+In addition to features listed in the preceding table, Basic Mobility and Security and Intune both include a set of remote actions that send commands to devices over the internet. For example, you can remove Office data from an employeeΓÇÖs device while leaving personal data in place (retire), remove Office apps from an employee's device (wipe), or reset a device to its factory settings (full wipe).

+Microsoft Bookings makes scheduling and managing appointments a breeze. Bookings includes a web-based booking calendar and integrates with Outlook to optimize your staffΓÇÖs calendar and give your customers flexibility to book a time that works best for them. Email and SMS text notifications reduce no-shows and enhances customer satisfaction. Your organization saves time with a reduction in repetitive scheduling tasks. With built-in flexibility and ability to customize, Bookings can be designed to fit the situation and needs of many different parts of an organization.

+You can track key data on SMS notifications usage in your organization in the Teams admin center. Usage reports include data such as time and date sent, origin number, message type, event type and delivery status. You can use SMS notification telemetry during the promotional period to help forecast and budget for SMS notifications after May 1, 2022.

+- **Customer data usage consent** When selected, text requesting the user's or customer's consent for your organization to use their data will appear on the Self-Service page. The box will have to be checked by the user in order to complete the booking.

+9. **Enable text message notifications for your customer** If selected, SMS messages are sent to the customer, but only if they opt in.

+In Microsoft Bookings, the Business Information page within the web app contains all the details that you'd typically find on a business' "About us" page. These details include a relevant name, address, phone number, web site URL, privacy policy URL, logo, and business hours.

+This topic describes how to get access to Bookings for the first time. It also tells you how to turn on or off Bookings in your organization. It also explains how you can assign licenses to your users so they can access and use Bookings.

+| Notify when a booking is created or changed | Select this option when you want to receive an email anytime a customer books an appointment or changes an existing one. The email will go to the mailbox specified on the Business information page. See [Enter your business information](enter-business-information.md) for details. |

+ 

+[Manage site storage limits](/sharepoint/manage-site-collection-storage-limits) (article)

+description: "Find out how much tax you will be charged for your Microsoft 365 for business subscription in different regions."

+- **You're in a European Union Member State outside Ireland:** You can provide your valid local VAT ID. This lets Microsoft Ireland Operations Ltd. to VAT zero-rate the transaction. However, you might have a local VAT accounting obligation. If you have any concerns, check with your tax advisors. For instructions, see [Add your VAT ID](#add-your-vat-id).

+- **You're in Armenia, Belarus, Norway, Turkey, or United Arab Emirates:** You can provide your local VAT ID. This entitles Microsoft Ireland Operations Ltd. to VAT zero-rate the transaction. However, you may have a local VAT accounting obligation, so please check with your tax advisors if you have any concerns. For instructions, see [Add your VAT ID](#add-your-vat-id).

+|**MailItemsAccessed**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <br/><br/> Mail data is accessed by mail protocols and clients.|^\*|^\*|^\*|

+|**MessageBind**|**Note**: This value is available only for E3 users (users without E5 or E5 Compliance add-on subscriptions). <br/><br/> A message was viewed in the preview pane or opened by an admin.||||

+|**SearchQueryInitiated**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <br/><br/> A person uses Outlook (Windows, Mac, iOS, Android, or Outlook on the web) or the Mail app for Windows 10 to search for items in a mailbox.||||

+|**Send**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <br/><br/> The user sends an email message, replies to an email message, or forwards an email message.|^\*||^\*|

+ > If mailbox auditing already appears to be enabled on the mailbox, but your searches return no results, change the value of the *AuditEnabled* parameter to `$false` and then back to `$true`.

+ - Use the Exchange admin center (EAC) in Exchange Online to do the following actions:

+## Best practice for endpoint DLP policies

+Say you want to block all items that contain credit card numbers from leaving endpoints of Finance department users. We recommend:

+- Create a policy and scope it to endpoints and to that group of users.

+- Create a rule in the policy that detects the type of information that you want to protect. In this case, **content contains** set to *Sensitive information type**, and select **Credit Card**.

