+description: "Learn how to add guests to a Microsoft 365 group, view guests, and use PowerShell to control guest access."

+When it's turned on, group members can invite guests to a Microsoft 365 group through Outlook on Web. Invitations are sent to the group owner for approval.

+Once approved, the guest is added to the directory and the group.

+1. In the admin center, go to **Show all** \> **Settings** \> **Org settings** and on the <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services** tab</a>, select **Microsoft 365 Groups**.

+[Block guests from a specific group](../../solutions/per-group-guest-access.md) (article)\

+[Set-AzureADUser](/powershell/module/azuread/set-azureaduser) (article)

+## Set up Microsoft 365 for business

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE471FJ]

+## Sign up for Microsoft 365 for business

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3znhX]

+ Title: "Create and edit AutoPilot profiles"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Adm_O365

+- M365-subscription-management

+- M365-identity-device-management

+- Adm_TOC

+- Adm_O365

+- Core_O365Admin_Migration

+- MiniMaven

+- MSB365

+- OKR_SMB_M365

+- seo-marvel-mar

+- AdminSurgePortfolio

+search.appverid:

+- BCS160

+- MET150

+- MOE150

+ms.assetid: 5cf7139e-cfa1-4765-8aad-001af1c74faa

+description: "Learn to create an AutoPilot profile and apply it to a device, as well as edit or delete a profile or remove a profile from a device."

+# Create and edit AutoPilot profiles

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../security/defender-business/mdb-overview.md).

+## Create a profile

+A profile applies to a device, or a group of devices,

+

+1. In the Microsoft 365 admin center, choose **Devices** \> **AutoPilot**.

+

+2. On the **AutoPilot** page, choose the **Profiles** tab \> **Create profile**.

+

+3. On the **Create profile** page, enter a name for the profile that helps you identify it, for example Marketing. Turn on the setting you want, and then choose **Save**. For more information about AutoPilot profile settings, see [About AutoPilot Profile settings](m365bp-autopilot-profile-settings.md).

+

+ 

+

+### Apply profile to a device

+After you create a profile, you can apply it to a device or a group of devices. You can pick an existing profile in the [step-by-step guide](m365bp-add-autopilot-devices-and-profile.md) and apply it to new devices, or replace an existing profile for a device or group of devices.

+

+1. On the **Prepare Windows** page, choose the **Devices** tab.

+

+2. Select the check box next to a device name, and in the **Device** panel, choose a profile from the **Assigned profile** drop-down list \> **Save**.

+

+ 

+

+## Edit, delete, or remove a profile

+Once you've assigned a profile to a device, you can update it, even if you've already given the device to a user. When the device connects to the internet, it downloads the latest version of your profile during the setup process. If the user restores their device to its factory default settings, the device will again download the latest updates to your profile.

+

+### Edit a profile

+1. On the **Prepare Windows** page, choose the **Profiles** tab.

+

+2. Select the check box next to a device name, and in the **Profile** panel, update any of the available settings \> **Save**.

+

+ If you do this before a user connects the device to the internet, then the profile gets applied to the setup process.

+

+### Delete a profile

+1. On the **Prepare Windows** page, choose the **Profiles** tab.

+

+2. Select the check box next to a device name, and in the **Profile** panel, select **Delete profile** \> **Save**.

+

+ When you delete a profile, it gets removed from a device or a group of devices it was assigned to.

+

+### Remove a profile

+1. On the **Prepare Windows** page, choose the **Devices** tab.

+

+2. Select the check box next to a device name, and in the **Device** panel, choose **None** from the **Assigned profile** drop-down list \> **Save**.

+

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)

+- Microsoft 365 group site for Teams

+- Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

+- Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

+- Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

+- Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

+- Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

+- Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

+|[Audit label-related user activity](#auditing-labeling-activities) | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.51+ ^\* | 4.2126+ | 4.2126+ | Yes |

+Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) secure and manage devices, data, and users at scale for small- and medium-sized business (SMB) customers who are using Microsoft 365 Business Premium, Microsoft 365 E3, or Windows 365 Business.

+Lighthouse simplifies onboarding of Microsoft 365 Business Premium, Microsoft 365 E3, and Windows 365 Business tenants by recommending security configuration baselines tailored to SMB customers and providing multi-tenant views across all customer environments. With Lighthouse, MSPs can scale the management of their customers, focus on what's most important, quickly find and investigate risks, and take action to get their customers to a healthy and secure state.

