Updates from: 05/12/2021 03:14:34
Category Microsoft Docs article Related commit history on GitHub Change details
admin Sign Up For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
f1.keywords:
+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_signup-- PPM_pablom- search.appverid: - MET150
You don't need to cancel your trial. If you don't buy the trial subscription, it
## Related content
-[Microsoft 365 for business training videos](../../business-video/index.yml) (link page)
+[Microsoft 365 for business training videos](../../business-video/index.yml) (link page)
admin What Subscription Do I Have https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-subscription-do-i-have.md
f1.keywords:
+ audience: Admin
- M365-subscription-management - Adm_O365 - Adm_O365_Setup-- Adm_TOC - okr_smb - AdminSurgePortfolio-- MET150
+- commerce_subscriptions
+search.appverid: MET150
description: "Learn to verify which subscriptions your organization has by going to the Your products page." Last updated : 01/21/2021 # What subscription do I have? If you're an admin, you can verify which subscriptions your organization has by going to the admin center.
- **Not an admin?** See [What Microsoft 365 for business product or license do I have?](https://support.microsoft.com/office/f8ab5e25-bf3f-4a47-b264-174b1ee925fd)
+**Not an admin?** See [What Microsoft 365 for business product or license do I have?](https://support.microsoft.com/office/f8ab5e25-bf3f-4a47-b264-174b1ee925fd)
1. In the admin center, go to the **Billing** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page. 2. On the **Products** tab, you see all your subscriptions. Each subscription line includes information about licenses, subscription status, and billing.
If you're an admin, you can verify which subscriptions your organization has by
## Related content
-[Subscriptions and billing](../../commerce/index.yml) (links)
+[Subscriptions and billing](../../commerce/index.yml) (links)
admin Configure Email Forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-email-forwarding.md
description: "Set up email forwarding to one or more email accounts using Office
As the admin of an organization, you might have company requirements to set up email forwarding for a user's mailbox. Email forwarding lets you forward email messages sent to a user's mailbox to another user's mailbox inside or outside of your organization. > [!IMPORTANT]
-> You can use outbound spam filter policies to control automatic forwarding to external recipients. For more information, see [Control automatic external email forwarding in Microsoft 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide&preserve-view=true#how-the-outbound-spam-filter-policy-settings-work-with-other-automatic-email-forwarding-controls).
+> You can use outbound spam filter policies to control automatic forwarding to external recipients. For more information, see [Control automatic external email forwarding in Microsoft 365](/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide&preserve-view=true#how-the-outbound-spam-filter-policy-settings-work-with-other-automatic-email-forwarding-controls).
## Configure email forwarding
You must be an Exchange administrator or Global administrator in Microsoft 365 t
1. In the admin center, go to the **Users** \> **[Active users](https://go.microsoft.com/fwlink/p/?linkid=834822)** page.
-2. Select the name of the user whose email you want to forward to open the properties page.
+2. Select the name of the user whose email you want to forward, then open the properties page.
3. On the **Mail** tab, select **Manage email forwarding**.
You must be an Exchange administrator or Global administrator in Microsoft 365 t
Or, in the admin center, [create a distribution group](../setup/create-distribution-lists.md), [add the addresses to it](add-user-or-contact-to-distribution-list.md), and then set up forwarding to point to the DL using the instructions in this article.
-5. Don't delete the account of the user who's email you're forwarding or remove their license! If you do, email forwarding will stop.
+5. Don't delete the account of the user who's email you're forwarding or remove their license! If you do, email forwarding will stop.
+++
+1. In the admin center, go to the **Users** \> **[Active users](https://go.microsoft.com/fwlink/p/?linkid=847686)** page.
+
+2. Select the name of the user whose email you want to forward to open the properties page.
+
+3. Expand **Mail settings**, and then in the **Email forwarding** section, select **Edit**.
+
+4. On the email forwarding page, set the toggle to **On**, enter the forwarding address, and choose whether you want to keep a copy of forwarded emails. If you don't see this option, make sure a license is assigned to the user account. Select **Save**.
+
+ **To forward to multiple email addresses**, you can ask the user to set up a rule in Outlook to forward to the addresses. To learn more, see [Use rules to automatically forward messages](https://support.microsoft.com/office/45aa9664-4911-4f96-9663-ece42816d746).
+
+ Or, in the admin center, [create a distribution group](../setup/create-distribution-lists.md), [add the addresses to it](add-user-or-contact-to-distribution-list.md), and then set up forwarding to point to the DL using the instructions in this article.
+
+5. Don't delete the account of the user who's email you're forwarding or remove their license! If you do, email forwarding will stop.
+++
+1. In the admin center, go to the **Users** \> **[Active users](https://go.microsoft.com/fwlink/p/?linkid=850628)** page.
+
+2. Select the name of the user whose email you want to forward to open the properties page.
+
+3. Expand **Mail settings**, and then in the **Email forwarding** section, select **Edit**.
+
+4. On the email forwarding page, set the toggle to **On**, enter the forwarding address, and choose whether you want to keep a copy of forwarded emails. If you don't see this option, make sure a license is assigned to the user account. Select **Save**.
+
+ **To forward to multiple email addresses**, you can ask the user to set up a rule in Outlook to forward to the addresses. To learn more, see [Use rules to automatically forward messages](https://support.microsoft.com/office/45aa9664-4911-4f96-9663-ece42816d746).
+
+ Or, in the admin center, [create a distribution group](../setup/create-distribution-lists.md), [add the addresses to it](add-user-or-contact-to-distribution-list.md), and then set up forwarding to point to the DL using the instructions in this article.
+
+5. Don't delete the account of the user who's email you're forwarding or remove their license! If you do, email forwarding will stop.
