |
+| 4/21/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
+| 4/21/2021 | [Insider risk management Content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/21/2021 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/21/2021 | [Get incident notifications by email in Microsoft 365 Defender](/microsoft-365/security/defender/get-incident-notifications?view=o365-21vianet) | modified |
+| 4/21/2021 | [Prioritize incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incident-queue?view=o365-21vianet) | modified |
+| 4/21/2021 | [Incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 4/21/2021 | [Analyze alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |
+| 4/21/2021 | [Analyze incidents in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-incidents?view=o365-21vianet) | modified |
+| 4/21/2021 | [Analyze users in Microsoft 365 security center](/microsoft-365/security/defender/investigate-users?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage incidents in Microsoft 365 Defender](/microsoft-365/security/defender/manage-incidents?view=o365-21vianet) | modified |
+| 4/21/2021 | [Microsoft 365 security center overview, combining MDO, MDE, MDI, and MCAS](/microsoft-365/security/defender/overview-security-center?view=o365-21vianet) | modified |
+| 4/21/2021 | [Recommended Microsoft Cloud App Security policies for SaaS apps - Microsoft 365 Enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/mcas-saas-access-policies?view=o365-21vianet) | modified |
+| 4/21/2021 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
+| 4/21/2021 | [Manage multiple tenants](/microsoft-365/admin/multi-tenant/manage?view=o365-21vianet) | modified |
+| 4/22/2021 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
+| 4/22/2021 | [Advanced hunting query best practices in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-best-practices?view=o365-21vianet) | modified |
+| 4/22/2021 | [Handle errors in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-errors?view=o365-21vianet) | modified |
+| 4/22/2021 | [Extend advanced hunting coverage with the right settings](/microsoft-365/security/defender/advanced-hunting-extend-data?view=o365-21vianet) | modified |
+| 4/22/2021 | [Get relevant info about an entity with go hunt](/microsoft-365/security/defender/advanced-hunting-go-hunt?view=o365-21vianet) | modified |
+| 4/22/2021 | [Learn the advanced hunting query language in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-language?view=o365-21vianet) | modified |
+| 4/22/2021 | [Work with advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-results?view=o365-21vianet) | modified |
+| 4/22/2021 | [Use shared queries in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-shared-queries?view=o365-21vianet) | modified |
+| 4/22/2021 | [Take action on advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-take-action?view=o365-21vianet) | modified |
+| 4/22/2021 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-21vianet) | modified |
+| 4/22/2021 | [Overview of custom detections in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detections-overview?view=o365-21vianet) | modified |
+| 4/22/2021 | [Common identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |
+| 4/22/2021 | [Prerequisite work for implementing identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-prerequisites?view=o365-21vianet) | modified |
+| 4/22/2021 | [Identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-21vianet) | modified |
+| 4/22/2021 | [Enable Microsoft 365 usage analytics](/microsoft-365/admin/usage-analytics/enable-usage-analytics?view=o365-21vianet) | modified |
+| 4/22/2021 | [Insider risk management Content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-21vianet) | modified |
+| 4/22/2021 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
+| 4/22/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/22/2021 | [Plan for Microsoft Viva Topics](/microsoft-365/knowledge/plan-topic-experiences) | modified |
+| 4/22/2021 | [Prerequisites for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/prerequisites?view=o365-21vianet) | modified |
+| 4/22/2021 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |
+| 4/22/2021 | [Microsoft Defender for Endpoint for non-Windows platforms](/microsoft-365/security/defender-endpoint/non-windows?view=o365-21vianet) | modified |
+| 4/22/2021 | [Analyze users in Microsoft 365 security center](/microsoft-365/security/defender/investigate-users?view=o365-21vianet) | modified |
+| 4/23/2021 | [Create, report on, and delete multiple Content Searches](/microsoft-365/compliance/create-report-on-and-delete-multiple-content-searches?view=o365-21vianet) | modified |
+| 4/23/2021 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
+| 4/23/2021 | [Restrict access to content using sensitivity labels to apply encryption](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |
+| 4/23/2021 | [Export Content Search results](/microsoft-365/compliance/export-search-results?view=o365-21vianet) | modified |
+| 4/23/2021 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-21vianet) | modified |
+| 4/23/2021 | [Set up a connector to import physical badging data](/microsoft-365/compliance/import-physical-badging-data?view=o365-21vianet) | modified |
+| 4/23/2021 | [Investigating partially indexed items in eDiscovery](/microsoft-365/compliance/investigating-partially-indexed-items-in-ediscovery?view=o365-21vianet) | modified |
+| 4/23/2021 | [Partially indexed items in Content Search and other eDiscovery tools](/microsoft-365/compliance/partially-indexed-items-in-content-search?view=o365-21vianet) | modified |
+| 4/23/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/23/2021 | [Use Content Search for targeted collections](/microsoft-365/compliance/use-content-search-for-targeted-collections?view=o365-21vianet) | modified |
+| 4/23/2021 | [Set up SharePoint Syntex](/microsoft-365/contentunderstanding/set-up-content-understanding) | modified |
+| 4/23/2021 | [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-21vianet) | modified |
+| 4/23/2021 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
+| 4/23/2021 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 4/23/2021 | [Troubleshoot performance issues](/microsoft-365/security/defender-endpoint/troubleshoot-performance-issues?view=o365-21vianet) | modified |
+| 4/23/2021 | [Capabilities of Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/capabilities?view=o365-21vianet) | modified |
+| 4/23/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
+| 4/23/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 4/23/2021 | [Network connectivity in the Microsoft 365 Admin Center (preview)](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) | modified |
+| 4/23/2021 | [Create indicators for files](/microsoft-365/security/defender-endpoint/indicator-file?view=o365-21vianet) | modified |
+| 4/23/2021 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
+| 4/23/2021 | [Safety tips in email messages](/microsoft-365/security/office-365-security/safety-tips-in-office-365?view=o365-21vianet) | modified |
++ ## Week of April 12, 2021
| 3/26/2021 | [How these security recommendations affect your users](/microsoft-365/campaigns/m365-campaigns-users?view=o365-21vianet) | modified | | 3/26/2021 | [Setup overview for Microsoft 365 Business Premium](/microsoft-365/campaigns/microsoft-365-campaigns-setup-overview?view=o365-21vianet) | modified | | 3/26/2021 | [Manage self-service purchases (Admins)](/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins?view=o365-21vianet) | modified |--
-## Week of March 15, 2021
--
-| Published On |Topic title | Change |
-|||--|
-| 3/15/2021 | [Wipe a mobile device in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/wipe-mobile-device?view=o365-21vianet) | modified |
-| 3/15/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management alerts](/microsoft-365/compliance/insider-risk-management-alerts?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management audit log](/microsoft-365/compliance/insider-risk-management-audit-log?view=o365-21vianet) | added |
-| 3/15/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
-| 3/15/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management Content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-21vianet) | modified |
-| 3/15/2021 | [Plan for insider risk management](/microsoft-365/compliance/insider-risk-management-plan?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management in Microsoft 365](/microsoft-365/compliance/insider-risk-management-solution-overview?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management Users dashboard](/microsoft-365/compliance/insider-risk-management-users?view=o365-21vianet) | modified |
-| 3/15/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
-| 3/15/2021 | [Microsoft 365 tenant-to-tenant migrations](/microsoft-365/enterprise/microsoft-365-tenant-to-tenant-migrations?view=o365-21vianet) | modified |
-| 3/15/2021 | [Use the Page Diagnostics tool for SharePoint Online](/microsoft-365/enterprise/page-diagnostics-for-spo?view=o365-21vianet) | modified |
-| 3/15/2021 | [Anti-malware protection FAQ](/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-21vianet) | modified |
-| 3/15/2021 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |
-| 3/15/2021 | [Zero-hour auto purge (ZAP)](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-21vianet) | modified |
-| 3/15/2021 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
-| 3/15/2021 | [About the Microsoft 365 Admin mobile app](/microsoft-365/admin/admin-overview/admin-mobile-app?view=o365-21vianet) | modified |
-| 3/15/2021 | [Get started with the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | added |
-| 3/15/2021 | [Learn about the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-learn-about?view=o365-21vianet) | added |
-| 3/15/2021 | [Learn about the default data loss prevention policy in Microsoft Teams (preview)](/microsoft-365/compliance/dlp-teams-default-policy?view=o365-21vianet) | added |
-| 3/15/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 3/15/2021 | [Pre-work for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
-| 3/15/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
-| 3/15/2021 | [User submissions policy](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
-| 3/16/2021 | [Microsoft Productivity Score](/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) | modified |
-| 3/16/2021 | [Get started with the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | modified |
-| 3/16/2021 | [Define information barrier policies](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
-| 3/16/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
-| 3/16/2021 | [Insider risk solutions](/microsoft-365/compliance/insider-risk-solution-overview?view=o365-21vianet) | modified |
-| 3/16/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
-| 3/16/2021 | [Collection statistics and reports](/microsoft-365/compliance/collection-statistics-reports?view=o365-21vianet) | added |
-| 3/16/2021 | [Overview of collections in Advanced eDiscovery](/microsoft-365/compliance/collections-overview?view=o365-21vianet) | added |
-| 3/16/2021 | [Commit a draft collection to a review set](/microsoft-365/compliance/commit-draft-collection?view=o365-21vianet) | added |
