+This applies to Microsoft 365 Business Standard and Microsoft 365 Apps for Business. You'll sign in to Microsoft 365 with this email address. For example, somebody@example.com.

+> As of April 1, 2023, we no longer accept checks as a payment method for subscriptions paid by invoice. Pay by check is no longer available as a payment option, and check payment instructions have been removed from invoices. You can still pay for your invoice by wire transfer. See your invoice for wire transfer payment information. If you're an existing customer who currently pays by check, you have until September 30, 2023 to change to paying by wire transfer, and avoid possible service disruption.

+If recurring billing is turned off for a billing profile, you can use the **Pay now** button on the invoice summary in the admin center to pay for it every billing period, regardless of what payment method is linked with the billing profile. You can also pay by wire transfer. Instructions for how to do that are included on the PDF copy of your invoice.

+If you have a billing profile that is set up to be paid by invoice, you can pay for your subscription with a wire transfer. You can also use a credit or debit card to make a one-time payment by using the **Pay now** button on your invoice.

+## Where do I send my wire transfer payment?

+## Wire transfer payment processing time

+- Wire transfer (domestic) - Four business days. Two days to arrive, plus two days to post.

+- Wire transfer (international) - Seven business days. Five days to arrive, plus two days to post.

+If your account is approved for payment by wire transfer, the instructions for payment are on the invoice.

+You can use a credit or debit card, or bank account to pay for your Microsoft business subscription. For qualifying customers, you can pay by invoice via wire transfer. If you have a billing profile, your options are slightly different. For more information, see [How to pay for your subscription with a billing profile](pay-for-subscription-billing-profile.md). If you're not sure if your account has a billing profile, see [Understand billing profiles](manage-billing-profiles.md).

+**Just want to find out where to send your invoice payment?** If you currently pay your invoice by wire transfer, see [Where do I send my wire transfer payment?](#where-do-i-send-my-wire-transfer-payment)

+> - As of April 1, 2023, we no longer accept checks as a payment method for subscriptions paid by invoice. Pay by check is no longer available as a payment option, and check payment instructions have been removed from invoices. You can still pay for your invoice by wire transfer. See your invoice for wire transfer payment information. If you're an existing customer who currently pays by check, you have until September 30, 2023 to change to paying by wire transfer, and avoid possible service disruption.

+## Where do I send my wire transfer payment?

+> If you must pay the membership fee for the Microsoft Partner Network (MPN) program (Action Pack subscription, Silver or Gold competencies), see [Pay competency fees](/partner-center/mpn-pay-fee-silver-gold-competency?tabs=workspaces-view) for information about how to make an MPN payment.

+## Wire transfer payment processing time

+- Wire transfer (domestic) - Four business days. Two days to arrive, plus two days to post.

+- Wire transfer (international) - Seven business days. Five days to arrive, plus two days to post.

+If your account is approved for payment by wire transfer, the instructions for payment are on the invoice.

+You can't pay your invoice online. You must remit payment via wire transfer.

+> As of April 1, 2023, we no longer accept checks as a payment method for subscriptions paid by invoice. Pay by check is no longer available as a payment option, and check payment instructions have been removed from invoices. You can still pay for your invoice by wire transfer. See your invoice for wire transfer payment information. If you're an existing customer who currently pays by check, you have until September 30, 2023 to change to paying by wire transfer, and avoid possible service disruption.

+At the bottom of the invoice are instructions on how to pay your bill. You can pay online or by wire transfer.

+Payment instructions depend on your payment method and are provided at the bottom of the invoice PDF. If your payment method is a credit card, it's automatically charged within 10 days of the invoice date. If your payment method is by wire transfer, see the information under **Payment Instructions** in the PDF.

+> As of April 1, 2023, we no longer accept checks as a payment method for subscriptions paid by invoice. Pay by check is no longer available as a payment option, and check payment instructions have been removed from invoices. You can still pay for your invoice by wire transfer. See your invoice for wire transfer payment information. If you're an existing customer who currently pays by check, you have until September 30, 2023 to change to paying by wire transfer, and avoid possible service disruption.

+The header also includes an **Invoice Number**, the unique number assigned to your invoice. If you pay by wire transfer, include the invoice number with your payment.

+If you pay by credit card, you see "Please DO NOT PAY. You will be charged the amount due through your selected method of payment." If you pay by invoice, this section contains instructions for paying by wire transfer.

+### Wire transfer

+If you chose "invoice" as your subscription payment method, page one contains the **Electronic Funds Transfer** section that shows the Microsoft bank account information for electronic payments (wire transfer, ACH, SEPA, and so on). Usually, your bank has a reference field you complete when you send a payment. Make sure you reference the invoice number in that field.

+> As of April 1, 2023, we no longer accept checks as a payment method for subscriptions paid by invoice. Pay by check is no longer available as a payment option, and check payment instructions have been removed from invoices. You can still pay for your invoice by wire transfer. See your invoice for wire transfer payment information. If you're an existing customer who currently pays by check, you have until September 30, 2023 to change to paying by wire transfer, and avoid possible service disruption.

+## For invoice pay customers who pay by wire transfer

+**For customers paying by wire transfer:** Approved WHT requests are settled against the unpaid portion of the invoice amount reflected in Withholding Tax Credit Form.

+> As of April 1, 2023, we no longer accept checks as a payment method for subscriptions paid by invoice. Pay by check is no longer available as a payment option, and check payment instructions have been removed from invoices. You can still pay for your invoice by wire transfer. See your invoice for wire transfer payment information. If you're an existing customer who currently pays by check, you have until September 30, 2023 to change to paying by wire transfer, and avoid possible service disruption.

+## For invoice pay customers who pay by wire transfer

+**For customers paying by wire transfer:** Approved WHT requests are settled against the unpaid portion of the invoice amount reflected in the Withholding Tax Credit Form.

+The **PAYMENT INSTRUCTIONS** section contains the account information you need to send your wire transfer payment.

+> As of April 1, 2023, we no longer accept checks as a payment method for subscriptions paid by invoice. Pay by check is no longer available as a payment option, and check payment instructions have been removed from invoices. You can still pay for your invoice by wire transfer. See your invoice for wire transfer payment information. If you're an existing customer who currently pays by check, you have until September 30, 2023 to change to paying by wire transfer, and avoid possible service disruption.

+- **Payment methods** ΓÇô Credit cards or wire transfer

+- Saudi Arabia - Saudi Arabia Monetary Authority (SAMA)

+- Saudi Arabia - National Cybersecurity Authority (NCA)

+ Title: Build search queries using keywords and conditions for collections

+description: "Use keywords and conditions to narrow the scope of the search when searching for data using eDiscovery (Premium) in Microsoft Purview."

+# Build search queries using keywords and conditions for collections

+

+If you prefer to build a search query with the Keyword Query Language (KQL) editor or the query builder, see:

+- [Use the KQL editor to build search queries](/microsoft-365/compliance/ediscovery-kql-editor)

+- [Use the query builder to build search queries](/microsoft-365/compliance/ediscovery-query-builder)

+

+You can add search conditions to narrow the scope of a search and return a more refined set of results by selecting **Add condition**.

+Each condition adds a clause to the search query that is created and run when you start the search. A condition is logically connected to the keyword query specified in the keyword box by a logical operator (which is represented as *c:c* in the search query syntax) that is similar in functionality to the **AND** operator. That means items have to satisfy both the keyword query and one or more conditions to be included in the search results. This is how conditions help to narrow your results.

+For a list and description of conditions that you can use in a search query, see the "Search conditions" section in [Keyword queries and search conditions](ediscovery-keyword-queries-and-search-conditions.md#search-conditions).

+

+8. On the **Search query** page, you can create the search query that is used to collect items from the data sources that you've identified in the previous wizard pages. You can search for keywords, property:value pairs, or use a keyword list. You can also add various search conditions to narrow the scope of the collection or user the query builder to define query operators, filters, and conditions. For more information, see:

+ - [Build search queries using keywords and conditions for collections](ediscovery-building-search-queries.md)

+ - [Use the KQL editor to build search queries](/microsoft-365/compliance/ediscovery-kql-editor)

+ - [Use the query builder to build search queries (preview)](/microsoft-365/compliance/ediscovery-query-builder)

+The Keyword Query Language (KQL) query option in Microsoft Purview eDiscovery tools search provides feedback and guidance when you build search queries in Content search, Microsoft Purview eDiscovery (Standard), and eDiscovery (Premium). When you enter queries in the editor, it provides autocompletion for supported searchable properties and conditions and provides lists of supported values for standard properties and conditions. For example, if you specify the `kind` email property in your query, the editor will present a list of supported values that you can select. The KQL editor also displays potential query errors in real time that you can fix before you run the search. Best of all, you can paste complex queries directly into the editor without having to manually build queries using the keywords and conditions cards in the standard condition builder.

+

+ Title: Use the query builder to create search queries (preview)

+description: "Use the query builder to narrow the scope of the search when searching for data using eDiscovery (Premium) in Microsoft Purview."

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- tier1

+- purview-compliance

+- ediscovery

+search.appverid:

+- MOE150

+- MET150

+# Use the query builder to create search queries (preview)

+The query builder option in collection search tool provides a visual filtering experience when you build search queries in Microsoft Purview eDiscovery (Premium). Use the new query builder to construct complex queries with additional functionality, including AND, OR, and grouping of conditions. These features in the query builder help you build queries more effectively, provide a visual interface for grouping sub-queries, and provide additional space for complex keyword queries to be constructed and reviewed.

+## Displaying the query builder

+When you create or edit an eDiscovery search for a collection in eDiscovery (Premium), the option to display and use the query builder is located on the **Search query** page in the collections wizard. Select **Use new query builder** to display and use the query builder.

+

+## Using the query builder

+After you've selected **Use new query builder***, you're ready to get started. To create a query and custom filtering for your search, you'll use the following controls:

+- **AND/OR**: These conditional logical operators allow you to select the query condition that applies to specific filters and filter subgroups. These operators allow you to use multiple filters or subgroups connected to a single filter in your query.

+- **Select a filter**: Allows you to select filters for the specific data sources and location content selected for the collection.

+- **Add filter**: Allows you to add multiple filters to your query. Is available after you've defined at least one query filter.

+- **Select an operator**: Depending on the selected filter, the operators compatible for the filter are available to select. For example, if the *Date* filter is selected, the available operators are *Before*, *After*, and *Between*. If the *Size (in bytes)* filter is selected, the available operators are *Greater than*, *Greater or equal*, *Less than*, *Less or equal*, *Between*, and *Equal*.

+- **Value**: Depending on the selected filter, the values compatible for the filter are available. Additionally, some filters support multiple values and some filters support one specific value. For example, if the *Date* filter is selected, you'll select date values. If the *Size (in bytes)* filter is selected, you'll select a value for bytes.

+- **Add subgroup**: After you've defined a filter, you can add a subgroup to refine the results returned by the filter. You can also add a subgroup to a subgroup for multi-layered query refinement.

+- **Remove a filter condition**: To remove an individual filter or subgroup, select the remove icon to the right of each filter line or subgroup.

+- **Clear all**: To clear the entire query of all filters and subgroups, select **Clear all**.

+## Scenario example

+The eDiscovery administrator needs to create a query to find emails sent from Aimee Miller to Adam Eham, Adele Vance, or Aditya Dash that were sent between February 9, 2023 and March 9, 2023 that contains the keywords *compliance* and *audit*. For this example, the administrator creates the following query using the new query builder:

+1. For the first filter, the administrator selects *Sender*, then selects the *Equals any of* operator, then selects *Aimee Miller* from the list of users available in the **Value** control.

+2. Next, the administrator selects **Add subgroup** and the **OR** operator to define the other users that Aimee may have sent an email to about the compliance audit.

+3. In the subgroup, the administrator selects the *To* filter, the *Equals any of* operator, and the *Value (user)* for each of the other users that Aimee may have sent email to about the compliance audit. In this example, the administrator creates a filter in the subgroup for Adam Eham, Adele Vance, and Aditya Dash.

+4. To define the date range, the administrator selects **Add filter** and selects the *Date* filter, the *Between* operator, and start and ending dates for the *Value*.

+5. Finally, the administrator selects the *Keyword list* filter, the *Equal* operator, and *compliance, audit* as the keyword *Value*.

+

+

+> A review set displays a maximum of 1,000 items per page. Use default or custom filters to adjust the displayed items as needed.

+

+Expand each section and select or deselect filters to add or remove them in the filter set. When you add a filter, it's displayed in the filter set.

+You can change the include and exclude relationship for a particular filter. For example, in the Tag filter, you can exclude items that are tagged with a particular tag by selecting **Equals none of** in the dropdown filter.

+After you're satisfied with your filters, you can save the filter combination as a filter query. This saved filter query lets you apply the filter in the future review sessions.

+To save a filter, select **Save the query** and name it. You or other reviewers can run previously saved filter queries by selecting the **Saved filter queries** dropdown and selecting a filter query to apply to review set documents.

+

+ 

+<!--|Amazon workspaces|<ul><li>Single session supported for 20H2, 21H1, 21H2|N/A|-->

+ Title: "Use information barriers with OneDrive"

+description: "Learn about associating segments with a OneDrive, and what happens when segments are associated with a OneDrive."

+audience: Admin

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+- tier2

+- purview-compliance

+- M365-collaboration

+search.appverid:

+- ODB160

+- ODB150

+- MET150

+# Use information barriers with OneDrive

+[Microsoft Purview Information Barriers](information-barriers.md) are policies in Microsoft 365 that a compliance admin can configure to prevent users from communicating and collaborating with each other. This solution is useful if, for example, one division is handling information that shouldn't be shared with specific other divisions, or a division needs to be prevented, or isolated, from collaborating with all users outside of the division. Information barriers are often used in highly regulated industries and those organizations with compliance requirements, such as finance, legal, and government.

+For OneDrive, information barriers can determine and prevent the following kinds of unauthorized collaborations:

+- User access to OneDrive or stored content

+- Sharing OneDrive or stored content with other users

+## Information barriers modes and OneDrive

+When information barriers are enabled on SharePoint and OneDrive, the OneDrive of segmented users are automatically protected with IB policies. [Information barriers modes](information-barriers-policies.md#step-6-information-barriers-modes-optional) help strengthen access, sharing, and membership of a OneDrive site based on its IB mode and segments associated with the OneDrive.

+When using information barriers with OneDrive, the following IB modes are supported:

+| **Mode** | **Description** |

+|:- |:-|

+| **Open** | When a non-segmented user provisions their OneDrive, the site's IB mode is set as Open, by default. There are no segments associated with the site. |

+| **Owner Moderated** | When a OneDrive is used for collaboration with incompatible users in the presence of the site owner/moderator, the OneDrive's IB mode can be set as Owner Moderated. See [this section](#manage-the-ib-mode-of-a-users-onedrive-preview) for details on Owner Moderated site. |

+| **Explicit** | When a segmented user provisions their OneDrive within 24 hours of enablement, the site's IB mode is set as *Explicit* by default. The user's segment and other segments that are compatible with the user's segment and with each other get associated with the user's OneDrive. |

+| **Mixed** | When a segmented user's OneDrive is allowed to be shared with unsegmented users, the site's IB mode can be set as *Mixed*. This is an opt-in mode that the SharePoint admin can set on OneDrive of a segmented user. |

+>[!NOTE]

+>Starting July 12, 2022, *Inferred* mode has changed to *Mixed* mode. The functionality for the mode remains the same.

+## Sharing files from OneDrive

+### Open

+When a OneDrive has no segments and IB mode as *Open*:

+- The user can share files and folders based on the information barrier policy applied to the user and the sharing setting for the OneDrive.

+### Owner Moderated

+When a site has information barriers mode is set to *Owner Moderated*:

+- The option to share with *Anyone with the link* is disabled.

+- The option to share with *Company-wide link* is disabled.

+- The site and its content can be shared with existing members.

+- The site and its content can be shared only by the OneDrive owner per their IB policy.

+### Explicit

+When a OneDrive has information barriers segments and the mode is set to *Explicit*:

+- The option to share with *Anyone with the link* is disabled.

+- The option to share with *Company-wide link* is disabled.

+- Files and folders can be shared only with users whose segment matches that of the OneDrive.

