Docs update tracker

Updates from: 04/07/2022 01:52:53

Category	Microsoft Docs article	Related commit history on GitHub	Change details
admin	Choose Between Basic Mobility And Security And Intune	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md	Basic Mobility and Security remote actions include retire, wipe and full wipe. F With Intune you have the following set of actions: -- Autopilot reset (Windows only-- [Bitlocker key rotation](/mem/intune/protect/encrypt-devices#rotate-bitlocker-recovery-keys)ΓÇ»(Windows only)-- [Use wipe, retire, or manually unenrolling the device](/mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal)-- [Disable activation loc](/mem/intune/remote-actions/device-activation-lock-disable)ΓÇ»(iOS only)-- [Fresh start](/mem/intune/remote-actions/device-fresh-start)ΓÇ»(Windows only) +- [Autopilot reset](/mem/autopilot/windows-autopilot-reset) (Windows only) +- [Bitlocker key recovery](https://support.microsoft.com/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6)ΓÇ»(Windows only) +- [Use wipe, retire, or manually unenrolling the device](/mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal) +- [Disable activation lock](/mem/intune/remote-actions/device-activation-lock-disable)ΓÇ»(iOS only) +- [Fresh start](/mem/intune/remote-actions/device-fresh-start)ΓÇ»(Windows only) - [Full scan](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)ΓÇ»(Windows 10 only) - [Locate device](/mem/intune/remote-actions/device-locate)ΓÇ»(iOS only) - [Lost mode](/mem/intune/remote-actions/device-lost-mode)ΓÇ»(iOS only)- [Quick scan](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)(Windows 10 only) - [Remote control for Android](/mem/intune/remote-actions/teamviewer-support) - [Remote lock](/mem/intune/remote-actions/device-remote-lock) - [Rename device](/mem/intune/remote-actions/device-rename)-- [Reset passcode](/mem/intune/remote-actions/device-passcode-reset) [Restart](/mem/intune/remote-actions/device-restart)ΓÇ»(Windows only)-- Update Windows Defender Security Intelligence (Windows only)-- Windows 10 PIN reset (Windows only)-- [Send custom notifications](/mem/intune/remote-actions/custom-notifications#send-a-custom-notification-to-a-single-device)ΓÇ»(Android, iOS, iPad OS)-- [Synchronize device](/mem/intune/remote-actions/device-sync) +- [Reset passcode](/mem/intune/remote-actions/device-passcode-reset) [Restart](/mem/intune/remote-actions/device-restart)ΓÇ»(Windows only) +- [Update Windows Defender Security Intelligence](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Windows only) +- [Windows 10 PIN reset](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset) (Windows only) +- [Send custom notifications](/mem/intune/remote-actions/custom-notifications#send-a-custom-notification-to-a-single-device)ΓÇ»(Android, iOS, iPad OS) +- [Synchronize device](/mem/intune/remote-actions/device-sync) For more information on Intune actions, see [Microsoft Intune documentation](/mem/intune/).
admin	Create Dns Records At Any Dns Hosting Provider	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md	You'll be adding several different types of DNS records depending on the service You'll get the information for the MX record from the admin center domain setup wizard. -On your hosting provider's website, add a new MX record. -Make sure that the fields are set to the following values: +On your hosting provider's website, add a new MX record. Make sure that the fields are set to the following values: - Record Type: `MX` - Priority: Set to the highest value available, typically `0`. - Host Name: `@` - Points to address: Copy the value from the admin center and paste it here.-- TTL: `3600` (or your provider default) +- TTL: `3600` + +> [!NOTE] +> Exchange Online only supports TTL values less than 6 hours (21,600 seconds). Save the record, and then remove any other MX records.
admin	Manage	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/multi-tenant/manage.md	description: "Learn how to use the tenant switcher and multi-tenant views that g # Multi-tenant management -Multi-tenant management offers a unified form of management that allows Microsoft 365 partner admins the ability to administer all the tenants they manage from a single location. If you're a partner who manages multiple tenants, you can: +Multi-tenant management offers a unified form of management that allows Microsoft 365 partner admins the ability to administer all the tenants they manage from a single location. If you're a partner who has a delegated admin role and manages multiple tenants, you can: - Move quickly between tenants you manage. - Assess service health, products, and billing across multiple tenants. The list of affected tenants can be exported to CSV format so that admins can sh You can return to the Microsoft 365 admin center for any of the tenants from the All tenants page. 1. On the All tenants page, select the tenant name for which you want to view the admin center. -2. You are directed to the admin center for that tenant. +2. You are directed to the admin center for that tenant.
admin	Add Or Replace Your Onmicrosoftcom Domain	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-or-replace-your-onmicrosoftcom-domain.md	+ + Title: "Add and replace your onmicrosoft.com fallback domain in Microsoft 365" +f1.keywords: +- NOCSH +++ +audience: Admin ++ +ms.localizationpriority: medium + +- M365-subscription-management +- Adm_O365_Setup +- Adm_O365 +- Adm_TOC + +- TopSMBIssues +- SaRA +- MSStore_Link +- okr_smb +- business_assist +- AdminSurgePortfolio +- AdminTemplateSet +search.appverid: +- BCS160 +- MET150 +- MOE150 +ms.assetid: +description: "Learn how to create a new onmicrosoft.com domain and make it your new fallback domain." ++ +# Add and replace your onmicrosoft.com fallback domain in Microsoft 365 + +When you sign up for Microsoft 365, Microsoft provides an onmicrosoft.com domain - your fallback domain - in case you don't own a domain, or don't want to connect it to Microsoft 365 (for example, tailspintoys.onmicrosoft.com). Your fallback domain is used by default in: + +- Usernames and email addresses +- Microsoft 365 teams & groups email aliases +- Automatic domain dependency moves + +It serves as a default email routing address for your Microsoft 365 environment. When a user is set up with a mailbox, email is routed to the fallback domain. Even if a custom domain is used (for example, tailspintoys.com), if that custom domain is deleted from your Microsoft 365 environment, the fallback domain ensures that your user's email is successfully routed. + +You can change your fallback domain in the Microsoft 365 admin center. Common reasons customers change their fallback domain include: + +- Not knowing the company name to use when they first signed up for Microsoft 365. Now that they know the company name, they want their users to have login account names that are appropriate. +- They want to change how their Sharepoint URLs look like when they create a new site. SharePoint URLs in your Microsoft 365 environment are created based on your fallback domain name. If you did not use the correct company name when you first signed up, your SharePoint URLs for your sites will continue to use that name when you create new SharePoint sites. ++ +While you can add additional onmicrosoft.com domains, only one onmicrosoft.com domain can be used as your fallback domain. The steps in this article describe how to: +- Create a new onmicrosoft.com domain +- Assign it as your fallback domain + +> [!NOTE] +> You are limited a total of five onmicrosoft.com domains in your Microsoft 365 environment. Once they are added, they cannot be removed. + +## Before you begin + +To add, modify, or remove domains, you must be a Domain Name Administrator or Global Administrator of a [business or enterprise plan](https://products.office.com/business/office). These changes affect the whole tenant; Customized administrators or regular users won't be able to make these changes. ++ +## Add a new onmicrosoft.com domain + +1. In the Microsoft 365 admin center, select Settings, and then select Domains. +2. Select your onmicrosoft.com default domain. + + ![Domains page.](../../media/onmicrosoft-domains.png) + +3. On the domain properties page, in the About this domain section, select Add onmicrosoft domain. + + ![About this domains page.](../../media/add-onmicrosoft-domain-link.png) + +4. In the Add onmicrosoft domain page, in the Domain name box, type the name for your new onmicrosoft.com domain. + + ![Screenshot of Add onmicrosoft domain page.](../../media/add-an-onmicrosoftcom-domain-page.png) + + > [!NOTE] + > Make sure to verify the spelling and accuracy of the domain name you entered. You are limited to five onmicrosoft.com domains, and currently they cannot be deleted once they are created. + +5. Select Add domain. When successfully added, you will see a message stating this. + + ![Screenshot of domain added successfully.](../../media/domain-added.png) +++ +## Make your new onmicrosoft.com domain your fallback domain ++ +> [!NOTE] +> Before changing your fallback domain to a new onmicrosoft.com domain, you may want to consider changing your onmicrosoft.com SharePoint domain. Creating an additional onmicrosoft domain and using it as your fallback domain will not do a rename for SharePoint Online. Your existing SharePoint and OneDrive URLs will remain the same. You are able to change your.onmicrosoft SharePoint domain through the PowerShell steps provided in [SharePoint domain rename preview](/sharepoint/change-your-sharepoint-domain-name) (currently available to any tenant with less than 1,000 sites). + +After you have created your new onmicrosoft.com domain, do the following to change it to your fallback domain. + +1. In the Microsoft 365 admin center, select Settings, and then select Domains. + +2. Select the new onmicrosoft.com domain you had created. + + ![Select a domains.](../../media/onmicrosoft-domains-added.png) + +3. On the domain's property page, select Make fallback domain. + + ![Screenshot of selecting a new fallback domain.](../../media/new-fallback.png) + +4. A message will display on the page stating that your fallback domain has changed to the new domain. + + ![Successfully added new fallback domain.](../../media/fallback-success.png) + +## Related content + +[Domains FAQ](domains-faq.yml) (article)</br> +[What is a domain?](../get-help-with-domains/what-is-a-domain.md) (article)</br> +[Buy a domain name in Microsoft 365](../get-help-with-domains/buy-a-domain-name.md) (article)</br> +[Add DNS records to connect your domain](../get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md) (article)</br> +[Change nameservers to set up Microsoft 365 with any domain registrar](../get-help-with-domains/change-nameservers-at-any-domain-registrar.md) (article)
bookings	Add Questions	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/add-questions.md	description: "If you need to ask customers questions when they book an appointme # Add custom and required questions to the booking page +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Bookings lets you create questions to ask your customers when they are booking appointments. It also lets you choose which questions are required. You associate the questions with a service, so each service can have a different set of questions. For example, a hair stylist may ask customers who are booking a hair coloring appointment if they have any known allergies to bleaches or tints. This allows you and your customers to save time when they arrive for their appointment. For more information about how to personalize and customize your booking page, s 1. Sign in to Microsoft 365 and go to Bookings. +1. Choose your calendar. + 1. Go to Services and either edit an existing service or Add a service. -1. Scroll down to the Custom fields section, and then select Modify. +1. Choose the Custom fields section. We already added some basic customer information questions: Customer email, phone number, customer address, and customer notes. The first time you do this, the customer information questions are highlighted in gray. That means that the user will see this question. If you select the question, the highlight box around it will disappear and your customer won't be asked that question.