-| 3/16/2021 | [Create a draft collection](/microsoft-365/compliance/create-draft-collection?view=o365-21vianet) | added |
-| 3/16/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
-| 3/16/2021 | [Review conversations in Advanced eDiscovery](/microsoft-365/compliance/conversation-review-sets?view=o365-21vianet) | modified |
-| 3/16/2021 | [Create and manage Advanced eDiscovery cases in Microsoft 365](/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case?view=o365-21vianet) | modified |
-| 3/16/2021 | [Customer Key for Microsoft 365 at the tenant level (public preview)](/microsoft-365/compliance/customer-key-tenant-level?view=o365-21vianet) | modified |
-| 3/16/2021 | [Manage holds in Advanced eDiscovery](/microsoft-365/compliance/managing-holds?view=o365-21vianet) | modified |
-| 3/16/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
-| 3/16/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 3/16/2021 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |
-| 3/16/2021 | [View keyword statistics for Content Search results](/microsoft-365/compliance/view-keyword-statistics-for-content-search?view=o365-21vianet) | modified |
-| 3/16/2021 | [Content stored in Exchange Online mailboxes](/microsoft-365/compliance/what-is-stored-in-exo-mailbox?view=o365-21vianet) | modified |
-| 3/16/2021 | [AD FS migration steps for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-adfs?view=o365-21vianet) | modified |
-| 3/16/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
-| 3/16/2021 | [What is collaboration governance?](/microsoft-365/solutions/collaboration-governance-overview?view=o365-21vianet) | modified |
-| 3/16/2021 | [Create a secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-21vianet) | modified |
-| 3/16/2021 | [Governing access in Microsoft 365 groups, Teams, and SharePoint](/microsoft-365/solutions/groups-teams-access-governance?view=o365-21vianet) | modified |
-| 3/16/2021 | [Compliance options for Microsoft 365 groups, Teams, and SharePoint collaboration](/microsoft-365/solutions/groups-teams-compliance-governance?view=o365-21vianet) | modified |
-| 3/16/2021 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
-| 3/17/2021 | [About registration numbers and under review notifications](/microsoft-365/commerce/about-registration-numbers?view=o365-21vianet) | modified |
-| 3/17/2021 | [Manage auto-claim policies](/microsoft-365/commerce/licenses/manage-auto-claim-policies?view=o365-21vianet) | modified |
-| 3/17/2021 | Advanced eDiscovery alignment with the EDRM | removed |
-| 3/17/2021 | [Create and manage Advanced eDiscovery cases in Microsoft 365](/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case?view=o365-21vianet) | modified |
-| 3/17/2021 | [eDiscovery solution series Data spillage scenario - Search and purge](/microsoft-365/compliance/data-spillage-scenariosearch-and-purge?view=o365-21vianet) | modified |
-| 3/17/2021 | [Set up Advanced eDiscovery in Microsoft 365](/microsoft-365/compliance/get-started-with-advanced-ediscovery?view=o365-21vianet) | modified |
-| 3/17/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
-| 3/17/2021 | [Search the audit log in the Security & Compliance Center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 3/17/2021 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-21vianet) | modified |
-| 3/17/2021 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |
-| 3/17/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
-| 3/17/2021 | [Learn about retention for SharePoint and OneDrive](/microsoft-365/compliance/retention-policies-sharepoint?view=o365-21vianet) | modified |
-| 3/17/2021 | [First-run experience with Autopilot and the Enrollment Status Page](/microsoft-365/managed-desktop/get-started/esp-first-run?view=o365-21vianet) | modified |
-| 3/17/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
-| 3/17/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
-| 3/17/2021 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) | modified |
-| 3/17/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
-| 3/17/2021 | [Manage Microsoft Rewards](/microsoft-365/admin/manage/manage-microsoft-rewards?view=o365-21vianet) | added |
-| 3/17/2021 | [Microsoft Bing News for Work](/microsoft-365/admin/misc/microsoft-bing-news-for-work?view=o365-21vianet) | added |
-| 3/17/2021 | [Get details about Basic Mobility and Security managed devices](/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices?view=o365-21vianet) | modified |
-| 3/17/2021 | Create DNS records at Bluehost for Microsoft | removed |
-| 3/17/2021 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |
-| 3/17/2021 | [Plan for Microsoft Viva Topics](/microsoft-365/knowledge/plan-topic-experiences) | modified |
-| 3/17/2021 | [Set up Microsoft Viva Topics](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
-| 3/18/2021 | [Create retention labels and apply them in apps to retain or delete content](/microsoft-365/compliance/create-apply-retention-labels?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
-| 3/18/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
-| 3/18/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Certificate-based Authentication](/microsoft-365/enterprise/microsoft-365-client-support-certificate-based-authentication?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Conditional Access](/microsoft-365/enterprise/microsoft-365-client-support-conditional-access?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Multi-factor authentication](/microsoft-365/enterprise/microsoft-365-client-support-multi-factor-authentication?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Single Sign-On](/microsoft-365/enterprise/microsoft-365-client-support-single-sign-on?view=o365-21vianet) | modified |
-| 3/18/2021 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-21vianet) | modified |
-| 3/18/2021 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create an app to access Microsoft 365 Defender without a user](/microsoft-365/security/mtp/api-create-app-web?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft cloud architecture models - enterprise resource planning](/microsoft-365/solutions/cloud-architecture-models?view=o365-21vianet) | modified |
-| 3/18/2021 | [Use file plan to manage retention labels throughout the content lifecycle](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |
-| 3/18/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
-| 3/18/2021 | [Steps to configure threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection-configure?view=o365-21vianet) | modified |
-| 3/18/2021 | [Deploy threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 solution and architecture center # < 60 chars](/microsoft-365/solutions/index?view=o365-21vianet) | modified |
-| 3/18/2021 | [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-21vianet) | modified |
-| 3/18/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
-| 3/18/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
-| 3/19/2021 | [Create DNS records at 123-reg.co.uk for Microsoft](/microsoft-365/admin/dns/create-dns-records-at-123-reg-co-uk?view=o365-21vianet) | modified |
-| 3/19/2021 | [Define mail flow rules to encrypt email messages](/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-21vianet) | modified |
-| 3/19/2021 | [Double Key Encryption (DKE)](/microsoft-365/compliance/double-key-encryption?view=o365-21vianet) | modified |
-| 3/19/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
-| 3/19/2021 | [Microsoft Viva Topics security trimming](/microsoft-365/knowledge/topic-experiences-security-trimming) | modified |
managed-desktop Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/apps.md
audience: Admin
Microsoft includes certain key apps along with the Microsoft 365 E3 or E5 license needed to participate in Microsoft Managed Desktop. However, even though we provide these apps, you still have certain responsibilities and actions to complete.
-You can also deploy additional non-Microsoft apps to your users for self-service through the Company Portal or a required background installation, all using Microsoft IntuneΓÇÖs deployment pipeline. If you have the expertise, you can migrate those apps you need yourself; alternatively, Microsoft Consulting Services (MCS) or non-Microsoft vendors will be happy to help you with a packaging and migration project. For more information about working with MCS, see [Working with Microsoft Consulting Services](apps-MCS.md).
-
+You can also deploy additional non-Microsoft apps to your users for self-service through the Company Portal or a required background installation, all using Microsoft IntuneΓÇÖs deployment pipeline.
## Apps provided by Microsoft
There are still certain things you need to do with these apps:
## Apps you provide
-You probably have other apps you need for your business operations. These apps can only be deployed to Microsoft Managed Desktop devices by using Microsoft IntuneΓÇÖs deployment pipeline. If the app needs it you can have them packaged by a vendor (which could be a non-Microsoft vendor or Microsoft Consulting Services (MCS)) or if you have the means, you can package them yourself. You then add these packages to the Microsoft Managed Desktop portal and assign them to Azure Active Directory groups to trigger the deployment.
-
-If you currently deploy your apps by using Microsoft Endpoint Configuration Manager, Microsoft Managed Desktop can provide you with a query to assess your apps and discover which ones are ready for to migrate to Microsoft Intune and which ones might require some adjustment.
-
+You probably have other apps you need for your business operations. These apps can only be deployed to Microsoft Managed Desktop devices by using Microsoft IntuneΓÇÖs deployment pipeline. For more information about application deployment follow the steps in [Deploy apps to Microsoft Managed Desktop devices](../get-started/deploy-apps.md).
### Preparing your own apps for inclusion in Microsoft Managed Desktop Review your apps, checking:
Review your apps, checking:
- Apps must be ready for management by Microsoft Intune. For more about this topic, see [Windows 10 app deployment using Microsoft Intune](/intune/apps-windows-10-app-deploy) and [Add apps to Microsoft Intune](/intune/apps-add). - Other pre-packaging requirements such as providing license keys, agreement with license terms, and pre-setting server connections.
-### Decide how to package apps
-
-Some independent software publishers might require that your apps are packaged before they are centrally deployed. ΓÇ£PackagingΓÇ¥ means that the appΓÇÖs installer is configured with settings like license keys, remote server locations, or desktop shortcuts so that the app can be installed in the background.
-
-There are three options to get your apps packaged:
---- You can package apps yourself-- You can work with a non-Microsoft vendor-- You can engage with MCS to package your apps. Work with your Microsoft account representative. For more information, see [Working with Microsoft Consulting Services](apps-MCS.md).---
-## Deploying apps
-
-Whatever method you use to get apps packaged, once that is complete, you're ready to follow the steps in [Deploy apps to Microsoft Managed Desktop devices](../get-started/deploy-apps.md).