+### Mixed

+When a OneDrive has information barriers segments and the mode is set to *Mixed*:

+- The option to share with Anyone with the link is disabled.

+- The option to share with Company-wide link is disabled.

+- Files and folders can be shared with users whose segment matches that of the OneDrive and unsegmented users in the tenant.

+## Accessing shared files from OneDrive

+### Open mode

+For a user to access content in a OneDrive that has no segments associated and IB mode as *Open*:

+- The files must be shared with the user.

+### Owner Moderated mode

+For a user to access a SharePoint site with site's information barriers mode is set to *Owner Moderated*:

+- The user has site access permissions.

+### Explicit mode

+For a user to access content in a OneDrive that has segments and the IB mode set to *Explicit*:

+1. The user's segment must match a segment that is associated with the OneDrive.

+ AND

+2. The files must be shared with the user.

+>[!NOTE]

+>By default, non-segment users can access shared OneDrive files only from other non-segment users with IB modes as *Open*. They can't access shared files from OneDrive that have segment(s) applied and the IB mode is *Explicit*.

+### Mixed mode

+For a segmented user to access content in a OneDrive that has segments and the IB mode set as *Mixed*:

+1. The user's segment must match a segment that is associated with the OneDrive.

+ AND

+2. The files must be shared with the user.

+For an unsegmented user to access content in a OneDrive that has segments and the IB mode set as *Mixed*:

+- The user must have site access permissions.

+## Example scenario

+The following example illustrates three segments in an organization: HR, Sales, and Research. An information barrier policy has been defined that blocks communication and collaboration between the Sales and Research segments.

+

+With information barriers in OneDrive, when a segment is applied to a user, within 24 hours that segment is automatically associated with the user's OneDrive. Other segments that are compatible with the user's segment and with each other will also get associated with the OneDrive. A OneDrive can have up to 100 segments associated with it. A global or SharePoint admin can manage these segments using PowerShell, as described later in the section [Associate or remove additional segments on a user's OneDrive](#manage-segments-on-a-users-onedrive).

+The following table shoes the effects of this example configuration:

+| Components | HR users | Sales users | Research users | Non-segment users |

+|:--|:|:|:|:|

+| Segments associated with OneDrive | HR | Sales, HR | Research, HR | None |

+| IB mode on OneDrive | Explicit | Explicit | Explicit | Open |

+| OneDrive content can be shared with | HR only | Sales and HR | Research and HR | Anyone based on the sharing settings selected |

+| OneDrive content can be accessed by | HR only | Sales and HR | Research and HR | Anyone with whom the content has been shared |

+## Enable SharePoint and OneDrive information barriers in your organization

+Enabling information barriers for SharePoint and OneDrive are configured in a single action. Information barriers for the services can't be enabled separately. To enable information barriers for OneDrive, see [Enable SharePoint and OneDrive information barriers in your organization](information-barriers-sharepoint.md#enable-sharepoint-and-onedrive-information-barriers-in-your-organization). After you've enabled information barriers for SharePoint and OneDrive, continue with the OneDrive guidance in this article.

+## Prerequisites

+1. Make sure you meet the [licensing requirements for information barriers](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-barriers).

+2. [Create information barrier policies](information-barriers-policies.md) that allow or block communication between the segments and activate the policies. Create segments and define the users in each.

+3. After you've configured and activated your information barrier policies, wait 24 hours for the changes to propagate through your organization.

+4. Enable information barriers for OneDrive. Enabling information barriers for SharePoint and OneDrive are configured in a single action and these services can't be enabled separately. To enable information barriers for OneDrive, see the guidance and steps in the [Use information barriers with SharePoint](information-barriers-sharepoint.md) article.

+5. Complete the steps in the following sections to customize and manage information barriers for OneDrive in your organization.

+## Use PowerShell to view the segments associated with a OneDrive

+A global or SharePoint admin can view and change the segments associated with a user's OneDrive. Your organization can have up to 5,000 segments and users can be assigned to multiple segments.

+> [!IMPORTANT]

+> Support for 5,000 segments and assigning users to multiple segments is only available when your organization isn't in *Legacy* mode. Assigning users to multiple segments requires additional actions to change the information barriers mode for your organization. For more information, see [Use multi-segment support in information barriers)](information-barriers-multi-segment.md) for details. <br><br> For organizations in *Legacy* mode, the maximum number of segments supported is 250 and users are restricted to being assigned to only one segment. Organizations in *Legacy* mode will be eligible to upgrade to the newest version of information barriers in the future. For more information, see the [information barriers roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=information%2Cbarriers).

+1. Connect to the [Security & Compliance Center PowerShell](/powershell/exchange/office-365-scc/connect-to-scc-powershell/connect-to-scc-powershell) as a global admin.

+2. Run the following command to get the list of segments and their GUIDs.

+ ```PowerShell

+ Get-OrganizationSegment | ft Name, EXOSegmentID

+ ```

+3. Save the list of segments.

+ |**Name**|**EXOSegmentId**|

+ |:-|:|

+ | Sales | a9592060-c856-4301-b60f-bf9a04990d4d |

+ | Research | 27d20a85-1c1b-4af2-bf45-a41093b5d111 |

+ | HR | a17efb47-e3c9-4d85-a188-1cd59c83de32 |

+4. If not previously completed, [download](https://go.microsoft.com/fwlink/p/?LinkId=255251) and install the latest SharePoint Online Management Shell. If you installed a previous version of the SharePoint Online Management Shell, follow the instructions in the [Enable SharePoint and OneDrive information barriers in your organization](information-barriers-sharepoint.md#enable-sharepoint-and-onedrive-information-barriers-in-your-organization) article.

+5. Connect to SharePoint as a [global admin or SharePoint admin](/sharepoint/sharepoint-admin-role) in Microsoft 365. To learn how, see [Getting started with SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).

+6. Run the following command:

+ ```PowerShell

+ Get-SPOSite -Identity <site URL> | Select InformationSegment

+ ```

+ For example:

+ ```powershell

+ Get-SPOSite -Identity https://contoso-my.sharepoint.com/personal/John_contoso_onmicrosoft_com | Select InformationSegment

+ ```

+## Manage segments on a user's OneDrive

+> [!WARNING]

+> If the segments associated with a user's OneDrive don't match the segment applied to the user, the user won't be able to access their OneDrive. Be careful not to associate any segments with the OneDrive of a non-segment user.

+> [!NOTE]

+> Any changes you make will be overwritten if the user's segment changes.

+To associate a segment with a OneDrive, run the following command in the SharePoint Online Management Shell.

+> [!IMPORTANT]

+> Support for 5,000 segments and assigning users to multiple segments is only available when your organization isn't in *Legacy* mode. Assigning users to multiple segments requires additional actions to change the information barriers mode for your organization. For more information, see [Use multi-segment support in information barriers)](information-barriers-multi-segment.md) for details. <br><br> For organizations in *Legacy* mode, the maximum number of segments supported is 250 and users are restricted to being assigned to only one segment. Organizations in *Legacy* mode will be eligible to upgrade to the newest version of information barriers in the future. For more information, see the [information barriers roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=information%2Cbarriers).

+```PowerShell

+Set-SPOSite -Identity <site URL> -AddInformationSegment <segment GUID>

+ ```

+For example:

+```powershell

+Set-SPOSite -Identity https://contoso-my.sharepoint.com/personal/John_contoso_onmicrosoft_com -AddInformationSegment 27d20a85-1c1b-4af2-bf45-a41093b5d111

+```

+When you add segments to a OneDrive, the site's IB mode is automatically updated to *Explicit*. An error will appear if you attempt to associate a segment that isn't compatible with the existing segments on the OneDrive.

+> [!IMPORTANT]

+> Support for assigning users to multiple segments is only available when your organization isn't in *Legacy* mode. To determine if your organization is in *Legacy* mode, see [Check the IB mode for your organization)](information-barriers-multi-segment.md#check-the-ib-mode-for-your-organization). <br><br> Users are restricted to being assigned to only one segment for organizations in *Legacy* mode. Organizations in *Legacy* mode will be eligible to upgrade to the newest version of information barriers in the future. For more information, see the [information barriers roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=information%2Cbarriers).

+To remove segment from a OneDrive, run the following command.

+```PowerShell

+Set-SPOSite -Identity <site URL> -RemoveInformationSegment <segment GUID>

+ ```

+For example:

+```powershell

+Set-SPOSite -Identity https://contoso-my.sharepoint.com/personal/John_contoso_onmicrosoft_com -RemoveInformationSegment 27d20a85-1c1b-4af2-bf45-a41093b5d111

+```

+If all the segments of a OneDrive site are removed, the IB mode of the OneDrive is automatically updated to *Open*.

+## Manage the IB mode of a user's OneDrive (preview)

+To view the IB mode of a OneDrive site, run the following command in the SharePoint Online Management Shell as a SharePoint admin or global administrator:

+```powershell

+Get-SPOSite -Identity <site URL> | Select InformationBarriersMode

+```

+

+For example:

+```powershell

+Get-SPOSite -Identity https://contoso-my.sharepoint.com/personal/John_contoso_onmicrosoft_com | Select InformationBarriersMode

+```

+A SharePoint admin or global administrator also has the ability to manage the IB mode of a OneDrive site to meet the needs of your organization with new IB modes:

+### Owner Moderated mode example

+Allow an incompatible segment user access to a OneDrive. For example, you want to allow HR user's OneDrive to be accessed by both Sales and Research segment users in your tenant.

+*Owner Moderated* is a mode applicable to OneDrive site that allows incompatible segment users access to OneDrive in the presence of a moderator/owner. Only the site owner has the capability to invite incompatible segment users on the same site.

+To update a OneDrive site IB mode to *Owner Moderated*, run the following PowerShell command:

+```powershell

+Set-SPOSite -Identity <siteurl> InformationBarriersMode OwnerModerated

+```

+Owner Moderated IB mode canΓÇÖt be set on a site with segments. Remove the segments before setting the IB mode as Owner Moderated. Access to an Owner Moderated site is allowed for users who have site access permissions. Sharing of an Owner Moderated OneDrive and its contents is only allowed by the site owner per their IB policy.

+### Mixed mode example

+Allow unsegmented users to access OneDrive associated with segments. For example, you want to allow HR user's OneDrive to be accessed by HR segment and unsegmented users in your tenant. Mixed mode applicable to OneDrive site that allows segmented and unsegmented users access to OneDrive.

+To update a OneDrive site IB Mode to Mixed, run the following PowerShell command:

+```powershell

+Set-SPOSite -Identity <siteurl> InformationBarriersMode Mixed

+```

+Mixed IB mode can't be set on a site without segments. Add segments before setting the IB mode as Mixed.

+## Effects of changes to user segments

+If a user's segment changes, the OneDrive's segment and IB mode will be automatically updated within 24 hours as described in the section above OneDrive information barriers

+Example 1: User's segment updated from Research to Sales, the user's OneDrive will be as follows within 24 hours:

+- Segment: Sales, HR

+- IB mode: *Explicit*

+Example 2: User's segment updated from HR to None, the user's OneDrive will be as follows within 24 hours:

+- Segment: None

+- IB mode: *Open*

+## Effects of changes to information barrier policies

+If a compliance administrator changes an existing policy, the change may impact the compatibility of the segments associated with the OneDrive.

+For example, segments that were once compatible may no longer be compatible. A SharePoint admin must change the segments associated with an affected site accordingly. Learn how to create an [information barriers policy compliance report in PowerShell](information-barriers-sharepoint-report.md).

+If a policy changes after files are shared, the sharing links will work only if the user attempting to access the shared files has a segment applied that matches a segment associated with the OneDrive.

+## Auditing

+Audit events are available in the Microsoft Purview compliance portal to help you monitor information barrier activities. Audit events are logged for the following activities:

+- Enabled information barriers for SharePoint and OneDrive

+- Applied segment to site

+- Changed segment of site

+- Removed segment of site

+- Applied information barriers mode to site

+- Changed information barriers mode of site

+- Disabled information barriers for SharePoint and OneDrive

+For more information about OneDrive segment auditing in Office 365, see [Search the audit log in the compliance center](audit-log-search.md).

+## Resources

+- [Information barriers in Microsoft Teams](information-barriers-teams.md)

+- [Information barriers in SharePoint](information-barriers-sharepoint.md)

+ Title: "Information barriers compliance assistant (preview)"

+description: "Learn about the information barriers compliance assistant."

+audience: Admin

+f1.keywords:

+- CSH

+ms.localizationpriority: medium

+search.appverid:

+- SPO160

+- BSA160

+- GSP150

+- MET150

+- tier2

+- purview-compliance

+- M365-collaboration

+# Information barriers compliance assistant (preview)

+This article explains how you can enable the information barrier compliance assistant for group-connected SharePoint sites. These are sites that don't have an associated team in Microsoft Teams. When the information barrier compliance assistant is enabled, users who don't match the segments specified on this site are automatically removed to ensure group membership honors configured information barrier policies. This configuration may help ensure your organization remains compliant with standards, policies, and compliance regulations.

+## Prerequisites

+1. Make sure you [define policies for information barriers](/microsoft-365/compliance/information-barriers-policies).

+2. [Configure information barrier segments on a SharePoint Site.](/microsoft-365/compliance/information-barriers-sharepoint)

+3. [Install the Azure PowerShell module](/powershell/azure/install-az-ps)

+4. PowerShell account must have directory administrator access for the tenant.

+## Enable the background compliance assistant

+These steps create a new application in your organization's enterprise applications. For the compliance assistant to function properly, you must have explicitly added segments to a SharePoint site. Complete the following steps to enable the compliance assistant:

+1. Run the following PowerShell cmdlets.

+ ```PowerShell

+ Connect-AzureAD

+ Connect-AzAccount

+ $appId="f46c682f-628c-48e6-b963-03309e34639e"

+ $sp=Get-AzADServicePrincipal -ServicePrincipalName $appId

+ if ($sp -eq $null) {New-AzADServicePrincipal -ApplicationId $appId}

+ Start-Process "https://login.microsoftonline.com/common/adminconsent?client_id=$appId"

+ ```

+2. When prompted, sign in using your Office 365 work or school account.

+3. In the **Permissions requested** dialog box, review the information, and select **Accept**. This action configures admin consent for the compliance assistant.

+## Verify a new application was created

+To verify that a new application was properly created in your organization's enterprise applications, complete the following steps:

+1. Log into portal.azure.com with directory administrator's credentials.

+2. Select **Manage Azure Active Directory.**

+3. Select **Enterprise Applications** in left navigation listing.

+4. Search for the compliance assistant using 'M365' as the search term.

+ 

+5. Select **M365-Group-Compliance-Assistant** from the list of search results.

+6. On the **M365-Group-Compliance-Assistant overview** page, you can review application properties.

+ 

+7. Select **Permissions** in the left-navigation pane to review the permissions that the application is authorized for.

+ 

+8. In this example, the **M365-Group-Compliance-Assistant** is authorized to add/remove non-compliant information barrier users from your Microsoft 365 groups.

+You can use [audit log search](audit-log-search.md) in the Microsoft Purview compliance portal to search, review, and track audit log events for the M365-Group-Compliance-Assistant application. The audit activities associated with the compliance assistant are:

+- **IB assistant removed group member**: The IB non-compliant group member was removed from the group by the compliance assistant.

+- **IB assistant removed group owner**: The IB non-compliant owner was removed from the group by the compliance assistant.

+- **Identified as IB non-compliant group**: The segments on the group are non-IB compliant with each other.

+To search the audit log for Microsoft 365 Groups activities, see [Search the audit log](audit-log-search.md#search-the-audit-log).

+>[!Note]

+>The compliance assistant runs periodically (every 24 hours). The assistant runs on group-connected SharePoint sites that do not have an associated team in Microsoft Teams. To enable the compliance assistant for SharePoint sites connected to Microsoft Teams, follow the instructions in the [Define information barrier policies](information-barriers-policies.md) article.

+ Title: "Create an information barriers policy compliance report"

+description: "Learn how to find noncompliant sites after information barriers policies change."

+recommendations: true

+audience: Admin

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+search.appverid:

+- SPO160

+- BSA160

+- GSP150

+- MET150

+- tier2

+- purview-compliance

+- M365-collaboration

+# Create an information barriers policy compliance report

+If a compliance administrator changes an existing information barriers policy, the change might affect the compatibility of segments already associated with a site.

