-description: "Sign in with admin permissions to the Microsoft 365 admin center to set up your organization in the cloud, and manage users and subscriptions."

-# About the Microsoft 365 admin center

-**If you purchased a Microsoft 365 for business plan AND you have admin permissions, you have access to the admin center**. This article is for you!

-**If you are a user or have a Microsoft 365 Family plan, you do not have an admin center.** To set up Microsoft 365, go to [Download and install or reinstall Microsoft 365 or Office 2019 on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658).

-You use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to set up your organization in the cloud, manage users, manage subscriptions, and much more. In this article, learn how to get to the admin center and learn about available features and settings.

-Watch a short video about the admin center. <br><br>

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWfvDL]

-If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).

-## How to get to the admin center

-1. Sign in at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">admin.microsoft.com</a> with your admin account.

-2. Select the app launcher icon in the upper-left and choose **Admin**.

- The **Admin** tile appears only to people who have Microsoft 365 [admin permissions](../add-users/about-admin-roles.md). If you don't see the tile, then you don't have permissions to access the admin center for your organization.

-## Admin center features and settings

-Here are the features and settings you'll find in the left-hand navigation of the admin center. Learn more about admin tasks in [admin help](Overview of the Microsoft 365 admin center](admin-center-overview.md).

-<br>

-****

-|Menu|What it's for|

-|--|--|

-|**Home**|This is the landing page in the admin center. You'll see where to manage users, billing, service health, and reports.|

-|**Users**|Create and manage users in your organization, like employees or students. You can also set their permission level or reset their passwords.|

-|**Groups**|Create and manage groups in your organization, such as a Microsoft 365 group, distribution group, security group, or shared mailbox. Learn how to [create](../create-groups/create-groups.md) and [manage](../create-groups/manage-groups.md) groups.|

-|**Resources**|Create and manage resources, like a SharePoint site collection. Learn how to [create site collections](/sharepoint/create-site-collection).|

-|**Billing**|View, purchase, or cancel subscriptions for your organization. View past billing statements or view the number of assigned licenses to individual users. Learn how to [manage billing](../../commerce/index.yml).|

-|**Support**|View existing service requests or create new ones. Learn more in [Contact support for business products - Admin Help](../../business-video/get-help-support.md).|

-|**Settings**|Manage global settings for apps like email, sites, and the Office suite. Change your password policy and expiration date. Add and update domain names like contoso.com. Change your organization profile and release preferences. And choose whether partners can access your admin center.|

-|**Setup**|Manage existing domains, turn on and manage multi-factor authentication, manage admin access, migrate user mailboxes to Office 365, manage feature updates, and help users install their Office apps.|

-|**Reports**|See at a glance how your organization is using Microsoft 365 with detailed reports on email use, Office activations, and more. Learn how to use the new [activity reports](../activity-reports/activity-reports.md).|

-|**Health**|View health at a glance. You can also check out more details and the health history. See [How to check service health](../../enterprise/view-service-health.md) and [How to check Windows release health](/windows/deployment/update/check-release-health) for more information. <p>Use Message center to keep track of upcoming changes to features and services. We post announcements there with information that helps you plan for change and understand how it may affect users. Get more details in [Message center](../manage/message-center.md).|

-|**Admin centers**|Open separate admin centers for Exchange, Skype for Business, SharePoint, Yammer, and Azure AD. Each admin center includes all available settings for that service. <p> For example, in the Exchange admin center, set up and manage email, calendars, distribution groups, and more. In the SharePoint admin center, create and manage site collections, site settings, and OneDrive for Business. In the Skype for Business admin center, set up instant messaging notifications, dial-in conferencing, and online presence. <p> Learn more about the [Exchange admin center](/exchange/exchange-admin-center) and [SharePoint Admin Center](/sharepoint/sharepoint-online). <p> **Note:** The admin centers available to you depend on your plan and region.|

-|

-## Common tasks in the admin center

-## Related content

-[Microsoft 365 for business training videos](../../business-video/index.yml) (link page)

-1. Go to the [Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).

-1. Go to the [Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md).

-| 12/23/2019 | [About the Microsoft 365 admin center](/Office365/Admin/admin-overview/about-the-admin-center) | modified |

-| 1/10/2020 | [About the Microsoft 365 admin center](/Office365/Admin/admin-overview/about-the-admin-center) | modified |

-> You need a Microsoft 365 or Azure AD account to access your Message center through the [admin center](/office365/admin/admin-overview/about-the-admin-center). Microsoft 365 home plan users do not have an admin center.