-- ## Steps to get ready 1. Review [Prerequisites for Microsoft Managed Desktop](prerequisites.md).
managed-desktop Localization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/localization.md
If you are reusing existing devices, you might need to work with your Microsoft
The [universal image](../service-description/device-images.md#universal-image) provided by Microsoft Managed Desktop includes these languages and for Windows 10:
+- Arabic
+- Bulgarian
+- Chinese Simplified
+- Chinese Traditional
+- Croatian
+- Czech
+- Danish
+- Dutch
- English (US, GB, AU, CA, IN)-- Spanish (Spain, Mexico)-- Japanese
+- Estonian
+- Finnish
- French (France, Canada) - German-- Portuguese (Brazil)
+- Greek
+- Hebrew
+- Hungarian
+- Indonesian
- Italian-- Chinese Simplified-- Dutch -- Swedish-- Danish -- Finnish -- Russian -- Norwegian (Bokmal)
+- Japanese
- Korean-- Chinese Traditional
+- Latvian
+- Lithuanian
+- Norwegian (Bokmål)
- Polish-- Turkish-- Arabic-- Hebrew
+- Portuguese (Brazil)
- Portuguese (Portugal)-- Czech-- Hungarian-- Thai-- Indonesian-- Greek-- Slovak-- Vietnamese-- Slovenian-- Croatian - Romanian-- Lithuanian-- Bulgarian
+- Russian
- Serbian (Latin alphabet)-- Latvian
+- Slovak
+- Slovenian
+- Spanish (Spain, Mexico)
+- Swedish
+- Thai
+- Turkish
- Ukrainian-- Estonian
+- Vietnamese
Microsoft 365 Apps for Enterprise might support a slightly different list.
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
#### [Group Policy Objects](manage-atp-post-migration-group-policy-objects.md) #### [PowerShell, WMI, and MPCmdRun.exe](manage-atp-post-migration-other-tools.md)
-## [Security administration]()
+
+## [Configure and onboard devices]()
+### [Microsoft Defender for Endpoint on Windows and Windows Server]()
+#### [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md)
+#### [Onboard previous versions of Windows](onboard-downlevel.md)
+#### [Onboard Windows 10 devices]()
+##### [Onboarding tools and methods](configure-endpoints.md)
+##### [Onboard devices using Group Policy](configure-endpoints-gp.md)
+##### [Onboard devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
+##### [Onboard devices using Mobile Device Management tools](configure-endpoints-mdm.md)
+##### [Onboard devices using a local script](configure-endpoints-script.md)
+##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
+##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](Onboard-Windows-10-multi-session-device.md)
+#### [Onboard Windows servers](configure-server-endpoints.md)
+
+#### [Onboard devices without Internet access](onboard-offline-machines.md)
+#### [Run a detection test on a newly onboarded device](run-detection-test.md)
+#### [Run simulated attacks on devices](attack-simulations.md)
+#### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
+#### [Create an onboarding or offboarding notification rule](onboarding-notification.md)
+
+### [Microsoft Defender for Endpoint on other Operating Systems]()
+#### [Onboard non-Windows devices](configure-endpoints-non-windows.md)
+
+#### [Microsoft Defender for Endpoint on macOS]()
+##### [Overview of Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
+##### [What's New](mac-whatsnew.md)
+
+##### [Deploy]()
+###### [Microsoft Intune-based deployment](mac-install-with-intune.md)
+###### [JAMF Pro-based deployment]()
+####### [Deploying Microsoft Defender for Endpoint on macOS using Jamf Pro](mac-install-with-jamf.md)
+####### [Login to Jamf Pro](mac-install-jamfpro-login.md)
+####### [Set up device groups](mac-jamfpro-device-groups.md)
+####### [Set up policies](mac-jamfpro-policies.md)
+####### [Enroll devices](mac-jamfpro-enroll-devices.md)
+
+###### [Deployment with a different Mobile Device Management (MDM) system](mac-install-with-other-mdm.md)
+###### [Manual deployment](mac-install-manually.md)
+##### [Update](mac-updates.md)
+
+##### [Configure]()
+###### [Configure and validate exclusions](mac-exclusions.md)
+###### [Set preferences](mac-preferences.md)
+###### [Detect and block Potentially Unwanted Applications](mac-pua.md)
+###### [Device control]()
+####### [Device control overview](mac-device-control-overview.md)
+####### [JAMF examples](mac-device-control-jamf.md)
+####### [Intune examples](mac-device-control-intune.md)
+###### [Schedule scans](mac-schedule-scan.md)
+
+##### [Troubleshoot]()
+###### [Troubleshoot installation issues](mac-support-install.md)
+###### [Troubleshoot performance issues](mac-support-perf.md)
+###### [Troubleshoot cloud connectivity](troubleshoot-cloud-connect-mdemac.md)
+###### [Troubleshoot kernel extension issues](mac-support-kext.md)
+###### [Troubleshoot license issues](mac-support-license.md)
+
+##### [Privacy](mac-privacy.md)
+##### [Resources](mac-resources.md)
++
+#### [Microsoft Defender for Endpoint on iOS]()
+##### [Overview of Microsoft Defender for Endpoint on iOS](microsoft-defender-endpoint-ios.md)
+##### [What's New](ios-whatsnew.md)
+
+##### [Deploy]()
+###### [Deploy Microsoft Defender for Endpoint on iOS via Intune](ios-install.md)
+
+##### [Configure]()
+###### [Configure iOS features](ios-configure-features.md)
+##### [Privacy](ios-privacy.md)
+
+
+#### [Microsoft Defender for Endpoint on Linux]()
+##### [Overview of Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+##### [What's New](linux-whatsnew.md)
+##### [Deploy]()
+###### [Manual deployment](linux-install-manually.md)
+###### [Puppet based deployment](linux-install-with-puppet.md)
+###### [Ansible based deployment](linux-install-with-ansible.md)
+
+##### [Update](linux-updates.md)
+
+##### [Configure]()
+###### [Configure and validate exclusions](linux-exclusions.md)
+###### [Static proxy configuration](linux-static-proxy-configuration.md)
+###### [Set preferences](linux-preferences.md)
+###### [Detect and block Potentially Unwanted Applications](linux-pua.md)
+###### [Schedule scans with Microsoft Defender for Endpoint on Linux](linux-schedule-scan-atp.md)
+###### [Schedule an update of the Microsoft Defender for Endpoint (Linux)](linux-update-MDE-Linux.md)
+###### [Deploy Defender for Endpoint on Linux with Chef](linux-deploy-defender-for-endpoint-with-chef.md)
+
+##### [Troubleshoot]()
+###### [Troubleshoot installation issues](linux-support-install.md)
+###### [Troubleshoot cloud connectivity issues](linux-support-connectivity.md)
+###### [Troubleshoot performance issues](linux-support-perf.md)
+###### [Troubleshoot missing events issues](linux-support-events.md)
+
+##### [Privacy](linux-privacy.md)
+##### [Resources](linux-resources.md)
+
+#### [Microsoft Defender for Endpoint on Android]()
+##### [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md)
+
+##### [Deploy]()
+###### [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md)
+
+##### [Configure]()
+###### [Configure Microsoft Defender for Endpoint on Android features](android-configure.md)
+
+##### [Privacy]()
+###### [Microsoft Defender for Endpoint on Android - Privacy information](android-privacy.md)
+
+##### [Troubleshoot]()
+###### [Troubleshoot issues](android-support-signin.md)
+
+### [Troubleshoot onboarding issues]()
+#### [Troubleshoot issues during onboarding](troubleshoot-onboarding.md)
+#### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
++++
+### [Configure portal settings]()
+#### [Set up preferences](preferences-setup.md)
+#### [General]()
+##### [Verify data storage location and update data retention settings](data-retention-settings.md)
+##### [Configure alert notifications](configure-email-notifications.md)
+##### [Configure advanced features](advanced-features.md)
+
+#### [Permissions]()
+##### [Use basic permissions to access the portal](basic-permissions.md)
+##### [Manage portal access using RBAC](rbac.md)
+###### [Create and manage roles](user-roles.md)
+###### [Create and manage device groups](machine-groups.md)
+###### [Create and manage device tags](machine-tags.md)
+
+#### [Rules]()
+##### [Manage suppression rules](manage-suppression-rules.md)
+##### [Create indicators](manage-indicators.md)
+###### [Create indicators for files](indicator-file.md)
+###### [Create indicators for IPs and URLs/domains](indicator-ip-domain.md)
+###### [Create indicators for certificates](indicator-certificates.md)
+###### [Manage indicators](indicator-manage.md)
+##### [Manage automation file uploads](manage-automation-file-uploads.md)
+##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
+
+#### [Device management]()
+##### [Onboarding devices](onboard-configure.md)
+##### [Offboarding devices](offboard-machines.md)
+##### [Ensure your devices are configured properly](configure-machines.md)
+##### [Monitor and increase device onboarding](configure-machines-onboarding.md)
+
+#### [Configure Microsoft Defender Security Center time zone settings](time-settings.md)
+
+## [Detect threats and protect endpoints]()
### [Threat & vulnerability management]() #### [Overview](next-gen-threat-and-vuln-mgt.md) #### [Get started]()
##### [Vulnerable devices report](tvm-vulnerable-devices-report.md) ##### [Hunt for exposed devices](tvm-hunt-exposed-devices.md)
+### [Device discovery]()
+#### [Device discovery overview](device-discovery.md)
+#### [Configure device discovery](configure-device-discovery.md)
+#### [Device discovery FAQ](device-discovery-faq.md)
+
+### [Network devices](network-devices.md)
+ ### [Attack surface reduction]() #### [Overview of attack surface reduction](overview-attack-surface-reduction.md) #### [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md)
##### [Customize attack surface reduction rules](customize-attack-surface-reduction.md) ##### [View attack surface reduction events](event-views.md)
+#### [Use audit mode](audit-windows-defender.md)
+ ### Next-generation protection #### [Overview of Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) #### [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server.md)
##### [Device Control reports](device-control-report.md) ##### [Control USB devices](control-usb-devices-using-intune.md)
-### [Device discovery]()
-#### [Device discovery overview](device-discovery.md)
-#### [Configure device discovery](configure-device-discovery.md)
-#### [Device discovery FAQ](device-discovery-faq.md)
+#### [Behavioral blocking and containment]()
+##### [Behavioral blocking and containment](behavioral-blocking-containment.md)
+##### [Client behavioral blocking](client-behavioral-blocking.md)
+##### [Feedback-loop blocking](feedback-loop-blocking.md)
-### [Network devices](network-devices.md)
-
-### [Microsoft Defender for Endpoint on macOS]()
-#### [Overview of Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
-#### [What's New](mac-whatsnew.md)
-
-#### [Deploy]()