+For example, a policy might allow communication and collaboration between the Sales and Research segments. Later, the policy might not allow communication and collaboration between these segments. The segments are incompatible and shouldn't be associated with the same site.

+The SharePoint information barriers policy compliance report lets SharePoint Administrators view the list of sites that are noncompliant with existing policies. The report covers these sites:

+- Microsoft 365 group-connected team sites that aren't connected to Microsoft Teams

+- Communication sites

+- Modern team sites that aren't connected to Microsoft 365 groups

+- OneDrive

+The report displays the list of sites that are noncompliant per the existing policies which were recently updated. For each noncompliant site, it shows compatible segments, incompatible segments, and invalid segments (those segments that no longer exist)

+If a OneDrive is noncompliant, this report lets you update the OneDrive to be compliant with the latest IB policies in your organization.

+> [!NOTE]

+> You only need to run this report if information barriers policies are changed. Depending on the number of sites in your organization, it can take a long time for this report to run.

+## Run the report

+1. [Download the latest SharePoint Online Management Shell](https://go.microsoft.com/fwlink/p/?LinkId=255251).

+ > [!NOTE]

+ > If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs and uninstall "SharePoint Online Management Shell".

+2. Connect to SharePoint Online as a [Global Administrator or SharePoint Administrator](/sharepoint/sharepoint-admin-role) in Microsoft 365. To learn how, see [Getting started with SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).

+3. Run the following command to build the report:

+ ```PowerShell

+ Start-SPOInformationBarriersPolicyComplianceReport

+ ```

+ Or, to automatically update any noncompliant OneDrive accounts when you build the report, run:

+ ```PowerShell

+ Start-SPOInformationBarriersPolicyComplianceReport -UpdateOneDriveSegments

+ ```

+4. Run the following command to view the status of the task:

+ ```PowerShell

+ Get-SPOInformationBarriersPolicyComplianceReport

+ ```

+ The command returns the following set of information:

+ `State: Completed`<br>

+ `Id: 9e2bd8d8-64a4-4e68-af63-81f0565c3c00`<br>

+ `StartTimeInUtc: 12/6/2020 10:56:12 PM`<br>

+ `CompleteTimeInUtc: 12/6/2020 10:56:17 PM`<br>

+ `QueuedTimeInUtc: 12/6/2020 10:51:06 PM`<br>

+ `UpdateOneDriveSegments: False`

+5. Run the following command to view the report:

+ ```PowerShell

+ Get-SPOInformationBarriersPolicyComplianceReport -reportid <ID>

+ ```

+ (Where *ID* is the report's ID from the previous step.)

+ The command returns the following set of information:

+ `Content: {3ef21e8a-69d9-4bf0-a70f-0328e5a18087, 76cd794c-b5f1-4f3d-ad48-075e805fca17, 93d93533-783a-4274-b9c9-b79a3b9beb99}`<br>

+ `HasNonCompliantSites: True`<br>

+ `State: Completed`<br>

+ `Id: 9e2bd8d8-64a4-4e68-af63-81f0565c3c00`<br>

+ `StartTimeInUtc: 9/22/2020 11:36:50 PM`<br>

+ `CompleteTimeInUtc: 9/22/2020 11:37:00 PM`<br>

+ `QueuedTimeInUtc: 9/22/2020 11:31:57 PM`<br>

+ `UpdateOneDriveSegments: False`

+ The Content row lists the sites that are noncompliant. If all sites are compliant, the Content row is empty and HasNonCompliantSites is "False."

+6. Run the following command to view details about the noncompliant segments associated with each site:

+ ```PowerShell

+ $report = Get-SPOInformationBarriersPolicyComplianceReport -reportid <ID> $report.Content

+ ```

+ (Where *ID* is the report's ID from the previous step.)

+ The command returns the following set of information for each site:

+ `SiteId: 3ef21e8a-69d9-4bf0-a70f-0328e5a18087`<br>

+ `SiteUrl: https://contoso.sharepoint.com/sites/Research`<br>

+ `SiteType: Group`<br>

+ `ComplianceState: NonCompliant`<br>

+ `CurrentSegments: Sales, Research`<br>

+ `OriginalSegments: Sales, Research`<br>

+ `InvalidIBSegments:` <br>

+ `IncompatibleSegmentsPairs: <Sales, Research>`<br>

+ `FailedToBeProcessed: False`<br>

+> [!NOTE]

+> For info about removing incompatible segments, see [Use information barriers with SharePoint](information-barriers-sharepoint.md#2-use-sharepoint-powershell-to-view-and-manage-information-segments-on-a-site). When you're done with a report, you can delete it by using `Remove-SPOInformationBarriersPolicyComplianceReport -reportid <>`.

+ Title: "Use information barriers with SharePoint"

+description: "Learn about associating segments with a site, and what happens when segments are associated with a site."

+audience: Admin

+f1.keywords:

+- CSH

+ms.localizationpriority: medium

+search.appverid:

+- SPO160

+- BSA160

+- GSP150

+- MET150

+- tier2

+- purview-compliance

+- M365-collaboration

+# Use information barriers with SharePoint

+[Microsoft Purview Information Barriers](information-barriers.md) are policies in Microsoft 365 that a compliance admin can configure to prevent users from communicating and collaborating with each other. This solution is useful if, for example, one division is handling information that shouldn't be shared with specific other divisions, or a division needs to be prevented, or isolated, from collaborating with all users outside of the division. Information barriers are often used in highly regulated industries and those organizations with compliance requirements, such as finance, legal, and government.

+For SharePoint, information barriers can determine and prevent the following kinds of unauthorized collaborations:

+- Adding a user to a site

+- User access to a site or site content

+- Sharing a site or site content with other users

+## Information barriers modes and SharePoint sites

+[Information barriers modes](information-barriers-policies.md#step-6-information-barriers-modes-optional) help strengthen access, sharing, and membership of a site based on its IB mode and segments associated with the site.

+When using information barriers with SharePoint, the following IB modes are supported:

+| **Mode** | **Description** | **Examples** |

+|:- |:-|:-|

+| **Open** | When a SharePoint site doesn't have segments, the site's IB mode is automatically set as *Open*. See [this section](#view-and-manage-segments-as-an-administrator) for details on managing segments with the *Open* mode configuration. | A Team site created for picnic event for your organization. |

+| **Owner Moderated** | When a SharePoint site is created for collaboration between incompatible segments moderated by the site owner, the site's IB mode should be set as *Owner Moderated*. See [this section](#owner-moderated-mode-scenario) for details on managing *Owner Moderated* site. | A site is created for collaboration between VP of Sales and Research in the presence of VP of HR (site owner). |

+| **Implicit** | When a site is provisioned by Microsoft Teams, the site's IB mode is set as *Implicit* by default. A SharePoint Administrator or Global Administrator can't manage segments with the *Implicit* mode configuration. | A Team is created for all Sales segment users to collaborate with each other. |

+| **Explicit** | When segment is added to a SharePoint site either via end-user site creation experience or by a SharePoint Administrator adding segment to a site, the site's IB mode is set as *Explicit*. See [this section](#view-and-manage-segments-as-an-administrator) for details on managing segments with the *Explicit* mode configuration. | A research site is created for Research segment users. |

+## Sharing sites for IB modes

+Sharing of sites with users is based on the IB mode of the site.

+### Open

+When a site has no segments and site's information barriers mode is set to *Open*:

+- The site and its contents can be shared based on the information barrier policy applied to the user. For example, if a user in HR is allowed to communicate with users in Research, the user will be able to share the site with those users.

+>[!TIP]

+>If you want to allow sharing of *Open* mode sites with mail-enabled security groups, see the [Allow sharing of Open mode sites with mail-enabled security groups](#allow-sharing-of-open-mode-sites-with-mail-enabled-security-groups) section in this article.

+### Owner Moderated

+When a site has information barriers mode is set to *Owner Moderated*:

+- The option to share with *Anyone with the link* is disabled.

+- The option to share with *Company-wide link* is disabled.

+- (For group connected sites) The site and its content can be shared with existing members.

+- (For non-group connected sites) The site and its content can be shared only by the site owner per their IB policy.

+### Implicit

+When a site's information barriers mode is set to *Implicit*:

+- The option to share with *Anyone with the link* is disabled.

+- The option to share with *Company-wide link* is disabled.

+- The site and its content can be shared with existing members via a sharing link.

+- New users can't be added to the site directly. The Team owner should add users to the Team's group using Microsoft Teams.

+>[!NOTE]

+>If you've enabled information barriers for SharePoint in your organization before March 15, 2022, see the **Enable SharePoint and OneDrive information barriers** section in this article.

+### Explicit

+When a site is associated with segment(s) and site's information barriers mode is set to *Explicit*:

+- The option to share with *Anyone with the link* is disabled.

+- The option to share with *Company-wide link* is disabled.

+- The site and its content can be shared only with users whose segment matches that of the site. For example, if a site is associated with the HR segment, the site can be shared with just HR users (even though HR is compatible with both Sales and Research segments).

+- New users can be added as site members only if their segment matches the segment of the site.

+## Access control for IB modes

+Access to sites by users is based on the IB mode of the site.

+### Open mode

+For a user to access a SharePoint site that has no segment and site's information barriers mode is set to *Open*:

+- The user has site access permissions..

+### Owner Moderated mode

+For a user to access a SharePoint site with site's information barriers mode is set to *Owner Moderated*:

+- (For non-group connected sites) The user has site access permissions.

+- (For group connected sites) The user must be a member of the Microsoft 365 group connected to the site.

+### Implicit mode

+For a user to access SharePoint sites that have information barriers mode set to *Implicit*:

+- The user must be a member of the Microsoft 365 group connected to the site

+- User who isn't a member of the Microsoft 365 group connected to the site won't have access to the site

+- The information barriers compliance assistant ensures the group membership is IB compliant.

+>[!NOTE]

+>If you've enabled information barriers for SharePoint in your organization before March 15, 2022, see the **Enable SharePoint and OneDrive information barriers** section in this article.

+### Explicit mode

+For a user to access SharePoint sites that have segments and site's information barriers mode is *Explicit*:

+- The user's segment must match a segment that is associated with the site.

+ AND

+- The user must have access permission to the site.

+Non-segment users can't access a site associated with segments. They'll see an error message.

+## Example scenario

+The following example illustrates three segments in an organization: HR, Sales, and Research. An information barrier policy has been defined that blocks communication and collaboration between the Sales and Research segments. These segments are incompatible.

+

+With SharePoint information barriers, a SharePoint Administrator or Global Administrator can associate segments to a site to prevent the site from being shared with or accessed by users outside the segments. Up to 100 compatible segments can be associated with a site. The segments are associated at the site level (previously called site collection level). The Microsoft 365 group connected to the site is also associated with the site's segment.

+In the above example, the HR segment is compatible with both Sales and Research. However, because the Sales and Research segments are incompatible, they can't be associated with the same site.

+## Prerequisites

+1. Make sure you meet the [licensing requirements for information barriers](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-barriers).

+2. [Create information barrier policies](information-barriers-policies.md) that allow or block communication between the segments, and then set them to active. Create segments and define the users in each.

+3. After you've configured and activated your information barrier policies, wait 24 hours for the changes to propagate through your organization.

+4. Complete the steps in the following sections to enable and manage SharePoint and OneDrive information barriers in your organization.

+## Enable SharePoint and OneDrive information barriers in your organization

+SharePoint Administrators or Global Administrators can enable information barriers in SharePoint and OneDrive in your organization. Complete the following steps to enable information barriers for your organization:

+1. [Download](https://go.microsoft.com/fwlink/p/?LinkId=255251) and install the latest version of SharePoint Online Management Shell.

+2. Connect to SharePoint Online as a Global Administrator or [SharePoint Administrator](/sharepoint/sharepoint-admin-role) in Microsoft 365. To learn how, see [Getting started with SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).

+3. To enable information barriers in SharePoint and OneDrive, run the following command:

+ ```PowerShell

+ Set-SPOTenant -InformationBarriersSuspension $false

+ ```

+4. After you've enabled information barriers for SharePoint and OneDrive in your organization, wait for approximately 1 hour for the changes to take effect.

+>[!NOTE]

+>If you have enabled information barriers for SharePoint in your organization before March 15, 2022, the default access and sharing control for Implicit mode for Microsoft Teams-connected sites are based on the segments associated with the site.

+To enable Microsoft 365 group-membership based access and sharing control for all Implicit mode Teams-connected sites in your tenant, run the following command:

+```powershell

+Set-SPOTenant -IBImplicitGroupBased $true

+```

+>[!NOTE]

+>If you have Microsoft 365 Multi-Geo, you must run this command for each of your geo-locations.

+If you installed a previous version of the SharePoint Online Management Shell, complete the following steps:

+1. Go to **Add or remove programs** and uninstall *SharePoint Online Management Shell*.

+2. Navigate to the Microsoft Download Center for the [SharePoint Online Management Shell](https://go.microsoft.com/fwlink/p/?LinkId=255251)), select your language, and then select **Download**.

+3. You may be asked to choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of Windows or the x86 file if you're running the 32-bit version of Windows. If you don't know which version you're running on your computer, see [Which version of Windows operating system am I running?](https://support.microsoft.com/help/13443/windows-which-operating-system).

+4. After the download is complete, run the installer file and follow the configuration steps in the setup wizard.

+5. Connect to SharePoint Online as a Global Administrator or [SharePoint Administrator](/sharepoint/sharepoint-admin-role) in Microsoft 365. To learn how, see [Getting started with SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).

+6. To enable information barriers in SharePoint and OneDrive, run the following command:

+ ```PowerShell

+ Set-SPOTenant -InformationBarriersSuspension $false

+ ```

+7. After you've configured information barriers in SharePoint and OneDrive in your organization, wait for approximately 1 hour for the changes to take effect.

+>[!NOTE]

+>If you have enabled information barriers for SharePoint in your organization before March 15, 2022, the default access and sharing control for Implicit mode for Microsoft Teams-connected sites are based on the segments associated with the site.

+To enable Microsoft 365 group-membership based access and sharing control for all Implicit mode sites in your organization, run the following command:

+```powershell

+Set-SPOTenant -IBImplicitGroupBased $true

+```

+>[!NOTE]

+>If you have Microsoft 365 Multi-Geo, you must run this command for each of your geo-locations.

+## View and manage segments as an administrator

+SharePoint Administrators or Global Administrators can view and manage segments on a SharePoint site. Your organization can have up to 5,000 segments and users can be assigned to multiple segments.

+> [!IMPORTANT]

+> Support for 5,000 segments and assigning users to multiple segments is only available when your organization isn't in *Legacy* mode. Assigning users to multiple segments requires additional actions to change the information barriers mode for your organization. For more information, see [Use multi-segment support in information barriers)](information-barriers-multi-segment.md) for details. <br><br> For organizations in *Legacy* mode, the maximum number of segments supported is 250 and users are restricted to being assigned to only one segment. Organizations in *Legacy* mode will be eligible to upgrade to the newest version of information barriers in the future. For more information, see the [information barriers roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=information%2Cbarriers).

+View and manage information barriers segments as follows:

+### 1. Use the SharePoint admin center to view and manage information segments

+To view, edit, or remove information segments for a site, use <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites** in the SharePoint admin center</a>.

+The Segments column lists the first segment associated with the site and shows whether the site has other segments associated. [Learn how to show or move this column](/sharepoint/customize-admin-center-site-list#customize-columns)

+

+To view the complete list of segments associated with a site, select the site name to open the details panel, and then select the **Settings** tab.

+To edit the segments associated with the site, select **Edit**, add or remove segments, and then select **Save**.

+

+### 2. Use SharePoint PowerShell to view and manage information segments on a site

+1. Connect to the [Security & Compliance Center PowerShell](/powershell/exchange/office-365-scc/connect-to-scc-powershell/connect-to-scc-powershell) as a Global Administrator.

+2. Run the following command to get the list of segments and their GUIDs.

+ ```PowerShell

+ Get-OrganizationSegment | ft Name, EXOSegmentID

+ ```

+3. Save the list of segments.