++
admin Remove License From Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/remove-license-from-shared-mailbox.md
f1.keywords:
- NOCSH + audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- Adm_TOC -- MSStore_Link - AdminSurgePortfolio
+- commerce_licensing
search.appverid: - BCS160 - MET150 - MOE150 description: "Remove license from a shared mailbox to assign it to another user. "
description: "Remove license from a shared mailbox to assign it to another user.
Shared mailboxes usually don't require a license. Follow these instructions to remove a license from a shared mailbox so that you can either assign it to a user or return the license so that you aren't paying for a license you don't need. > [!NOTE]
+>
> A license is required in the following scenarios:
+>
> 1. The shared mailbox has more than 50 GB of storage in use. > 2. The shared mailbox uses in-place archiving. > 3. The shared mailbox is placed in litigation hold. > 4. The shared mailbox has a Microsoft Defender license assigned.
-
## Remove the license ::: moniker range="o365-worldwide"
Shared mailboxes usually don't require a license. Follow these instructions to r
1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a> page. > [!NOTE]
- > You need to remove the license from the Active users page. You can't remove the license from the Shared mailbox page because licenses are user settings.
+ > You need to remove the license from the Active users page. You can't remove the license from the Shared mailbox page because licenses are user settings.
2. Select the shared mailbox.
Shared mailboxes usually don't require a license. Follow these instructions to r
6. You're still paying for the license. To stop paying for it, [remove the license from your subscription](../../commerce/licenses/buy-licenses.md). -
-
## Related articles
Shared mailboxes usually don't require a license. Follow these instructions to r
[Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md)
-[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md)
+[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md)
admin Change Nameservers At Any Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/change-nameservers-at-any-domain-registrar.md
description: "Learn how to add and set up your domain in Microsoft 365 so that y
**[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.
-Check [Set up your domain (host-specific instructions)](../get-help-with-domains/set-up-your-domain-host-specific-instructions.md) first to see if we have instructions for your registrar.
-
Follow these instructions to add and set up your domain in Microsoft 365 so your services like email and Teams will use your own domain name. To do this, you'll verify your domain, and then change your domain's nameservers to Microsoft 365 so the correct DNS records can be set up for you. Follow these steps if the following statements describe your situation: - You have your own domain and want to set it up to work with Microsoft 365.
For example, here are some additional steps that might be required for email and
1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">Domains</a> page.
-2. On the **Domains** page, select the domain and then choose **DNS Records**.
+2. On the **Domains** page, select a domain.
+
+3. On the domain details page, select the **DNS records** tab.
+
+4. Select **Add record**.
+
+5. In the **Add a custom DNS record** pane, from the **Type** dropdown list, select **A (Address)**.
+
+6. In the **Host name or Alias** box, type **@**.
-3. Under **Manage DNS**, select **Custom Records**, and then choose **New custom record**.
+7. In the **IP Address** box, type the static IP address for the website where it's currently hosted. For example, 172.16.140.1.
+
+> [!IMPORTANT]
+> This must be a _static_ IP address for the website, not a _dynamic_ IP address. To make sure you can get a static IP address for your public website, check with the site that hosts your website.
+
+8. If you want to change the TTL setting for the record, select a new length of time from the **TTL** dropdown list. Otherwise, continue to step 9.
+
+9. Select **Save**.
+
+In addition, you can create a CNAME record to help customers find your website.
+
+1. Select **Add record**.
-4. Select the type of DNS record you want to add, and type the information for the new record.
+3. In the **Add a custom DNS record** pane, from the **Type** dropdown list, select **CNAME (Alias)**.
+4. In the **Host name or Alias** box, type **www**.
+5. In the **Points to address** box, type the fully qualified domain name (FQDN) for your website. For example, **contoso.com**.
+6. If you want to change the TTL setting for the record, select a new length of time from the **TTL** dropdown list. Otherwise, continue to step 6.
+7. Select **Save**.
-5. Select **Save**.
+After the nameserver records are updated to point to Microsoft, your domain setup is complete. Email is routed to Microsoft, and traffic to your website address continues to go to your current website host.`
> [!NOTE] > Your nameserver record updates may take up to several hours to update across the Internet's DNS system. Then your Microsoft email and other services will be all set to work with your domain.
admin Set Up Your Domain Host Specific Instructions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/set-up-your-domain-host-specific-instructions.md
Title: "Set up your domain (host-specific instructions)"
+ Title: "Set up your domain"
f1.keywords: - NOCSH
ms.assetid: ae950c9e-e8d9-4108-b0cb-449156998580
description: "Learn how to manage your own DNS records or let Microsoft manage your DNS records for you."
-# Set up your domain (host-specific instructions)
+# Set up your domain
To start using a custom domain (contoso.com) with Microsoft 365, you need to verify your domain and configure your domain's DNS records.
admin Assign Licenses To Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/assign-licenses-to-users.md
f1.keywords:
+ audience: Admin localization_priority: Priority - M365-subscription-management-- Adm_TOC
+- Adm_O365
- AdminSurgePortfolio - TopSMBIssues - SaRA - okr_SMB - manage_licenses-- commerce-- MET150
+- commerce_licensing
+search.appverid: MET150
description: "Learn how to assign licenses to users." Last updated : 04/26/2021 # Assign licenses to users
admin Change Address Contact And More https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/change-address-contact-and-more.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commcerce_billing-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to make changes to your organization profile, such as organization name, address, phone, technical contact, and email." Last updated 03/30/2021
To learn about changing other profile information, see [Change your contact pref
### Email signatures
-You can change your email signature in Outlook Web App. For more information, see [Mail settings](https://support.microsoft.com/office/30c69a79-efc6-42d2-b740-4bf1c1f8a01c).