bookings	Add Staff	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/add-staff.md	description: "Use this page to create your staff list and to manage staff member # Add staff to Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + The Staff page in Bookings is where you create your staffing list and manage staff member details such as name, phone number, and email address. You can also set working hours for each staff member from here. ## Before you begin Although Bookings is a feature of Microsoft 365, not all of your staff members a ## Steps -> [!NOTE] -> These steps are not yet available in the new Bookings experience. - -1. Go to the [Manage staff page](https://outlook.office.com/bookings/staff) and select Add staff +1. Choose your calendar from the homepage. -2. Select the Add Staff button. +2. Go to staff option in left pane and select Add new staff. 3. When adding staff from within your organization, type their name in the Add people field and select them when they appear in the drop-down menu. The other fields will automatically populate.
bookings	Bookings Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-overview.md	description: "An overview of the Microsoft Bookings app, which includes a web-ba # Microsoft Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Microsoft Bookings makes scheduling and managing appointments a breeze. Bookings includes a web-based booking calendar and integrates with Outlook to optimize your staffΓÇÖs calendar and give your customers flexibility to book a time that works best for them. Email and SMS text notifications reduce no-shows and enhances customer satisfaction Your organization saves time with a reduction in repetitive scheduling tasks. With built in flexibility and ability to customize, Bookings can be designed to fit the situation and needs of many different parts of an organization. > [!NOTE] Bookings has three primary components: Microsoft Bookings is available in the following subscriptions: -- Office 365: A3, A5, E3, E5, F1, F3-- Microsoft 365: A3, A5, E3, E5, F1, F3, Business Standard, Business Premium +- Office 365: A3, A5, E1, E3, E5, F1, F3 +- Microsoft 365: A3, A5, E1, E3, E5, F1, F3, Business Basic, Business Standard, Business Premium + +## Watch: Introducing Microsoft Bookings + +> [!VIDEO https://youtu.be/G2HOsM767Sw] + +Bookings makes it easier for small businesses to schedule and manage appointments with their customers. -## Get started using Bookings +## Next steps -To get started, see [Get access to Microsoft Bookings](get-access.md). To turn Bookings on or off, see [Turn Bookings on or off for your organization](turn-bookings-on-or-off.md). +To get started, see [Get access to Microsoft Bookings](get-access.md). To turn Bookings on or off, see [Turn Bookings on or off for your organization](turn-bookings-on-or-off.md).
bookings	Bookings Sms	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-sms.md	description: "Learn how to configure SMS text notifications for clients, custome # Configure SMS text notifications and reminders in Microsoft Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + With Microsoft Bookings, you can set up SMS text notifications to be sent to the person booking an appointment. You can set up SMS notifications in Bookings in the Bookings web app or Bookings app in Teams. Attendees, customers or partners can also opt in or out of getting SMS notifications on the self-serve booking page. They can also opt out of receiving SMS notifications by replying STOP to the sender. The SMS notifications will include the Teams meeting link for virtual booking appointments. Attendees, customers or partners need a valid United States or Canada phone numb ## Configure SMS notification in Microsoft Bookings -> [!IMPORTANT] -> Microsoft Bookings will have unlimited SMS notifications for customers with Bookings licenses until April 30, 2022. As we get closer to the end of the promotion period, we will provide additional details on licensing requirements. - You can configure SMS notification in Bookings in a couple of ways: - In the Bookings web app, follow the steps to Enable text message notifications in the [Define your service offerings in Bookings](define-service-offerings.md) topic.
bookings	Comparison Chart	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/comparison-chart.md	description: "A comparison chart that shows the feature differences between the # Comparison chart: Bookings web app vs. Bookings Teams app +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + The Bookings app in Teams lets schedulers handle their main tasks and change some settings. However, the Bookings web includes advanced features and settings that are not yet available in the Teams app. Teams app features are being added all the time and we will continue to update this list. See the Is all the functionality of the original Bookings Web app available in Microsoft Teams? section in the [FAQ](bookings-faq.yml) for more details.
bookings	Create A Manual Booking	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/create-a-manual-booking.md	description: "Follow these instructions to create an appointment and assign an e # Create a manual booking +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Bookings can be scheduled and staffed in two different ways. The first way is by the customer using a standalone booking page or an embedded booking page that you add to your website. The other way is for you or one of your employees to enter the bookings manually, such as when a customer calls for an appointment. This article covers the manual scenario. 1. In Microsoft 365, select the App launcher, and then select Bookings. Bookings can be scheduled and staffed in two different ways. The first way is by ![Image of staff list UI.](../media/bookings-staff-list.png) -1. Enter the service details, including date, time, location, and other relevant information. Once you enter a valid email address for the customer, the Save button will change to Send, and you'll see a note telling you that a confirmation will be sent to the customer. The customer confirmation includes an attachment for them to add to their calendar. Selected staff members will also receive meeting invitations with the appointment information so they can add it to their personal calendars. +1. Enter the service details, including date, time, location, and other relevant information. Once you enter a valid email address for the customer, you'll see a note telling you that a confirmation will be sent to the customer. The customer confirmation includes an attachment for them to add to their calendar. Selected staff members will also receive meeting invitations with the appointment information so they can add it to their personal calendars. 1. Select Add an email reminder. 1. Specify when the reminder should be sent, where it should be sent (Customer, Staff, All attendees), and what the reminder message should be. -1. Select Save \> Send. +1. Select Create booking. Here's an example email of the reminder your customer will receive:
bookings	Customize Booking Page	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/customize-booking-page.md	description: "Change the color theme of your booking page in the Microsoft Booki # Customize and publish your booking page +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + The Booking Page is where you set up what your external facing booking page will look like. Once you customize and publish your booking page, people will use it to book appointments with you. To customize your booking page, sign in to [Office.com](https://office.com), and then go to Bookings \> Booking page. You can customize the booking page with the following options. Once you've setup up your Booking Page, you can publish it so people can start booking appointments with you. 1. In Microsoft 365, select the app launcher, and then select Bookings. -2. In the navigation pane, select Settings -> Booking page. +1. Choose your calendar. + +1. In the left navigation pane, select Booking page. The section below gives you information about setting up your bookings page and how to publish your page.
bookings	Define Service Offerings	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/define-service-offerings.md	description: "Instructions for entering service offerings information, including # Define your service offerings in Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + When you define your service offerings in Microsoft Bookings, you set a service name, description, location (choose whether you want to meet in person or have an online meeting), duration, default reminders to customers and staff, internal notes about the service, and pricing. You can also tag the employees who are qualified to provide the service. Then, when customers come to your business web site to book an appointment, they can see exactly what types of appointments are available, choose the person they want to provide the service, and how much their service will cost. You can also add customized information and URLs to the email confirmation and reminders that you send when someone books a service through your booking page. You can also add customized information and URLs to the email confirmation and r 1. In Microsoft 365, select the App launcher, and then select Bookings. -2. Go to Settings -> [Manage services page](https://outlook.office.com/bookings/settings/services) and select Add new service. +2. Go to Your calendar > Services and select Add new service. 3. On the Basic details page, add your selections.