+ |**Name**|**EXOSegmentId**|

+ |:-|:|

+ | Sales | a9592060-c856-4301-b60f-bf9a04990d4d |

+ | Research | 27d20a85-1c1b-4af2-bf45-a41093b5d111 |

+ | HR | a17efb47-e3c9-4d85-a188-1cd59c83de32 |

+4. If not previously completed, [download](https://go.microsoft.com/fwlink/p/?LinkId=255251) and install the latest SharePoint Online Management Shell. If you installed a previous version of the SharePoint Online Management Shell, follow the instructions in the **Enable SharePoint and OneDrive information barriers in your organization** section in this article.

+5. Connect to SharePoint Online as a [Global Administrator or SharePoint Administrator](/sharepoint/sharepoint-admin-role) in Microsoft 365. To learn how, see [Getting started with SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).

+6. Run the following command:

+ ```PowerShell

+ Set-SPOSite -Identity <site URL> -AddInformationSegment <segment GUID>

+ ```

+ For example:

+ ```powershell

+ Set-SPOSite -Identity https://contoso.sharepoint.com/sites/ResearchTeamSite -AddInformationSegment 27d20a85-1c1b-4af2-bf45-a41093b5d111

+ ```

+You'll see an error message if you attempt to associate a segment that isn't compatible with the site's existing segments.

+>[!NOTE]

+>When you add a segment to a site, the site's IB mode is automatically updated as *Explicit*.

+To remove segment from a site, run the following command:

+```PowerShell

+Set-SPOSite -Identity <site URL> -RemoveInformationSegment <segment GUID>

+ ```

+For example:

+```powershell

+Set-SPOSite -Identity https://contoso.sharepoint.com/sites/ResearchTeamSite -RemoveInformationSegment 27d20a85-1c1b-4af2-bf45-a41093b5d111

+```

+>[!NOTE]

+>When all segments are removed from a site, the site's IB mode is automatically updated to *Open*.

+To view the segments of a site, run the following command to return the GUIDs of any segments associated with the site.

+```PowerShell

+Get-SPOSite -Identity <site URL> | Select InformationSegment

+```

+### 3. Use the SharePoint REST API to view and manage information segments on a site

+SharePoint includes a Representational State Transfer (REST) service that you can use to manage segments on a site. To access SharePoint resources and manage site segments using REST, you'll construct a RESTful HTTP request by using the OData standard, which corresponds to the desired client object model application programming interface (API).

+For more information about the SharePoint REST service, see [Get to know the SharePoint REST service](/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service).

+## View and manage IB modes as an administrator with SharePoint PowerShell

+To view the IB mode of a site, run the following command:

+```powershell

+Get-SPOSite -Identity <site URL> | Select InformationBarriersMode

+```

+### Owner Moderated mode scenario

+You want to allow a Sales and Research user to collaborate on a SharePoint site in the presence of HR user.

+*Owner Moderated* is a mode applicable to site (Teams-connected site, non-group connected sites) which allows incompatible segment users access to site. Only the site owner has the capability to invite incompatible segment users on this same site.

+To update a site's mode to *Owner Moderated*, run the following PowerShell command:

+```powershell

+Set-SPOSite -Identity <siteurl> -InformationBarriersMode OwnerModerated

+```

+Owner Moderated IB mode can't be set on a site with segments. Remove the segments first before setting IB mode as Owner Moderated. Access to an Owner Moderated site is allowed to users who have site access permissions. Sharing of an Owner Moderated site and its contents is only allowed by the site owner per their IB policy.

+## Auditing

+Audit events are available in the Microsoft Purview compliance portal to help you monitor information barrier activities. Audit events are logged for the following activities:

+- Enabled information barriers for SharePoint and OneDrive

+- Applied segment to site

+- Changed segment of site

+- Removed segment of site

+- Applied information barriers mode to site

+- Changed information barriers mode of site

+- Disabled information barriers for SharePoint and OneDrive

+For more information about SharePoint segment auditing in Office 365, see [Search the audit log in the compliance portal](audit-log-search.md#microsoft-365-services-that-support-auditing).

+## Site creation and management by site owners

+When a segmented user creates a SharePoint site, the site is associated with the user's segment and site's information barriers mode is automatically set to *Explicit*.

+In addition, the site owners have the capability to add more segments to a SharePoint site that already has segments with site's mode set as *Explicit*. Site owners can't remove added segments from sites. SharePoint Administrators will have to remove added segments in your organization if needed.

+When a non-segmented user creates a SharePoint site, the site isn't associated with any segment and site's information barriers mode is automatically set to *Open*.

+When a SharePoint Administrator creates a SharePoint site from the <a href="https://go.microsoft.com/fwlink/?linkid=2185219" target="_blank">SharePoint admin center</a>, the site isn't associated with any segment and the site's IB mode is set to *Open*.

+To help site owners add a segment to a site, share the [Associate information segments with SharePoint sites](https://support.microsoft.com/office/associate-information-segments-with-sharepoint-sites-2b03db07-6d3f-4297-a388-b943317a26a7) article with your SharePoint site owners.

+## Microsoft Teams sites

+When a team is created in Microsoft Teams, a SharePoint site is automatically created for the team's files. To protect the Microsoft Team sites with information barriers control, you can enable information barriers in SharePoint for your tenant.

+Within 24 hours, the site's information barriers mode is automatically set as *Implicit* and segments associated with the team's members are associated with the site.

+Microsoft Teams sites with the information barrier mode as *Implicit* have site access and sharing based on Microsoft 365 group membership.

+For example, users have access to the Microsoft Teams site if they're members of the Microsoft 365 group connected to the site. The Microsoft 365 group connected to the Team is IB compliant.

+>[!NOTE]

+>If you have enabled information barriers for SharePoint in your organization before March 15, 2022, the Teams-connected site's access and sharing is based on the segments of the site. For example:

+- The site and its content can be shared with user whose segment matches that of the site.

+- The site and its content can be accessed by a user if they have same segment as that of the site and have site access permissions.

+To enable Microsoft 365 group membership-based access and sharing control for all *Implicit* mode sites in your organization, run the following command as a SharePoint Administrator:

+```powershell

+Set-SPOTenant -IBImplicitGroupBased $true

+```

+## Private channel and information barriers

+When SharePoint Information barriers are enabled in your organization, any new private channel site automatically inherits its parent Microsoft Team's IB mode within 24 hours. The mode for a private channel is assigned as follows:

+| **Parent Team's IB mode** | **Private channel site's IB mode** |

+|:--|:--|

+| Open | Open |

+| Implicit or Owner Moderated | Implicit |

+Private channel site access and sharing is governed by its IB mode:

+- Private channel site with *Open* information barriers mode

+ - Access is allowed to anyone who has site access permissions

+ - Sharing links are allowed per the site's existing sharing policy

+ - People picker allows discoverability of user per the sharer's IB policy

+- Private channel site with *Implicit* information barriers mode

+ - Access is allowed to user who is currently a member of the private channel

+ - Sharing is allowed using **People with existing access link**

+Private channel sites already configured in your organization will have their information barriers mode set as *Open*. To configure existing private channel sites to *Implicit* mode, run the following cmdlet in SharePoint PowerShell module:

+```powershell

+Set-Sposite -Identity <site URL> -InformationBarriersMode Implicit

+```

+Learn more about managing [Microsoft Teams connected teams sites](/sharepoint/teams-connected-sites).

+## Search

+Users will see search results from:

+- Sites that have an associated segment that matches the user's segment and the user has access permission to the site.

+- Sites that don't have associated segments if they have access to the site.

+## Effects of changes to user segments

+If a SharePoint site owner or site member's segment changes, they'll continue to have access to the site or content per the site's IB mode:

+- **Open mode**: User can access the site if they have existing site access permissions.

+- **Owner Moderated**: User can access the site if they have existing site access permissions.

+- **Implicit Mode**: If the user is a member of the Microsoft 365 group, they'll continue to have access to the site.

+- **Explicit Mode**: If the user's new segment matches the site's segment and user has site access permissions, they'll continue to have access to the site.

+## Effects of changes to existing information barrier policies

+If a compliance administrator changes an existing IB policy, the change may impact the compatibility of the segments associated with a site (in *Explicit* or *Implicit* mode).

+For example, segments that were once compatible may no longer be compatible.

+With Information barriers policy compliance report, the SharePoint Administrator will have the capability to view the list of sites where segments are no longer compatible. For more information, see [Learn how to create an information barriers policy compliance report in PowerShell](information-barriers-sharepoint-report.md).

+To manage out of compliance sites:

+- In *Explicit* mode, a SharePoint Administrator must change the associated segments to bring them in to IB compliance.

+- In *Implicit* mode, a SharePoint Administrator can't manage segments directly. We recommend the Teams admin to manage the Team's membership to bring the Teams membership roster and segments in to IB compliance.

+## How to suspend SharePoint and OneDrive information barriers in your organization

+If your organization would like to temporarily suspend information barriers on SharePoint, you must use SharePoint Online Management Shell and the [Set-Spotenant](/powershell/module/sharepoint-online/set-spotenant) cmdlet.

+To suspend information barriers, run the following command:

+```PowerShell

+Set-SPOTenant -InformationBarriersSuspension $true

+```

+>[!NOTE]

+>If you have Microsoft 365 Multi-Geo, you must run this command for each of your geo-locations.

+## Allow sharing of Open mode sites with mail-enabled security groups

+IB supports an opt-in capability available in the [SharePoint PowerShell module](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online) for sites in *Open* mode to be shared with [mail-enabled security groups](/microsoft-365/admin/email/create-edit-or-delete-a-security-group) for site permissions, sharing, and audience targeting. This is only supported in *Open* mode sites. SharePoint admins can enable this support in your organization and we recommend you ensure the security group membership is IB compliant.

+Before enabling group support, verify that you've met the following prerequisites:

+- Your organization has only IB [*Block* policies](information-barriers-policies.md#configuration-concepts)

+- Your organization is enabled for SharePoint IB (see [this section](#enable-sharepoint-and-onedrive-information-barriers-in-your-organization) in this article).

+To configure mail-enabled security group support in *Open* mode sites, run the following command:

+```powershell

+Set-SPOTenant -ShowPeoplePickerGroupSuggestionsForIB $true

+```

+## Resources

+- [Information barriers in Microsoft Teams](information-barriers-teams.md)

+- [Information barriers in OneDrive](information-barriers-onedrive.md)

+ Title: Change information barriers modes with a PowerShell script

+description: Use this PowerShell script after you deploy information barriers to update the mode from open to implicit for all groups in your tenant.

+audience: admin

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+search.appverid: MET150

+- tier2

+- purview-compliance

+- M365-collaboration

+appliesto:

+ - Microsoft Teams

+# Change information barriers modes with a PowerShell script

+Use this PowerShell script to update the information barriers (IB) mode for all Teams-connected groups in your tenant. You'll need to update the mode for these groups after you deploy information barriers. Groups provisioned before you enable IB are assigned the *Open* mode. In *Open* mode, there aren't any applicable IB policies. After you enable IB, *Implicit* becomes the default mode for any new groups you create. However, existing groups still keep *Open* mode configuration. Run this script to change these existing groups to *Implicit* mode.

+In this script, you'll use the [Get-UnifiedGroup](/powershell/module/exchange/Set-UnifiedGroup) cmdlet, which is in the Exchange Online PowerShell module to update the mode. To learn more about managing Teams using PowerShell, see [Teams PowerShell overview](/microsoftteams/teams-powershell-overview).

+## Sample script

+You'll need to use a work or school account that has been assigned the global administrator role for your tenant to run this script.

+```powershell

+<#

+.SYNOPSIS

+This script updates the information barrier mode for all Teams-connected groups in your tenant at the same time.

+.DESCRIPTION

+Use this script to update the info barrier mode from open to implicit across the groups in your tenant.

+#>

+$teams = Get-UnifiedGroup -Filter {ResourceProvisioningOptions -eq "Team"} -ResultSize Unlimited

+Write-Output ([string]::Format("Number of Teams = {0}", @($teams).Length))

+$teamsToUpdate = New-Object System.Collections.ArrayList

+foreach($team in $teams)

+{

+ if ($team.InformationBarrierMode -eq "Open")

+ {

+ $teamsToUpdate.Add($team.ExternalDirectoryObjectId) | out-null

+ }

+}

+Write-Output ([string]::Format("Number of Teams to be backfilled = {0}", @($teamsToUpdate).Length))

+$outfile = "BackfillFailedTeams.csv"

+if (!(Test-Path "$outfile"))

+{

+ $newcsv = {} | Select "ExternalDirectoryObjectId", "ExceptionDetails" | Export-Csv $outfile -NoTypeInformation

+}

+else

+{

+ $dateTime = Get-Date

+ $newEntry = "{0},{1}" -f "New session started", $dateTime

+ $newEntry | add-content $outfile

+}

+$SuccessfullyBackfilledGroup = 0

+for($i = 0; $i -lt @($teamsToUpdate).Length; $i++)

+{

+ Invoke-Command { Set-UnifiedGroup $teamsToUpdate[$i] -InformationBarrierMode "Implicit" } -ErrorVariable ErrorOutput

+ if ($ErrorOutput)

+ {

+ # saving the errors in a csv file

+ $errorBody = $ErrorOutput[0].ToString() -replace "`n"," " -replace "`r"," " -replace ",", " "

+ $newEntry = "{0},{1}" -f $teamsToUpdate[$i].ToString(), '"' + $errorBody + '"'

+ $newEntry | add-content $outfile

+ }

+ else

+ {

+ $SuccessfullyBackfilledGroup++

+ }

+ if (($i+1) % 100 -eq 0)

+ {

+ # print the number of teams backfilled after the batch of 100 updates

+ Write-Output ([string]::Format("Number of Teams processed= {0}", $i+1))

+ }

+}

+Write-Output ([string]::Format("Backfill completed. Groups backfilled: {0}, Groups failed to backfill: {1}", $SuccessfullyBackfilledGroup, @($teamsToUpdate).Length - $SuccessfullyBackfilledGroup))

+if (!($SuccessfullyBackfilledGroup -eq @($teamsToUpdate).Length))

+{

+ Write-Output ([string]::Format("Check the failed teams in BackfillFailedTeams.csv, retry to backfill the failed teams."))

+}

+```

+ Title: Information barriers and shared channels

+description: This article explains how information barriers support in Microsoft Teams with Shared Channels.

+audience: admin

+- tier2

+- purview-compliance

+- M365-collaboration

+search.appverid: MET150

+f1.keywords:

+- NOCSH

+appliesto:

+ - Microsoft Teams

+# Information barriers and shared channels

+[Shared channels](information-barriers-teams-shared-channels.md) in Microsoft Teams create collaboration spaces where you can invite people who aren't in the team. [Microsoft Purview Information Barriers](information-barriers.md) are policies implemented to restrict and prevent users and groups from communicating with each other within and outside of your organization.

+Shared channels are enabled by default in Teams. You can choose if people can create shared channels, if they can share them with people outside your organization, and if they can participate in external shared channels by creating a channel policy. When you create information barriers policies in your organization, checks are performed when configuring shared channels to verify that none of the existing channel members and any new users added to the shared channel violate information barriers policy conditions.

+Use the following table to understand how information barriers policies may affect communications and result in specific behaviors when configuring shared channels:

+|**Scenario**|**Information barriers behavior**|

+|:--|:--|

+| **Share a channel with a user in your organization** | If the user isn't allowed to communicate with shared channel members per an information barriers policy, the user isn't displayed in the user search and channel isn't shared with the team. <br><br> If the user can't be added per an information barriers policy, you'll see the following message: *We didn't find any matches. Talk to your IT admin about expanding the scope of your search.* |

+| **Share a channel in your organization with another team that you own** | The channel isn't shared with the team if the other team has any users who aren't allowed to communicate with shared channel members per an information barriers policy. <br><br> If communications aren't allowed per an information barriers policy, you'll see the following message: *The channel can't be shared with this team. Pick another team or contact your admin for more info.* |

+| **Share a channel in your organization with another team that you don't own** | If the team owner or any users of the other team aren't allowed to communicate with shared channel members per an information barriers policy, the channel can't be shared with the team. <br><br> If communications aren't allowed per an information barriers policy, you'll see the following message: *The channel can't be shared with this team. Pick another team or contact your admin for more info.* |

+| **Add a new user to the team when the team has shared channels with other teams** | If the new user isn't allowed to communicate with members of the shared channel team per an information barriers policy, the user can't be added to the team. When you're adding a user to a team with six or more shared channels, the user is immediately added to the channel and sharing is supported. Sharing for the team and the previously shared channels may be stopped if the new user is found to be non-compliant with an information barriers policy.<br><br> If the user can't be added per an information barriers policy, you'll see the following message: *Unable to add user due to an information barriers policy.* |

+| **Share a channel with an external team** | Information barriers policies on internal and external organizations don't restrict communications between users from the different organizations. Shared channels are available to be shared with external guests. |

+ Title: Information barriers in Microsoft Teams

+description: This article explains how information barriers are supported in Microsoft Teams.

+audience: admin

+- tier2

+- purview-compliance

+- M365-collaboration

+search.appverid: MET150

+f1.keywords:

+- NOCSH

+appliesto:

+ - Microsoft Teams

+# Information barriers in Microsoft Teams

+[Microsoft Purview Information Barriers](information-barriers.md) (IBs) are policies that an admin can configure to prevent individuals or groups from communicating with each other. IBs are useful if, for example, one department is handling information that shouldn't be shared with other departments. IBs are also useful when a group needs to be isolated or prevented from communicating with anyone outside of that group. Shared channels in Microsoft Teams is supported by information barriers. Depending on the type of sharing, information barriers policies may restrict sharing in certain ways. For more information about shared channels and information barriers behavior, see [Information barriers and shared channels](information-barriers-teams-shared-channels.md).

+For Microsoft Teams, information barriers can determine and prevent the following kinds of unauthorized collaborations:

+- Adding a user to a team or channel

+- User access to team or channel content

+- User access to 1:1 and group chats

+- User access to meetings

+- Prevents lookups and discovery, users won't be visible in the people picker.

+>[!NOTE]

+>- Information barrier groups cannot be created across tenants.

+>- Using bots, Azure Active Directory (Azure AD) apps, APIs to send activity feed notifications, and some APIs to add users is not supported in version 1.

+>- Private channels are compliant to information barriers policies that you configure.

+>- For information about support for barriers for SharePoint sites that are connected to Teams, see [Segments associated with Microsoft Teams sites](information-barriers-sharepoint.md#view-and-manage-segments-as-an-administrator).

+## Background

+The primary driver for IBs comes from the financial services industry. The Financial Industry Regulatory Authority ([FINRA]( https://www.finra.org)) reviews IBs and conflicts of interest within member firms and provides guidance about managing such conflicts (FINRA 2241, [Debt Research Regulatory Notice 15-31](https://www.finra.org/sites/default/files/Regulatory-Notice-15-31_0.pdf).

+However, since introducing IBs, many other areas have found them to be useful. Other common scenarios include:

+- **Education**: Students in one school aren't able to look up contact details for students of other schools.

+- **Legal**: Maintaining the confidentiality of data that is obtained by the lawyer of one client and preventing it from being accessed by a lawyer for the same firm who represents a different client.

+- **Government**: Information access and control are limited across departments and groups.

+- **Professional services**: A group of people in a company is only able to chat with a client or a specific customer via guest access during a customer engagement.

+For example, Enrico belongs to the Banking segment and Pradeep belongs to the Financial advisor segment. Enrico and Pradeep can't communicate with each other because the organization's IB policy blocks communication and collaboration between these two segments. However, Enrico and Pradeep can communicate with Lee in HR.

+

+## When to use information barriers

+You might want to use IBs in situations like these:

+- A team must be prevented from communicating or sharing data with a specific other team.

+- A team must not communicate or share data with anyone outside of the team.

+The Information Barrier Policy Evaluation Service determines whether a communication complies with IB policies.

+## Managing information barriers segments

+IB segments are managed in the Microsoft Purview compliance portal or by using PowerShell cmdlets. For more information, see [Step 2: Segment users in your organization](information-barriers-policies.md#step-2-segment-users-in-your-organization).

+> [!IMPORTANT]

+> Support for assigning users to multiple segments is only available when your organization isn't in *Legacy* mode. To determine if your organization is in *Legacy* mode, see [Check the IB mode for your organization)](information-barriers-multi-segment.md#check-the-ib-mode-for-your-organization). <br><br> Users are restricted to being assigned to only one segment for organizations in *Legacy* mode. Organizations in *Legacy* mode will be eligible to upgrade to the newest version of information barriers in the future. For more information, see the [information barriers roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=information%2Cbarriers).

+## Managing information barriers policies

+IB policies are managed in the Microsoft Purview compliance portal or by using PowerShell cmdlets. For more information, see [Step 3: Create IB policies](information-barriers-policies.md#step-3-create-ib-policies).

+>[!IMPORTANT]

+>Before you set up or define policies, you must enable scoped directory search in Microsoft Teams. Wait at least a few hours after enabling scoped directory search before you set up or define policies for information barriers. For more information, see [Define information barrier policies](information-barriers-policies.md#required-subscriptions-and-permissions).

+## Information barriers administrator role