-|**Message center** <br/> |Learn about official service announcements and feature changes. You can read these messages in the Microsoft 365 admin center, the admin mobile app, or receive a weekly digest in email. Share these messages with others in your organization when you see a message someone else should act on. You can also use the Service Communications API to retrieve messages. <br/> |Sign in to the [admin center](../admin-overview/about-the-admin-center.md) or [admin mobile app](../admin-overview/admin-mobile-app.md). Select **Health** \> **Message center**. Select a message to read or share. <br/> Change the services you see messages about or opt-in to the weekly digest by choosing **Edit preferences** in the admin center. This is also where you can opt-out of the weekly digest. <br/> [Overview of the Microsoft 365 Message center](message-center.md) <br/> |

-|**Targeted release** <br/> |Sign up for Targeted release for yourself and a select group of individuals at your organization. Get the latest Microsoft 365 updates before everyone else and then inform or train your users on the new experience. <br/> |Sign in to the [admin center](../admin-overview/about-the-admin-center.md) or [admin mobile app](../admin-overview/admin-mobile-app.md). Selece **Settings** \> **Organization profile** \> **Release preferences**. Learn more about [Targeted release](release-options-in-office-365.md). <br/> |

-description: "Set up Microsoft Defender for Office 365 and safeguard sensitive data against phishing, malware, and other threats."

-# Increase threat protection

-This article helps you increase the protection in your Microsoft 365 subscription to protect against phishing, malware, and other threats. These recommendations are appropriate for organizations with an increased need for security, like law offices and health care clinics.

-Before you begin, check your Office 365 Secure Score. Office 365 Secure Score analyzes your organization's security based on your regular activities and security settings, and assigns a score. Begin by taking note of your current score. To increase your score, complete the actions recommended in this article. The goal isn't to achieve the maximum score, but to be aware of opportunities to protect your environment that don't negatively affect productivity for your users.

-For more information, see [Microsoft Secure Score](../../security/defender/microsoft-secure-score.md).

-## Raise the level of protection against malware in mail

-Your Office 365 or Microsoft 365 environment includes protection against malware. You can increase this protection by blocking attachments with file types that are commonly used for malware.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4OA7Z?autoplay=false]

-1. From the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Show more**, **Admin centers**, and then **Security**.

-1. Go to **Email & collaboration** \> **Policies & rules** \> **Threat policies**.

-1. From the policies available, choose **Anti-malware**.

-To increase malware protection in email:

-1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-malware** in the **Policies** section.

-2. On the **Anti-malware** page, double-click on **Default (Default)**. A flyout appears.

-3. Select **Edit protection settings** at the bottom of the flyout.

-4. under **Protection settings**, select the checkbox next to **Enable the common attachments filter**. The file types that are blocked are listed directly below this control. Make sure that you add these file types:

- `ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif`

- To add or delete file types, select **Customize file types** at the end of the list.

-6. Select **Save.**

-For more information, see [Anti-malware protection in EOP](../../security/office-365-security/anti-malware-protection.md).

-## Protect against ransomware

-Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for "ransom," usually in the form of cryptocurrencies like Bitcoin, in exchange for access to data.

-To protect against ransomware, create one or more mail flow rules to block file extensions that are commonly used for ransomware. (You added these rules in the [raise the level of protection against malware in mail](#raise-the-level-of-protection-against-malware-in-mail) step.) You can also warn users who receive these attachments in email.

-In addition to the files that you blocked in the previous step, it's a good practice to create a rule to warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so warn users not to open these files from people they don't know.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWrWGt?autoplay=false]

-1. From the admin center at [https://admin.microsoft.com](https://admin.microsoft.com), choose **Exchange** under **Admin centers**.

-1. From the menu on the left, choose **mail flow**.

-

-1. On the rules tab, choose the arrow next to the plus (+) symbol, and then choose **Create a new rule**.

-1. On the **new rule** page, enter a name for your rule, scroll to the bottom, and then choose **More options**.

-To create a mail transport rule:

-1. Go to the admin center at <https://admin.microsoft.com>, and choose **Admin centers** \> **Exchange**.

-2. In the **mail flow** category, select **rules**.

-3. Select **+**, and then select **Create a new rule**.

-4. Select **More options** at the bottom of the dialog box to see the full set of options.

-5. Apply the settings in the following table for the rule. Use the default values for the rest of the settings, unless you want to change them.