+You can change your email signature in Outlook Web App. For more information, see [Mail settings](https://support.microsoft.com/office/30c69a79-efc6-42d2-b740-4bf1c1f8a01c).
admin Customize The App Launcher https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/customize-the-app-launcher.md
You can add your own custom tiles to the app launcher that point to SharePoint s
4. Enter a **Tile name** for the new tile. The name will appear in the tile.
-5. Enter a **URL of website** for the tile. This is the location where you want your users to go when they select the tile on the app launcher. Use HTTPS in the URL.<br/>TIP: If you're creating a tile for a SharePoint site, navigate to that site, copy the URL, and paste it here. The URL of your default team site looks like this: `https://<company_name>.sharepoint.com`
+5. Enter a **URL of website** for the tile. This is the location where you want your users to go when they select the tile on the app launcher. Use HTTPS in the URL.
+
+ > [!TIP]
+ > If you're creating a tile for a SharePoint site, navigate to that site, copy the URL, and paste it here. The URL of your default team site looks like this: `https://<company_name>.sharepoint.com`
-6. Enter an **URL of the image** for the tile. The image appears on the My apps page and app launcher.<br/>TIP: The image should be 60x60 pixels and be available to everyone in your organization without requiring authentication.
+6. Enter a **URL of the image** for the tile. The image appears on the My apps page and app launcher.
+
+ > [!TIP]
+ > The image should be 60x60 pixels and be available to everyone in your organization without requiring authentication.
7. Enter a **Description** for the tile. You see this when you select the tile on the My apps page and select **App details**. 8. Select **Save changes** to create the custom tile.
-Your custom tile now appears in the app launcher on the **All** tab for you and your users.
+ Your custom tile now appears in the app launcher on the **All** tab for you and your users.
> [!NOTE] > If you don't see the custom tile created in the previous steps, make sure you have an Exchange Online mailbox assigned to you and you've signed into your mailbox at least once. These steps are required for custom tiles in Microsoft 365. ## Edit or delete a custom tile
-1. In the admin center, go to the **Settings** > **Org Settings** > **Organization profile**</a> tab.
+1. In the admin center, go to the **Settings** > **Org Settings** > **Organization profile** tab.
2. On the **Organization profile** page, next to **Add custom tiles for your organization**, select **Edit**.
admin Manage Addins In The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-addins-in-the-admin-center.md
For more information about installing add-ins from the admin center, see [Deploy
An add-in can be in either the **On** or **Off** state.
-|**State**|**How the state occurs**|**Impact**|
+| State | How the state occurs | Impact |
|:--|:--|:--| |**Active** <br/> |Admin uploaded the add-in and assigned it to users or groups. <br/> |Users and groups assigned to the add-in see it in the relevant clients. <br/> | |**Turned off** <br/> |Admin turned off the add-in. <br/> |Users and groups assigned to the add-in no longer have access to it. <br/> If the add-in state is changed to Active, the users and groups will have access to it again. <br/> |
You can also delete an add-in that was deployed.
1. In the admin center, go to the **Settings** > **Services & add-ins** page.
- > [!NOTE]
+ > [!NOTE]
> The admin center is getting updated to deployment experience with Integrated Apps . If you don't see the above steps, go to Centralized Deployment section by going to **Settings** > **Integrated apps**. On the top of the **Integrated apps** page, choose **Add-ins**. 2. Select the deployed add-in.
-3. Click on **Delete Add-In**. Remove the Add-in button on the bottom right corner.
+3. Click on **Delete Add-In**. Remove the Add-in button on the bottom-right corner.
4. Validate your selections, and choose **Remove add-in**.
Post deployment, admins can also manage user access to add-ins.
1. In the admin center, go to the **Settings** > **Services & add-ins** page.
- > [!NOTE]
+ > [!NOTE]
> The admin center is getting updated to deployment experience with Integrated Apps . If you don't see the above steps, go to Centralized Deployment section by going to **Settings** > **Integrated apps**. On the top of the **Integrated apps** page, choose **Add-ins**. 2. Select the deployed add-in.
As an organization you may wish to prevent the download of new Office add-ins fr
1. In the admin center, go to the **Settings** \> [Services &amp; add-ins](https://go.microsoft.com/fwlink/p/?linkid=2053743) page.
- > [!NOTE]
- > The admin center is getting updated to deployment experience with Integrated Apps . If you don't see the above steps, go to Centralized Deployment section by going to **Settings** > **Integrated apps**. On the top of the **Integrated apps** page, choose **Add-ins**.
+ > [!NOTE]
+ > The admin center is getting updated to deployment experience with Integrated Apps. If you don't see the above steps, go to Centralized Deployment section by going to **Settings** > **Integrated apps**. On the top of the **Integrated apps** page, choose **Add-ins**.
3. Select **User owned apps and services**. 4. Clear the option to let users access the Office store.
-This will prevent all users from acquiring the following add-ins from the store.
-
-- Add-ins for Word, Excel, and PowerPoint 2016 from:
-
- - Windows
-
- - Mac
-
- - Office
-
-
-- Acquisitions starting within **AppSource**
-
-- Add-ins within Microsoft 365
-
-A user who tries to access the store will see the following message: **Sorry, Microsoft 365 has been configured to prevent individual acquisition of Office Store add-ins.**
+ This will prevent all users from acquiring the following add-ins from the store.