bookings	Delete Calendar	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/delete-calendar.md	description: "Use the Microsoft 365 admin center or Windows PowerShell to delete # Delete a booking calendar in Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + This article explains how you can delete an unwanted booking calendar. You can delete the booking calendar in the Microsoft 365 admin center or you can use PowerShell. The Bookings calendar is a mailbox in Exchange Online so you delete the corresponding user account to delete the booking calendar. > [!IMPORTANT]
bookings	Employee Hours	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/employee-hours.md	description: "Set employee working hours and availability in Microsoft Bookings. # Employee working hours in Microsoft Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Setting employee working hours ensures that their availability is accurately shown when your customers try to book them. By default, the working hours for each of your employees match the business hours you've established in the Microsoft Bookings app. See the "Set your business hours" section of [Enter business information](enter-business-information.md). On the Staff page, you can customize employee working hours to match the needs of your business and employees. Watch this video or follow the steps below to set an employee's working hours. 1. In Microsoft 365, select the app launcher, and then select Bookings. +1. Choose your calendar. + 1. In the navigation pane, select Staff, and then select the staff member whose hours you want to set. ![Image of Bookings staff screen with name highlighted.](../media/bookings-staff-name-highlight.png) Watch this video or follow the steps below to set an employee's working hours. ![Image of Bookings staff working hours screen.](../media/bookings-staff-hours.png) -1. Click + to add start- and end-time selectors. +1. Select + to add start- and end-time selectors. 1. Select Save.
bookings	Enter Business Information	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/enter-business-information.md	description: "Follow these instructions to create your About Us page, including # Enter your business information +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + In Microsoft Bookings, the Business Information page within the web app contains all the details that you'd typically find on a business' "About us" page. These details include your a relevant name, address, phone number, web site URL, privacy policy URL, logo, and business hours. The information you provide here will be displayed on the page customers and clients use to book appointments (known as the booking page) and in messages and reminders sent to them by Bookings. An example of this information on the booking page is highlighted below. The information you provide here will be displayed on the page customers and cli 1. In Microsoft 365, select the App launcher, and then select Bookings. -1. In the navigation pane, select Settings -> Business information. +1. In the navigation pane, select Your calendar -> Business information in the left pane. 1. On the Basic details section, enter your business name, address, and phone number you would like to use for your Bookings calendar.
bookings	Get Access	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/get-access.md	description: "Learn how to get access to the Bookings feature in Microsoft 365." # Get access to Microsoft Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + This topic describes how get access to Bookings for the first time. It also tells you how to turn on or off Bookings in your organization. It also explains how you can assign licenses to your users so they can access and use Bookings. ## Access Bookings for the first time If your IT administrator has granted you access to Bookings, you can access the The first time you use [Bookings](https://outlook.office.com/bookings/onboarding) you'll create a calendar and set up your business. -1. Select Get it now and choose, Add a booking calendar. If this isn't your first time on this page, you can select another booking calendar or do a search for another booking calendar. +1. Select Get started, enter your business name and business type, and then select Create calendar. + +1. If this isn't your first time on this page, you can select another booking calendar or do a search for another booking calendar. 2. Enter your business name and business type and select Continue.
bookings	Get Bookings App	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/get-bookings-app.md	description: "The Bookings mobile apps are not yet available worldwide. This art # Get the Microsoft Bookings app for iOS and Android +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Microsoft Bookings is available as a mobile app for iOS and Android. The Bookings app for iOS is available in all regions and countries that Apple supports. You can download the app from the [iTunes App Store](https://apps.apple.com/app/microsoft-bookings/id1065657468). The Bookings app for Android is available for download from the [Google Play Store](https://play.google.com/store/apps/details?id=com.microsoft.exchange.bookings) in the US and Canada. ## Before you begin
bookings	Metrics And Activity Tracking	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/metrics-and-activity-tracking.md	description: "Various metrics are available on the main Bookings page, allowing # Microsoft Bookings metrics and activity tracking +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Various metrics are available on the main Bookings page, allowing you to easily track revenue and customer activity. \| Metric \| Description \|
bookings	Reporting Info	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/reporting-info.md	description: "Learn how you can see a 4 month view of your Bookings activity" # Reporting info for Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + You can now see a four month view of your Bookings calendar in a TSV file. The TSV file will show you four months of data, but you can select different four month periods over the course of a year. This appointment level information can be used to visualize the customer activity around your Bookings calendar. TSV files are tab separated value files. You can view or edit a file like this with any text editor or spreadsheet program, such as Excel.
bookings	Schedule Closures Time Off Vacation	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/schedule-closures-time-off-vacation.md	description: "Schedule office closures and employee time off from the Bookings c # Schedule business closures, time off, and vacation time +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Occasionally, you'll want to close your business for holidays or team events, or your employees will need time off when they're sick, on vacation, or unavailable for other reasons. You can schedule time off from the Microsoft Bookings calendar, and the employee will be unavailable for bookings during the specified time. Once the business reopens or employees return to work, everyone will be listed on the booking page according to their established work hours. Watch this video or follow the steps below to schedule business closures or employee off. Watch this video or follow the steps below to schedule business closures or empl ## Schedule ad hoc business closures -1. In Microsoft 365, select the app launcher, and then select Bookings. +1. In Microsoft 365, select the app launcher, and then select Bookings. + +1. Choose your calendar. -1. In the navigation pane, select Calendar \> Time off. +1. In the top navigation pane, select Add time off. ![Image of Bookings calendar view and time off button.](../media/bookings-calendar-timeoff.png) When a customer attempts to schedule service on a day the office is closed, they ![Image of app launcher.](../media/bookings-applauncher.png) -1. In the navigation pane, select Calendar \> Time off. +1. Choose your calendar. + +1. In the top navigation pane, select Add time off. ![Image of Bookings calendar view and time off button.](../media/bookings-calendar-timeoff.png)
bookings	Set Buffer Time	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/set-buffer-time.md	description: "Set buffer time before or after an appointment in Microsoft Bookin # Set buffer time in Microsoft Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Some of your appointments might require time before or after you meet with your customer to set up, clean up, or reset your room and equipment. Or if youΓÇÖre on the road between customer appointments, you may need time to ensure you and your team can travel between appointments without making the customer wait. You can set buffer time before appointments start, after appointments end, or both to give staff the extra time they need to prepare for their next appointment. You can set buffer time before appointments start, after appointments end, or bo Buffer time defaults are set on the Service details page in Bookings. Like all service defaults set on this page, these defaults can be edited by you for a specific booking to meet specific customer needs. -The buffer time setting can be found just below the Default duration pickers on the Service details page. Before it can be set for a given service, you must enable the buffer time setting by selecting the buffer time toggle. This causes the Before and After drop-downs to appear, which are used to pick the default amount of time to hold before and after each booking, as shown here: +The buffer time setting can be found on the Service details page. Before it can be set for a given service, you must enable the buffer time setting by selecting the buffer time toggle. This causes the Before and After drop-downs to appear, which are used to pick the default amount of time to hold before and after each booking, as shown here: ![Image of Bookings with buffer time enabled.](../media/bookings-buffertime.png)
bookings	Set Language Time Zones	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/set-language-time-zones.md	description: "Change your language and time zone settings in Microsoft Bookings. # Set language and time zones in Microsoft Bookings +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + If you are using Microsoft Bookings and bookings are created at the wrong time, then your time zone settings might need to be changed. Likewise, if some bookings are in the wrong language, you might need to change your language settings. There are two separate language and time zone settings for Bookings. The first setting controls the language and time zone of the booking calendar and is set using the Outlook on the web settings for the personal calendar of the logged-in user. The second setting affects the self-service booking page that your customers use and is set using a "regional settings" page that controls language and time zone only for that page.
bookings	Set Scheduling Policies	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/set-scheduling-policies.md	description: "Learn how to set scheduling policies for your business. Scheduling # Set your scheduling policies +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + Not all appointments are the same. Some take only a few minutes, while others can take hours or more. In Microsoft Bookings, the booking page is where you set the scheduling policies for your business. Scheduling policies include the length of appointments, acceptable lead and cancellation times, and automatic notifications of booking changes. Additional customization can be added for each service within the Services page, with additional duration settings and policies that apply only to that service. The policies you set here are the top-level policies. They are automatically applied to all the services you offer unless you choose to modify them on a per-service basis. For example, let's say that for most services, such as initial consultations, one-day notice for cancellations is acceptable. But for those services that require facility reservations or fees, such as golf lessons, you might require three days' notice. You can set this service-level policy on the Services page. See [Define your service offerings](define-service-offerings.md) for instructions.