-6. Select **Save**.

-|Setting|Warn users before opening attachments of Office files|

-|||

-|Name|Anti-ransomware rule: warn users|

-|Apply this rule if . . .|Any attachment . . . file extension matches . . .|

-|Specify words or phrases|Add these file types: <br/> dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm|

-|Do the following . . .|Notify the recipient with a message|

-|Provide message text|Do not open these types of files from people you do not know because they might contain macros with malicious code.|

-For more information, see:

-## Stop auto-forwarding for email

-Hackers who gain access to a user's mailbox can steal mail by setting the mailbox to automatically forward email. This can happen even without the user's awareness. To prevent this from happening, configure a mail flow rule.

-To create a mail transport rule, follow these steps:

-1. In the Microsoft 365 admin center, select **Admin centers** \> **Exchange**.

-2. In the **mail flow** category, select **rules**.

-3. Select **+**, and then select **Create a new rule**.

-4. To see all the options, select **More options** at the bottom of the dialog box.

-5. Apply the settings in the following table. Use the default values for the rest of the settings, unless you want to change them.

-6. Select **Save**.

-|Setting|Warn users before opening attachments of Office files|

-|||

-|Name|Prevent auto forwarding of email to external domains|

-|Apply this rule if ...|The sender . . . is external/internal . . . Inside the organization|

-|Add condition|The message properties . . . include the message type . . . Auto-forward|

-|Do the following ...|Block the message . . . reject the message and include an explanation.|

-|Provide message text|Auto-forwarding email outside this organization is prevented for security reasons.|

-## Protect your email from phishing attacks

-If you've configured one or more custom domains for your Office 365 or Microsoft 365 environment, you can configure targeted anti-phishing protection. Anti-phishing protection, part of Microsoft Defender for Office 365, can help protect your organization from malicious impersonation-based phishing attacks and other phishing attacks. If you haven't configured a custom domain, you don't need to do this.

-We recommend that you get started with this protection by creating a policy to protect your most important users and your custom domain.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWvt9r?autoplay=false]

-1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>.

-2. Go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-phishing** in the **Policies** section.

-3. On the **Anti-phishing** page, select **+ Create**. A wizard launches that steps you through defining your anti-phishing policy.

-4. Specify the name, description, and settings for your policy as recommended in the following table. For more details, see [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../../security/office-365-security/set-up-anti-phishing-policies.md).

-5. After you've reviewed your settings, choose **Create this policy** or **Save**, as appropriate.

-|Setting or option|Recommended setting|

-|||

-|Name|Domain and most valuable campaign staff|

-|Description|Ensure most important staff and our domain are not being impersonated.|

-|Add users to protect|Select **+ Add a condition, The recipient is**. Type user names or enter the email address of the candidate, campaign manager, and other important staff members. You can add up to 20 internal and external addresses that you want to protect from impersonation.|

-|Add domains to protect|Select **+ Add a condition, The recipient domain is**. Enter the custom domain associated with your Microsoft 365 subscription, if you defined one. You can enter more than one domain.|

-|Choose actions|If email is sent by an impersonated user: Choose **Redirect message to another email address**, and then type the email address of the security administrator; for example, *Alice<span><span>@contoso.com*. If email is sent by an impersonated domain: Choose **Quarantine message**.|

-|Mailbox intelligence|By default, mailbox intelligence is selected when you create a new anti-phishing policy. Leave this setting **On** for best results.|

-|Add trusted senders and domains|Here you can add your own domain, or any other trusted domains.|

-|Applied to|Select **The recipient domain is**. Under **Any of these**, select **Choose**. Select **+ Add**. Select the check box next to the name of the domain, for example, *contoso.<span><span>com*, in the list, and then select **Add**. Select **Done**.|

-## Watch: Protect against malicious attachments and files with Safe Attachments

-People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. It's not always easy to tell whether an attachment is safe or malicious just by looking at an email message. Microsoft Defender for Office 365, formerly called Microsoft 365 ATP, or Advanced Threat Protection, includes Safe Attachment protection, but this protection is not turned on by default. We recommend that you create a new rule to begin using this protection. This protection extends to files in SharePoint, OneDrive, and Microsoft Teams.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWtn3I?autoplay=false]

-1. Go to the [admin center](https://admin.microsoft.com), and select **Setup**.

-1. Scroll down to **Increase protection from advanced threats**. Select **View**, **Manage**, and then **ATP safe attachments**.