+- Set the actions for each activity to **Block**.

+See, [Design a data loss prevention policy](dlp-policy-design.md) for more guidance on designing your DLP policies.

+| **Step 1**: [Make sure prerequisites are met](#step-1-make-sure-prerequisites-are-met) | - Verify that you have the [required licenses and permissions](information-barriers.md#required-licenses-and-permissions)<br/>- Verify that your directory includes data for segmenting users<br/>- Enable [search by name for Microsoft Teams](/microsoftteams/teams-scoped-directory-search)<br/>- Make sure audit logging is turned on<br/>- Make sure no Exchange address book policies are in place<br/>- Use PowerShell (examples are provided)<br/>- Provide admin consent for Microsoft Teams (steps are included) |

+ 1. In the **Permissions requested** dialog box, review the information, and then choose **Accept**. The permissions requested by the App are given below.

+| **Owner Moderated (preview)** | The IB policy of the Microsoft 365 resource is determined from the resource owner's IB policy. The resource owners can invite any user to the resource based on their IB policies. This mode is useful when your company wants to allow collaboration among incompatible segment users that are moderated by the owner. Only the resource owner can add new members per their IB policy. | The VP of HR wants to collaborate with the VPs of Sales and Research. A new SharePoint site that is set with IB mode *Owner Moderated* to add both Sales and Research segment users to the same site. It is the responsibility of the owner to ensure appropriate members are added to the resource. |

+ Title: "Resources to help you upgrade from Office 2013 clients and servers"

+audience: ITPro

+ms.localizationpriority: medium

+description: Plan your upgrade from Office 2013 clients and servers, because support ends on April 11, 2023.

+# Resources to help you upgrade from Office 2013 clients and servers

+If you're using Office 2013 clients and servers, be aware that ***support ends on April 11, 2023***. If you haven't already begun to upgrade from them to newer versions, we recommend you start now.

+As you plan your upgrade, consider moving to Microsoft 365.

+- Microsoft 365 has cloud-based services, such as Exchange Online, SharePoint, and Teams.

+- Microsoft 365 Apps for enterprise provides Office client apps that you can install on local devices. The apps are updated regularly from the Microsoft cloud with new productivity and security features.

+## Upgrade planning resources

+The following table provides links to planning resources to help you upgrade from these Office 2013 clients and servers.

+|Product|Planning resource|

+|||

+|Office 2013 (desktop apps)<br/>Project 2013<br/>Visio 2013|[Plan an upgrade from older versions of Office to Microsoft 365 Apps](/deployoffice/endofsupport/plan-upgrade-older-versions-office)|

+|Exchange Server 2013|[Exchange 2013 end of support roadmap](exchange-2013-end-of-support.md)|

+|SharePoint Server 2013 <br/> SharePoint Foundation 2013|[Upgrading from SharePoint 2013](upgrade-from-sharepoint-2013.md)|

+|Project Server 2013|[Project Server 2013 end of support roadmap](project-server-2013-end-of-support.md)|

+|Lync Server 2013|[Upgrading from Lync Server 2013](upgrade-from-lync-2013.md)|

+We also recommend business and enterprise customers use the deployment benefits provided by Microsoft and Microsoft Certified Partners, including [Microsoft FastTrack](https://www.microsoft.com/fasttrack) for cloud migrations.

+> [!NOTE]

+> If you use Office 2013 products and applications at home, [review this information](plan-upgrade-previous-versions-office.md#im-a-home-user-what-do-i-do) for your upgrade choices.