bookings	Turn Bookings On Or Off	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/turn-bookings-on-or-off.md	description: "Learn how to get access to Microsoft Bookings in Microsoft 365." # Turn Microsoft Bookings on or off +> [!NOTE] +> This article helps you to interact with the latest version of Microsoft Bookings. Previous versions will be retired in coming months. + +This article is for admins. + Bookings can be turned on or off for your entire organization or for specific users. When you turn on Bookings for users, they can create a Bookings page, create a calendar, and allow other people to book time with them. > [!NOTE] To turn Bookings on or off for your organization using the PowerShell cmdlet [Se Set-OrganizationConfig -BookingsEnabled $false ``` +### Granular controls + Use the settings below to control who can use Bookings, decide on what Bookings information is shared and whether staff need approval before they can be added to a Booking calendar. :::image type="content" source="../media/control-access-sharing-bookings.png" alt-text="Screenshot: Settings that allow you to control who can use Bookings, decide what Bookings info is shared and staff approval":::
commerce	About Registration Numbers	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/about-registration-numbers.md	Title: "About registration numbers and under review notifications" + Title: "About registration numbers and under-review notifications" f1.keywords: - NOCSH
commerce	Add Licenses Bought Through Vlsc	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/add-licenses-bought-through-vlsc.md	Title: "Add licenses to a subscription purchased through the Volume Licensing Service Center" + Title: "Add licenses to a VLSC subscription" f1.keywords: - NOCSH
commerce	Add Licenses Using Product Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/add-licenses-using-product-key.md	Title: "Add licenses to or extend a subscription paid for using a product key" + Title: "Add licenses using a product key" f1.keywords: - NOCSH
commerce	Manage Third Party App Licenses	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/manage-third-party-app-licenses.md	Title: "Manage ISV app licenses in the Microsoft 365 admin center" + Title: "Manage ISV app licenses" f1.keywords: - NOCSH
commerce	Manage Saas Apps	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-saas-apps.md	Title: Manage software-as-a-service apps for your organization + Title: Manage SAAS apps for your organization f1.keywords: - NOCSH
commerce	Purchases From Microsoft Open	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/purchases-from-microsoft-open.md	Title: "Enter your product key purchased from Microsoft Open" + Title: "Enter your Microsoft Open product key" f1.keywords: - NOCSH
commerce	Verify Academic Eligibility	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/verify-academic-eligibility.md	Title: "Verify academic eligibility for Microsoft 365 Education subscriptions" + Title: "Verify eligibility for Microsoft 365 Education subscriptions" f1.keywords: - CSH - FWLink-2135711
compliance	Communication Compliance Policies	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-policies.md	To copy a policy and create a new policy, complete the following steps: ## User-reported messages policy +>[!NOTE] +>User-reported messages will begin to be available for organizations licensed for [communication compliance](/microsoft-365/compliance/communication-compliance-configure#subscriptions-and-licensing) and Microsoft Teams starting in May 2022. This feature should be available for all licensed organizations by August 31, 2022. + As part of a layered defense to detect and remediate inappropriate messages in your organization, you can supplement communication compliance policies with user-reported messages in Microsoft Teams. This feature empowers users in your organization to self-report inappropriate messages, such as harassing or threatening language, sharing of adult content, and sharing of sensitive or confidential information, to help foster a safe and compliant work environment. Enabled by default in the [Teams admin center](/microsoftteams/manage-teams-in-modern-portal), the Report a concern option in Teams messages allows users in your organization to submit inappropriate messages for review by communication compliance reviewers for the policy. These messages are supported by a default system policy that supports reporting messages in Teams channels, group, and private chats.
compliance	Dlp Policy Reference	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md	For example, you might have a DLP policy that helps you detect the presence of i Priority for rules on endpoints is also assigned according to the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on. -When a file on an endpoint matches multiple DLP policies, the first rule that's enabled with restrictions is the one that gets enforced on the content. For example, if content matches all of the following rules, Rule 2 is enforced because it's the highest priority rule that's configured with a restriction. - -- Rule 1: only notifies users-- Rule 2: notifies users, restricts access, and allows user overrides-- Rule 3: notifies users, restricts access, and does not allow user overrides-- Rule 4: restricts access +When a file on an endpoint matches multiple DLP policies, the first rule that's enabled with most restrictive enforcement on the [endpoint activities](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on) is the one that gets enforced on the content. For example, if content matches all of the following rules, then rule 2 takes precedence over the other rules since its the most restrictive. + +- Rule 1: only audits all activity +- Rule 2: blocks all activity +- Rule 3: blocks all activity with option for end user to override -Rules 1, 3, and 4 would be evaluated, but not applied. In this example, matches for all of the rules are recorded in the audit logs and shown in the DLP reports, even though only the first rule with a restriction is applied. +In the below example, Rule 1 takes precedence over the other matching rules since its the most restrictive. -For rules that are applied to endpoints, you can take advantage of the ability to re-order the rule priority to make sure the restrictions you want applied are applied. +- Rule 1: blocks activity and does not allow user override +- Rule 2: blocks activity and allows user overrides +- Rule 3: only audits all activity +- Rule 4: no enforcement + +All the other rules are evaluated but their actions are not enforced. Audit logs will show the most restrictive rule applied on the file. If there is more than one rule that matches and they are equally restrictive, then policy and rule priority governs which rule would be applied on the file. + +For endpoints, you can configure the actions that DLP takes for all supported activities in a single rule for a particular set of inclusion conditions. ### Conditions The available context options change depending on which location you choose. If - Content contains - Content is shared from Microsoft 365-- File extension is +- Document created by +- Document created by member of +- Document name contains words or phrases +- Document name matches patterns +- Document size over - Document property is +- File extension is ##### Conditions OneDrive accounts supports - Content contains - Content is shared from Microsoft 365-- File extension is +- Document created by +- Document created by member of +- Document name contains words or phrases +- Document name matches patterns +- Document size over - Document property is +- File extension is ##### Conditions Teams chat and channel messages supports - Content contains - Content is shared from Microsoft 365-- Sender is (Preview)-- Sender domain is (Preview)-- Recipient domain is (Preview)-- Recipient is (Preview) +- Sender is +- Sender domain is +- Recipient domain is +- Recipient is ##### Conditions Devices supports
compliance	Encryption Sensitivity Labels	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-sensitivity-labels.md	When you assign permissions, you can choose: - Any specific user or email-enabled security group, distribution group, or Microsoft 365 group ([formerly Office 365 group](https://techcommunity.microsoft.com/t5/microsoft-365-blog/office-365-groups-will-become-microsoft-365-groups/ba-p/1303601)) in Azure AD. The Microsoft 365 group can have static or [dynamic membership](/azure/active-directory/users-groups-roles/groups-create-rule). Note that you can't use a [dynamic distribution group from Exchange](/Exchange/recipients/dynamic-distribution-groups/dynamic-distribution-groups) because this group type isn't synchronized to Azure AD, and you can't use a security group that isn't email-enabled. - Within a specified group that's supported for this option, each [user will be individually authenticated](/azure/information-protection/prepare#azure-information-protection-requirements-for-user-accounts) by the Azure Information Protection service before they can open the encrypted content. + Although you can specify groups that contain mail contacts as a convenient method to grant access to multiple people outside your organization, there's currently a known issue with this configuration. For more information, see [Mail contacts in groups have intermittent access to encrypted content](/office365/troubleshoot/sensitivity-labels/mail-contacts-lose-access-encrypted-content). - Any email address or domain. Use this option to specify all users in another organization who uses Azure AD, by entering any domain name from that organization. You can also use this option for social providers, by entering their domain name such as gmail.com, hotmail.com, or outlook.com.
compliance	Sensitivity Labels Coauthoring	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-coauthoring.md	Check the following section for a list of apps and services that support this se ## Prerequisites -> [!IMPORTANT] -> This feature requires that all users have Microsoft 365 Apps for enterprise. Support for this co-authoring feature isn't yet available with the Semi-Annual Enterprise Channel for Office updates. If you are using this update channel for your Office apps, change it to Current Channel or Monthly Enterprise Channel. -> -> For more information, see [How to configure and manage update channels](/deployoffice/overview-update-channels#how-to-configure-and-manage-update-channels). - Make sure you understand the following prerequisites before you turn on this feature. - You must be a global admin to turn on this feature. Make sure you understand the following prerequisites before you turn on this fea - Sensitivity labels must be [enabled for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md) for the tenant. If this feature isn't already enabled, it will be automatically enabled when you select the setting to turn on co-authoring for files with sensitivity labels. - Microsoft 365 Apps for enterprise: - - Windows: Minimum version 2107 from Current Channel or Monthly Enterprise Channel + - Windows: Minimum version 2107 from Current Channel or Monthly Enterprise Channel, or minimum version 2202 from Semi-Annual Enterprise Channel - macOS: Minimum version 16.51 - iOS: Now in preview when you [opt in](#opt-in-to-the-preview-of-co-authoring-for-ios-and-android) with minimum version 2.58 - Android: Now in preview when you [opt in](#opt-in-to-the-preview-of-co-authoring-for-ios-and-android) with minimum version 16.0.14931
enterprise	Connect To Microsoft 365 Powershell	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-microsoft-365-powershell.md	Are you sure you want to install the modules from 'PSGallery'? Answer Yes or Yes to All to continue with the installation. +3. Run this command to import the module: + + ```powershell + Import-Module AzureAD + ``` + ### Step 2: Connect to Azure AD for your Microsoft 365 subscription To connect to Azure Active Directory (Azure AD) for your Microsoft 365 subscription with an account name and password or with multi-factor authentication, run one of these commands from a Windows PowerShell command prompt. (It doesn't have to be elevated.)