+The IB Compliance Management role is responsible for managing IB policies. For more information about this role, see [Permissions in the Microsoft Purview compliance portal](microsoft-365-compliance-center-permissions.md).

+## Information barrier triggers

+IB policies are activated when the following Teams events take place:

+- **Members are added to a team**: Whenever you add a user to a team, the user's policy must be evaluated against the IB policies of other team members. After the user is successfully added, the user can perform all functions in the team without further checks. If the user's policy blocks them from being added to the team, the user won't show up in search.

+ 

+- **A new chat is requested**: Each time that a user requests a new chat with one or more other users, the chat is evaluated to make sure that it isn't violating any IB policies. If the conversation violates an IB policy, then the conversation isn't started.

+ Here's an example of a 1:1 chat.

+ 

+ Here's an example of a group chat.

+ 

+- **A user is invited to join a meeting**: When a user is invited to join a meeting, the IB policy that applies to the user is evaluated against the IB policies that apply to the other team members. If there's a violation, the user won't be allowed to join the meeting.

+ 

+- **A screen is shared between two or more users**: When a user shares a screen with other users, the sharing must be evaluated to make sure that it doesn't violate the IB policies of other users. If an IB policy is violated, the screen share won't be allowed.

+ Here's an example of screen share before the policy is applied.

+ 

+ Here's an example of screen share after the policy is applied. The screen share and call icons aren't visible.

+ 

+- **A user places a phone call in Teams**: Whenever a user initiates a voice call (via VOIP) to another user or group of users, the call is evaluated to make sure that it doesn't violate the IB policies of other team members. If there's any violation, the voice call is blocked.

+- **Guests in Teams**: IB policies apply to guests in Teams, too. If guests need to be discoverable in your organization's global address list, see [Manage guest access in Microsoft 365 Groups](/microsoft-365/admin/create-groups/manage-guest-access-in-groups). Once guests are discoverable, you can [define IB policies](information-barriers-policies.md).

+## How policy changes impact existing chats

+When the IB policy administrator makes changes to a policy, or when a policy change is activated because of a change to a user's profile (such as for a job change), the Information Barrier Policy Evaluation Service automatically searches the members to ensure that their membership in the team doesn't violate any policies.

+If there's an existing chat or other communication between users, and a new policy is set or an existing policy is changed, the service evaluates existing communications to make sure that the communications are still allowed to occur.

+- **1:1 chat**: If communication between two users is no longer allowed (because of application to one or both users of a policy that blocks communication), further communication is blocked. Their existing chat conversations become read-only.

+ Here's an example that shows the chat is visible.

+ 

+ Here's an example that shows the chat is disabled.

+ 

+- **Group chat**: If communication from one user to a group is no longer allowed (for example, because a user changed jobs), the userΓÇöalong with the other users whose participation violates the policyΓÇömay be removed from group chat, and further communication with the group won't be allowed. The user can still see old conversations, but won't be able to see or participate in any new conversations with the group. If the new or changed policy that prevents communication is applied to more than one user, the users who are affected by the policy may be removed from group chat. They can still see old conversations.

+ In this example, Enrico moved to a different department within the organization and is removed from the group chat.

+ 

+ Enrico can no longer send messages to the group chat.

+ 

+- **Team**: Any users who have been removed from the group are removed from the team and won't be able to see or participate in existing or new conversations.

+## Scenario: A user in an existing chat becomes blocked

+Currently, users experience the following scenarios if an IB policy blocks another user:

+- **People tab**: A user can't see blocked users on the **People** tab.

+- **People Picker**: Blocked users won't be visible in the people picker.

+ 

+- **Activity tab**: If a user visits the **Activity** tab of a blocked user, no posts will appear. (The **Activity** tab displays channel posts only, and there would be no common channels between the two users.)

+ Here's an example of the activity tab view that is blocked.

+ 

+- **Org charts**: If a user accesses an org chart on which a blocked user appears, the blocked user won't appear on the org chart. Instead, an error message will appear.

+- **People card**: If a user participates in a conversation and the user is later blocked, other users will see an error message instead of the people card when they hover over the blocked user's name. Actions listed on the card (such as calling and chat) will be unavailable.

+- **Suggested contacts**: Blocked users don't appear on the suggested contacts list (the initial contact list that appears for new users).

+- **Chat contacts**: A user can see blocked users on the chats contact list, but the blocked users will be identified. The only action that the user can perform on the blocked users is to delete them. The user can also select them to view their past conversation.

+- **Calls contacts**: A user can see blocked users on the calls contact list, but the blocked users will be identified. The only action that the user can perform on the blocked users is to delete them.

+ Here's an example of a blocked user in the calls contact list.

+

+ 

+ Here's an example of the chat being disabled for a user on the calls content list.

+ 

+- **Skype to Teams migration**: During a migration from Skype for Business to Teams, all usersΓÇöeven those users who are blocked by IB policiesΓÇöwill be migrated to Teams. Those users are then handled as described above.

+## Teams policies and SharePoint sites

+When a team is created, a SharePoint site is provisioned and associated with Microsoft Teams for the files experience. Information barrier policies aren't honored on this SharePoint site and files by default. To enable information barriers in SharePoint and OneDrive, follow the guidance and steps in the [Use information barriers with SharePoint](information-barriers-sharepoint.md#enable-sharepoint-and-onedrive-information-barriers-in-your-organization) article.

+## Information barrier modes and Teams

+Information barriers modes help strengthen who can be added to or removed from a Team. When using information barriers with Teams, the following IB modes are supported:

+- **Open**: This configuration is the default IB mode for all existing groups that were provisioned before information barriers were enabled. In this mode, there are no IB policies applicable.

+- **Implicit**: This configuration is the default IB mode when a Team is provisioned after enabling information barriers. Implicit mode allows you to add all compatible users in the group.

+- **Owner Moderated**: This mode is set on a team when you want to allow collaboration between incompatible segment users that are moderated by the owner. The team owner can add new members per their IB policy.

+Teams created before activating an information barrier policy in your tenant are automatically set to *Open* mode by default. Once you activate IB policies on your tenant, you're required to update mode of your existing teams to *Implicit* to ensure that existing teams are IB-compliant. For more information about updating modes, see [Change information barriers modes with a PowerShell script](information-barriers-teams-powershell-script.md).

+Use the [Set-UnifiedGroup](/powershell/module/exchange/set-unifiedgroup) cmdlet with the *InformationBarrierMode* parameter that corresponds to the mode you want to use for your segments. Allowed list of values for the *InformationBarrierMode* parameter are *Open*, *Implicit*, and *Owner Moderated*.

+For example, to configure the *Implicit* mode for a Microsoft 365 Group, you'll use the following PowerShell command:

+```powershell

+Set-UnifiedGroup -InformationBarrierMode Implicit

+```

+To update the mode from *Open* to *Implicit* for all existing teams, use this [PowerShell script](information-barriers-teams-powershell-script.md).

+If you change the *Open* mode configuration on existing Teams-connected groups to meet compliance requirements for your organization, you'll need to [update the IB modes]/microsoft-365/compliance/information-barriers-sharepoint#view-and-manage-ib-modes-as-an-administrator-with-sharepoint-powershell) for associated SharePoint sites connected to the Teams team.

+## IB policy application in Teams

+IB policy application is a background IB processor for Teams that gets a notification when there are changes to either users (policy or segment changes) or groups (mode changes). The following steps outline the processing flow:

+- The policy application receives a group change notification when mode is updated and retrieves the message thread and Group IDs applicable to the update.

+- If the message thread exists, processing is scheduled and all members are fetched from the team, and underlying group and are sent to downstream Teams components for IB evaluation.

+- The mode on the group and the IB policies per user are evaluated and the results are sent to the policy application.

+- Policy application removes the non-compliant users from the group and team.

+## Required licenses and permissions

+For more information on licenses and permissions, plans, and pricing, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).

+## Usage notes

+- **Users can't join ad-hoc meetings**: If IB policies are enabled, users aren't allowed to join meetings if the size of the meeting roster is greater than the [meeting attendance limits](/microsoftteams/limits-specifications-teams). The root cause is that IB checks rely on whether users can be added to a meeting chat roster, and only when they can be added to the roster are they allowed to join the meeting. A user joining a meeting once adds that user to the roster; hence for recurring meetings, the roster can fill up fast. Once the chat roster reaches the [meeting attendance limits](/microsoftteams/limits-specifications-teams), additional users can't be added to the meeting. If IB is enabled for the organization and the chat roster is full for a meeting, new users (those users who aren't already on the roster) aren't allowed to join the meeting. But if IB isn't enabled for the organization and the meeting chat roster is full, new users (those users who aren't already on the roster) are allowed to join the meeting, though they won't see the chat option in the meeting. A short-term solution is to remove inactive members from the meeting chat roster to make space for new users. We will, however, be increasing the size of meeting chat rosters at a later date.

+- **Users can't join channel meetings**: If IB policies are enabled, users aren't allowed to join channel meetings if they're not a member of the team. The root cause is that IB checks rely on whether users can be added to a meeting chat roster, and only when they can be added to the roster are they allowed to join the meeting. The chat thread in a channel meeting is available to Team/Channel members only, and non-members can't see or access the chat thread. If IB is enabled for the organization and a non-team member attempts to join a channel meeting, that user isn't allowed to join the meeting. However, if IB isn't* enabled for the organization and a non-team member attempts to join a channel meeting, the user is allowed to join the meetingΓÇöbut they won't see the chat option in the meeting.

+- **IB policies don't work for federated users**: If you allow federation with external organizations, the users of those organizations won't be restricted by IB policies. If users of your organization join a chat or meeting organized by external federated users, then IB policies also won't restrict communication between users of your organization.

+## More information

+- To learn more about IBs, see [Information barriers](/microsoft-365/compliance/information-barriers).

+- To set up IB policies, see [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies).

+- To edit or remove IB policies, see [Manage information barrier policies](information-barriers-edit-segments-policies.md).

+- [Information barriers and shared channels](information-barriers-teams-shared-channels.md)

+## Availability

+Information barriers in Teams is available in our public, GCC, GCC - High, and DOD clouds.

+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)*

+## Related resources

+[Microsoft Syntex Advanced Management overview](/sharepoint/advanced-management)

+## April 2023

+### Sensitivity labels

+- **General availability (GA)**: [Default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md)

+|**Last updated:** 03/29/2023 - |

+- [Viva Connections](https://support.microsoft.com/office/your-intranet-is-now-in-microsoft-teams-8b4e7f76-f305-49a9-b6d2-09378476f95b) ([rolling out](#viva-connections-rolling-out))

+### Viva Connections (rolling out)

+> [!NOTE]

+>The Frontline Viva Connections experience is currently rolling out. For the details on the rollout refer to the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=99706).

+Viva Connections is part of the tailored apps experience. Frontline users who see the tailored app experience will have Viva Connections pinned in the first position on both mobile and desktop.

+This experience includes a default dashboard with relevant frontline cards such as Tasks, Shifts, Approvals, and Top News that can be customized to fit the needs of your organization. If your organization has already set up a Viva Connections home site, it will take precedence over the default experience.

+> [!NOTE]

+> This article was partially created with the help of artificial intelligence. Before publishing, an author reviewed and revised the content as needed. For more information, see [Our principles for using AI-generated content in Microsoft Learn](/azure/principles-for-ai-generated-content).

+## Week of March 27, 2023

+| Published On |Topic title | Change |

+|||--|

+| 3/29/2023 | [Customize a SharePoint team site for file storage and sharing](/microsoft-365/admin/setup/customize-team-site?view=o365-worldwide) | modified |

+| 3/29/2023 | [Install Microsoft 365 apps](/microsoft-365/admin/setup/install-applications?view=o365-worldwide) | modified |

+| 3/29/2023 | [Set up OneDrive file storage and sharing](/microsoft-365/admin/setup/set-up-file-storage-and-sharing?view=o365-worldwide) | modified |

+| 3/29/2023 | [Set up mobile devices for Microsoft 365 for business users](/microsoft-365/admin/setup/set-up-mobile-devices?view=o365-worldwide) | modified |

+| 3/29/2023 | [Set up Microsoft 365 Apps for business](/microsoft-365/admin/setup/setup-apps-for-business?view=o365-worldwide) | modified |

+| 3/29/2023 | [Set up Microsoft 365 Business Standard with a new or existing domain](/microsoft-365/admin/setup/setup-business-standard?view=o365-worldwide) | modified |

+| 3/29/2023 | [Invite users to a Microsoft 365 business subscription](/microsoft-365/admin/simplified-signup/admin-invite-business-standard?view=o365-worldwide) | modified |

+| 3/29/2023 | [Contracts FAQ](/microsoft-365/commerce/licenses/contracts-faq?view=o365-worldwide) | modified |

+| 3/29/2023 | [Manage auto-claim policies](/microsoft-365/commerce/licenses/manage-auto-claim-policies?view=o365-worldwide) | modified |

+| 3/29/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified |

+| 3/27/2023 | [Upgrade (preview), close, reopen, or delete eDiscovery (Standard) cases](/microsoft-365/compliance/ediscovery-close-reopen-delete-cases?view=o365-worldwide) | modified |

+| 3/27/2023 | [Microsoft 365 admin center Visio activity ](/microsoft-365/admin/activity-reports/visio-activity?view=o365-worldwide) | added |

+| 3/27/2023 | [Set up multifactor authentication for users](/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide) | modified |

+| 3/27/2023 | [Customize what happens at the end of the retention period](/microsoft-365/compliance/retention-label-flow?view=o365-worldwide) | modified |

+| 3/27/2023 | [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | modified |

+| 3/27/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified |

+| 3/28/2023 | [Setup overview for Microsoft 365 for Campaigns](/microsoft-365/business-premium/m365-campaigns-setup?view=o365-worldwide) | modified |

+| 3/28/2023 | [Protect your administrator accounts with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-admin-accounts?view=o365-worldwide) | modified |

+| 3/28/2023 | [Welcome to Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup-overview?view=o365-worldwide) | modified |

+| 3/28/2023 | [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-worldwide) | modified |

+| 3/28/2023 | [Microsoft 365 Business Premium frequently asked questions](/microsoft-365/business-premium/microsoft-365-business-faqs?view=o365-worldwide) | modified |

+| 3/28/2023 | [What happens to my data and access when my subscription ends?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-worldwide) | modified |

+| 3/28/2023 | [Take response actions on a device in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide) | modified |

+| 3/28/2023 | [Microsoft Defender Threat Intelligence in Microsoft 365 Defender](/microsoft-365/security/defender/defender-threat-intelligence?view=o365-worldwide) | added |

+| 3/28/2023 | [Microsoft Defender for Office 365 support for Microsoft Teams (Preview)](/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide) | added |

+| 3/28/2023 | [User reported message settings in Teams](/microsoft-365/security/office-365-security/submissions-teams?view=o365-worldwide) | added |

+| 3/28/2023 | [The Teams Message Entity Panel in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/teams-message-entity-panel?view=o365-worldwide) | added |

+| 3/28/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified |

+| 3/28/2023 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) | modified |

+| 3/28/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified |

+| 3/28/2023 | [Configure and view alerts for DLP policies](/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-worldwide) | modified |

+| 3/28/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified |

+| 3/28/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified |

+| 3/28/2023 | [Anti-spam message headers](/microsoft-365/security/office-365-security/message-headers-eop-mdo?view=o365-worldwide) | modified |

+| 3/28/2023 | [Migrate to Microsoft Defender for Office 365 Phase 2: Setup](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-setup?view=o365-worldwide) | modified |

+| 3/28/2023 | [Outbound delivery pools](/microsoft-365/security/office-365-security/outbound-spam-high-risk-delivery-pool-about?view=o365-worldwide) | modified |

+| 3/28/2023 | [Step-by-step threat protection stack in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-worldwide) | modified |

+| 3/28/2023 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-worldwide) | modified |

+| 3/28/2023 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-worldwide) | modified |

+| 3/28/2023 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-about?view=o365-worldwide) | modified |

+| 3/28/2023 | [Secure by default in Office 365](/microsoft-365/security/office-365-security/secure-by-default?view=o365-worldwide) | modified |

+| 3/28/2023 | [Steps to quickly set up the Standard or Strict preset security policies for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies?view=o365-worldwide) | modified |

+| 3/28/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified |

+| 3/28/2023 | [Recommended Teams policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/teams-access-policies?view=o365-worldwide) | modified |

+| 3/28/2023 | [Top 12 tasks for security teams to support working from home](/microsoft-365/security/top-security-tasks-for-remote-work?view=o365-worldwide) | modified |

+| 3/28/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified |

+| 3/28/2023 | [Manage active content in Office documents for IT admins](/microsoft-365/security/active-content-in-trusted-docs?view=o365-worldwide) | modified |

+| 3/28/2023 | [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified |

+| 3/28/2023 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) | modified |

+| 3/28/2023 | [Attack surface reduction frequently asked questions (FAQ)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq?view=o365-worldwide) | modified |

+| 3/28/2023 | [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide) | modified |

+| 3/28/2023 | [Batch Update alert entities API](/microsoft-365/security/defender-endpoint/batch-update-alerts?view=o365-worldwide) | modified |

+| 3/28/2023 | [Cloud protection and sample submission at Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission?view=o365-worldwide) | modified |

+| 3/28/2023 | [Alert grading for suspicious inbox forwarding rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-forwarding-rules?view=o365-worldwide) | modified |

+| 3/28/2023 | [Device profile in Microsoft 365 security portal](/microsoft-365/security/defender/device-profile?view=o365-worldwide) | modified |

+| 3/28/2023 | [Enable the evaluation environment for Microsoft Defender for Office 365 in your production environment](/microsoft-365/security/defender/eval-defender-office-365-enable-eval?view=o365-worldwide) | modified |

+| 3/28/2023 | [Step 5. Develop and test use cases](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases?view=o365-worldwide) | modified |

+| 3/28/2023 | [Responding to ransomware attacks](/microsoft-365/security/defender/playbook-responding-ransomware-m365-defender?view=o365-worldwide) | modified |

+| 3/28/2023 | [Onboard macOS devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-macos-overview?view=o365-worldwide) | modified |

+| 3/28/2023 | [Onboard Windows 10 or Windows 11 devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-overview?view=o365-worldwide) | modified |

+| 3/29/2023 | [Use retention labels to manage SharePoint document lifecycle](/microsoft-365/compliance/auto-apply-retention-labels-scenario?view=o365-worldwide) | modified |

+| 3/29/2023 | [Start retention when an event occurs](/microsoft-365/compliance/event-driven-retention?view=o365-worldwide) | modified |

+| 3/29/2023 | [Add apps overview for Microsoft Intune](/microsoft-365/solutions/apps-add-overview?view=o365-worldwide) | added |

+| 3/29/2023 | [Step 1. Assess app requirements](/microsoft-365/solutions/apps-add-step-1?view=o365-worldwide) | added |

+| 3/29/2023 | [Step 2. Create and edit categories for apps](/microsoft-365/solutions/apps-add-step-2?view=o365-worldwide) | added |

+| 3/29/2023 | [Step 3. Purchase apps](/microsoft-365/solutions/apps-add-step-3?view=o365-worldwide) | added |

+| 3/29/2023 | [Step 4. Add apps to Intune](/microsoft-365/solutions/apps-add-step-4?view=o365-worldwide) | added |

+| 3/29/2023 | [Step 5. Manage apps and licenses](/microsoft-365/solutions/apps-add-step-5?view=o365-worldwide) | added |

+| 3/29/2023 | [Purchase and add apps for Microsoft Intune](/microsoft-365/solutions/apps-guide-overview?view=o365-worldwide) | added |

+| 3/29/2023 | [Manage app licenses used in Intune](/microsoft-365/solutions/apps-license-manage?view=o365-worldwide) | added |