+## Related articles

+- [Microsoft Lifecycle Policy](/lifecycle/)

+- [Plan your upgrade from Office 2007 or Office 2010 servers and clients](plan-upgrade-previous-versions-office.md)

+| Feature/Capability | [Defender for Business](mdb-overview.md)<br/>(standalone; currently in preview) | [Defender for Endpoint Plan 1](../defender-endpoint/defender-endpoint-plan-1.md) | [Defender for Endpoint Plan 2](../defender-endpoint/microsoft-defender-endpoint.md) |

+|:|:|:|:|

+| [Submit samples consent](/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | By default, [SubmitSamplesConsent](/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) is set to send safe samples automatically. Examples of safe samples include `.bat`, `.scr`, `.dll`, and `.exe` files that don't contain personally identifiable information (PII). If a file does contain PII, the user receives a request to allow the sample submission to proceed.<br/><br/>[Learn more about cloud protection and sample submission](../defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md) |

+- [Policy CSP - Defender](/windows/client-management/mdm/policy-csp-defender)

+#### [Submit suspicious files](admin-submissions-mde.md)

+ Title: Submit suspicious files in Microsoft Defender for Endpoint

+description: Learn how to use the unified submissions feature in Microsoft 365 Defender to submit suspicious emails, URLs, email attachments, and files to Microsoft for scanning.

+keywords: antivirus, spam, phish, file, alert, Microsoft Defender for Endpoint, false positive, false negative, blocked file, blocked url, submission, submit, report

+search.product: eADQiWindows 10XVcnh

+search.appverid: met150

+ms.technology: mde

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+localization_priority: Normal

+audience: ITPro

+- m365-security-compliance

+- m365initiative-defender-endpoint

+- m365solution-scenario

+- m365scenario-fpfn

+# Submit suspicious files in Microsoft Defender for Endpoint

+**Applies to**

+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)

+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)

+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink).

+In Microsoft Defender for Endpoint, admins can use the unified submissions feature to submit files and file hashes (SHAs) to Microsoft for review. The unified submissions experience is a one-stop shop for submitting emails, URLs, email attachments, and files in one, easy-to-use submission experience. Admins can use the Microsoft 365 Defender portal or the Microsoft Defender for Endpoint Alert page to submit suspicious files.

+## What do you need to know before you begin?

+- The new unified submissions experience is available only in subscriptions that include Microsoft 365 Defender, Microsoft Defender for Endpoint Plan 2, or Microsoft Defender for Office Plan 2.

+- To submit files to Microsoft, you need to be a member of one of the following role groups:

+ - **Organization Management** or **Security Administrator** in the [Microsoft 365 Defender portal](../office-365-security/permissions-microsoft-365-security-center.md).

+- For more information about how you can submit spam, phish, URLs, and email attachments to Microsoft, see [Report messages and files to Microsoft](../office-365-security/report-junk-email-messages-to-microsoft.md).

+## Report suspicious items to Microsoft from the portal

+If you have a file that you suspect might be malware or is being incorrectly detected, you can submit it to Microsoft for analysis using the Microsoft 365 Defender portal at https://security.microsoft.com/.

+### Submit a suspected file or file hash

+1. Open Microsoft 365 Defender at <https://security.microsoft.com/>, click **Actions & submissions**, click **Submissions**, go to **Files** tab, and then select **Add new submission**.

+ > [!div class="mx-imgBorder"]

+ > 

+2. Use the **Submit items to Microsoft for review** flyout that appears to submit the **File** or **File hash**.

+3. In the **Select the submission type** box, select **File** or **File hash** from the drop-down list.

+4. When submitting a file, click **Browse files**. In the dialog that opens, find and select the file, and then click **Open**. Note that for **File hash** submissions, you'll either have to copy or type in the file hash.

+5. In the **This file should have been categorized as** section, choose either **Malware** (false negative), or **Unwanted software**, or **Clean** (false positive).

+

+6. Next, **Choose the priority**. Note that for **File hash** submissions, **Low - bulk file or file hash submission** is the only choice, and is automatically selected.

+ > [!div class="mx-imgBorder"]

+ > 

+8. Click **Submit**.

+

+ If you want to view the details of your submission, select your submission from the **Submissions name** list to open the **Result details** flyout.

+## Report suspicious items to Microsoft from the Alerts page

+You can also submit a file or file hash directly from the list of alerts on the **Alerts** page.