-##### [Microsoft Intune-based deployment](mac-install-with-intune.md)
-##### [JAMF Pro-based deployment]()
-###### [Deploying Microsoft Defender for Endpoint on macOS using Jamf Pro](mac-install-with-jamf.md)
-###### [Login to Jamf Pro](mac-install-jamfpro-login.md)
-###### [Set up device groups](mac-jamfpro-device-groups.md)
-###### [Set up policies](mac-jamfpro-policies.md)
-###### [Enroll devices](mac-jamfpro-enroll-devices.md)
-
-##### [Deployment with a different Mobile Device Management (MDM) system](mac-install-with-other-mdm.md)
-##### [Manual deployment](mac-install-manually.md)
-#### [Update](mac-updates.md)
-
-#### [Configure]()
-##### [Configure and validate exclusions](mac-exclusions.md)
-##### [Set preferences](mac-preferences.md)
-##### [Detect and block Potentially Unwanted Applications](mac-pua.md)
-##### [Device control]()
-###### [Device control overview](mac-device-control-overview.md)
-###### [JAMF examples](mac-device-control-jamf.md)
-###### [Intune examples](mac-device-control-intune.md)
-##### [Schedule scans](mac-schedule-scan.md)
-
-#### [Troubleshoot]()
-##### [Troubleshoot installation issues](mac-support-install.md)
-##### [Troubleshoot performance issues](mac-support-perf.md)
-##### [Troubleshoot cloud connectivity](troubleshoot-cloud-connect-mdemac.md)
-##### [Troubleshoot kernel extension issues](mac-support-kext.md)
-##### [Troubleshoot license issues](mac-support-license.md)
-
-#### [Privacy](mac-privacy.md)
-#### [Resources](mac-resources.md)
-
-### [Microsoft Defender for Endpoint on iOS]()
-#### [Overview of Microsoft Defender for Endpoint on iOS](microsoft-defender-endpoint-ios.md)
-#### [What's New](ios-whatsnew.md)
-
-#### [Deploy]()
-##### [Deploy Microsoft Defender for Endpoint on iOS via Intune](ios-install.md)
-
-#### [Configure]()
-##### [Configure iOS features](ios-configure-features.md)
-#### [Privacy](ios-privacy.md)
--
-### [Microsoft Defender for Endpoint on Linux]()
-#### [Overview of Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
-#### [What's New](linux-whatsnew.md)
-#### [Deploy]()
-##### [Manual deployment](linux-install-manually.md)
-##### [Puppet based deployment](linux-install-with-puppet.md)
-##### [Ansible based deployment](linux-install-with-ansible.md)
-##### [Deploy Defender for Endpoint on Linux with Chef](linux-deploy-defender-for-endpoint-with-chef.md)
--
-#### [Update](linux-updates.md)
-
-#### [Configure]()
-##### [Configure and validate exclusions](linux-exclusions.md)
-##### [Static proxy configuration](linux-static-proxy-configuration.md)
-##### [Set preferences](linux-preferences.md)
-##### [Detect and block Potentially Unwanted Applications](linux-pua.md)
-##### [Schedule scans with Microsoft Defender for Endpoint on Linux](linux-schedule-scan-atp.md)
-##### [Schedule an update of the Microsoft Defender for Endpoint (Linux)](linux-update-MDE-Linux.md)
-
-#### [Troubleshoot]()
-##### [Troubleshoot installation issues](linux-support-install.md)
-##### [Troubleshoot cloud connectivity issues](linux-support-connectivity.md)
-##### [Troubleshoot performance issues](linux-support-perf.md)
-##### [Troubleshoot missing events issues](linux-support-events.md)
-
-#### [Privacy](linux-privacy.md)
-#### [Resources](linux-resources.md)
-
-### [Microsoft Defender for Endpoint on Android]()
-#### [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md)
-
-#### [Deploy]()
-##### [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md)
-
-#### [Configure]()
-##### [Configure Microsoft Defender for Endpoint on Android features](android-configure.md)
-
-#### [Privacy]()
-##### [Microsoft Defender for Endpoint on Android - Privacy information](android-privacy.md)
-
-#### [Troubleshoot]()
-##### [Troubleshoot issues](android-support-signin.md)
+### [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
-### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
+### [Manage device configuration]()
-## [Security operations]()
+#### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
+#### [Optimize attack surface reduction rule deployment and detections](configure-machines-asr.md)
+## [Investigate and respond to threats]()
### [Endpoint detection and response]() #### [Endpoint detection and response overview](overview-endpoint-detection-response.md) #### [Security operations dashboard](security-operations-dashboard.md)
##### [Threat protection reports](threat-protection-reports.md) #### [Device health and compliance reports](machine-reports.md)
-### [Behavioral blocking and containment]()
-#### [Behavioral blocking and containment](behavioral-blocking-containment.md)
-#### [Client behavioral blocking](client-behavioral-blocking.md)
-#### [Feedback-loop blocking](feedback-loop-blocking.md)
-#### [EDR in block mode](edr-in-block-mode.md)
-
-### [Automated investigation and response (AIR)]()
-#### [Overview of AIR](automated-investigations.md)
-#### [Automation levels in AIR](automation-levels.md)
-#### [Configure AIR capabilities](configure-automated-investigations-remediation.md)
- ### [Advanced hunting]() #### [Advanced hunting overview](advanced-hunting-overview.md) #### [Understand the schema](advanced-hunting-schema-reference.md) #### [DeviceAlertEvents](advanced-hunting-devicealertevents-table.md)
-### [Microsoft Threat Experts](microsoft-threat-experts.md)
- ### [Threat analytics overview](threat-analytics.md) #### [Read the analyst report](threat-analytics-analyst-reports.md)
-## [How-to]()
-### [Onboard devices to the service]()
-#### [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md)
-#### [Onboard previous versions of Windows](onboard-downlevel.md)
-#### [Onboard Windows 10 devices]()
-##### [Onboarding tools and methods](configure-endpoints.md)
-##### [Onboard devices using Group Policy](configure-endpoints-gp.md)
-##### [Onboard devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
-##### [Onboard devices using Mobile Device Management tools](configure-endpoints-mdm.md)
-##### [Onboard devices using a local script](configure-endpoints-script.md)
-##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](Onboard-Windows-10-multi-session-device.md)
-#### [Onboard Windows servers](configure-server-endpoints.md)
-#### [Onboard non-Windows devices](configure-endpoints-non-windows.md)
-#### [Onboard devices without Internet access](onboard-offline-machines.md)
-#### [Run a detection test on a newly onboarded device](run-detection-test.md)
-#### [Run simulated attacks on devices](attack-simulations.md)
-#### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-#### [Create an onboarding or offboarding notification rule](onboarding-notification.md)
-
-#### [Troubleshoot onboarding issues]()
-##### [Troubleshoot issues during onboarding](troubleshoot-onboarding.md)
-##### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
-
-### [Manage device configuration]()
-#### [Ensure your devices are configured properly](configure-machines.md)
-#### [Monitor and increase device onboarding](configure-machines-onboarding.md)
-#### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
-#### [Optimize attack surface reduction rule deployment and detections](configure-machines-asr.md)
-
-### [Configure portal settings]()
-#### [Set up preferences](preferences-setup.md)
-#### [General]()
-##### [Verify data storage location and update data retention settings](data-retention-settings.md)
-##### [Configure alert notifications](configure-email-notifications.md)
-##### [Configure advanced features](advanced-features.md)
-
-#### [Permissions]()
-##### [Use basic permissions to access the portal](basic-permissions.md)
-##### [Manage portal access using RBAC](rbac.md)
-###### [Create and manage roles](user-roles.md)
-###### [Create and manage device groups](machine-groups.md)
-###### [Create and manage device tags](machine-tags.md)
+### [EDR in block mode](edr-in-block-mode.md)
-#### [Rules]()
-##### [Manage suppression rules](manage-suppression-rules.md)
-##### [Create indicators](manage-indicators.md)
-###### [Create indicators for files](indicator-file.md)
-###### [Create indicators for IPs and URLs/domains](indicator-ip-domain.md)
-###### [Create indicators for certificates](indicator-certificates.md)
-###### [Manage indicators](indicator-manage.md)
-##### [Manage automation file uploads](manage-automation-file-uploads.md)
-##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
+### [Automated investigation and response (AIR)]()
+#### [Overview of AIR](automated-investigations.md)
+#### [Automation levels in AIR](automation-levels.md)
+#### [Configure AIR capabilities](configure-automated-investigations-remediation.md)
-#### [Device management]()
-##### [Onboarding devices](onboard-configure.md)
-##### [Offboarding devices](offboard-machines.md)
+### [Microsoft Threat Experts]()
+#### [Microsoft Threat Experts overview](microsoft-threat-experts.md)
+#### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
-#### [Configure Microsoft Defender Security Center time zone settings](time-settings.md)
-### [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
+## Reference
### [Configure integration with other Microsoft solutions]() #### [Configure conditional access](configure-conditional-access.md) #### [Configure Microsoft Cloud App Security integration](microsoft-cloud-app-security-config.md)-
-### [Use audit mode](audit-windows-defender.md)
-
-## Reference
### [Management and APIs]() #### [Overview of management and APIs](management-apis.md) #### [API release notes](api-release-notes.md)
security Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md
Your organization's attack surface includes all the places where an attacker cou
Attack surface reduction rules target certain software behaviors, such as: - Launching executable files and scripts that attempt to download or run files;-- Running obfuscated or otherwise suspicious scripts; and
+- Running obfuscated or otherwise suspicious scripts; and
- Performing behaviors that apps don't usually initiate during normal day-to-day work. Such software behaviors are sometimes seen in legitimate applications; however, these behaviors are often considered risky because they are commonly abused by attackers through malware. Attack surface reduction rules can constrain risky behaviors and help keep your organization safe. For more information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
-## Assess rule impact before deployment
+## Assess rule impact before deployment
-You can assess how an attack surface reduction rule might affect your network by opening the security recommendation for that rule in [threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/#tvm).