enterprise	Microsoft 365 Vpn Securing Teams	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-vpn-securing-teams.md	In certain scenarios, often unrelated to Teams client configuration, media traff Signaling traffic is performed over HTTPS and isn't as latency sensitive as the media traffic and is marked as Allow in the URL/IP data and thus can safely be routed through the VPN client if desired. >[!NOTE] ->Microsoft Edge 96 and above also supports VPN split tunneling for peer-to-peer traffic. This means customers can gain the benefit of VPN split tunneling for Teams web clients on Edge, for instance. Customers who want to set it up for websites running on Edge can achieve it by taking the additional step of enabling the Edge [WebRtcRespectOsRoutingTableEnabled](/deployedge/microsoft-edge-policies#webrtcrespectosroutingtableenabled) policy. +>Microsoft Edge 96 and above also supports VPN split tunneling for peer-to-peer traffic. This means customers can gain the benefit of VPN split tunneling for Teams web clients on Edge, for instance. Customers who want to set it up for websites running on Edge can achieve it by taking the additional step of disabling the Edge [WebRtcRespectOsRoutingTableEnabled](/deployedge/microsoft-edge-policies#webrtcrespectosroutingtableenabled) policy. ### Security
enterprise	Office 365 Network Mac Perf Onboarding Tool	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool.md	When the tests are completed, the web page and the advanced tests client will bo ## Sharing your test report -The test report requires authentication to your Microsoft 365 account. Your administrator selects how you can share your test report. +The test report requires authentication to your Microsoft 365 account. Your administrator selects how you can share your test report. The default settings allow for sharing of your reports with other user within your organization and the ReportID link is not available. Reports will expire by default after 90 days. ### Sharing your report with your administrator
managed-desktop	Change History Managed Desktop	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/change-history-managed-desktop.md	This article lists new and updated articles in the [Microsoft Managed Desktop do New or changed article \| Description \| +\| [Shared devices](service-description/shared-devices.md) \| Added Register new devices in shared mode section \| \| [Teams](get-started/teams.md) \| Updated Microsoft Intune changes section \| ## March 2022
managed-desktop	Shared Devices	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/shared-devices.md	Shared device mode isn't a good choice in these situations: - If the user experience needs to be different for different users on the device - If the set of applications each user needs differs greatly -## Enroll new devices in shared device mode +## Register new devices in shared device mode -Whether you or a partner are handling enrollment, you can choose to use shared device mode. +Starting in 2203, whether you or a partner are handling device enrollment, you can choose to use the [Windows Autopilot self-deploying mode](/mem/autopilot/self-deploying) profile in Microsoft Managed Desktop. -If you're enrolling devices yourself, follow the steps in [Manual registration](../get-started/manual-registration.md), and then add them to the Modern Workplace Devices - Shared Device Mode group. +If you're enrolling devices yourself, you must import new devices into the Windows Autopilot Devices blade. -> [!WARNING] -> Do not try to convert any existing Microsoft Managed Desktop devices to shared device mode by simply adding them to this group. The policies that are applied can potentially cause OneDrive files to be permanently lost. +To import new devices into the Windows Autopilot Devices blade: -If you're having a partner enroll devices, follow the steps in [Partner registration](../get-started/partner-registration.md), but append -Shared to the group tag, as shown in the following table: +1. Collect the [hardware hash](../get-started/manual-registration.md#obtain-the-hardware-hash) for the new devices you want to assign the Windows Autopilot Self-deployment mode profile to. +2. Go to the [Microsoft Endpoint Manager portal](https://endpoint.microsoft.com). +2. Select Devices from the left navigation menu. +3. In the By platform section, select Windows. Then, select Windows Enrollment. +4. In the Windows Autopilot Deployment Program section, select Devices. +5. [Import](../get-started/manual-registration.md#register-devices-by-using-the-admin-portal) the .CSV file containing all hardware hashes collected in step #1. +6. After you've uploaded the Windows Autopilot devices, you must edit the imported devices' group tag attribute so Microsoft Managed Desktop can register them using the Windows Autopilot self-deploying mode profile. See below for the group tag attributes. You must append -Shared to the group tag, as shown in the table below: \| Device profile \| Autopilot group tag (standard mode) \| Group tag (shared device mode) \| \| -- \| -- \| -- \| If you're having a partner enroll devices, follow the steps in [Partner registra \| Power user \| Microsoft365Managed_PowerUser \| Not supported \| \| Standard \| Microsoft365Managed_Standard \| Microsoft365Managed_Standard-Shared \| +> [!WARNING] +> Don't try to edit the group tab attribute by appending -Shared to devices previously imported to Windows Autopilot. Devices already imported into Windows Autopilot, using one of the Microsoft Managed Desktop group tags starting with Microsoft365Managed_, but without -Shared initially appended, are already part of a different Azure Active Directory group. This Azure Active Directory group doesn't have the Windows Autopilot self-deploying mode profile assigned to it. If you must re-purpose an existing device to be a shared device, you must delete and re-register the device into Windows Autopilot again. + +If you're having a partner enroll devices, follow the steps in [Partner registration](../get-started/partner-registration.md), but append -Shared to the group tag, as shown in the table above. + ## Consequences of shared device mode ### Device storage
security	TOC	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md	#### [Attack surface reduction (ASR) rules]() ##### [Learn about ASR rules](attack-surface-reduction.md) ##### [Attack surface reduction (ASR) rules deployment guide]() -###### [ASR rules deployment prerequisites](attack-surface-reduction-rules-deployment.md) -###### [Step 1: Plan ASR rules deployment](attack-surface-reduction-rules-deployment-plan.md) -###### [Step 2: Test ASR rules](attack-surface-reduction-rules-deployment-test.md) -###### [Step 3: Implement ASR rules](attack-surface-reduction-rules-deployment-implement.md) -###### [Step 4: Operationalize ASR rules](attack-surface-reduction-rules-deployment-operationalize.md) -##### [ASR rules reference](attack-surface-reduction-rules-reference.md) +###### [Attack surface reduction (ASR) rules deployment overview](attack-surface-reduction-rules-deployment.md) +###### [Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) +###### [Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) +###### [Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) +###### [Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) +##### [Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md) ##### [Enable ASR rules alternate configuration methods](enable-attack-surface-reduction.md) ##### [Attack surface reduction FAQ](attack-surface-reduction-faq.yml) #### [Controlled folder access]()
security	Attack Surface Reduction Rules Deployment Implement	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md	Title: Implement attack surface reduction (ASR) rules deployment + Title: Enable attack surface reduction (ASR) rules description: Provides guidance to implement your attack surface reduction rules deployment. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh Last updated 1/18/2022 -# Step 3: Implement ASR rules +# Enable attack surface reduction (ASR) rules Implementing attack surface reduction (ASR) rules moves the first test ring into an enabled, functional state. You can customize the notification for when a rule is triggered and blocks an ap ## Additional topics in this deployment collection -[ASR rules deployment prerequisites](attack-surface-reduction-rules-deployment.md) +[Attack surface reduction (ASR) rules deployment overview](attack-surface-reduction-rules-deployment.md) -[Step 1: Plan ASR rules deployment](attack-surface-reduction-rules-deployment-plan.md) +[Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) -[Step 2: Test ASR rules](attack-surface-reduction-rules-deployment-test.md) +[Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) -[Step 4: Operationalize ASR rules](attack-surface-reduction-rules-deployment-operationalize.md) +[Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) + +[Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md)
security	Attack Surface Reduction Rules Deployment Operationalize	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md	Title: Operationalize attack surface reduction (ASR) rules deployment + Title: Operationalize attack surface reduction (ASR) rules description: Provides guidance to operationalize your attack surface reduction rules deployment. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh Last updated 1/18/2022 -# Step 4: Operationalize ASR rules +# Operationalize attack surface reduction (ASR) rules After you've fully deployed attack surface reduction (ASR) rules, it's vital that you have processes in place to monitor and respond to ASR-related activities. For more information about hunting options, see: [Demystifying attack surface re ## Topics in this deployment collection -[ASR rules deployment prerequisites](attack-surface-reduction-rules-deployment.md) +[Attack surface reduction (ASR) rules deployment overview](attack-surface-reduction-rules-deployment.md) -[Step 1: Plan ASR rules deployment](attack-surface-reduction-rules-deployment-plan.md) +[Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) -[Step 2: Test ASR rules](attack-surface-reduction-rules-deployment-test.md) +[Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) -[Step 3: Implement ASR rules](attack-surface-reduction-rules-deployment-implement.md) +[Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) + +[Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md)