+1. Open the Microsoft 365 Defender at <https://security.microsoft.com/>, click **Incidents & alerts**, and then click **Alerts** to view the list of alerts.

+2. Select the alert you want to report. Note that you are submitting a file that is nestled within the alert.

+3. Click the ellipses next to **Manage alert** to see additional options. Select **Submit items to Microsoft for review**.

+ > [!div class="mx-imgBorder"]

+ > 

+4. In the next flyout that opens, select the submission type.

+ > [!div class="mx-imgBorder"]

+ > 

+ If you select **File** as the submission type, upload the file, categorize your submission, and choose the priority.

+

+ If you select **File Hash** as the submission type, choose the file hashes that are available from the drop-down. You can select multiple file hashes.

+

+5. Click **Submit**.

+## Related information

+- [Microsoft Defender for Endpoint in Microsoft 365 Defender](../defender/microsoft-365-security-center-mde.md)

+- [Address false positives/negatives](defender-endpoint-false-positives-negatives.md)

+- [View and organize alerts queue in Microsoft Defender for Endpoint](alerts-queue.md)

+> By default, "SignatureScheduleDay" is set as "8" and "SignatureUpdateInterval" is set as "0" so Microsoft Defender Antivirus will not schedule protection updates.

+Enabling these settings will override that default.

+> Microsoft Defender Antivirus Security intelligence updates and platform updates are delivered through Windows Update and starting Monday, October 21, 2019, all security intelligence updates will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to update your security intelligence. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).

+To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, Microsoft security intelligence updates, and platform updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads.

+> [!NOTE]

+> Security intelligence updates contain engine updates and are released on a monthly cadence.

+Security intelligence updates are also delivered multiple times a day, but this package doesnΓÇÖt contain an engine.

+> If you have set [Microsoft Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates and platform updates when the current update is considered out-of-date. (By default, this is seven consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services).

+> Starting Monday, October 21, 2019, security intelligence updates and platform updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates and platform updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).

+|Security intelligence updates and platform updates for Microsoft Defender Antivirus and other Microsoft anti-malware (formerly referred to as MMPC)|[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence and platform updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates and platform updates will be SHA-2 signed exclusively. <br/>Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-microsoft-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).|

+## Create a UNC share for security intelligence and platform updates

+Set up a network file share (UNC/mapped drive) to download security intelligence and platform updates from the MMPC site by using a scheduled task.

+<summary>March-2022 (Platform: 4.18.2203.5 | Engine: 1.1.19100.5)</summary>

+&ensp;Security intelligence update version: **1.361.1449.0**<br/>

+&ensp;Released: **March 7, 2022**<br/>

+&ensp;Platform: **4.18.2203.5**<br/>

+&ensp;Engine: **1.1.19100.5**<br/>

+&ensp;Support phase: **Security and Critical Updates**<br/>

+Engine version: 1.1.19100.5 <br/>

+Security intelligence update version: 1.361.1449.0<br/>

+### What's new

+- Added fix for an [attack surface reduction rule](attack-surface-reduction.md) that blocked an Outlook add-in

+- Added fix for [behavior monitoring](configure-protection-features-microsoft-defender-antivirus.md) performance issue related to short live processes

+- Added fix for [AMSI](/windows/win32/amsi/antimalware-scan-interface-portal) exclusion

+- Improved [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) capabilities

+- Added a fix for [real-time protection](configure-protection-features-microsoft-defender-antivirus.md) getting disabled in some cases when using `SharedSignaturesPath` config (For more details about the `SharedSignaturesPath` parameter, see [Set-MpPreference](/powershell/module/defender/set-mppreference))

+### Known Issues

+No known issues

+<br/><br/>

+</details><details>

+</details>

+### Previous version updates: Technical upgrade support only

+After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.<br/><br/>

+<details>

+&ensp;Support phase: **Technical upgrade support (only)**<br/>

+</details><details>

+- Windows 10

+- Windows 10 Enterprise multi-session

+- Windows Server 2019

+> Tamper protection in Windows Server 2012 R2 is available for devices that are onboarded to Microsoft Defender for Endpoint by using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016 Preview](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-functionality-in-the-modern-unified-solution-for-windows-server-2012-r2-and-2016-preview).