+You can assess how an attack surface reduction rule might affect your network by opening the security recommendation for that rule in [threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/#tvm).
:::image type="content" source="images/asrrecommendation.png" alt-text="Security reco for attack surface reduction rule":::
Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduc
(**NEW**!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. When a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes.
-Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks.
+Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks.
### Requirements for warn mode to work Warn mode is supported on devices running the following versions of Windows:+ - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
-
+ Microsoft Defender Antivirus must be running with real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state). In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed.-- Minimum platform release requirement: `4.18.2008.9` +
+- Minimum platform release requirement: `4.18.2008.9`
- Minimum engine release requirement: `1.1.17400.5` For more information and to get your updates, see [Update for Microsoft Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform).
In addition, warn mode is not supported on devices running older versions of Win
Whenever an attack surface reduction rule is triggered, a notification is displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information.
-In addition, when certain attack surface reduction rules are triggered, alerts are generated.
+In addition, when certain attack surface reduction rules are triggered, alerts are generated.
Notifications and any alerts that are generated can be viewed in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and in the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)).
Notifications and any alerts that are generated can be viewed in the Microsoft D
You can use advanced hunting to view attack surface reduction events. To streamline the volume of incoming data, only unique processes for each hour are viewable with advanced hunting. The time of an attack surface reduction event is the first time that event is seen within the hour.
-For example, suppose that an attack surface reduction event occurs on 10 devices during the 2:00 PM hour. Suppose that the first event occurred at 2:15, and the last at 2:45. With advanced hunting, you'll see one instance of that event (even though it actually occurred on 10 devices), and its timestamp will be 2:15 PM.
+For example, suppose that an attack surface reduction event occurs on 10 devices during the 2:00 PM hour. Suppose that the first event occurred at 2:15, and the last at 2:45. With advanced hunting, you'll see one instance of that event (even though it actually occurred on 10 devices), and its timestamp will be 2:15 PM.
For more information about advanced hunting, see [Proactively hunt for threats with advanced hunting](advanced-hunting-overview.md). ## Attack surface reduction features across Windows versions You can set attack surface reduction rules for devices that are running any of the following editions and versions of Windows:+ - Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later - Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
You can review the Windows event log to view events generated by attack surface
You can create a custom view that filters events to only show the following events, all of which are related to controlled folder access:
-|Event ID | Description |
-|:|:|
-|5007 | Event when settings are changed |
-|1121 | Event when rule fires in Block-mode |
-|1122 | Event when rule fires in Audit-mode |
+|Event ID|Description|
+|||
+|5007|Event when settings are changed|
+|1121|Event when rule fires in Block-mode|
+|1122|Event when rule fires in Audit-mode|
+|
The "engine version" listed for attack surface reduction events in the event log, is generated by Defender for Endpoint, not by the operating system. Defender for Endpoint is integrated with Windows 10, so this feature works on all devices with Windows 10 installed. ## Attack surface reduction rules
-The following table and subsections describe each of the 15 attack surface reduction rules. The attack surface reduction rules are listed in alphabetical order, by rule name.
+The following table and subsections describe each of the 15 attack surface reduction rules. The attack surface reduction rules are listed in alphabetical order, by rule name.
If you are configuring attack surface reduction rules by using Group Policy or PowerShell, you'll need the GUIDs. On the other hand, if you use Microsoft Endpoint Manager or Microsoft Intune, you do not need the GUIDs. -
-| Rule name | GUID | File & folder exclusions | Minimum OS supported |
-|:--|:--:|:--|:--|
-|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | `01443614-cd74-433a-b99e-2ecdc07bfc25` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) |`26190899-1602-49e8-8b27-eb1d0a1ce869` |Supported |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater |
-|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
-|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater |
+|Rule name|GUID|File & folder exclusions|Minimum OS supported|
+||::|||
+|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes)|`7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes)|`D4F940AB-401B-4EFC-AADC-AD5F3C50688A`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem)|`9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail)|`BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion)|`01443614-cd74-433a-b99e-2ecdc07bfc25`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts)|`5BEB7EFE-FD9A-4556-801D-275E5FFC04CC`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content)|`D3E037E1-3EB8-44C8-A917-57927947596D`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content)|`3B576869-A4EC-4529-8536-B80A7769E899`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes)|`75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes)|`26190899-1602-49e8-8b27-eb1d0a1ce869`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription)|`e6db77e5-3df2-4cf1-b95a-636979351e5b`|Not supported|[Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater|
+|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands)|`d1e49aac-8f56-4280-b9ba-993a6d77406c`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb)|`b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros)|`92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware)|`c1db55ab-c21a-4637-bb3f-a12568109d35`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
+|
### Block Adobe Reader from creating child processes
This rule prevents attacks by blocking Adobe Reader from creating processes.
Through social engineering or exploits, malware can download and launch payloads, and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule blocks Office apps from creating child processes. Office apps include
Creating malicious child processes is a common malware strategy. Malware that abuse Office as a vector often run VBA macros and exploit code to download and attempt to run more payloads. However, some legitimate line-of-business applications might also generate child processes for benign purposes, such as spawning a command prompt or using PowerShell to configure registry settings.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
LSASS authenticates users who sign in on a Windows computer. Microsoft Defender
> In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that simply enumerates LSASS, but has no real impact in functionality, there is NO need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat. This rule was introduced in:+ - [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule blocks the following file types from launching from email opened withi
- Executable files (such as .exe, .dll, or .scr) - Script files (such as a PowerShell .ps, Visual Basic .vbs, or JavaScript .js file)
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
GUID: `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550`
> [!NOTE] > The rule **Block executable content from email client and webmail** has the following alternative descriptions, depending on which application you use:
+>
> - Intune (Configuration Profiles): Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions). > - Endpoint > - Group Policy: Block executable content from email client and webmail.
This rule blocks the following file types from launching unless they meet preval
Launching untrusted or unknown executable files can be risky, as it may not be initially clear if the files are malicious. > [!IMPORTANT]
-> You must [enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) to use this rule. <br/><br/> The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID `01443614-cd74-433a-b99e-2ecdc07bfc25` is owned by Microsoft and is not specified by admins. This rule uses cloud-delivered protection to update its trusted list regularly.
+> You must [enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) to use this rule.
+>
+> The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID `01443614-cd74-433a-b99e-2ecdc07bfc25` is owned by Microsoft and is not specified by admins. This rule uses cloud-delivered protection to update its trusted list regularly.
>
->You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.
+> You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.
+
+This rule was introduced in:
-This rule was introduced in:
- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule detects suspicious properties within an obfuscated script.
Script obfuscation is a common technique that both malware authors and legitimate applications use to hide intellectual property or decrease script loading times. Malware authors also use obfuscation to make malicious code harder to read, which prevents close scrutiny by humans and security software. This rule was introduced in:+ - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule prevents scripts from launching potentially malicious downloaded conte
Although not common, line-of-business applications sometimes use scripts to download and launch installers.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule prevents Office apps, including Word, Excel, and PowerPoint, from crea
Malware that abuses Office as a vector may attempt to break out of Office and save malicious components to disk. These malicious components would survive a computer reboot and persist on the system. Therefore, this rule defends against a common persistence technique.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
There are no known legitimate business purposes for using code injection.
This rule applies to Word, Excel, and PowerPoint.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule protects against social engineering attacks and prevents exploiting co
> [!NOTE] > This rule applies to Outlook and Outlook.com only.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule prevents malware from abusing WMI to attain persistence on a device.
Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) - [Windows Server 1903](https://docs.microsoft.com/windows-server/get-started-19/whats-new-in-windows-server-1903-1909)
This rule blocks processes created through [PsExec](https://docs.microsoft.com/s
> [!WARNING] > Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr) because this rule blocks WMI commands the Configuration Manager client uses to function correctly.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c`
With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include executable files (such as .exe, .dll, or .scr)
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
This rule prevents VBA macros from calling Win32 APIs.
Office VBA enables Win32 API calls. Malware can abuse this capability, such as [calling Win32 APIs to launch malicious shellcode](https://www.microsoft.com/security/blog/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/) without writing anything directly to disk. Most organizations don't rely on the ability to call Win32 APIs in their day-to-day functioning, even if they use macros in other ways. This rule was introduced in:+ - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
GUID: `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B`
### Use advanced protection against ransomware
-This rule provides an extra layer of protection against ransomware. It scans executable files entering the system to determine whether they're trustworthy. If the files closely resemble ransomware, this rule blocks them from running, unless they're in a trusted list or an exclusion list.
+This rule provides an extra layer of protection against ransomware. It uses both client and cloud heuristics to determine whether a file resembles ransomware. This rule does not block files that have one or more of the following characteristics:
+
+- The file has already been found to be unharmful in the Microsoft cloud.
+- The file is a valid signed file.
+- The file is prevalent enough to not be considered as ransomware.
+
+The rule tends to err on the side of caution to prevent ransomware.