security	Attack Surface Reduction Rules Deployment Plan	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md	Title: Plan ASR rules attack surface reduction deployment rules deployment + Title: Plan attack surface reduction (ASR) rules deployment description: Provides guidance to plan your attack surface reduction (ASR) rules deployment. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh Last updated 1/18/2022 -# Step 1: Plan ASR rules deployment +# Plan attack surface reduction (ASR) rules deployment When testing attack surface reduction (ASR) rules it is important to start with the right business unit. You'll want to start with a small group of people in a specific business unit. You can identify some ASR champions within a particular business unit who can provide real-world impact about the ASR rules, and help you tune your implementation. See: [Create a deployment plan for Windows](/windows/deployment/update/create-de ## Additional topics in this deployment collection -[ASR rules deployment prerequisites](attack-surface-reduction-rules-deployment.md) +[Attack surface reduction (ASR) rules deployment overview](attack-surface-reduction-rules-deployment.md) -[Step 2: Test ASR rules](attack-surface-reduction-rules-deployment-test.md) +[Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) -[Step 3: Implement ASR rules](attack-surface-reduction-rules-deployment-implement.md) +[Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) -[Step 4: Operationalize ASR rules](attack-surface-reduction-rules-deployment-operationalize.md) +[Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) + +[Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md)
security	Attack Surface Reduction Rules Deployment Test	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md	Last updated 1/18/2022 -# Step 2: Test ASR rules +# Test attack surface reduction (ASR) rules Testing attack surface reduction (ASR) rules helps you determine if rules will impede line-of-business operations prior to enabling any rule. By starting with a small, controlled group, you can limit potential work disruptions as you expand your deployment across your organization. Begin your attack surface reduction(ASR) rules deployment with ring 1. > [!div class="mx-imgBorder"] > :::image type="content" source="images/asr-rules-testing-steps.png" alt-text="The ASR rules testing steps" lightbox="images/asr-rules-testing-steps.png"::: - ## Step 1: Test ASR rules using Audit Begin the testing phase by turning on the ASR rules with the rules set to Audit, starting with your champion users or devices in ring 1. Typically, the recommendation is that you enable all the rules (in Audit) so that you can determine which rules are triggered during the testing phase. Note that rules that are set to Audit do not generally impact functionality of the entity or entities to which the rule is applied but do generate logged events for the evaluation; there is no effect on end users. Event ID \| Description ## Additional topics in this deployment collection -[ASR rules deployment prerequisites](attack-surface-reduction-rules-deployment.md) +[Attack surface reduction (ASR) rules deployment overview](attack-surface-reduction-rules-deployment.md) + +[Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) -[Step 1: Plan ASR rules deployment](attack-surface-reduction-rules-deployment-plan.md) +[Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) -[Step 3: Implement ASR rules](attack-surface-reduction-rules-deployment-implement.md) +[Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) -[Step 4: Operationalize ASR rules](attack-surface-reduction-rules-deployment-operationalize.md) +[Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md)
security	Attack Surface Reduction Rules Deployment	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment.md	Title: ASR rules deployment prerequisites + Title: Attack surface reduction (ASR) rules deployment overview description: Provides overview and prerequisite guidance about deploying attack surface reduction (ASR) rules. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh Last updated 1/18/2022 -# ASR rules deployment prerequisites - -## Before you begin +# Attack surface reduction (ASR) rules deployment overview Attack surfaces are all the places where your organization is vulnerable to cyberthreats and attacks. Your organization's attack surfaces includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to attack. Configuring attack surface reduction (ASR) rules ΓÇö one of many security features found in Microsoft Defender for Endpoint ΓÇö can help. ASR rules target certain software behaviors, such as: By reducing the different attack surfaces, you can help prevent attacks from happening in the first place. +## Before you begin + During your initial preparation, it's vital that you understand the capabilities of the systems that you'll put in place. Understanding the capabilities will help you determine which ASR rules are most important for protecting your organization. Additionally, there are several prerequisites which you must attend to in preparation of your ASR deployment. >[!IMPORTANT] As with any new, wide-scale implementation which could potentially impact your l ## Additional topics in this deployment collection -[Phase 1: Plan](attack-surface-reduction-rules-deployment-plan.md) +[Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) -[Phase 2: Test](attack-surface-reduction-rules-deployment-test.md) +[Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) -[Phase 3: Implement](attack-surface-reduction-rules-deployment-implement.md) +[Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) -[Phase 4: Operationalize](attack-surface-reduction-rules-deployment-operationalize.md) +[Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md) ## Reference As with any new, wide-scale implementation which could potentially impact your l [Use attack surface reduction rules to prevent malware infection](attack-surface-reduction.md) -[Enable attack surface reduction rules](enable-attack-surface-reduction.md) +[Enable attack surface reduction rules - alternate configurations](enable-attack-surface-reduction.md) [Attack surface reduction rules reference](attack-surface-reduction-rules-reference.md)
security	Microsoft Defender Endpoint Linux	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md	Microsoft Defender for Endpoint for Linux includes antimalware and endpoint dete - Access to the Microsoft 365 Defender portal - Linux distribution using the [systemd](https://systemd.io/) system manager+ + >[!NOTE] + >Linux distribution using system manager, except for RHEL/CentOS 6.x support both SystemV and Upstart. + - Beginner-level experience in Linux and BASH scripting - Administrative privileges on the device (in case of manual deployment) If you experience any installation failures, refer to [Troubleshooting installat > Distributions and version that are not explicitly listed are unsupported (even if they are derived from the officially supported distributions). - List of supported kernel versions + - Minimum kernel version 3.10.0-327 (For all the supported Linux distributions mentioned above except Red Hat Enterprise Linux 6 and CentOS 6) + - The `fanotify` kernel option must be enabled - Red Hat Enterprise Linux 6 and CentOS 6: - For 6.7: 2.6.32-573.* - For 6.8: 2.6.32-642.* - - For 6.9: 2.6.32-696.* - - For 6.10: 2.6.32.754.2.1.el6.x86_64 to 2.6.32-754.41.2: + - For 6.9: 2.6.32-696.* (except 2.6.32-696.el6.x86_64) + - For 6.10: 2.6.32.754.2.1.el6.x86_64 to 2.6.32-754.43.1: - 2.6.32-754.10.1.el6.x86_64 - 2.6.32-754.11.1.el6.x86_64 If you experience any installation failures, refer to [Troubleshooting installat - 2.6.32-754.6.3.el6.x86_64 - 2.6.32-754.9.1.el6.x86_64 - For Red Hat Enterprise Linux 6 and CentOS 6, the list of supported kernel versions are: - - For 6.7: 2.6.32-573.* - - For 6.8: 2.6.32-642.* - - For 6.9: 2.6.32-696.* - - For 6.10: 2.6.32.754.2.1.el6.x86_64 to 2.6.32-754.41.2: - > [!NOTE] > After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that that are listed in this section are provided for technical upgrade support only. - List of versions: - - - 2.6.32-754.2.1.el6.x86_64 - - 2.6.32-754.17.1.el6.x86_64 - - 2.6.32-754.29.1.el6.x86_64 - - 2.6.32-754.3.5.el6.x86_64 - - 2.6.32-754.18.2.el6.x86_64 - - 2.6.32-754.29.2.el6.x86_64 - - 2.6.32-754.6.3.el6.x86_64 - - 2.6.32-754.22.1.el6.x86_64 - - 2.6.32-754.30.2.el6.x86_64 - - 2.6.32-754.9.1.el6.x86_64 - - 2.6.32-754.23.1.el6.x86_64 - - 2.6.32-754.33.1.el6.x86_64 - - 2.6.32-754.10.1.el6.x86_64 - - 2.6.32-754.24.2.el6.x86_64 - - 2.6.32-754.35.1.el6.x86_64 - - 2.6.32-754.11.1.el6.x86_64 - - 2.6.32-754.24.3.el6.x86_64 - - 2.6.32-754.39.1.el6.x86_64 - - 2.6.32-754.12.1.el6.x86_64 - - 2.6.32-754.25.1.el6.x86_64 - - 2.6.32-754.41.2.el6.x86_64 - - 2.6.32-754.14.2.el6.x86_64 - - 2.6.32-754.27.1.el6.x86_64 - - 2.6.32-754.15.3.el6.x86_64 - - 2.6.32-754.28.1.el6.x86_64 ---- Minimum kernel version 3.10.0-327--- The `fanotify` kernel option must be enabled > [!CAUTION] > Running Defender for Endpoint on Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.