+During some kinds of cyber attacks, bad actors try to disable security features, such as antivirus protection, on your machines. Bad actors like to disable your security features to get easier access to your data, to install malware, or to otherwise exploit your data, identity, and devices. Tamper protection helps prevent these kinds of things from occurring. With tamper protection, malicious apps are prevented from taking actions such as:

+## Potential dependency on cloud protection

+

+Depending on the method or management tool you use to enable tamper protection, there might be a dependency on [cloud-delivered protection](cloud-protection-microsoft-defender-antivirus.md) Cloud-delivered protection is also referred to as cloud protection, or Microsoft Advanced Protection Service (MAPS).

+| How tamper protection is enabled | Dependency on cloud protection |

+|Microsoft Endpoint Configuration Manager with Tenant Attach|No|

+ - Windows 10

+ - Windows 10 Enterprise multi-session

+ - Windows Server 2019

+> [!NOTE]

+> When tamper protection is enabled via the Microsoft 365 Defender portal, cloud-delivered protection is required, so that the enabled state of tamper protection can be controlled.

+> Starting with the November 2021 update (platform version `4.18.2111.5`), if cloud-delivered protection is not turned on for a device and tamper protection is turned on in the Microsoft 365 Defender portal, then cloud-delivered protection will be automatically turned on for that device along with tamper protection.

+- Windows 11

+- Windows 11 Enterprise multi-session

+- Windows 10 OS [1709](/windows/release-health/status-windows-10-1709), [1803](/windows/release-health/status-windows-10-1803), [1809](/windows/release-health/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint).

+- Windows 10 Enterprise multi-session

+- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)

+- [Get an overview of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)

+- [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md)

+>[!NOTE]

+>The collection of DeviceLogonEvents is not supported on Windows 7 or Windows Server 2008R2 devices onboarded to Defender for Endpoint. We recommend upgrading to a more recent operating system for optimal visibility into user logon activity.

+>The following features are in preview or generally available (GA) in the latest release of Microsoft 365 Defender.

+> [!NOTE]

+> Want to experience Microsoft 365 Defender? Learn more about how you can [evaluate and pilot Microsoft 365 Defender](/microsoft-365/security/defender/eval-overview?ocid=cx-docs-MTPtriallab).

+> [!NOTE]

+> Want to experience Microsoft 365 Defender? Learn more about how you can [evaluate and pilot Microsoft 365 Defender](/microsoft-365/security/defender/eval-overview?ocid=cx-docs-MTPtriallab).

+- [Zero-hour Purge (ZAP)](zero-hour-auto-purge.md) for spam and phishing take no action on these messages.^\*\*

+^\* You can't bypass malware filtering.

+^\*\* You can bypass ZAP for malware by creating an anti-malware policy for the SecOps mailbox where ZAP for malware is turned off. For instructions, see [Configure anti-malware policies in EOP](configure-anti-malware-policies.md).

+ Title: Configure and review priority accounts in Microsoft Defender for Office 365

+f1.keywords:

+ - NOCSH

+audience: ITPro

+ms.localizationpriority: medium

+search.appverid:

+ - MET150

+ - M365-security-compliance

+description: Learn how to identify critical people in an organization and add the priority account tag to provide them with extra protection.

+ms.technology: mdo

+# Configure and review priority accounts in Microsoft Defender for Office 365

+**Applies to**

+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)

+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)

+In every organization, there are people that are critical, like executives, leaders, managers, or other users who have access to sensitive, proprietary, or high priority information. You can tag these users within Microsoft Defender for Office 365 as priority accounts, allowing security teams to prioritize their focus on these critical individuals. With differentiated protection for priority accounts, users tagged as priority accounts will receive a higher level of protection against threats.