+
+ - Add-ins for Word, Excel, and PowerPoint 2016 from:
+
+ - Windows
+ - Mac
+ - Office
+
+
+ - Acquisitions starting within **AppSource**
+
+ - Add-ins within Microsoft 365
+
+ A user who tries to access the store will see the following message: **Sorry, Microsoft 365 has been configured to prevent individual acquisition of Office Store add-ins.**
Support for turning off the Office Store is available in the following versions:
This does not prevent an administrator from using Centralized Deployment to assi
To prevent a user from signing in with a Microsoft account, you can restrict logon to use only the organizational account. For more information, see [Identity, authentication, and authorization in Office 2016](/DeployOffice/security/identity-authentication-and-authorization-in-office). > [!NOTE]
-> Preventing users from accessing the office store will also prevent them from [Sideloading Office Add-ins for testing from a network share](https://docs.microsoft.com/office/dev/add-ins/testing/create-a-network-shared-folder-catalog-for-task-pane-and-content-add-ins).
+> Preventing users from accessing the office store will also prevent them from [Sideloading Office Add-ins for testing from a network share](/office/dev/add-ins/testing/create-a-network-shared-folder-catalog-for-task-pane-and-content-add-ins).
-## More about the end user experience with add-ins
+## More about the end-user experience with add-ins
After you deploy an add-in, your end users can start using it in their Office applications (see [Start using your Office Add-in](https://support.microsoft.com/office/82e665c4-6700-4b56-a3f3-ef5441996862)). The add-in appears on all platforms that the add-in supports.
If the deployed add-in doesn't support add-in commands or if you want to view al
2. Select the **Admin Managed** tab in the Office Add-ins window.
-3. Double-click the add-in you deployed earlier (in this example, **Citations** ). <br/>![Admin Managed tab of the Office Add-ins page](../../media/fd36ba81-9882-40f0-9fce-74f991aa97d5.png)
+3. Double-click the add-in you deployed earlier (in this example, **Citations**).
+
+ ![Admin Managed tab of the Office Add-ins page](../../media/fd36ba81-9882-40f0-9fce-74f991aa97d5.png)
### In Outlook
-1. On the **Home** ribbon, select **Get Add-ins**.<br/>![Store button in Outlook](../../media/getaddinsicon.png)
+1. On the **Home** ribbon, select **Get Add-ins**.
+
+ ![Store button in Outlook](../../media/getaddinsicon.png)
2. Select **Admin-managed** in the left nav.
admin Remove Licenses From Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/remove-licenses-from-users.md
f1.keywords:
+ audience: Admin localization_priority: Normal - M365-subscription-management-- Adm_TOC
+- Adm_O365
- AdminSurgePortfolio-- manage_licenses - okr_smb-- commerce-- MET150
+- manage_licenses
+- commerce_licensing
+search.appverid: MET150
description: "Learn how to unassign licenses from user accounts." Last updated 07/01/2020
When you use the **Active users** page to unassign licenses, you unassign produc
3. In the right pane, select **Licenses and Apps**. 4. Expand the **Licenses** section, clear the boxes for the licenses that you want to unassign, then select **Save changes**.
-### Unassign licenses from multiple users
+### Unassign licenses from multiple users
::: moniker range="o365-worldwide"
When you use the **Active users** page to unassign licenses, you unassign produc
- When a license is removed from a user, data that is associated with that account is held for 30 days. After the 30-day grace period, the data is deleted and can't be recovered. - Files saved in OneDrive for Business aren't deleted unless the user is deleted from the Microsoft 365 admin center or is removed through Active Directory synchronization. For more information, see [OneDrive retention and deletion](/onedrive/retention-and-deletion).-- When the license is removed, the user's mailbox is no longer searchable by using an eDiscovery tool such as Content search or Advanced eDiscovery. For more information, see "Searching disconnected or de-licensed mailboxes" in [Content search reference](../../compliance/content-search-reference.md#searching-disconnected-or-de-licensed-mailboxes).
+- When the license is removed, the user's mailbox is no longer searchable by using an eDiscovery tool such as Content Search or Advanced eDiscovery. For more information, see "Searching disconnected or de-licensed mailboxes" in [Content Search in Microsoft 365](../../compliance/content-search.md).
- If you have an Enterprise subscription, like Office 365 Enterprise E3, Exchange Online lets you preserve the mailbox data of a deleted user account by using [inactive mailboxes](../../compliance/inactive-mailboxes-in-office-365.md). For more information, see [Create and manage inactive mailboxes in Exchange Online](../../compliance/create-and-manage-inactive-mailboxes.md). - To learn how to block a user's access to Microsoft 365 data after their license is removed, and how to get access to the data afterwards, see [Remove a former employee](../add-users/remove-former-employee.md). - If you remove a user's license and they still have Office apps installed, they see [Unlicensed Product and activation errors in Office](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380) when they use Office apps.
If youΓÇÖre not going to [reassign the unused licenses to other users](../../man
[Remove licenses from your subscription](../../commerce/licenses/buy-licenses.md) (article)\ [Assign licenses to users](assign-licenses-to-users.md) (article)\
-[Understand subscriptions and licenses in Microsoft 365 for business](../../commerce/licenses/subscriptions-and-licenses.md) (article)
+[Understand subscriptions and licenses in Microsoft 365 for business](../../commerce/licenses/subscriptions-and-licenses.md) (article)
admin Send Email As Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/send-email-as-distribution-list.md
Before you perform these steps, make sure you've been added to a Microsoft 365 d
**Admins**: Make sure you've followed the steps in the [Add a Microsoft 365 user or contact to a list](../email/add-user-or-contact-to-distribution-list.md) and [Allow members to send email as a Microsoft 365 Group](../../solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md#allow-members-to-send-email-as-a-group) topics, and added the correct people to the distribution list.
+## Outlook on the web
+ 1. Open Outlook on the web and go to your inbox. 2. Open a message that was sent to the distribution list.