> [!NOTE] > You must [enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) to use this rule.
-This rule was introduced in:
+This rule was introduced in:
+ - [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
security Advanced Hunting Deviceevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceevents-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from this table.
security Advanced Hunting Devicefilecertificateinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicefilecertificateinfo-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
The `DeviceFileCertificateInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
security Advanced Hunting Devicefileevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicefileevents-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
The `DeviceFileEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from this table.
security Advanced Hunting Deviceimageloadevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceimageloadevents-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Deviceinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceinfo-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Devicelogonevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicelogonevents-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Devicenetworkevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicenetworkevents-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Devicenetworkinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicenetworkinfo-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
For information on other tables in the advanced hunting schema, [see the advance
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine | | `NetworkAdapterName` | string | Name of the network adapter | | `MacAddress` | string | MAC address of the network adapter |
-| `NetworkAdapterType` | string | Network adapter type. For the possible values, refer to [this enumeration](/dotnet/api/system.net.networkinformation.networkinterfacetype?view=netframework-4.7.2) |
-| `NetworkAdapterStatus` | string | Operational status of the network adapter. For the possible values, refer to [this enumeration](/dotnet/api/system.net.networkinformation.operationalstatus?view=netframework-4.7.2) |
+| `NetworkAdapterType` | string | Network adapter type. For the possible values, refer to [this enumeration](/dotnet/api/system.net.networkinformation.networkinterfacetype) |
+| `NetworkAdapterStatus` | string | Operational status of the network adapter. For the possible values, refer to [this enumeration](/dotnet/api/system.net.networkinformation.operationalstatus) |
| `TunnelType` | string | Tunneling protocol, if the interface is used for this purpose, for example 6to4, Teredo, ISATAP, PPTP, SSTP, and SSH | | `ConnectedNetworks` | string | Networks that the adapter is connected to. Each JSON array contains the network name, category (public, private or domain), a description, and a flag indicating if it's connected publicly to the internet | | `DnsAddresses` | string | DNS server addresses in JSON array format |
security Advanced Hunting Deviceprocessevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceprocessevents-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Deviceregistryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceregistryevents-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
The `DeviceRegistryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from this table.
security Advanced Hunting Devicetvmsecureconfigurationassessment Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Devicetvmsecureconfigurationassessmentkb Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Devicetvmsoftwareinventory Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareinventory-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
>[!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
security Advanced Hunting Devicetvmsoftwareinventoryvulnerabilities Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
- Title: DeviceTvmSoftwareInventory table in the advanced hunting schema
-description: Learn about the inventory of software in your devices in the DeviceTvmSoftwareInventory table of the advanced hunting schema.
-keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
-search.product: eADQiWindows 10XVcnh
-ms.sitesec: library
-ms.pagetype: security
- - NOCSH
--
-localization_priority: Normal
--
- - M365-security-compliance
- - m365initiative-m365-defender
---
-# DeviceTvmSoftwareInventory
---
-**Applies to:**
-- Microsoft 365 Defender-
->[!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
--
-The `DeviceTvmSoftwareInventory` table in the advanced hunting schema contains the [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) inventory of software currently installed on devices in your network, including end of support information. You can, for instance, hunt for events involving devices that are installed with a currently vulnerable software version. Use this reference to construct queries that return information from the table.
-
->[!NOTE]
-> The `DeviceTvmSoftwareInventory` and `DeviceTvmSoftwareVulnerabilities` tables have replaced the `DeviceTvmSoftwareInventoryVulnerabilities` table. Together, the first two tables include more columns you can use to help inform your vulnerablity management activities or hunt for vulnerable devices.
-
-For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-schema-tables.md).
-
-| Column name | Data type | Description |
-|-|--|-|
-| `DeviceId` | string | Unique identifier for the machine in the service |
-| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
-| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
-| `OSVersion` | string | Version of the operating system running on the machine |
-| `OSArchitecture` | string | Architecture of the operating system running on the machine |
-| `SoftwareVendor` | string | Name of the software vendor |
-| `SoftwareName` | string | Name of the software product |
-| `SoftwareVersion` | string | Version number of the software product |
-| `EndOfSupportStatus` | string | Indicates the lifecycle stage of the software product relative to its specified end-of-support (EOS) or end-of-life (EOL) date |
-| `EndOfSupportDate` | string | End-of-support (EOS) or end-of-life (EOL) date of the software product |
---
-## Related topics
--- [Proactively hunt for threats](advanced-hunting-overview.md)-- [Learn the query language](advanced-hunting-query-language.md)-- [Use shared queries](advanced-hunting-shared-queries.md)-- [Hunt across devices, emails, apps, and identities](advanced-hunting-query-emails-devices.md)-- [Understand the schema](advanced-hunting-schema-tables.md)-- [Apply query best practices](advanced-hunting-best-practices.md)-- [Overview of Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
security Advanced Hunting Devicetvmsoftwarevulnerabilities Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
>[!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
security Advanced Hunting Devicetvmsoftwarevulnerabilitieskb Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
ms.technology: m365d
**Applies to:** - Microsoft 365 Defender
+- Microsoft Defender for Endpoint
security Advanced Hunting Schema Changes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-changes.md
Naming changes are automatically applied to queries that are saved in the securi
| `DeviceEvents` | `UsbDriveUnmount` | `UsbDriveUnmounted` | Customer feedback | | `DeviceEvents` | `WriteProcessMemoryApiCall` | `WriteToLsassProcessMemory` | Customer feedback |
+## March 2021
-
+The `DeviceTvmSoftwareInventoryVulnerabilities` table has been deprecated. Replacing it are the `DeviceTvmSoftwareInventory` and `DeviceTvmSoftwareVulnerabilities` tables.
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/preview.md
You'll know you have preview features turned on when you see that the **Turn on
The following features and enhancements are currently available on preview:
-### Improved Microsoft 365 security center
-The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. This is the new home to manage your security controls. [Learn what's new](./overview-security-center.md).
--- **[Microsoft 365 Defender threat analytics report](threat-analytics.md)** - Threat analytics helps you respond to and minimize the impact of active attacks. You can also learn about attack attempts blocked by Microsoft 365 Defender solutions and take preventive actions that mitigate the risk of further exposure and increase resiliency. As part of the unified security experience, threat analytics is now available for Microsoft Defender for Endpoint and Microsoft Defender for Office E5 license holders. - **[Microsoft 365 Defender APIs](api-overview.md)** - The top-level Microsoft 365 Defender APIs will enable you to automate workflows based on the shared incident and advanced hunting tables. - **[Take action in advanced hunting](advanced-hunting-take-action.md)**ΓÇöQuickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md). - **[In-portal schema reference](advanced-hunting-schema-tables.md#get-schema-information-in-the-security-center)**ΓÇöGet information about advanced hunting schema tables directly in the security center. In addition to table and column descriptions, this reference includes supported event types (`ActionType` values) and sample queries.-- **[DeviceFromIP() function](advanced-hunting-devicefromip-function.md)**ΓÇöGet information about which devices have been assigned a specific IP address or addresses at a given time range.
+- **[DeviceFromIP() function](advanced-hunting-devicefromip-function.md)**ΓÇöGet information about which devices have been assigned a specific IP address or addresses at a given time range.
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
RSS feed: Get notified when this page is updated by copying and pasting the foll
https://docs.microsoft.com/api/search/rss?search=%22Lists+the+new+features+and+functionality+in+Microsoft+365+defender%22&locale=en-us ```
+## April 2021
+- Improved Microsoft 365 security center <br> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. This is the new home to manage your security controls. [Learn what's new](./overview-security-center.md).
+
+- [Microsoft 365 Defender threat analytics report](threat-analytics.md)<br>
+ Threat analytics helps you respond to and minimize the impact of active attacks. You can also learn about attack attempts blocked by Microsoft 365 Defender solutions and take preventive actions that mitigate the risk of further exposure and increase resiliency. As part of the unified security experience, threat analytics is now available for Microsoft Defender for Endpoint and Microsoft Defender for Office E5 license holders.
+ ## March 2021 - [CloudAppEvents table](advanced-hunting-cloudappevents-table.md) <br>Find information about events in various cloud apps and services covered by Microsoft Cloud App Security. This table also includes information previously available in `AppFileEvents`. ## February 2021
security Threat Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer.md
Title: Threat Explorer and Real-time detections
+f1.keywords:
- NOCSH
audience: ITPro
localization_priority: Normal
+search.appverid:
- MET150 - MOE150 ms.assetid: 82ac9922-939c-41be-9c8a-7c75b0a4e27d-+ - M365-security-compliance - m365initiative-defender-office365 description: Use Explorer and Real-time detections in the Security &amp; Compliance Center to investigate and respond to threats efficiently.
ms.prod: m365-security
# Threat Explorer and Real-time detections - **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) If your organization has [Microsoft Defender for Office 365](defender-for-office-365.md), and you have the [necessary permissions](#required-licenses-and-permissions), you have either **Explorer** or **Real-time detections** (formerly *Real-time reports* ΓÇö [see what's new](#new-features-in-threat-explorer-and-real-time-detections)!). In the Security & Compliance Center, go to **Threat management**, and then choose **Explorer** _or_ **Real-time detections**.
+<br>
+
+****
|With Microsoft Defender for Office 365 Plan 2, you see:|With Microsoft Defender for Office 365 Plan 1, you see:| |||
With this report, you can:
## Improvements to Threat Hunting Experience ### Introduction of Alert ID for MDO alerts within Explorer/Real-time detections (Preview)+ Today, if you navigate from an alert to Threat Explorer, it opens a filtered view within the Explorer, with the view filtered by Alert policy ID (policy ID being a unique identifier for an Alert policy).