+No additional costs are associated with using Lighthouse to manage Microsoft 365 services and connected devices. Lighthouse is available to MSPs enrolled in the Cloud Solution Provider (CSP) program and serving SMB customers with a Microsoft 365 Business Premium, Microsoft 365 E3, or Windows 365 Business subscription.

+Use of Lighthouse by Microsoft CSP channel partners that have customers using Microsoft 365 Business Premium, Microsoft 365 E3, or Windows 365 Business is supported. This includes CSP partners transacting directly with Microsoft and those transacting through an indirect provider (distributor).

+This article provides instructions for how to sign up for Microsoft 365 Lighthouse. Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) secure and manage devices, data, and users at scale for small- and medium-sized business (SMB) customers who are using Microsoft 365 Business Premium, Microsoft 365 E3, or Windows 365 Business.

+ - Must have at least one Microsoft 365 Business Premium, Microsoft 365 E3, or Windows 365 Business license

+|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | Y | | | Y | Y |

+(<a id="fn6">6</a>) When Microsoft Defender Antivirus is in passive mode, it does not remediate threats. However, threats can be remediated by [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md). In this case, you might see alerts showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode.

+> Microsoft 365 Apps for enterprise with shared computer activation or device-based licensing do not have access to Application Guard for Office.

+> [](../../media/tp-RemediationArticle1.png#lightbox)

+- Query selection: Select an entire query by using the top **select all** button. The same query is also shown in action center mail submission details. Customers can submit maximum 200,000 emails from threat explorer.

+- Direct approval: When actions like *move to inbox*, *move to junk*, *move to deleted items*, *soft delete*, or *hard delete* are selected by security personnel who have appropriate permissions, and the next steps in remediation are followed, the remediation process begins to execute the selected action.

+> [!NOTE]

+>As the remediation gets kicked-off, it generates an alert and an investigation in parallel. Alert shows up in the alerts queue with the name "Administrative action submitted by an Administrator" suggesting that security personnel took the action of remediating an entity. It presents details like name of the person who performed the action, supporting investigation link, time etc. It works really well to know every time a harsh action like remediation is performed on entities. All these actions can be trcaked under the **Actions & Submissions** \> **Action center** -> **History tab** (public preview).

+All remediation (direct approvals ) created in Explorer, Advanced hunting, or through Automated investigation are displayed in the Action Center. Access these via the left navigation panel under **Actions & Submissions** \> **Action center** -> **History tab**.

+All remediations (direct approvals ) that were created in Explorer or Advanced hunting or through Automated investigation are displayed in the Action Center. Access these via the left navigation panel under **Actions & Submissions** \> **Action center** -> **History tab**.

+Manual actions pending approval using the two-step approval process (1. add to remediation by one security operation team member, 2. reviewed and approved by another security operation team member) are only visible in the legacy Defender for Office 365 action center **Review** \> **Action center** and not in incidents/investigations and the Unified Action center.

+> [!NOTE]

+> Two-step approval: actions only available in the office action center **Review** \> **Action center**

+Unified Action Center shows remediation actions for the past 30 days. Actions taken through Explorer are listed by the name that the security operations team provided when the remediation was created as well as approval Id, Investigation Id. Actions taken through automated investigations have titles that begin with the related alert that triggered the investigation, such as *Zap email cluster*.

+Open any remediation item to view details about it, including its remediation name, approval Id, Investigation Id, creation date, description, status, action source, action type, decided by, status. It also opens a side pane with action details, email cluster details, alert and Incident details.

+- *Open Investigation page* this opens up an admin Investigation that contains fewer details and tabs. It shows details like: related alert, entity selected for remediation, action taken, remediation status, entity count, logs, approver of action. This investigation keeps a track of investigation done by the admin manually and contains details to selections made by the admin, hence is called admin action investigation. No need to act on the investigation and alert its already in approved state.

+- *Email count* Displays the number of emails submitted through Threat Explorer. These emails can be actionable or not actionable.

+- *Action logs* Shows the details of remediation status like successful/ failed/ already in destination

+ > [](../../media/tp-RemediationArticle5.png#lightbox)

+

+- **Action logs**: This shows the messages remediated, successful, failed, already in destination.

+ Admins can take remediation actions like moving email messages to Junk, Inbox, or Deleted items folder and delete actions like soft deleted or hard delete from Advanced Hunting pages.