+Priority accounts are targeted by attackers more often and are generally attacked with more sophisticated techniques. Differentiated protection for priority accounts focuses on this specific user set and provides higher level of protection using enhanced machine learning models. This differentiation in learning and message handling provides the highest level of protection for these accounts and helps maintain a low false positive rate, as a high rate of false positives can also have a negative impact on these users.

+## Configure priority account protection

+Priority account protection is turned on by default for pre-identified critical users. However, the security administrator of your organization can also turn on priority account protection by following these steps:

+1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Settings** \> **Email & collaboration** \> **Priority account protection**.

+2. Turn on **Priority account protection**.

+ > [!div class="mx-imgBorder"]

+ > 

+> [!NOTE]

+> It is not recommended to disable or turn off priority account protection.

+### Enable the priority account tag

+Microsoft Defender for Office 365 supports priority accounts as tags that can be used as filters in alerts, reports, and investigations.

+For more information, see [User tags in Microsoft Defender for Office 365](user-tags.md).

+## Review differentiated protection in Threat protection status report, Threat Explorer, and email entity page

+### Threat protection status report

+The Threat protection status report is a single view that brings together information about malicious content and malicious email detected and blocked by Microsoft Defender for Office 365.

+To view the report in the Microsoft 365 Defender portal, go to **Reports** \> **Email & collaboration** \> **Email & collaboration reports**. On the **Email & collaboration reports** page, find **Threat protection status**, and then click **View details**.

+### Threat Explorer

+Context filter within Threat Explorer helps search for emails where priority account protection was involved in the detection of the message. This allows security operations teams to be able to see the value provided by this protection. You can still filter messages by priority account tag to find all messages for the specific set of users.

+To view the extra protection, in the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Explorer**, select **Context** from the dropdown, and then select the checkbox next to **Priority account protection**.

+> [!div class="mx-imgBorder"]

+> 

+### Email entity page

+The email entity page is available in the Microsoft 365 Defender portal at <https://security.microsoft.com> at **Email & collaboration** \> **Explorer**. In **Explorer**, select the subject of an email you're investigating. A gold bar will display at the top of the email flyout for that mail. Select to view the new page.

+The tabs along the top of the entity page will allow you to investigate email efficiently. Click the **Analysis** tab. Priority account protection is now listed under **Threat detection details**.

+## More information

+- [User tags in Microsoft Defender for Office 365](user-tags.md)

+- [Manage and monitor priority accounts](../../admin/setup/priority-accounts.md)

+- *Open Investigation page* this opens up an admin Investigation that contains fewer details and tabs. It shows details like: related alert, entity selected for remediation, action taken, remediation status, entity count, logs, approver of action. This investigation keeps a track of investigation done by the admin manually and contains details to selections made by the admin, hence is called admin action investigation. No need to act on the investigation and alert its already in approved state.

+- *Email count* Displays the number of emails submitted through Threat Explorer. These emails can be actionable or not actionable.

+- *Action logs* Show the details of remediation statuses like successful, failed, and already in destination.

+ Title: Try and evaluate Defender for Office 365

+description: Learn how to evaluate and try the capabilities of Microsoft Defender for Office 365 without affecting your existing mail flow.

+ROBOTS:

+- [Attack simulation](attack-simulation-training.md#target-users)

+## More information

+- [Configure and review priority accounts in Microsoft Defender for Office 365](configure-review-priority-account.md)

+It is important to understand that these security baselines are not CIS or NIST compliant but closely mirror their recommendations. For more information, see [Are the Intune security baselines CIS or NIST compliant?](/mem/intune/protect/security-baselines#are-the-intune-security-baselines-cis-or-nist-compliant)

+For Android and iOS/iPadOS, threat signals can be used within your App Protection Policies (APP). For information on configuring this, see [Create and assign app protection policy to set device risk level](/mem/intune/protect/advanced-threat-protection-configure#create-and-assign-compliance-policy-to-set-device-risk-level).

+For all platforms, you can set the risk level in the existing device compliance policies. See [Create a conditional access policy](/mem/intune/protect/advanced-threat-protection-configure#create-a-conditional-access-policy).