Before you perform these steps, make sure you've been added to a Microsoft 365 d
5. Right-click on the From address - such as `Ina@weewalter.me` - and choose **Remove**.<br/> ![Remove the FROM alias](../../media/9b8d8e8f-dc46-499c-89bd-0a480603bf1f.png) 6. Then type the distribution list address such as support@contoso.com, and send the message. The next time you reply from the distribution list, its address will appear as an option in the **From** list.<br/>![Alias of the shared mailbox appears](../../media/f7632a9a-9cab-446c-9e37-23ef50c5b975.png)+
+## Outlook
+
+1. Open Outlook desktop client.
+
+2. Compose a New Email. Click the **From** field and select **Other email address**. If you do not see the From field, navigate to **Options** and select **From** in the Show fields section.
+
+3. Select the **Distribution List** address from the Global Address List.
+
+4. Send the email.
admin Upgrade Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
If you're experienced at using PowerShell, you might want to go this route inste
To upgrade a single DL, run the following command: ```PowerShell
-Upgrade-DistributionGroup -DlIdentities \<Dl SMTP address\>`
+Upgrade-DistributionGroup -DlIdentities \<Dl SMTP address\>
``` For example, if you want to upgrade a DLs with SMTP address dl1@contoso.com, run the following command: ```PowerShell
-Upgrade-DistributionGroup -DlIdentities dl1@contoso.com`
+Upgrade-DistributionGroup -DlIdentities dl1@contoso.com
``` > [!NOTE]
admin Self Service Sign Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/self-service-sign-up.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - okr_SMB - commerce_signup-- PPM_pablom--- MET150
+search.appverid: MET150
description: "Learn about the Microsoft 365 self-service sign-up and available self-service programs such as Microsoft Power Apps, Microsoft Flow, and Dynamics 365 for Finance." Last updated 03/17/2021
Following are the currently available self-service programs. This list will be u
|**Microsoft Stream** <br/> |Upload and share videos across your organization to improve communication, participation, and learning. <br/> |[Sign up &amp; Day 0 experience](https://go.microsoft.com/fwlink/p/?linkid=841472) <br/> |[Microsoft Stream](https://go.microsoft.com/fwlink/p/?linkid=841473) <br/> | |**Power Automate** <br/> |Power Automate is a product to help you set up automated workflows between your favorite apps and services to synchronize files, get notifications, collect data, and more. <br/> |[Sign up and sign in for Power Automate](/power-automate/sign-up-sign-in) <br/> |[Power Automate](https://go.microsoft.com/fwlink/p/?linkid=841465) <br/> | |**Power Virtual Agents** <br/> |Power Virtual Agents empowers teams to easily create powerful bots using a guided, no-code graphical interface without the need for data scientists or developers. Power Virtual Agents addresses many of the major issues with bot building in the industry today. It eliminates the gap between the subject matter experts and the development teams building the bots, and the long latency between teams recognizing an issue and updating the bot to address it. <br/> |[Licensing and access details](/power-virtual-agents/requirements-licensing) <br/> |[Sign up for Power Virtual Agents](https://aka.ms/TryPVA) <br/> |
-|**Azure AD B2B** <br/> |Azure Active Directory (Azure AD) business-to-business (B2B) collaboration lets you invite External Users (or "guest users") to use your paid Azure AD services. Some features are free, but for any paid Azure AD features, you can invite up to five guest users for each Azure AD edition license that you own for an employee or a non-guest user in your tenant. <br/> |[Self-service for Azure AD B2B collaboration sign-up](/azure/active-directory/b2b/self-service-portal) <br/> |[Azure Active Directory B2B collaboration licensing guidance](/azure/active-directory/b2b/licensing-guidance) <br/> |
+|**Azure AD B2B** <br/> |Azure Active Directory (Azure AD) business-to-business (B2B) collaboration lets you invite External Users (or "guest users") to use your paid Azure AD services. Some features are free, but for any paid Azure AD features, you can invite up to five guest users for each Azure AD edition license that you own for an employee or a non-guest user in your tenant. <br/> |[Self-service for Azure AD B2B collaboration sign-up](/azure/active-directory/b2b/self-service-portal) <br/> |[Azure Active Directory B2B collaboration licensing guidance](/azure/active-directory/b2b/licensing-guidance) <br/> |
admin Apply For A Fapiao https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/apply-for-a-fapiao.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_billing-- PPM_jmueller- search.appverid: - MET150 - GEA150
If you don't receive an account activation email within 24 hours after you regis
![The 21Vianet Fapioa management system registration page.](../../media/60d39184-95b2-4ea4-a8a2-3e11763bec87.png)
-If you still don't receive an activation email, please contact 21Vianet customer service at (86) 400-089-0365.
+If you still don't receive an activation email, please contact 21Vianet customer service at (86) 400-089-0365.
admin Download Software Licenses Csp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/download-software-licenses-csp.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- Adm_TOC-- MET150
+search.appverid: MET150
- AdminSurgePortfolio
+- commerce_licensing
description: Learn how to download the software and product license keys for perpetual software bought through the Cloud Solution Provider (CSP) program. Last updated : 01/27/2021 # Download perpetual software and product license keys
bookings Bookings Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-faq.md
- Title: "Microsoft Bookings Frequently Asked Questions"-----
-localization_priority: Normal
-description: "Microsoft Bookings frequently asked questions."
--
-# Microsoft Bookings Frequently Asked Questions
-
-## General
-
-### What is Microsoft Bookings?