-We are making this integration more relevant by introducing the alert ID (see an example of alert ID below) in Threat Explorer and Real-time detections so that you see messages which are relevant to the specific alert, as well as a count of emails. You will also be able to see if a message was part of an alert, as well as navigate from that message to the specific alert.
+We are making this integration more relevant by introducing the alert ID (see an example of alert ID below) in Threat Explorer and Real-time detections so that you see messages which are relevant to the specific alert, as well as a count of emails. You will also be able to see if a message was part of an alert, as well as navigate from that message to the specific alert.
Alert ID is available within the URL when you are viewing an individual alert; an example being `https://protection.office.com/viewalerts?id=372c9b5b-a6c3-5847-fa00-08d8abb04ef1`.
Alert ID is available within the URL when you are viewing an individual alert; a
> [!div class="mx-imgBorder"] > ![Alert ID in details flyout](../../media/AlertID-DetailsFlyout.png)
-
-### Extending the Explorer (and Real-time detections) data retention and search limit for trial tenants from 7 to 30 days (Preview)
-As part of this change, you will be able to search for, and filter email data across 30 days (an increase from the previous 7 days) in Threat Explorer/Real-time detections for both Defender for Office P1 and P2 trial tenants.
-This does not impact any production tenants for both P1 and P2/E5 customers, which already has the 30 day data retention and search capabilities.
+### Extending the Explorer (and Real-time detections) data retention and search limit for trial tenants from 7 to 30 days (Preview)
+
+As part of this change, you will be able to search for, and filter email data across 30 days (an increase from the previous 7 days) in Threat Explorer/Real-time detections for both Defender for Office P1 and P2 trial tenants.
+This does not impact any production tenants for both P1 and P2/E5 customers, which already has the 30 day data retention and search capabilities.
+
+### Updated limits for Export of records for Threat Explorer (Preview)
-### Updated limits for Export of records for Threat Explorer (Preview)
As part of this update, the number of rows for Email records that can be exported from Threat Explorer is increased from 9990 to 200,000 records. The set of columns that can be exported currently will remain the same, but the number of rows will increase from the current limit. ### Tags in Threat Explorer
You can use tags as a filter. Hunt just across priority accounts or specific use
> ![Not filter tags](../../media/tags-filter-not.png) #### Email detail flyout+ To view the individual tags for sender and recipient, select the subject to open the message details flyout. On the **Summary** tab, the sender and recipient tags are shown separately, if they're present for an email. The information about individual tags for sender and recipient also extends to exported CSV data, where you can see these details in two separate columns.
The information about individual tags for sender and recipient also extends to e
Tags information is also shown in the URL clicks flyout. To view it, go to Phish or All Email view and then to the **URLs** or **URL Clicks** tab. Select an individual URL flyout to view additional details about clicks for that URL, including tags associated with that click. - ### Updated Timeline View > [!div class="mx-imgBorder"] > ![URL tags](../../media/tags-urls.png)
->
-Learn more by watching [this video](https://www.youtube.com/watch?v=UoVzN0lYbfY&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=4).
+>
+Learn more by watching [this video](https://www.youtube.com/watch?v=UoVzN0lYbfY&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=4).
## Improvements to the threat hunting experience (upcoming)
Currently, we surface delivery location in the email grid and email flyout. The
*Additional actions* were applied after delivery of the email. They can include *ZAP*, *manual remediation* (action taken by an Admin such as soft delete), *dynamic delivery*, and *reprocessed* (for an email that was retroactively detected as good). > [!NOTE]
+>
> - As part of the pending changes, the "Removed by ZAP" value currently surfaced in the Delivery Action filter is going away. You'll have a way to search for all email with the ZAP attempt through **Additional actions**. > > - There will be new fields and values for **Detection technologies** and **Additional actions** (especially for ZAP scenarios). You'll need to evaluate your existing saved queries and tracked queries to make sure they work with the new values.
The improvements include:
- Show the full clicked URL (including any query parameters that are part of the URL) in the **Clicks** section of the URL flyout. Currently, the URL domain and path appear in the title bar. We're extending that information to show the full URL. - Fixes across URL filters (*URL* versus *URL domain* versus *URL domain and path*): The updates affect searching for messages that contain a URL/click verdict. We enabled support for protocol-agnostic searches, so you can search for a URL without using `http`. By default, the URL search maps to http, unless another value is explicitly specified. For example:-
- - Search with and without the `http://` prefix in the **URL**, **URL Domain**, and **URL Domain and Path** filter fields. The searches should show the same results.
-
- - Search for the `https://` prefix in **URL**. When no value is specified, the `http://` prefix is assumed.
-
- - `/` is ignored at the beginning and end of the **URL path**, **URL Domain**, **URL domain and path** fields. `/` at the end of the **URL** field is ignored.
+ - Search with and without the `http://` prefix in the **URL**, **URL Domain**, and **URL Domain and Path** filter fields. The searches should show the same results.
+ - Search for the `https://` prefix in **URL**. When no value is specified, the `http://` prefix is assumed.
+ - `/` is ignored at the beginning and end of the **URL path**, **URL Domain**, **URL domain and path** fields. `/` at the end of the **URL** field is ignored.
### Phish confidence level
You'll be able to see both the GUID and the name of the transport rules that wer
> [!IMPORTANT] > ETR search and name availability depend on the specific role that's assigned to you. You need to have one of the following roles/permissions to view the ETR names and search. If you don't have any of these roles assigned to you, you can't see the names of the transport rules or search for messages by using ETR names. However, you could see the ETR label and GUID information in the Email Details. Other record-viewing experiences in Email Grids, Email flyouts, Filters, and Export are not affected.
->
+>
> - EXO Only - Data Loss Prevention: All > - EXO Only - O365SupportViewConfig: All > - Microsoft Azure Active Directory or EXO - Security Admin: All > - AAD or EXO - Security Reader: All > - EXO Only - Transport Rules: All > - EXO Only - View-Only Configuration: All
->
+>
> Within the email grid, Details flyout, and Exported CSV, the ETRs are presented with a Name/GUID as shown below.
->
+>
> > [!div class="mx-imgBorder"] > > ![Exchange Transport Rules](../../media/ETR_Details.png)
The search for connectors is "contains" in nature, which means partial keyword s
## New features in Threat Explorer and Real-time detections - [View phishing emails sent to impersonated users and domains](#view-phishing-emails-sent-to-impersonated-users-and-domains)-- [Preview email header and download email body](#preview-email-header-and-download-email-body)
+- [Preview email header and download email body](#preview-email-header-and-download-email-body)
- [Email timeline](#email-timeline) - [Export URL click data](#export-url-click-data)
This example uses Threat Explorer.
4. Select the Subject of any message under the Email tab > Details tab to see additional impersonation information like Impersonated Domain / Detected location.
- **OR**
+ **OR**
Select **Impersonated user** and type a protected user's email address in the textbox.
This example uses Threat Explorer.
:::image type="content" source="../../media/threat-ex-views-impersonated-user-image.png" alt-text="The Threat Explorer details pane for a protected user showing the detection location, and the threat that was detected (here phish impersonation of a user)."::: > [!NOTE]
-> In step 3 or 5, if you choose **Detection Technology** and select **Impersonation domain** or **Impersonation user** respectively, the information in the **Email tab** > **Details tab** about the user or domain, and the *Detected location* will be shown only on the messages that are related to the user or domain listed on the *Anti-Phishing policy* page.
+> In step 3 or 5, if you choose **Detection Technology** and select **Impersonation domain** or **Impersonation user** respectively, the information in the **Email tab** > **Details tab** about the user or domain, and the *Detected location* will be shown only on the messages that are related to the user or domain listed on the *Anti-Phishing policy* page.
### Preview email header and download email body
How is this done? Delivery status is now broken out into two columns:
*Delivery action* is the action taken on an email due to existing policies or detections. Here are the possible actions for an email:
+<br>
+
+****
+ |Delivered|Junked|Blocked|Replaced| ||||| |Email was delivered to the inbox or folder of a user, and the user can access it.|Email was sent to the user's Junk or Deleted folder, and the user can access it.|Emails that are quarantined, that failed, or were dropped. These mails are inaccessible to the user.|Email had malicious attachments replaced by .txt files that state the attachment was malicious.|
+|
Here is what the user can and can't see:
+<br>
+
+****
+ |Accessible to end users|Inaccessible to end users| ||| |Delivered|Blocked| |Junked|Replaced|
+|
**Delivery location** shows the results of policies and detections that run post-delivery. It's linked to ***Delivery action***. These are the possible values:
solutions Contoso Case Study Solutions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/contoso-case-study-solutions.md
f1.keywords: - NOCSH -+ Last updated 06/17/2020 audience: ITPro
solutions Contoso Remote Onsite Work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/contoso-remote-onsite-work.md
f1.keywords: - NOCSH -+ audience: ITPro
solutions Contoso Team For Top Secret Project https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/contoso-team-for-top-secret-project.md
f1.keywords:
- NOCSH -+ Last updated 08/14/2020 audience: ITPro
solutions Deploy Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/deploy-threat-protection.md
f1.keywords: NOCSH
This solution describes powerful threat protection capabilities across Microsoft 365 E5. Read this solution to get an overview of what's included, how it works, and how to get started deploying these capabilities in your organization.