security	Overview Attack Surface Reduction	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction.md	Title: Understand and use attack surface reduction (ASR) description: Learn about the attack surface reduction capabilities of Microsoft Defender for Endpoint. -keywords: asr, attack surface reduction, Microsoft Defender for Endpoint, microsoft defender, antivirus, av, windows defender +keywords: asr, attack surface reduction, attack surface reduction rules, Microsoft Defender for Endpoint, microsoft defender, antivirus, av, windows defender ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library To configure attack surface reduction in your environment, follow these steps: ## Test attack surface reduction in Microsoft Defender for Endpoint -As part of your organization's security team, you can configure attack surface reduction capabilities to run in audit mode to see how they'll work. In audit mode, you can enable: +As part of your organization's security team, you can configure attack surface reduction capabilities to run in audit mode to see how they'll work. You can enable the following ASR security features in audit mode: - Attack surface reduction rules - Exploit protection - Network protection-- And controlled folder access in audit mode +- And controlled folder access Audit mode lets you see a record of what would have happened if you had enabled the feature. You can enable audit mode using Group Policy, PowerShell, and configuration serv \| Audit options \| How to enable audit mode \| How to view events \| \|\|\|\| \| Audit applies to all events \| [Enable controlled folder access](enable-controlled-folders.md) \| [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer) \| -\| Audit applies to individual rules \| [Step 1: Test ASR rules using Audit](attack-surface-reduction-rules-deployment-test.md#step-1-test-asr-rules-using-audit) \| [Step 2: Understand the Attack surface reduction rules reporting page](attack-surface-reduction-rules-deployment-test.md#step-2-understand-the-attack-surface-reduction-rules-reporting-page-in-the-microsoft-365-defender-portal) \| +\| Audit applies to individual rules \| [Step 1: Test ASR rules using Audit mode](attack-surface-reduction-rules-deployment-test.md#step-1-test-asr-rules-using-audit) \| [Step 2: Understand the Attack surface reduction rules reporting page](attack-surface-reduction-rules-deployment-test.md#step-2-understand-the-attack-surface-reduction-rules-reporting-page-in-the-microsoft-365-defender-portal) \| \| Audit applies to all events \| [Enable network protection](enable-network-protection.md) \| [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer) \| \| Audit applies to individual mitigations \| [Enable exploit protection](enable-exploit-protection.md) \| [Exploit protection events](exploit-protection.md#review-exploit-protection-events-in-windows-event-viewer) \| +### Attack surface reduction (ASR) rules + +Attack surface reduction (ASR) rules are pre-defined to harden common, known attack surfaces. There are several methods you can use to implement attack surface reduction rules. The preferred method is documented in the following attack surface reduction (ASR) rules deployment topics: + +- [Attack surface reduction (ASR) rules deployment overview](attack-surface-reduction-rules-deployment.md) +- [Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) +- [Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) +- [Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) +- [Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) + ## View attack surface reduction events Review attack surface reduction events in Event Viewer to monitor what rules or settings are working. You can also determine if any settings are too "noisy" or impacting your day to day workflow. As mentioned in the video, Defender for Endpoint includes several attack surface \| [Controlled folder access](controlled-folders.md) \| Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Microsoft Defender Antivirus) \| \| [Network protection](network-protection.md) \| Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus) \| \| [Exploit protection](exploit-protection.md) \| Help protect the operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions. \| -\| [Attack surface reduction rules](attack-surface-reduction.md) \| Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus). \| \| [Device control](device-control-report.md) \| Protects against data loss by monitoring and controlling media used on devices, such as removable storage and USB drives, in your organization. \| +\| [Attack surface reduction (ASR) rules deployment guide](attack-surface-reduction-rules-deployment.md) \| Presents overview information and prerequisites for deploying attack surface reduction rules \| +\| [Plan attack surface reduction (ASR) rules deployment](attack-surface-reduction-rules-deployment-plan.md) \| Lists the recommended steps for attack surface reduction rules deployment \| +\| [Test attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-test.md) \| Provides steps to use audit mode to test attack surface reduction rules. \| +\| [Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) \| Shows the steps to transition attack surface reduction rules from test (audit) mode to the active, enabled (Block) mode \| +\| [Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) \| Provides information about day-to-day review and maintenance activities. \| +\| [Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md) \| Provides details about each attack surface reduction rule. \| +\| [Attack surface reduction rules](attack-surface-reduction.md) \| Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus). \|
security	Advanced Hunting Shared Queries	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-shared-queries.md	ms.technology: m365d - Microsoft 365 Defender - Microsoft Defender for Endpoint +[Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also save queries that are only accessible to you. You can also find community queries that are shared publicly on GitHub. These saved queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch. +Under the Queries tab in advanced hunting, you can find the drop-down menus for Shared queries, My queries, and Community queries. You can select a downward-facing arrow to expand a menu. ++ -[Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch. ## Save, modify, and share a query You can save a new or existing query so that it is only accessible to you or shared with other users in your organization. You can save a new or existing query so that it is only accessible to you or sha ## Create a direct link to a query To generate a link that opens your query directly in the advanced hunting query editor, finalize your query and select Share link. -## Access queries in the GitHub repository -Microsoft security researchers regularly share advanced hunting queries in a [designated public repository on GitHub](https://aka.ms/hunting-queries). This repository is open to contributions. To contribute, [join GitHub for free](https://github.com/). +## Access community queries in the GitHub repo +Microsoft security researchers regularly share advanced hunting queries in a [designated public repository on GitHub](https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries/Microsoft%20365%20Defender). Contributions to this repository are reviewed before getting published. To contribute, [join GitHub for free](https://github.com/). + +You can easily find these queries in the Community queries dropdown as well. ++ >[!tip] >Microsoft security researchers also provide advanced hunting queries that you can use to locate activities and indicators associated with emerging threats. These queries are provided as part of the [threat analytics](/windows/security/threat-protection/microsoft-defender-atp/threat-analytics) reports in Microsoft 365 Defender.
security	Migrate To Defender For Office 365	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365.md	This guide provides specific and actionable steps for your migration, and assume :::image type="content" source="../../medio-migration-before.png"::: -- You're beyond the investigation and consideration phase for protection by Defender for Office 365. If you need to evaluate Defender for Office 365 to decide whether it's right for your organization, we recommend that you consider [Evaluation Mode](office-365-evaluation.md). +- You're beyond the investigation and consideration phase for protection by Defender for Office 365. If you need to evaluate Defender for Office 365 to decide whether it's right for your organization, we recommend that you consider the options described in [Try Microsoft Defender for Office 365](try-microsoft-defender-for-office-365.md). - You've already purchased Defender for Office 365 licenses.