-
-Microsoft Bookings is a Microsoft 365 app that makes scheduling and managing appointments easy. Bookings includes a Web-based booking calendar and integrates with Outlook to optimize your staffΓÇÖs calendar, giving your customers flexibility to book a time that works best for them. Automated notification emails reduce no-shows, and organizations save time with a reduction in repetitive scheduling tasks. Bookings helps you easily conduct virtual appointments via Skype or Microsoft Teams, and helps you manage day-to-day scheduling via the Bookings app in Teams. With built-in ability to customize, Bookings is designed to meet the needs of multiple parts of any organization.
-
-### How do I use Microsoft Bookings?
-
-Bookings is an online service, so you don't need to download anything. Just go to the app chooser within the Microsoft 365 Web experience. Administrators can also use the Bookings companion app to stay current with the latest information about customers and their appointments.
-
-### Who has access to Microsoft Bookings?
-
-Bookings is available and active by default for Microsoft 365 Business Premium, Microsoft 365 Business Standard, A3, A5, E3, and E5 customers worldwide. Bookings is also available in Office 365 operated by 21Vianet.
-
-### Will my customers see my personal or business calendar?
-
-Your customers will only see the Bookings calendar that you publish online for the services, times, and staff that you choose to register.
-
-### How do I change a bookable attribute under Manage staff?
-
-When staff members were added, they would have received an email to accept or reject the request. They can open the same email and select "Reject" to make them so that they aren't bookable. We currently do not have a way to toggle this from inside the app.
-
-### How do end users access the Bookings app?
-
-Anyone who is licensed for Microsoft 365 Business Premium, Microsoft 365 Business Standard, A3, A5, E3, E5, or is added as a staff member in either the Administrator or Viewer roles can access Bookings in the app chooser within the Microsoft 365 Web experience. There is also a companion app available for iOS and Android.
-
-### Can I use Bookings in my own Web site?
-
-Yes. We provide a way for you to embed your Bookings calendar in your site via an iFrame. Link embedding code is located in the **Bookings page** tab within the Bookings app.
-
-### Can I use Bookings even if I donΓÇÖt have a Web page for my business?
-
-Yes. We provide a link to your booking page within the **Booking page** tab in the Web app. You just need to provide that link to your customers or clients, and they will see the latest availability information for your business. Alternatively, you can share the booking page in social media or even use the embed feature to host it in an iFrame. You also have the ability to control who can access the page by disabling direct search engine indexing and restricting access to only those within your organization.
-
-### Can our IT department control whether end users can access Bookings?
-
-Bookings is available in Microsoft 365 Business Premium, Microsoft 365 Business Standard, M365 A3/A5 and E3/E5 tenants by default, but administrators can turn it off in the Microsoft 365 admin center if they choose. To do so, [follow these instructions](turn-bookings-on-or-off.md).
-
-If a customer wants to disable access to Bookings for certain eligible licenses in their tenant, they can either use a group policy to restrict licenses or implement an OWA Mailbox policy that will restrict who is able to create new Bookings calendars.
-
-If you use an OWA Mailbox policy to disable access to Bookings, all users will have a Bookings license, however when they attempt to access the app, they will only be successful if they are part of the policy or if they have been added to an existing Bookings calendar as staff. Details [here](turn-bookings-on-or-off.md) in the ΓÇ£Allow only selected users to create Bookings calendarsΓÇ¥ section.
-
-### Is Bookings customizable?
-
-Yes, Bookings is customizable and can be used for various scenarios. When setting up a Bookings calendar, many aspects of the Web-based scheduling page, your business information, staff details, service types, and scheduling policies can be customized.
-
-### Is all the functionality of the original Bookings Web app available in Microsoft Teams?
-
-A lightweight version of Bookings is now available as an app in Teams. The initial announcement is [here](https://www.microsoft.com/microsoft-365/blog/2020/03/06/empowering-care-teams-with-new-tools-in-microsoft-365/). There is deep link functionality to pop out in the Web app, and after setup, day-to-day use of Bookings can be done without ever leaving Teams. Information flows across platforms.
-
-### Is Bookings a small business offering or an Enterprise offering or both?
-
-Bookings is an ideal solution for both Enterprise and small business customers, across various industries. Use cases include:
--- Financial services
- - consultations
- - banking and insurance services
- - tax filings
--- Human resources (HR)
- - candidate interviews
- - onboarding
- - benefits assistance
- - training and seminars
--- Healthcare
- - patient visits
- - provider-to-provider collaboration
- - insurance consults
--- Government & Public Sector
- - court hearings and trials
- - public services
- - department appointments
--- Education -- K-12
- - parent-teacher conferences
- - school town hall
- - student-counselor visits
--- Education -- Higher Ed
- - office hours
- - tutoring
- - student services
- - exam sign-up
--- Retail
- - assisted shopping
- - contractor scheduling
- - design services
--- General Enterprise and small business needs
- - customer and client meetings
- - tech support
- - legal reviews
- - facilities
-
-## Pricing and licensing
-
-### How do I get Microsoft Bookings?
-
-Bookings is available for customers with Office 365 A3, A5, E3, and E5, as well as Microsoft 365 Business Standard, Microsoft 365 Business Premium, A3, A5, E3, and E5. You can use Bookings with an iOS and Android companion app. Bookings isn't available as a standalone app. Outlook Web App or Outlook on the web must be enabled to use Bookings, as it stores data within Outlook.
-
-A Bookings license provides full functionality to the product, including creating and managing calendars. It also enables the ability for users to view and edit existing calendars, when those users are added as staff in an Administrator or Viewer role.
-
-### Do I need to migrate my email account from my current provider to Microsoft 365?
-
-You can keep your current provider, but Bookings will send all notifications to the email used in your Microsoft 365 account.
-
-### Can my employees use Bookings without a Microsoft 365 account?