-## Why protecting against threats is important
+## Why threat protection is important
[Malware](/windows/security/threat-protection/intelligence/understanding-malware), and sophisticated cyberattacks, such as [fileless threats](/windows/security/threat-protection/intelligence/fileless-threats), are a common occurrence. Businesses need to protect themselves and their customers with effective IT security capabilities. Cyberattacks can cause major problems for your organization, ranging from a loss of trust to financial woes, business-threatening downtime, and more. Protecting against threats is important, but it can be challenging to determine where to focus your organization's time, effort, and resources. Microsoft 365 E5 can help.
solutions Empower People To Work Remotely Manage Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints.md
f1.keywords:
- NOCSH -+ audience: ITPro ms.prod: microsoft-365-enterprise
solutions Empower People To Work Remotely Remote Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-remote-access.md
f1.keywords:
- NOCSH -+ audience: ITPro ms.prod: microsoft-365-enterprise
solutions Empower People To Work Remotely Secure Sign In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in.md
f1.keywords:
- NOCSH -+ audience: ITPro ms.prod: microsoft-365-enterprise
solutions Empower People To Work Remotely Security Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-security-compliance.md
f1.keywords:
- NOCSH -+ audience: ITPro ms.prod: microsoft-365-enterprise
solutions Empower People To Work Remotely Teams Productivity Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-teams-productivity-apps.md
f1.keywords:
- NOCSH -+ audience: ITPro ms.prod: microsoft-365-enterprise
solutions Empower People To Work Remotely Train Monitor Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-train-monitor-usage.md
f1.keywords:
- NOCSH -+ audience: ITPro ms.prod: microsoft-365-enterprise
solutions Empower People To Work Remotely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely.md
f1.keywords: - NOCSH -+ audience: ITPro ms.prod: microsoft-365-enterprise
solutions Productivity Illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md
f1.keywords: NOCSH
The Microsoft 365 enterprise solution series provides guidance for implementing Microsoft 365 capabilities, especially where capabilities cross technologies, including Teams architecture diagrams.
-### Microsoft Teams and related productivity services in Microsoft 365 for IT architects
+## Microsoft Teams and related productivity services in Microsoft 365 for IT architects
The logical architecture of productivity services in Microsoft 365, leading with Microsoft Teams. | Item | Description |
The logical architecture of productivity services in Microsoft 365, leading with
|[![Teams logical architecture poster](../downloads/msft-teams-logical-architecture-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) \| [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.vsdx) <br>Updated January 2021 |Microsoft provides a suite of productivity services that work together to provide collaboration experiences with data governance, security, and compliance capabilities. <br/> <br/>This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Microsoft Teams.|
-### Groups in Microsoft 365 for IT Architects
+## Groups in Microsoft 365 for IT Architects
This illustration includes information for IT architects about Microsoft 365 Groups. To learn about configuring and administering Microsoft 365 Groups and teams for collaboration in your organization, see [Set up secure collaboration with Microsoft 365](/microsoft-365/solutions/setup-secure-collaboration-with-teams) and [What is collaboration governance?](/microsoft-365/solutions/collaboration-governance-overview). | Item | Description | |:--|:--| |[![Thumb image for groups infographic](../downloads/msft-m365-groups-architecture-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-groups.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-groups.pdf) \| [Visio](https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/raw/live/Enterprise/downloads/msft-m365-groups.vsdx) <br> Updated May 2020|These illustrations detail the different types of groups, how these are created and managed, and a few governance recommendations.|
-### Microsoft 365 information protection and compliance capabilities
+## Migrate to Microsoft 365
+
+Microsoft provides tools to migrate your on-premises network file shares and SharePoint Server sites to Microsoft 365 with an emphasis
+on protecting and ensuring your content's security during migration. This set of illustrations demonstrates the various methods available
+to move your content to SharePoint, Teams, and OneDrive and how your data flows through the process.
+
+| Item | Description |
+|:--|:--|
+|[![Model poster: Migrate to Microsoft 365](../media/solutions-architecture-center/msft-migration-thumb.png)](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/Migration-posters-mm-spmt.pdf) <br/> [Download as a PDF](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/Migration-posters-mm-spmt.pdf) \| [Download as a Visio](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/Migration-posters-mm-spmt.vsdx) <br/> Updated March 2021 |Includes: <ul><li> File share migration</li><li>SharePoint Server migration </li> </ul><br> For more information, see [Migrate your content to Microsoft 365](/sharepointmigration/migrate-to-sharepoint-online).|
+
+## Microsoft 365 information protection and compliance capabilities
Microsoft 365 includes a broad set of information protection and compliance capabilities. Together with MicrosoftΓÇÖs productivity tools, these capabilities are designed to help organizations collaborate in real time while adhering to stringent regulatory compliance frameworks.
This set of illustrations uses one of the most regulated industries, financial s
|[![Model poster: Microsoft 365 information protection and compliance capabilities](../media/solutions-architecture-center/m365-compliance-illustrations-thumb.png)](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.pdf) <br/> English: [Download as a PDF](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.pdf) \| [Download as a Visio](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.vsdx) <br/> Japanese: [Download as a PDF](https://download.microsoft.com/download/6/f/1/6f1a7d0e-dd8e-442e-b073-8e94327ae4f8/m365-compliance-illustrations.pdf) \| [Download as a Visio](https://download.microsoft.com/download/6/f/1/6f1a7d0e-dd8e-442e-b073-8e94327ae4f8/m365-compliance-illustrations.vsdx) <br/> Updated November 2020|Includes: <ul><li> Microsoft information protection and data loss prevention</li><li>Retention policies and retention labels </li><li>Information barriers</li><li>Communication compliance</li><li>Insider risk</li><li>Third-party data ingestion</li>|
-### Security and Information Protection for Multi-Region Organizations
+## Security and Information Protection for Multi-Region Organizations
Security and information protection for multi-region organizations with a single Microsoft 365 tenant | Item | Description | |:--|:--| |[![Multi-region infographic](../media/solutions-architecture-center/multi-region-single-tenant-security-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-security-info-protect-multi-region.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-security-info-protect-multi-region.pdf) \| [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-security-info-protect-multi-region.vsdx)<br>Updated March 2020 |Using a single Microsoft 365 tenant for your global organization is the best choice and experience for many reasons. However, many architects wrestle with how to meet security and information protection objectives across different regions. This set of topics provides recommendations. |
-### Microsoft Defender for Endpoint deployment strategy
+## Microsoft Defender for Endpoint deployment strategy
Depending on your environment, some tools are better suited for certain architectures.
Depending on your environment, some tools are better suited for certain architec
<a name="BKMK_O365IDP"></a>
-### Identity and device protection for Microsoft 365
+## Identity and device protection for Microsoft 365
Recommended capabilities for protecting identities and devices that access Microsoft 365, other SaaS services, and on-premises applications published with Azure AD Application Proxy.
Recommended capabilities for protecting identities and devices that access Micro
|[![Model poster: Identity and device protection for Microsoft 365](../media/microsoft-365-policies-configurations/O365_Identity_device_protection_thumb.png)](../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) <br/> [View as a PDF](../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.vsdx) <br/> Updated September 2020|It's important to use consistent levels of protection across your data, identities, and devices. This model shows you which capabilities are comparable with more information on capabilities to protect identities and devices. <br/> | <a name="BKMK_ediscovery"></a>
-### Advanced eDiscovery architecture in Microsoft 365
+## Advanced eDiscovery architecture in Microsoft 365
Advanced eDiscovery end-to-end workflow and data flow, including within Microsoft 365 Multi-Geo environments.
Advanced eDiscovery end-to-end workflow and data flow, including within Microsof
-### Microsoft Telephony Solutions
+## Microsoft Telephony Solutions
Microsoft supports several options as you begin your journey to Teams in the Microsoft cloud. This poster helps you decide which Microsoft telephony solution (Phone System in the cloud or Enterprise Voice on-premises) is right for users in your organization, and how your organization can connect to the Public Switched Telephone Network (PSTN).
+| Item | Description |
+|:--|:--|
+|[![Microsoft Telephony Solutions poster](../media/solutions-architecture-center/microsoft-telephony-solutions-thumb.png)](https://download.microsoft.com/download/4/3/5/435cd4e9-ca56-4fd1-acb6-d1fda7952320/microsoft-voice-solutions.pdf) <br/> [PDF](https://download.microsoft.com/download/4/3/5/435cd4e9-ca56-4fd1-acb6-d1fda7952320/microsoft-voice-solutions.pdf) \| [Visio](https://download.microsoft.com/download/7/5/c/75c13012-e20c-48bd-a6dd-ea49d1a3420d/microsoft-voice-solutions.vsdx) <br/>Updated March 2021 | For more information, see [Plan your Teams voice solution](/microsoftteams/cloud-voice-landing-page).|
-[![Microsoft Telephony Solutions poster](../media/solutions-architecture-center/microsoft-telephony-solutions-thumb.png)](https://download.microsoft.com/download/4/3/5/435cd4e9-ca56-4fd1-acb6-d1fda7952320/microsoft-voice-solutions.pdf) <br/>
-[PDF](https://download.microsoft.com/download/4/3/5/435cd4e9-ca56-4fd1-acb6-d1fda7952320/microsoft-voice-solutions.pdf) | [Visio](https://download.microsoft.com/download/7/5/c/75c13012-e20c-48bd-a6dd-ea49d1a3420d/microsoft-voice-solutions.vsdx) <br>
-Updated January 2019
-
-For more information, see the article for this poster: [Microsoft Telephony Solutions](/SkypeForBusiness/hybrid/msft-telephony-solutions).
-### Empower remote workers
+## Empower remote workers
With Microsoft 365 and other Microsoft cloud technologies, you can provide your workers with secure access to your organization's on-premises and cloud-based information, tools, and resources from their homes.
Updated July 2020
For more information, see the article for this poster: [Empower remote workers with Microsoft 365](empower-people-to-work-remotely.md).
-### Microsoft Teams with security isolation
+## Microsoft Teams with security isolation
With Microsoft 365, you can configure a private team in Microsoft Teams and use SharePoint site security settings and a unique sensitivity label to encrypt files so that only team members can decrypt them.