security	Remediate Malicious Email Delivered Office 365	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365.md	Admins can take required action on emails, but to get those actions approved, th Manual hunting occurs when security teams identify threats manually by using the search and filtering capabilities in Explorer. Manual email remediation can be triggered through any email view (Malware, Phish, or All email) after you identify a set of emails that need to be remediated. -> [!div class="mx-imgBorder"] -> [![Screenshot of manual hunting in Office 365 Threat Explorer by date.](../../media/tp-RemediationArticle1.png)](../../media/tp-RemediationArticle1.png#lightbox) + +Action logs Shows the details of remediation status like successful, failed, and already in destination. + Security teams can use Explorer to select emails in several ways:
security	User Submission	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md	After you've verified that your mailbox meets all applicable prerequisites, you ## What do you need to know before you begin? -- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the User submissions page, use <https://security.microsoft.com/reportsubmission>. +- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the User submissions page, use <https://security.microsoft.com/userSubmissionsReportMessage>. - To modify the configuration for User submissions, you need to be a member of one of the following role groups: After you've verified that your mailbox meets all applicable prerequisites, you ## Use the Microsoft 365 Defender portal to configure the user submissions mailbox -1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Policies & rules \> Threat policies \> User reported message settings in the Others section. To go directly to the User submissions page, use <https://security.microsoft.com/reportsubmission>. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Policies & rules \> Threat policies \> User reported message settings in the Others section. To go directly to the User submissions page, use <https://security.microsoft.com/userSubmissionsReportMessage>. 2. On the User submissions page, what you see is determined by whether the Microsoft Outlook Report Message button setting is Off or On:
solutions	Manage Devices With Intune Dlp Mip	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-dlp-mip.md	description: Implement Endpoint DLP by working with your information protection # Step 7. Implement data loss prevention (DLP) with information protection capabilities -If your organization has already put the time into understanding your data, developing a data sensitivity schema, and applying the schema, you might be ready to extend elements of this schema to endpoints by using data loss prevention (DLP) policies. +If your organization uses Microsoft 365 Information Protection and has put the time into understanding your data, developing a data sensitivity schema, and applying the schema, you might be ready to extend elements of this schema to endpoints by using data loss prevention (DLP) policies. Microsoft Endpoint data loss prevention (Endpoint DLP) currently applies to: - Windows 10, Windows 11 If your information protection and governance team is ready to extend DLP polici ![Endpoint DLP steps for the device admin](../media/devices/endpoint-dlp-steps.png#lightbox) -If you completed [Step 2. Enroll devices to Intune](manage-devices-with-intune-enroll.md) and [Step 6. Enroll devices into Defender for Endpoint to monitor device risk and compliance to security baselines](manage-devices-with-intune-monitor-risk.md), your devices are already enabled for Endpoint DLP. - Use the following steps to work with your information protection team. Use the following steps to work with your information protection team. \|Step \|Description \| \|\|\| \|1 \| [Learn about Microsoft 365 Endpoint data loss prevention](../compliance/endpoint-dlp-learn-about.md). \| -\|2 \| Enable devices for Endpoint DLP. If you onboarded devices to Microsoft Defender for Endpoint, your devices are already enabled for Endpoint DLP. If your devices are not onboarded to Defender for Endpoint, see [Get started with Endpoint data loss prevention](../compliance/endpoint-dlp-getting-started.md) for instructions.\| +\|2 \| Onboard devices for Endpoint DLP. If you onboarded devices to Microsoft Defender for Endpoint, your devices are already onboarded for Microsoft 365 Compliance, including Endpoint DLP. If your devices are not onboarded to Defender for Endpoint, see [Get started with Endpoint data loss prevention](../compliance/endpoint-dlp-getting-started.md) for instructions. For more information about how onboarding works, see [Enrolling devices vs. onboarding devices](manage-devices-with-intune-overview.md#enrolling-devices-vs-onboarding-devices)\| \|3 \| Work with your information protection and governance team to define, test, and tune policies. This includes monitoring the results. See these resources:<br>- [Using Endpoint data loss prevention](../compliance/endpoint-dlp-using.md)<br>- [View the reports for data loss prevention](../compliance/view-the-dlp-reports.md) \| -\| \| \|
solutions	Manage Devices With Intune Enroll	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-enroll.md	f1.keywords: - enroll devices into management-- enroll devices with Intune +- enroll devices to Intune - Intune mobile device platforms audience: ITPro For additional options, including enrolling BYOD Windows devices, see, [Enroll W ## iOS and iPadOS enrollment -For user owned (BYOD) devices, you can let users enroll their personal devices for Intune management using one of the following methods. +For user owned (BYOD) devices, you can let users enroll their personal devices with Intune using one of the following methods. - Device enrollment is what you may think of as typical BYOD enrollment. It provides admins with a wide range of management options. - User enrollment is a more streamlined enrollment process that provides admins with a subset of device management options. This feature is currently in preview.
solutions	Manage Devices With Intune Monitor Risk	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-monitor-risk.md	keywords: After your organization has deployed Microsoft Defender for Endpoint, you can gain greater insights and protection of your devices by integrating Microsoft Intune with Defender for Endpoint. For mobile devices, this includes the ability to monitor device risk as a condition for access. For Windows devices, you can monitor compliance of these devices to security baselines. -Note: Deploying Microsoft Defender for Endpoint includes onboarding endpoints. For more information about onboarding devices for Microsoft 365 capabilties, see [Enrolling devices vs. onboarding devices](manage-devices-with-intune-overview.md#enrolling-devices-vs-onboarding-devices). +Deploying Microsoft Defender for Endpoint includes onboarding endpoints. If you used Intune to onboard endpoints (recommended), then you have already connected Microsoft Intune to Defender for Endpoint. If you used a different method to onboard endpoints to Defender for Endpoint, see [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure) to ensure you have set up the service-to-service connection between Intune and Microsoft Defender for Endpoint. + ![Defender for Endpoint and Microsoft Intune integration illustration](../media/devices/devices-defender-for-endpoint-steps.png#lightbox) In this illustration: - Microsoft Defender for Endpoint greatly increases the sophistication of threat protection for devices. - While Microsoft Intune allows you to set App Protection Policies and manage devices (including configuration changes), Defender for Endpoint continuously monitors your devices for threats and can take automated action to remediate attacks. -- You can use Intune to onboard devices to Defender for Endpoint. When you do this, you are also enabling these devices to work with Microsoft 365 Compliance capabilities, including endpoint data loss prevention (DLP). +- You can connect Microsoft Intune to Defender for Endpoint to monitor device risk and compliance to security baselines. This article includes these steps:-- Connect Microsoft Intune to Defender for Endpoint - Monitor device risk - Monitor compliance to security baselines If Defender for Endpoint hasnΓÇÖt already been set up, work with your threat protection admin to [set up the evaluation and pilot environment](../security/defender/eval-defender-endpoint-overview.md). You can work with the pilot group to try out the capabilities in this article. -## Connect Microsoft Intune to Defender for Endpoint - -Configuring integration of Microsoft Intune with Defender for Endpoint is simple. Use this article: [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure). - -![Connect Intune to Microsoft Defender for Endpoint](../media/devices/connect-intune-to-microsoft-defender.png#lightbox) - ## Monitor device risk as a condition for access With Microsoft Defender for Endpoint deployed, you can take advantage of threat risk signals. This allows you to block access to devices based on their risk score. Microsoft recommends allowing access to devices with a risk score of medium or below. To deploy security baselines and monitor compliance to these settings, use the s \|2 \| Deploy Windows security baseline settings for Intune. You might have already accomplished this if you followed the guidance in [Step 5. Deploy configuration profiles](manage-devices-with-intune-configuration-profiles.md). \| \|3 \| Deploy Defender for Endpoint baseline settings for Intune. See [Manage security baseline profiles in Microsoft Intune](/mem/intune/protect/security-baselines-configure) to create the profile and choose the baseline version.<br><br>You can also follow the instructions here: [Review and assign the Microsoft Defender for Endpoint security baseline](../security/defender-endpoint/configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-for-endpoint-security-baseline). \| \|4 \| In Defender for Endpoint, review the [Security baseline card on device configuration management](../security/defender-endpoint/configure-machines.md). \| -\| \| \| + ## Next steps Go to [Step 7. Implement DLP with information protection capabilities on endpoints](manage-devices-with-intune-dlp-mip.md).
solutions	Microsoft 365 Guest Settings	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-guest-settings.md	Azure Active Directory is the directory service used by Microsoft 365. The Azure These settings affect how users are invited to the directory. They do not affect sharing with guests who are already in the directory. +### Cross-tenant access settings + +Navigation: [Azure Active Directory admin center](https://aad.portal.azure.com) > Azure Active Directory > External Identities > Cross-tenant access settings > Default settings tab + +The default settings apply to all external Azure AD organizations except those with organization-specific settings. Settings for a specific organization can be configured on the Organizational settings tab. There are separate settings for guests (B2B collaboration) and [Azure AD B2B direct connect](/azure/active-directory/external-identities/b2b-direct-connect-overview) users. + +![Screenshot of Azure Active Directory Cross-tenant access settings page.](../media/azure-ad-cross-tenant-default-settings.png) + +Inbound access settings + +Inbound access settings control whether users from external Azure AD organizations can access resources in your organization. + +\| Setting \| Default \| Description \| +\|:--\|:--\|:--\| +\|B2B collaboration - external users and groups\|All Allowed\|Determines what people in other Azure AD organizations can be granted access to resources in your organization as guests.\| +\|B2B collaboration - applications\|All allowed\|Determines what apps in your organization guests can be granted access to.\| +\|B2B direct connect - external users and groups\|All blocked\|Determines if people in other Azure AD organizations can be granted access to resources in your organization through B2B direct connect.\| +\|B2B direct connect - applications\|All blocked\|Determines what apps in your organization B2B direct connect users can be granted access to.\| +\|Trust settings\|Disabled\|Determines if your conditional access policies will accept claims from other Azure AD organizations when people from those organizations access your resources.\| + +Outbound access settings + +Outbound access settings control whether your users can access resources in an external organization. + +\| Setting \| Default \| Description \| +\|:--\|:--\|:--\| +\|B2B collaboration - external users and groups\|All Allowed\|Determines which users in your organization can be granted access to resources in other Azure AD organizations as guests.\| +\|B2B collaboration - applications\|All allowed\|Determines what apps in other Azure AD organizations your users can be granted access to as guests.\| +\|B2B direct connect - external users and groups\|All blocked\|Determines which users in your organization can be granted access to resources in other Azure AD organizations through B2B direct connect.\| +\|B2B direct connect - applications\|All blocked\|Determines what apps in other Azure AD organizations your users can be granted access to through B2B direct connect.\| + ## Microsoft 365 Admin role: Global administrator The Teams master guest access switch, Allow guest access in Teams, must be * \| Setting \| Default \| Description \| \|:--\|:--\|:--\| -\|Allow guest access in Teams\|Off\|Turns guest access on or off for Teams overall. This setting can take 24 hours to take effect once changed.\| +\|Allow guest access in Teams\|On\|Turns guest access on or off for Teams overall. This setting can take 24 hours to take effect once changed.\| ### Guest calling