-
-Yes. You can add your staff with any email, and they will still get the email confirmation and the calendar invite when someone books an appointment with them.
-
-### Can I create more than one Bookings calendar under the same Microsoft 365 account and switch between them?
-
-Yes. You can create and manage more than one Bookings calendar with one account. You can switch between them using the caret next to the business name in the Bookings Web app.
-
-### What if my organization has mixed licenses with F1/F3, E1, and E3/E5?
-
-We recognize that many organizations have a mixture of Microsoft 365 licensing. For example, a customer may have M365 E3 licenses for employees in their headquarters, but M365 E1 (or F1 or F3) licenses for their store employees.
-
-In this example, the headquarters employees with an M365 E3 license have full access to Bookings, which means they can create new calendars, edit settings, add staff, publish a booking page, create and manage appointments within the calendar, and pull reports.
-
-Those store employees with E1/F1/F3 licenses, or with no licenses, can still be added as staff to calendars in a Guest role and then booked for appointments, and they will receive confirmation emails when they are booked. They can still be booked during their available/scheduled hours as listed in the staff tab. The Bookings calendar availability constrains bookable times by their set hours and service hours.
-
-The store employees will also display as unavailable in Bookings if an appointment has already been scheduled at that time through the Bookings Web app. Appointments booked via Bookings will reflect as busy on a staff member's calendar within Bookings. Staff with a non-Bookings enabled license can still have their personal calendar impact their availability in Bookings, provided they are within the same tenant.
-
-People in the Guests role can view any of the information the customer has provided within the initial appointment creation. For example, if the store representative who is booked for the appointment is required to call the customer prior to the appointment, they will have access to the information the customer provides during the scheduling process. The staff member who is booked will have access to all information that appears in the confirmation email, and the .ics calendar event (such as the customer phone number if it was entered).
-
-People in the Guest role will not have the ability to access the Bookings Web app to change settings or to view and manage appointments (add, cancel, and reschedule). However, they can make appointments on behalf of customers using the Self-service page, in the same way that a customer would make an appointment.
-
-We recommend licensing a business manager or administrator of each store with a Bookings-eligible license to set up and manage pages and appointments. The rest of the staff would then work with the employee licensed with Bookings to reschedule or cancel a booking.
-
-## Product features
-
-### Where do Bookings calendars show up in my Microsoft 365 tenant?**
-
-Each new Bookings calendar creates a corresponding mailbox in Exchange, as well as a related entry in Azure Active Directory (AAD), where the entry is listed as an unlicensed user.
-
-### Can I delete a previously created Bookings calendar?
-
-To delete a Bookings calendar, you must delete the associated mailbox in Exchange.
-
-### If I create a calendar and someone else has access to Bookings, would they be able to see my calendar?
-
-The only people who have access to Bookings calendars that you create (through the Web app) is anyone who has been added as staff, in either an Administrator or Viewer role. Tenant admins will be able to see a list of all Bookings mailboxes in Exchange and AAD.
-
-### Are video conferencing meetings integrated into the Bookings app?
-
-Online meetings are available within Bookings when using the Skype or Microsoft Teams clients. Online meetings can be enabled at the service-level, and the meeting client you choose (Skype or Teams) will be the one set by default for a booked staff member. To join the online meetings, each new appointment will have a unique meeting link attached to the appointment, and in addition, easy join options are included in the event and in confirmation emails.
-
-### How does scheduling policy work?
-
-A setting called **Maximum lead time** determines the farthest in advance (measured in days) that a booking can be made. There must be at least 24 hours between **Minimum lead time** (the minimum lead time, in hours, for bookings and cancellations) and Maximum lead time. Maximum lead time can be set to one day if Minimum lead time is set to 0 hours, which in this case means a customer can cancel a booking up until the time that it starts, and customers can only schedule bookings if the appointment is within the next day.
--
-### How does Bookings work across time zones?
-
-All times are in the business time zone (your local time zone) by default. Any setting that you configure for a Bookings calendar, such as working hours, will appear in this time zone. The Self-service page has the ability to display all the appointment times in the end-user's time zone, which can be turned off if desired. If **Always show time slots in business time zone** remains unchecked on the Bookings page tab, then people visiting the page will see time slots in their own local time zones.
--
-There is no provision to set time zone for staff in Bookings. Staff time zone, and thus business hours, will be in the business time zone.
-
-### Can email notifications be sent as the tenant domain name?
-
-The email addresses are controlled and managed at the Microsoft 365 settings level and depend on the domain configuration settings there. More information can be found [here](/powershell/module/exchange/get-accepteddomain).
-
-### Is the ability to send SMS messages dependent on a different service or specific configuration?
-
-SMS messages are currently available in North America, and a Skype or Twilio account will be used for SMS delivery.
-
-### How can Bookings appointments show up on a personΓÇÖs calendar?
-
-The confirmation of the booking is sent to both the service providerΓÇÖs and customerΓÇÖs inboxes. The confirmation email contains an *.ics file attachment, which can then be added to the userΓÇÖs calendar with all relevant appointment details.
-
-### What triggers service provider or staff and customer emails?
-
-Emails are triggered based on settings in the Services tab in the Bookings Web app. A booking made by the customer on the Self-service page, or on the Calendar tab in the Bookings Web app, will trigger a confirmation and/or a reminder email. The same thing will happen when someone makes a change to the booking via the **Manage booking** button in the confirmation email or within the Web app. Reminder emails are sent at a specified time period prior to an appointment, as detailed in the Services tab in the Bookings Web app.
-
-### Can I book classroom-style appointments that are 1:many instead of 1:1?