-1. Select your safe attachments rule, and then choose the **Edit** icon.

-1. Select **settings**, and then verify that Block is selected.

-1. Scroll down. Choose **Enable redirect**, and enter your email address or the address of the person you want to review the blocked attachments.

-1. Select **applied to**, and then select your domain name.

-1. Choose any additional domains you own (such as your onmicrosoft.com domain) that you would like the rule applied to. Select **add**, and then **OK**.

-1. Select **Save**.

-Your ATP safe attachments rule has been updated. Now that protection is in place, you won't be able to open a malicious file from Outlook, OneDrive, SharePoint, or Teams. Affected files will have red shields next to them. If someone attempts to open a blocked file, they'll receive a warning message.

-After your policy has been in place for a while, visit the Reports page to see what has been scanned.

-1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>, and sign in with your admin account.

-2. Go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-malware** in the **Policies** section.

-3. Select **+ Create** to create a new policy.

-4. Apply the settings in the following table.

-5. After you have reviewed your settings, select **Create this policy** or **Save**, as appropriate.

-|Setting or option|Recommended setting|

-|||

-|Name|Block current and future emails with detected malware.|

-|Description|Block current and future emails and attachments with detected malware.|

-|Save attachments unknown malware response|Select **Block - Block the current and future emails and attachments with detected malware**.|

-|Redirect attachment on detection|Enable redirection (select this box) Enter the admin account or a mailbox setup for quarantine. Apply the above selection if malware scanning for attachments times out or error occurs (select this box).|

-|Applied to|The recipient domain is . . . select your domain.|

-For more information, see [Set up anti-phishing policies in Microsoft Defender for Office 365](../../security/office-365-security/set-up-anti-phishing-policies.md).

-## Protect against phishing attacks with Safe Links

-Hackers sometimes hide malicious websites in links in email or other files. Safe Links, part of Microsoft Defender for Office 365, can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. Protection is defined through Safe Links policies.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWvdwy?autoplay=false]

-Microsoft Defender for Office 365, formerly called Microsoft 365 ATP, or Advanced Threat Protection, helps protect your business against malicious sites when people click links in Office apps.

-1. Go to the [admin center](https://admin.microsoft.com), and select **Setup**.

-1. Scroll down to **Increase protection from advanced threats**. Select **Manage**,and then **Safe Links**.

-1. Select **Global Settings** and in **Block the following URLs**, enter the URL that you want to block.

-We recommend that you do the following:

-To set up Safe Links, complete the following steps:

-1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>, and sign in with your admin account.

-2. o to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-malware** in the **Policies** section.

-3. Select **+ Create** to create a new policy, or modify the default policy.

-To modify the default policy:

-1. Double-click the **Default** policy. A flyout appears.

-2. Select **Edit protection settings** at the bottom of the flyout.

-3. After modifying the default policy, select **Save**.

-|Setting or option|Recommended setting|

-|||

-|Name|Safe links policy for all recipients in the domain|

-|Select the action for unknown potentially malicious URLs in messages|Select **On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link**.|

-|Use Safe Attachments to scan downloadable content|Select this box.|

-|Applied to|The recipient domain is . . . select your domain.|

-For more information, see [Safe Links](../../security/office-365-security/safe-links.md).

-## Go to Intune admin center

-1. Sign in to [Azure portal](https://portal.azure.com/).

-2. Select **All services** and type in *Intune* in the **Search Box**.

-3. Once the results appear, select the start next to **Microsoft Intune** to make it a favorite and easy to find later.

-In addition to the admin center, you can use Intune to enroll and manage your organization's devices. For more information, see [Capabilities by enrollment method for Windows devices](/intune/enrollment/enrollment-method-capab) and [Enrollment options for devices managed by Intune](/intune/enrollment-options).

-## eDiscovery hold statistics

-After you create an eDiscovery hold, information about the new hold is displayed on the flyout page for the selected hold. This information includes the number of mailboxes and sites on hold and statistics about the content that was placed on hold, such as the total number and size of items placed on hold and the last time the hold statistics were calculated. These hold statistics help you identify the amount of content related to the case is being preserved.

-

-

-

-Keep the following things in mind about eDiscovery hold statistics:

-

-1. From the [Microsoft Purview porta](https://compliance.microsoft.com/), select **Solutions** > **Information protection**

-1. From the [Microsoft Purview porta](https://compliance.microsoft.com/), select **Solutions** > **Information protection**

-4. On the flyout page, you can see hold statistics for the policy. You can also perform actions like apply a query to your custodian-based hold. For more information about creating a hold query and using conditions, see [Keyword queries and search conditions for Content Search](keyword-queries-and-search-conditions.md).