+| 3/29/2023 | [Understand app licenses used in Intune](/microsoft-365/solutions/apps-license-overview?view=o365-worldwide) | added |

+| 3/29/2023 | [Purchase apps for Intune](/microsoft-365/solutions/apps-purchase-overview?view=o365-worldwide) | added |

+| 3/29/2023 | [Purchase store apps in Intune](/microsoft-365/solutions/apps-purchase-store?view=o365-worldwide) | added |

+| 3/29/2023 | [Purchase apps in-volume for Intune](/microsoft-365/solutions/apps-purchase-volume?view=o365-worldwide) | added |

+| 3/29/2023 | [Understand built-in apps for Intune](/microsoft-365/solutions/apps-type-built-in?view=o365-worldwide) | added |

+| 3/29/2023 | [Understand line-of-business apps for your managed environment](/microsoft-365/solutions/apps-type-lob?view=o365-worldwide) | added |

+| 3/29/2023 | [Understand Microsoft apps for Intune](/microsoft-365/solutions/apps-type-microsoft?view=o365-worldwide) | added |

+| 3/29/2023 | [Overview of app types available for managed environments](/microsoft-365/solutions/apps-type-overview?view=o365-worldwide) | added |

+| 3/29/2023 | [Understand store apps for your managed environment](/microsoft-365/solutions/apps-type-store?view=o365-worldwide) | added |

+| 3/29/2023 | [Understand web apps for Intune](/microsoft-365/solutions/apps-type-web?view=o365-worldwide) | added |

+| 3/28/2023 | [Manage and monitor priority accounts](/microsoft-365/admin/setup/priority-accounts?view=o365-worldwide) | modified |

+| 3/28/2023 | [France national ID card (CNI) entity definition](/microsoft-365/compliance/sit-defn-france-national-id-card?view=o365-worldwide) | modified |

+| 3/28/2023 | [Indonesia identity card (KTP) number entity definition](/microsoft-365/compliance/sit-defn-indonesia-identity-card-number?view=o365-worldwide) | modified |

+| 3/28/2023 | [Portugal citizen card number entity definition](/microsoft-365/compliance/sit-defn-portugal-citizen-card-number?view=o365-worldwide) | modified |

+| 3/28/2023 | [Add several users at the same time to Microsoft 365 - Admin Help](/microsoft-365/enterprise/add-several-users-at-the-same-time?view=o365-worldwide) | modified |

+| 3/28/2023 | [Specify the cloud protection level for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 3/28/2023 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) | modified |

+| 3/29/2023 | [Zero Trust with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/zero-trust-with-microsoft-defender-endpoint?view=o365-worldwide) | added |

+| 3/29/2023 | [BehaviorEntities table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-behaviorentities-table?view=o365-worldwide) | added |

+| 3/29/2023 | [BehaviorInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-behaviorinfo-table?view=o365-worldwide) | added |

+| 3/29/2023 | [Zero Trust with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-trust-with-microsoft-365-defender-office-365?view=o365-worldwide) | added |

+| 3/29/2023 | [Manage device access settings in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/manage-device-access-settings?view=o365-worldwide) | modified |

+| 3/29/2023 | [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide) | modified |

+| 3/29/2023 | [Upgrade your Office 2010 to Microsoft 365 - Microsoft 365 admin](/microsoft-365/admin/setup/upgrade-users-to-latest-office-client?view=o365-worldwide) | modified |

+| 3/29/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified |

+| 3/29/2023 | [Common Microsoft Defender for Endpoint API errors](/microsoft-365/security/defender-endpoint/common-errors?view=o365-worldwide) | modified |

+| 3/29/2023 | [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) | modified |

+| 3/29/2023 | [Enable Conditional Access to better protect users, devices, and data](/microsoft-365/security/defender-endpoint/conditional-access?view=o365-worldwide) | modified |

+| 3/29/2023 | [Configure device discovery](/microsoft-365/security/defender-endpoint/configure-device-discovery?view=o365-worldwide) | modified |

+| 3/29/2023 | [Configure exclusions for files opened by specific processes](/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 3/29/2023 | [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 3/29/2023 | [Configure vulnerability email notifications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications?view=o365-worldwide) | modified |

+| 3/29/2023 | [Deploy Microsoft Defender for Endpoint in rings](/microsoft-365/security/defender-endpoint/deployment-rings?view=o365-worldwide) | modified |

+| 3/29/2023 | [Device discovery frequently asked questions](/microsoft-365/security/defender-endpoint/device-discovery-faq?view=o365-worldwide) | modified |

+| 3/29/2023 | [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide) | modified |

+| 3/29/2023 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) | modified |

+| 3/29/2023 | [Turn on exploit protection to help mitigate against attacks](/microsoft-365/security/defender-endpoint/enable-exploit-protection?view=o365-worldwide) | modified |

+| 3/29/2023 | [Exploit protection reference](/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide) | modified |

+| 3/29/2023 | [Apply mitigations to help prevent attacks through vulnerabilities](/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide) | modified |

+| 3/29/2023 | [Find devices by tag API](/microsoft-365/security/defender-endpoint/find-machines-by-tag?view=o365-worldwide) | modified |

+| 3/29/2023 | [List machines API](/microsoft-365/security/defender-endpoint/get-machines?view=o365-worldwide) | modified |

+| 3/29/2023 | [Become a Microsoft Defender for Endpoint partner](/microsoft-365/security/defender-endpoint/get-started-partner-integration?view=o365-worldwide) | modified |

+| 3/29/2023 | [Investigate connection events that occur behind forward proxies](/microsoft-365/security/defender-endpoint/investigate-behind-proxy?view=o365-worldwide) | modified |

+| 3/29/2023 | [Investigate a user account in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/investigate-user?view=o365-worldwide) | modified |

+| 3/29/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified |

+| 3/29/2023 | [Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm?view=o365-worldwide) | modified |

+| 3/29/2023 | [Set preferences for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide) | modified |

+| 3/29/2023 | [Create indicators](/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-worldwide) | modified |

+| 3/29/2023 | [Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/migrating-mde-server-to-cloud?view=o365-worldwide) | modified |

+| 3/29/2023 | [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide) | modified |

+| 3/29/2023 | [Run live response commands on a device](/microsoft-365/security/defender-endpoint/run-live-response?view=o365-worldwide) | modified |

+| 3/29/2023 | [Troubleshoot Microsoft Defender for Endpoint service issues](/microsoft-365/security/defender-endpoint/troubleshoot-mdatp?view=o365-worldwide) | modified |

+| 3/29/2023 | [Microsoft Defender Antivirus event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 3/29/2023 | [Troubleshoot Microsoft Defender for Endpoint onboarding issues](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide) | modified |

+| 3/29/2023 | [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-worldwide) | modified |

+| 3/29/2023 | [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) | modified |

+| 3/29/2023 | [Create and view exceptions for security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-exception?view=o365-worldwide) | modified |

+| 3/29/2023 | [Remediate vulnerabilities](/microsoft-365/security/defender-vulnerability-management/tvm-remediation?view=o365-worldwide) | modified |

+| 3/29/2023 | [Zero Trust with Microsoft 365 Defender](/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender?view=o365-worldwide) | modified |

+| 3/29/2023 | [Prevent malware infection](/microsoft-365/security/intelligence/prevent-malware-infection?view=o365-worldwide) | modified |

+| 3/29/2023 | [Tech Support Scams](/microsoft-365/security/intelligence/support-scams?view=o365-worldwide) | modified |

+| 3/29/2023 | [Zero Trust deployment plan with Microsoft 365](/microsoft-365/security/microsoft-365-zero-trust?view=o365-worldwide) | modified |

+| 3/29/2023 | [Remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-remediation-actions?view=o365-worldwide) | modified |

+| 3/29/2023 | [How EOP validates the From address to prevent phishing](/microsoft-365/security/office-365-security/anti-phishing-from-email-address-validation?view=o365-worldwide) | modified |

+| 3/29/2023 | [Attack simulation training deployment considerations and FAQ](/microsoft-365/security/office-365-security/attack-simulation-training-faq?view=o365-worldwide) | modified |

+| 3/29/2023 | [Protection features in Azure Information Protection rolling out to existing tenants](/microsoft-365/security/office-365-security/azure-ip-protection-features?view=o365-worldwide) | modified |

+| 3/29/2023 | [Create safe sender lists](/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide) | modified |

+| 3/29/2023 | [Detect and remediate the Outlook rules and custom forms injections attacks.](/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack?view=o365-worldwide) | modified |

+| 3/29/2023 | [Troubleshooting mail sent to Microsoft 365](/microsoft-365/security/office-365-security/mail-flow-troubleshooting?view=o365-worldwide) | modified |

+| 3/29/2023 | [Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-worldwide) | modified |

+| 3/29/2023 | [Landing pages in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-landing-pages?view=o365-worldwide) | added |

+| 3/29/2023 | [End-user notifications for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-end-user-notifications?view=o365-worldwide) | modified |

+| 3/29/2023 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide) | modified |

+| 3/29/2023 | [Insights and reports Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-worldwide) | modified |

+| 3/29/2023 | [Login pages in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-login-pages?view=o365-worldwide) | modified |

+| 3/29/2023 | [Payload automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations?view=o365-worldwide) | modified |

+| 3/29/2023 | [Payloads in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-worldwide) | modified |

+| 3/29/2023 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-worldwide) | modified |

+| 3/29/2023 | [Simulate a phishing attack with Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulations?view=o365-worldwide) | modified |

+| 3/29/2023 | [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) | modified |

+| 3/29/2023 | [Microsoft Defender for Office 365 support for Microsoft Teams (Preview)](/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide) | modified |

+| 3/29/2023 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) | modified |

+| 3/29/2023 | [Configure teams with protection for sensitive data](/microsoft-365/solutions/configure-teams-sensitive-protection?view=o365-worldwide) | modified |

+| 3/29/2023 | [Determine if Centralized Deployment of add-ins works for your organization](/microsoft-365/admin/manage/centralized-deployment-of-add-ins?view=o365-worldwide) | modified |

+| 3/29/2023 | [How to secure your business data with Microsoft 365](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified |

+| 3/29/2023 | [Resources for Microsoft partners working with small and medium-sized businesses](/microsoft-365/security/defender-business/mdb-partners?view=o365-worldwide) | modified |

+| 3/30/2023 | [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-worldwide) | modified |

+| 3/30/2023 | [Virtual Appointments with Teams - Integration into Oracle Health EHR](/microsoft-365/frontline/ehr-admin-oracle-health?view=o365-worldwide) | modified |

+| 3/30/2023 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-worldwide) | modified |

+| 3/30/2023 | [Microsoft Teams in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide) | added |

+| 3/30/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified |

+| 3/31/2023 | [macOS Device control policies frequently asked questions (FAQ)](/microsoft-365/security/defender-endpoint/mac-device-control-faq?view=o365-worldwide) | added |

+| 3/31/2023 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide) | modified |

+| 3/31/2023 | [Deploy and manage Device Control using Intune](/microsoft-365/security/defender-endpoint/mac-device-control-intune?view=o365-worldwide) | modified |

+| 3/31/2023 | [Deploy and manage device control using JAMF](/microsoft-365/security/defender-endpoint/mac-device-control-jamf?view=o365-worldwide) | modified |

+| 3/31/2023 | [Device control for macOS](/microsoft-365/security/defender-endpoint/mac-device-control-overview?view=o365-worldwide) | modified |

+| 3/31/2023 | [Errors during admin submissions](/microsoft-365/security/office-365-security/submissions-error-messages?view=o365-worldwide) | modified |

+| 3/31/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified |

+| 3/31/2023 | [Overview of Copilot for Microsoft Syntex](/microsoft-365/syntex/syntex-copilot) | modified |

+| 3/31/2023 | [Turn pronouns on or off for your organization in the Microsoft 365 admin center](/microsoft-365/admin/add-users/turn-pronouns-on-or-off?view=o365-worldwide) | modified |

+| 3/31/2023 | [Use communication compliance reports and audits](/microsoft-365/compliance/communication-compliance-reports-audits?view=o365-worldwide) | modified |

+| 3/31/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |

+| 3/31/2023 | [Service advisories for auto-expanding archive utilization in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-exo-archive-advisory?view=o365-worldwide) | modified |

+| 3/31/2023 | [Printer Protection frequently asked questions](/microsoft-365/security/defender-endpoint/printer-protection-frequently-asked-questions?view=o365-worldwide) | modified |

+| 3/31/2023 | [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/schedule-antivirus-scans?view=o365-worldwide) | modified |

+## March 2023

+### Microsoft Defender for Endpoint multi-tenant threat and vulnerability management

+Microsoft Defender Vulnerability Management helps proactively identify and build a secure foundation for devices through the remediation of software vulnerabilities and misconfigurations in customer environments. Microsoft 365 Lighthouse now includes Vulnerability Management capabilities. Go to **Devices** > [Vulnerability management](https://lighthouse.microsoft.com/#view/Microsoft_Intune_MTM/VulnerabilityManagement.ReactView) to see the exposure score across all your managed tenants that have been onboarded to Microsoft Defender for Endpoint. To see security recommendations for how to reduce tenants' exposure to vulnerabilities, select the **Recommendations** tab.

+### Device security insights from Microsoft Defender for Business and Microsoft Defender for Endpoint

+Microsoft 365 Lighthouse now surfaces summarized insights into the various security alerts from Microsoft Defender for Business and Microsoft Defender for Endpoint across your managed tenants. To access these insights, go to **Devices** > **Device security** > [Overview](https://lighthouse.microsoft.com/#view/Microsoft_Intune_MTM/MDE.ReactView). These insights can help you assess the overall status, severity, and category of the various security alerts in your tenants before drilling into the full list of alerts.

+### Tenants page improvements

+We've updated the [Tenants page](https://lighthouse.microsoft.com/#view/Microsoft_Intune_MTM/Tenants.ReactView) to help you more easily manage your customer tenants in Microsoft 365 Lighthouse. Using the new List options feature, which you access by selecting the icon next to the search box, you can now view your customer tenants by domain name or tenant ID. We've also updated the Tenants page to reflect the new Granular Delegated Admin Privileges (GDAP) setup and Lighthouse management capabilities.

+You'll notice that customer tenants that don't meet the criteria to be fully managed in Microsoft 365 Lighthouse (for example, they don't have GDAP set up or they're missing a required subscription) show a Lighthouse management status of **Limited**. These tenants are eligible for only a limited set of experiences in Microsoft 365 Lighthouse, including GDAP setup and management, user search, user details, tenant tagging, and service health.

+Lastly, we've added a new pane that details the customer criteria for each of your customer tenants. For customers with a **Limited** Lighthouse management status, for example, you can select the tenant name to open this pane and see a detailed status and recommended next steps.

+### Deployment status reporting

+Microsoft 365 Lighthouse now provides a deployment plan status for each active tenant to help you optimize and prioritize your deployment efforts. The deployment plan status is found on the Tenants page and on the new Deployment insights page.

+If you're using Defender for Endpoint, you can specify an automation level so that when a thread is detected on a device, the entity can be remediated automatically or only upon approval by your security team. You can configure automated investigation and remediation with device groups.

+> In Defender for Business, automated investigation is configured automatically. See [advanced features](/microsoft-365/security/defender-business/mdb-configure-security-settings#review-settings-for-advanced-features).

+> [!NOTE]

+> The **Automated Investigation** option has been removed from the advanced features setting in Defender for Endpoint. Automated investigation is now enabled by default.

+- [Automation levels in automated investigation and remediation](automation-levels.md)

+- [Azure Active Directory Seamless single sign-on](/azure/active-directory/hybrid/how-to-connect-sso-quick-start)

+- [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt#instructions-for-applying-computer-join-rule-in-aad-connect)

+|complianceLevels|String|The compliance level of the benchmark where this configuration appears.

+Microsoft Defender for Endpoint Device Control feature enables you to audit, allow, or prevent the read, write, or execute access to removable storage, and allows you to manage iOS and Portable device and Apple APFS encrypted device and Bluetooth media with or without exclusions.

+| encryption | apfs | Match if a device is apfs-encrypted. |

+|[Configure Microsoft Defender for Endpoint and MS AutoUpdate (MAU) notifications](/microsoft-365/security/defender-endpoint/mac-install-with-intune#notifications)|MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig|com.microsoft.autoupdate2 or com.microsoft.wdav.tray|

+## Create and manage exceptions

+You may have cases where you don't want to assess specific configurations on certain devices. For example, a device could be under third party control or it could have an alternate mitigation already in place. In these situations, you can add exceptions to exclude the assessment of specific configurations on a devices.

+Devices included in exceptions won't be assessed for the specified configurations in the baseline profiles. This means it won't affect an organizationΓÇÖs metrics and score, and it can help provide organizations with a clearer view of their compliance.

+To view exceptions:

+1. Go to **Vulnerability management** > **Baselines assessment** in the [Microsoft 365 Defender portal](https://security.microsoft.com).

+2. Select the **Exceptions** tab at the top

+To add a new exception:

+1. On the **Exceptions** tab select the **Create** button.

+2. Fill in the requested details, including the justification reason, and duration.

+3. Select **Next**.

+4. On the **Configuration scope** page choose the software, base benchmark, and the compliance level and select **Next**.

+5. Select the configurations you want to add to the exception.

+ :::image type="content" source="../../media/defender-vulnerability-management/security-baselines-exceptions-configurations.png" alt-text="Screenshot of the configuration exceptions page" lightbox="../../media/defender-vulnerability-management/security-baselines-exceptions-configurations.png":::

+6. Select **Next** to choose the devices you want to include in the exception. The exception will be automatically applied to devices.

+7. Select **Next** to review the exception.

+8. Select **Submit** to create your exception.

+9. On the final page, select **View all exceptions** to return to the exceptions page.

+In the **Exceptions** page, select any of your exceptions to open a flyout pane where you can see the status, edit or delete your exception:

+ :::image type="content" source="../../media/defender-vulnerability-management/security-baselines-exceptions-details.png" alt-text="Screenshot of the exceptions side details page" lightbox="../../media/defender-vulnerability-management/security-baselines-exceptions-details.png":::

+- **Γï«** (**Actions** control): Take action on the notification. The available actions depend on the **Status** value of the notification as described in the procedure sections.

+> [!TIP]

+> The **Γï«** (**Actions** control) is associated with the **Notifications** column. If you remove that column from view, the **Γï«** control goes away.

+<sup>\*</sup> To see all columns, you'll likely need to do one or more of the following steps:

+- Horizontally scroll in your web browser.

+- Narrow the width of appropriate columns.

+- Remove columns from the view.

+- Zoom out in your web browser.

+- Click **Γï«** (**Actions**) next to the **Notifications** value, and then select  **Edit**.

+- Click **Γï«** (**Actions**) next to the **Notifications** value, and then select  **Create a copy**.

+When you copy a built-in notification on the **Global notifications** tab, a **Create copy** dialog appears. The dialog confirms that a copy of the notification has been created, and is available on the **Tenant notifications** tab. If you click **Go to Tenant notification** you're taken to the **Tenant notifications** tab, where the copied built-in notification is named "\<OriginalName\> - Copy" is available. If you click **Stay here** in the dialog, you return to the **Global notifications** tab.

+- Click **Γï«** (**Actions**) next to the **Notifications** value, and then select  **Delete**.

+# Get started using Attack simulation training

+# Insights and reports for Attack simulation training

+- The simulation report for in-progress or completed simulations that you select from the **Recent simulations** card on the **Overview** tab or on the **Simulations** tab.

+The **Repeat offenders** card on the **Overview** tab shows the information about repeat offenders. A _repeat offender_ is a user who was compromised by consecutive simulations. The default number of consecutive simulations is two, but you can change the value on the **Settings** tab of Attack simulation training at <https://security.microsoft.com/attacksimulator?viewid=setting>. For more information, see [Configure the repeat offender threshold](attack-simulation-training-settings.md#configure-the-repeat-offender-threshold).

+A _repeat offender_ is a user who was compromised by consecutive simulations. The default number of consecutive simulations is two, but you can change the value on the **Settings** tab of Attack simulation training at <https://security.microsoft.com/attacksimulator?viewid=setting>. For more information, see [Configure the repeat offender threshold](attack-simulation-training-settings.md#configure-the-repeat-offender-threshold).

+## Simulation report in Attack simulation training

+To view the details of in-progress or completed simulations, use either of the following methods:

+- On the **Overview** tab at <https://security.microsoft.com/attacksimulator?viewid=overview>, select a simulation from the [Recent simulations card](#recent-simulations-card).

+- On the **Simulations** tab at <https://security.microsoft.com/attacksimulator?viewid=simulations>, select a simulation by clicking anywhere other than the check box next to the name.

+The page that opens contains **Report**, **Users** and **Details** tabs that contain information about the simulation. The rest of this section describe the insights and reports that are available on the **Report** tab.

+For details about the **Users** and **Details** tabs, see [View simulation details](attack-simulation-training-simulations.md#view-simulation-reports).

+For getting started information about Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).

+- **Γï«** (**Actions** control): Take action on the landing page. The available actions depend on the **Status** value of the landing page as described in the procedure sections.

+Click a column header to sort by that column. To add or remove columns, click  **Customize columns**. By default, all available columns are selected.

+> [!TIP]

+> The **Γï«** (**Actions** control) is associated with the **Name** column. If you remove that column from view, the **Γï«** control goes away.

+<sup>\*</sup> To see all columns, you'll likely need to do one or more of the following steps:

+- Horizontally scroll in your web browser.

+- Narrow the width of appropriate columns.

+- Remove columns from the view.

+- Zoom out in your web browser.

+- Click **Γï«** (**Actions**) next to the **Name** value of the landing page, and then select  **Edit**.

+- Click **Γï«** (**Actions**) next to the **Name** value of the landing page, and then select  **Create a copy**.

+When you copy a built-in landing page on the **Global landing pages** tab, a **Create copy** dialog appears. The dialog confirms that a copy of the landing page has been created, and is available on the **Tenant landing pages** tab. If you click **Go to Tenant landing page** you're taken to the **Tenant landing pages** tab, where the copied built-in landing page is named "\<OriginalName\> - Copy" is available. If you click **Stay here** in the dialog, you return to the **Global landing pages** tab.

+- Click **Γï«** (**Actions**) next to the **Name** value of the landing page, and then select  **Delete**.

+For getting started information about Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).

+- **Γï«** (**Actions** control): Take action on the login page. The available actions depend on the **Status** value of the login page as described in the procedure sections.

+- Click **Γï«** (**Actions**) next to the **Name** value of the login page, and then select  **Edit**.

+- Click **Γï«** (**Actions**) next to the **Name** value of the login page, and then select  **Create a copy**.

+- Click **Γï«** (**Actions**) next to the **Name** value of the login page, and then select  **Delete**.

+- Click **Γï«** (**Actions**) next to the **Name** value of the login page, and then select  **Mark as default**.

+<sup>\*</sup> To see all columns, you'll likely need to do one or more of the following steps:

+- Horizontally scroll in your web browser.

+- Narrow the width of appropriate columns.

+- Remove columns from the view.

+- Zoom out in your web browser.

+# Payloads in Attack simulation training

+For getting started information about Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).

+- **Status**: Values are:

+ - **Ready**

+ - **Draft**: Available only on the **Tenant payloads** tab.

+ - **Archive**: Archived payloads are visible only when **Show archived payloads** is toggled on .

+- **Γï«** (**Actions** control): Take action on the payload. The available actions depend on the **Status** value of the payload as described in the procedure sections. This control always appears at the end of the payload row.

+<sup>\*</sup> To see all columns, you'll likely need to do one or more of the following steps:

+- Horizontally scroll in your web browser.

+- Narrow the width of appropriate columns.

+- Remove columns from the view.

+- Zoom out in your web browser.

+When you select a payload by clicking anywhere in the row other than the check box next to the name, a details flyout appears with the following information:

+To see payloads that have been archived (the **Status** value is **Archive**), use the **Show archived payloads** toggle on the **Tenant payloads** tab.

+ > At any point after you name the payload during the new payload wizard, you can click **Save and close** to save your progress and continue later. The incomplete payload has the **Status** value **Draft**. You can pick up where you left off by selecting the payload and then clicking the  **Edit payload** icon that appears.

+ - To edit an existing indicator, select it and then click  **Edit indicator**.

+ - To delete an existing indicator, select it and then click  **Delete**.

+ - To move indicators up or down in the list, select the indicator, and then click  **Move up** or  **Move down**.

+## Take action on payloads

+> [!TIP]

+> To see the **Γï«** (**Actions**) control on the **Global payloads** or **Tenant payloads** tabs, you'll likely need to do one or more of the following steps:

+>

+> - Horizontally scroll in your web browser.

+> - Narrow the width of appropriate columns.

+> - Remove columns from the view.

+> - Zoom out in your web browser.

+- Select the payload by clicking the check box next to the name. Click the  **Edit payload** icon that appears.

+- Select the payload by clicking anywhere in the row other than the check box. In the details flyout that opens, click **Edit payload** at the bottom of the flyout.

+- Select the payload by clicking **Γï«** (**Actions**) at the end of the row, and then select  **Edit**.

+To copy an existing payload on the **Tenant payloads** or **Global payloads** tabs, do one of the following steps:

+- Select the payload by clicking the check box next to the name, and then click the  **Copy payload** icon that appears.

+- Select the payload by clicking **Γï«** (**Actions**) at the end of the row, and then select  **Copy payload**.

+## Archive payloads

+You can't delete custom payloads from the **Tenant payloads** tab, but you can archive them.

+To archive an existing payload on the **Tenant payloads** tab, select the payload by clicking **Γï«** (**Actions**) at the end of the row, and then select  **Archive**.

+The **Status** value of the payload changes to **Archive**, and the payload is no longer visible on the **Tenant payloads** table when **Show archived payloads** is toggled off .

+To see archived payloads on the **Tenant payloads** tab, toggle **Show archived payloads** to on .

+## Restore archived payloads

+To restore an archive payload on the **Tenant payloads** tab, do the following steps:

+1. Set the **Show archived payloads** toggle to on .

+2. Select the payload by clicking **Γï«** (**Actions**) at the end of the row, and then select  **Restore**.

+After you've restored the archived payload, the **Status** value changes to **Draft**. Toggle **Show archived payloads** to off  to see the restored payload. To return the payload to the **Status** value **Ready**, [edit the payload](#modify-payloads), review or change the settings, and then click **Submit**.

+Select the payload by clicking the check box next to the name, and then click the  **Send a test** button that appears.

+ Title: Global settings in Attack simulation training

+audience: ITPro

+ms.localizationpriority: medium

+ - m365-security

+ - tier2

+description: Admins can learn how to configure the repeat offender threshold and exclude simulations from reporting in Attack simulation training in Microsoft Defender for Office 365 Plan 2.

+search.appverid: met150

+# Global settings in Attack simulation training

+**Applies to**

+ [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)

+In Attack simulation training in Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, the **Settings** tab contains settings that affect all simulations:

+- **Repeat offender threshold**: A _repeat offender_ is someone who gives up their credentials in multiple consecutive simulations. How many simulations in a row constitutes a repeat offender is determined by the repeat offender threshold. Information about repeat offenders appears in the following locations:

+ - The [Repeat offenders card on the Overview tab](attack-simulation-training-insights.md#repeat-offenders-card) and the [Repeat offenders tab in the Attack simulation report](attack-simulation-training-insights.md#repeat-offenders-tab-for-the-attack-simulation-report).

+ - When you select users in [simulations](attack-simulation-training-simulation-automations.md#target-users), [simulation automations](attack-simulation-training-simulation-automations.md#target-users), and [training simulations](attack-simulation-training-training-campaigns.md#target-users), you can find and filter repeat offenders.

+- **View exclude simulations from reporting**: After a simulation has completed, you can exclude the results of the simulation from reporting. For instructions, see [Exclude completed simulations from reporting](attack-simulation-training-simulations.md#exclude-completed-simulations-from-reporting). You can use the the **View all** link in this section to see excluded simulations on the **Simulations** tab.

+To get to the **Settings** tab, open the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Attack simulation training** \> **Content library** tab \> and then select **Login pages**. To go directly to the **Settings** tab, use <https://security.microsoft.com/attacksimulator?viewid=setting>.

+For getting started information about Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).

+## Configure the repeat offender threshold

+To configure the repeat offender threshold, use the box in the **Repeat offender threshold** section on the **Settings** tab. The default value is 2.

+## View simulations excluded from reporting

+To view completed simulations that have been excluded from reporting on the **Settings** tab, click the **View all** link in the **Simulations excluded from reporting** section. This link takes you to the **Simulations** tab at <https://security.microsoft.com/attacksimulator?viewid=simulations> where **Show excluded simulations** is automatically toggled on .

+On the **Simulations** tab, both excluded _and_ included completed simulations are shown on the **Simulations** tab together. You can tell the difference by the **Status** values (**Excluded** vs. **Completed**)

+If you go directly to the **Simulations** tab and manually toggle **Show excluded simulations** on , _only_ excluded simulations are shown.

+To exclude completed simulations from reporting, see [Exclude completed simulations from reporting](attack-simulation-training-simulations.md#exclude-completed-simulations-from-reporting).

+ - **Repeat offenders**: For more information, see [Configure the repeat offender threshold](attack-simulation-training-settings.md#configure-the-repeat-offender-threshold).

+# Simulate a phishing attack with Attack simulation training

+ > At any point after you name the simulation during the new simulation wizard, you can click **Save and close** to save your progress and continue later. The incomplete simulation has the **Status** value **Draft**. You can pick up where you left off by selecting the simulation and then clicking the  **Edit simulation** icon that appears.

+On the **Select payload and login page** page, you need to select an existing payload or create a new payload.

+If you select a payload by selecting the check box next to the name, a  **Send a test** button appears above the list of payloads. You can use this button to send a copy of the payload email to yourself (the currently logged in user) for inspection.

+If you select a payload by clicking anywhere in the row other than the check box next to the name, details about the payload are shown in a flyout:

+On the **Select payload and login page** page, select the payload by clicking anywhere in the row other than the check box to open the details flyout for the payload.

+ - **Repeat offenders**: For more information, see [Configure the repeat offender threshold](attack-simulation-training-settings.md#configure-the-repeat-offender-threshold).

+- **Assign to**: For each training, you need to select who gets the training by selecting from the following values:

+ - **Excluded**

+- **Γï«** (**Actions** control): Take action on the simulation. The available actions depend on the **Status** value of the simulation as described in the procedure sections. This control always appears at the end of the row.

+Click a column header to sort by that column. To add or remove columns, click  **Customize columns**. By default, all available columns are selected.

+<sup>\*</sup> To see all columns, you'll likely need to do one or more of the following steps:

+- Horizontally scroll in your web browser.

+- Narrow the width of appropriate columns.

+- Remove columns from the view.

+- Zoom out in your web browser.

+Click  **Filter** to filter the simulations by **Technique** or **Status** (all **Status** values except for **Excluded**).

+To see simulations that have been excluded from reporting (the **Status** value is **Excluded**), use the **Show excluded simulations** toggle on the **Simulations** tab.

+### View simulation details

+To view details about a simulation, use either of the following methods on the **Simulations** tab:

+- Select the simulation by clicking anywhere other than the check box next to the name.

+- Select the simulation by clicking **Γï«** (**Actions**) at the end of the row, and then select  **View report**.

+The title of the details page that opens shows the name of the simulation and other information (for example, the status, social engineering technique, and delivery status).

+You can click  **View activity timeline** to see date/time information about the simulation (simulation scheduled, simulation launched, simulation ended, and training due dates).

+The rest of the details page contains the following tabs:

+- **Report** tab: For a description of what's on this tab, see [Attack simulation report](attack-simulation-training-insights.md#attack-simulation-report).

+- **Users** tab: Shows the following information for all targeted users in the simulation:

+ - **Name**

+ - **Compromised**

+ - **Reported**

+ - **Training status**

+ - **Other actions**

+ - **Compromised on**

+ - **Reported on**

+ - **Failed deliveries**

+ - **Username**

+ Click a column header to sort by that column. To add or remove columns, click  **Customize columns**. The following additional columns are available:

+ - **Days out of office**

+ - **Message read on**

+ - **Message forwarded on**

+ - **Message deleted on**

+ - **Replied to message**

+ - **Department**

+ - **Company**

+ - **Job title**

+ - **Office**

+ - **City**

+ - **Country**

+ - **Manager**

+ To change the list of users from normal to compact spacing, click  **Change list spacing to compact or normal**, and then select .

+ If you click  **Filter**, the following filters are available:

+ - **Compromised**: Select **Yes** or **No**.

+ - **Reported message**: Select **Yes** or **No**.

+ - **Simulation message delivery**: Select **Delivered** or **Failed to deliver**.

+ - **Other actions**: *Select one or more of the following values: **Replied to message**, **Forwarded message**, and **Deleted messages**.

+ - **Training status**: Select **Completed**, **In progress**, **Not started**, or **Not assigned**.

+ - **Assigned trainings**: Select one or more of the following values: **Mass Market Phishing**, **Report Message**, **Web Phishing**, **Anatomy of a Spear Phishing Attack**.

+ To find a user in the list, type part of the name in the  **Search** box and then press the ENTER key.

+- **Details** tab: Contains details about the simulation in the following sections:

+ - **Description** section:

+ - **Delivery platform**

+ - **Type**

+ - **Landing page**

+ - **Technique**

+ - **Launch details**

+ - **Payload & login page**

+ - **Target users**: Include excluded users or groups.

+ - **Training information** section:

+ - **Training name**

+ - **Assign to**

+ - **Actions**: Click  **View** to see the training.

+ - **Notifications** section:

+ - **Notification name**

+ - **Notification type**

+ - **Delivery frequency**

+ - **Actions**: Click  **View** to see the notification.

+## Take action on simulations

+> [!TIP]

+> To see the **Γï«** (**Actions**) control that's required to act on simulations on the **Simulations** tab, you'll likely need to do one or more of the following steps:

+>

+> - Horizontally scroll in your web browser.

+> - Narrow the width of appropriate columns.

+> - Remove columns from the view.

+> - Zoom out in your web browser.

+### Cancel simulations

+You can cancel simulations with the **Status** value **In progress** or **Scheduled**.

+To cancel a simulation on the **Simulations** tab, select the simulation by clicking **Γï«** (**Actions**) at the end of the row, select  **Cancel simulation**, and then click **Confirm** in the confirmation dialog.

+After you cancel the simulation, the **Status** value changes to **Cancelled**.

+### Remove simulations

+You can't remove simulations with the **Status** value **In progress**.

+To remove a simulation from the **Simulations** tab, select the simulation by clicking **Γï«** (**Actions**) at the end of the row, and then select  **Cancel simulation**, and then click **Confirm** in the confirmation dialog.

+After you remove the simulation, it no longer appears on the **Simulations** tab.

+### Exclude completed simulations from reporting

+The **Exclude** action is available only for simulations with the **Status** value **Competed**.

+To remove a simulation from the **Simulations** tab, select the simulation by clicking **Γï«** (**Actions**) at the end of the row, select  **Exclude**, and then click **Confirm** in the confirmation dialog.

+After you exclude the completed simulation from reporting, the **Status** value changes to **Excluded**, and the simulation is no longer visible on the **Simulations** tab when the **Show excluded simulations** toggle is off .

+To see completed simulations that have been excluded from reporting, use either of the following methods:

+- On the **Simulations** tab, toggle **Show excluded simulations** to on . Only excluded simulations are shown.

+- On the **Settings** tab at <https://security.microsoft.com/attacksimulator?viewid=setting>, click the **View all** link in the **Simulations excluded from reporting** section. This action takes you to the **Simulations** tab where **Show excluded simulations** is toggled on .

+### Include completed simulations in reporting

+By default, all completed simulations are included in reporting. A simulation is excluded from reporting only if you exclude it as described in the previous section.

+The **Include** action is available only for simulations with the **Status** value **Excluded**, which are visible on the **Simulations** tab only when **Show excluded simulations** is toggled on .

+To include a completed session in reporting after it has been excluded, do the following steps:

+1. On the **Simulations** tab, set the **Show excluded simulations** toggle to on .

+2. Select the simulation by clicking **Γï«** (**Actions**) at the end of the row, and then select  **Exclude**.

+After you've included the excluded simulation, the **Status** value changes to **Completed**. Toggle **Show excluded simulations** to off  to see the simulation.

+### View simulation reports

+For simulations with the **Status** value **In progress** or **Completed**, you can view the report for the simulation by using either of the following methods on the **Simulations** tab:

+- Select the simulation by clicking anywhere other than the check box next to the name.

+- Select the simulation by clicking **Γï«** (**Actions**) at the end of the row, and then select  **View report**.

+The report page for the simulation opens and contains the following information:

+- **Report** tab: Show the following information

+ **Simulation impact**

+- **Γï«** (**Actions** control): Take action on the Training campaign. The available actions depend on the **Status** value of the Training campaign as described in the procedure sections. This control always appears at the end of the payload row.

+ - **Repeat offenders**: For more information, see [Configure the repeat offender threshold](attack-simulation-training-settings.md#configure-the-repeat-offender-threshold).

+ - **Γï«** (**Actions** control): If you click the :::image type="icon" source="../../media/m365-cc-sc-view-icon.png"::: **View** icon, the **Review notification** page appears with the following information:

+ - Select the Training campaign by selecting the check box next to it, and then click **Γï«** (**Actions**) \> :::image type="icon" source="../../media/m365-cc-sc-eye-icon.png"::: **View report**. You might need to scroll to the right to see **Γï«** (**Actions**).

+2. On the **Training** tab, click **Γï«** (**Actions**) in the Training \> :::image type="icon" source="../../media/m365-cc-sc-delete-icon.png"::: **Delete**. You might need to scroll to the right to see **Γï«** (**Actions**).

+ - **Header value**: For example, `Bypass spam filtering for authenticated sender 'contoso.com'`.

+ Title: Site templates for Microsoft Syntex

+audience: admin

+search.appverid:

+ - enabler-strategic

+ - m365initiative-syntex

+ms.localizationpriority: medium

+description: Learn how to use and customize the ready-to-use site templates for Microsoft Syntex.

+# Site templates for Microsoft Syntex

+SharePoint site templates for Microsoft Syntex are prebuilt, ready-to-deploy, and customizable. Use these templates to create a professional site to manage, process, and track the status of business documents in your organization.

+|Site template |Description |

+|||

+|[**Accounts payable**](https://support.microsoft.com/office/c7ff13e7-66d9-4040-b8c6-78924272ec4d)<br>[:::image type="content" source="../media/content-understanding/site-template-accounts-payable-thumbnail.png" alt-text="Thumbnail image for the accounts payable site template.":::](https://support.microsoft.com/office/c7ff13e7-66d9-4040-b8c6-78924272ec4d) |<br>Manage, process, and track purchase orders, invoices, and related files. <br> - Use Microsoft Syntex to organize and classify files.<br> - Extract key information using a prebuilt invoice model.<br> - Share important information, such as new or policies.<br> - Store files in preconfigured document libraries.<br> - Generate files efficiently using modern templates. <br>[Learn more about the accounts payable site template](https://support.microsoft.com/office/c7ff13e7-66d9-4040-b8c6-78924272ec4d) |

+|[**Contracts management**](https://support.microsoft.com/office/80820115-c700-4a62-bb59-69b33c8e3b4f)<br>[:::image type="content" source="../media/content-understanding/site-template-contracts-management-thumbnail.png" alt-text="Thumbnail image for the contracts management site template.":::](https://support.microsoft.com/office/80820115-c700-4a62-bb59-69b33c8e3b4f) |<br>Create, manage, process, store, and track contract documents. <br> - Use Microsoft Syntex to organize and classify files.<br> - Store files in preconfigured document libraries.<br> - Generate files efficiently using modern templates.<br> - Provide templates for each contract type.<br> - Add other workflows to streamline your processes.<br>[Learn more about the contracts management site template](https://support.microsoft.com/en-us/office/80820115-c700-4a62-bb59-69b33c8e3b4f) |

+|[**Content center**](use-content-center-site.md)<br>[:::image type="content" source="../medi) |