-## View hold statistics

-After some time, information about the new hold is displayed in the details pane on the **Holds** tab for the selected hold. This information includes the number of mailboxes and sites on hold and statistics about the content that was placed on hold, such as the total number and size of items placed on hold and the last time the hold statistics were calculated. These hold statistics help you identify how much content that's related to the eDiscovery case is being held.

-Keep the following things in mind about hold statistics:

-

- Also, hold statistics will only apply to content locations in the agency.

-[eDiscovery (Premium) capabilities](../compliance/overview-ediscovery-20.md) allow a multi-geo eDiscovery administrator to search all of the geos without needing to utilize a "Region" security filter. Data is exported to the Azure instance of the central location of the multi-geo tenant. The same happens with applying a hold on a custodian, however, the Hold statistics inside the hold won't appear without the "Region" security filter. Hold statistics showing 0 does not mean the hold failed as long as hold status is showing On (successful).

-Without eDiscovery (Premium) capabilities, an eDiscovery manager or administrator of a multi-geo tenant will be able to conduct eDiscovery only in the central location of that tenant. To support the ability to conduct eDiscovery for satellite locations, a new compliance security filter parameter named "Region" is available via PowerShell. This parameter can be used by tenants whose central location is in North America, Europe, or Asia Pacific. eDiscovery (Premium) is recommended for tenants whose central location is not in North America, Europe, or Asia Pacific and who need to perform eDiscovery across satellite geo locations.

-1. In the left navigation page, select **Tenants**.

-The following table shows the different statuses and their meaning.<br><br>

-| Ineligible - Required license is missing | The tenant is missing a required license. They need at least one Microsoft 365 Business Premium or Microsoft 365 E3 license. | Make sure the tenant has at least one Microsoft 365 Business Premium, Microsoft 365 E3, or Windows 365 Business license assigned. |

-Microsoft Managed Desktop Engineering Operations and Security Operations teams are located in the United States and India.

-For more information about the new enhancements, see [Office 365 Message Encryption](../../compliance/ome.md).

- For detailed syntax and parameter information, see [Get-RoleGroupMember](/powershell/module/exchange/Get-RoleGroupMember).

-[Accessibility in Exchange Online](/Exchange/accessibility/accessibility)

-For more information on how you can strengthen your organization against phishing, spam, data breaches, and other threats, see [Top 10 ways to secure Microsoft 365 for business plans](../../admin/security-and-compliance/secure-your-business-data.md).

-[Configure the common Zero Trust identity and device access policies](identity-access-policies.md)

-To go directly to the Mail flow dashboard, open <https://protection.office.com/mailflow/dashboard>.

-For information about other insights in the Mail flow dashboard, see [Mail flow insights in the Security & Compliance Center](mail-flow-insights-v2.md).

-For information about other insights in the Mail flow dashboard, see [Mail flow insights in the Security & Compliance Center](mail-flow-insights-v2.md).

-For information about other insights in the Mail flow dashboard, see [Mail flow insights in the Security & Compliance Center](mail-flow-insights-v2.md).

-> [!TIP]

-> You can't change the recommended Standard and Strict settings in the Microsoft 365 Defender portal. To change recommended values like **Enable users to protect**, you need to use [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).

->

-If you are a member of law enforcement and wish to serve Microsoft Corporation with legal documentation regarding Office 365, or if you have questions regarding legal documentation you have submitted to Microsoft, please call (1) (425) 722-1299.

-[Automated investigation and response (AIR) in Office 365](automated-investigation-response-office.md)

-Admins can create Exchange [mail flow rules](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) on the results of DKIM validation. These mail flow rules will allow admins to filter or route messages as needed.

-Defender for Office 365 enables you to investigate activities that put people in your organization at risk and to take action to protect your organization. You can do this using [Threat Explorer or (real-time detections)](threat-explorer.md).

- :::image type="content" source="../../medio-trial-playbook-campaign-details.png":::

- :::image type="content" source="../../medio-trial-playbook-attack-simulation-training-results.png":::

-Any email alias in your database that creates a bounce-back is unnecessary and puts your outbound emails at risk for further scrutiny by email filtering services. Ensure that your email database is up-to-date.

-<!--A-->