-
-Yes, we have a group bookings functionality that allows multiple people to book the same appointment at the same time (such as for a fitness class). This functionality is described in detail [here](https://techcommunity.microsoft.com/t5/microsoft-bookings-blog/microsoft-bookings-now-supports-online-meetings-and-group/ba-p/1214120).
-
-### Can calendars remain unpublished (not public-facing) but still accessible to designated users?
-
-Yes. There is a check box on the Booking page tab in the Web app: **Require a Microsoft 365 or Office 365 account from my organization to book**. Selecting this check box restricts Self-service page access to only those that are within your tenant. The Bookings calendar that sits within the Web app for creation and management can only be accessed by those individuals added as staff to the page with Administrator or Viewer roles.
--
-### How frequently does the Home page update?
-
-The latest data linked to your Home page is retrieved whenever the Web app is loaded. For further details on the type of information tracked by Bookings, see this [support article](metrics-and-activity-tracking.md).
-
-### Can I turn off the email notifications for Time Off?
-
-Recording Time Off within the Bookings Web app will always trigger a notification email to staff members. If any staff members are confused about the notification, we recommend you add more detail in the notes or title of the Time Off notification, to better inform staff about what is occurring on the admin side.
-
-### Can Bookings calendars be cloned or duplicated, and can they be templatized for easy scaling?
-
-The process would be to use the Graph API to get mailbox details, and then use those details to create a new mailbox. API documentation is [here](/graph/api/resources/booking-api-overview?view=graph-rest-beta).
-
-### What reporting is available in Bookings?
-
-All Bookings staff assigned to the Administrator role can download a tab-separated values (.TSV) file with all bookings made in the past 120 days. Bookings reports can be downloaded in .TSV form from the Home tab of the Bookings page. The Bookings API can also be used to collect this data for more customized and specific purposes.
-
-### Is it possible to share only one service on the Self-service page at a time?
-
-Yes, you can either create separate Bookings calendars for each service, or you can go to the Services tab, edit a service, and at the top of the page you will see an option to share a URL only for that specific service.
-
-### What options are available for embedding a consent form or disclosure for those booking an appointment?
-
-We recommend enabling the **Customer data usage consent** check box in the Booking page and customizing the wording to properly convey your organization's disclosure or consent requirements. Another option is to add a custom field to the service that includes a link to the consent form, and require customers to confirm that they have completed the form before they can proceed with making an appointment. You can also add the consent form URL as additional notes in confirmation and reminder emails, but this will not prevent users from booking an appointment.
-
-### What changes can be made to the staff selection capability on the Self-service booking page?
-
-The ability for customers to select specific staff members when booking can be removed completely by de-selecting the **Allow customers to choose a specific person for the booking** option from the Booking page or the Services section. Bookings will automatically assign an available staff member at random to the booking, based on staff availability.
-
-### Can Bookings support many concurrent booking requests and Self-service page visits?
-
-Booking can support a large quantity of visitors and bookings at one time. If the page experiences a very large volume of traffic, users will receive a ΓÇ£server busyΓÇ¥ error. Appointment availability is updated when the page is loaded, as well as when a booking is made. If multiple people are trying to book the same appointment at one time, Bookings will only let one person book that time and give a notification message to the other potential customers, and prompt them to find a different time.
-
-## Privacy
-
-### Where is Bookings data stored?
-
-Bookings is a Microsoft 365 app, meaning all data is stored within the Microsoft 365 platform and in Exchange. Bookings follows all data storage policies that are set by Microsoft, which are the same policies that all Office apps follow. Bookings uses shared mailboxes in Exchange to store customer, staff, service, and appointment details. Compliance policies for shared mailboxes in Exchange also apply for Bookings mailboxes. All customer data (including information provided by customers when booking) is captured in Bookings and is stored within the app, thus it is stored within Exchange. Microsoft Bookings uses the same policies used by Microsoft 365, which you can find [here.](https://www.microsoft.com/online/legal/v2/?docid=22&langid=en-us)
-
-### Is there a way to centrally manage Bookings calendars for all users?
-
-Each Bookings calendar is maintained independently. There is no consolidated view, other than the search drop-down after clicking the caret on the home page.
-
-### How are users authenticated?
-
-Access to the Bookings Web app involves authentication through the regular Azure Active Directory (AAD) authentication. The Self-service booking page can be made available to everyone with the Web page link. However, when the **Require a Microsoft 365 or Office 365 account from my organization** to book setting is selected, the page is restricted for use only within the Microsoft 365 tenant (using AAD authentication).
--
-### Does customer data leave the production system for any reason?
-
-Yes, since Bookings is a part of Exchange, we allow Graph APIs and Exchange Web Services (EWS) APIs for the customers to download their own data to which they have access.
-
-### Is there the ability to customize email addresses for customer replies?
-
-There is the ability to define which email address customer send their replies to. This setting is on the **Business information** tab. The Bookings mailbox name itself can also be changed within Exchange, through usual Exchange mailbox renaming processes.
-
-### We would like for the customer to accept our terms and conditions during the booking process. Is that possible?
-
-This feature already exists for GDPR compliance. The Booking page has a field for custom consent, right under the publishing details section. Just check that box and write your own custom consent message and it will show up as a required field on the Self-service page. The date and time that the customer grants consent will be recorded.
-
-This section does not support rich text, but think links can be added under the business information section and would show up just below the consent check box.
-
-### How can Bookings-associated mailboxes in Exchange be identified?
-
-The following command can be used to retrieve information of all Bookings mailboxes and users who have access to them.
-
-`Get-Mailbox -RecipientTypeDetails SchedulingMailbox -ResultSize:Unlimited | Get-MailboxPermission |Select-Object Identity,User,AccessRights | Where-Object {($_.user -like '*@*')}`
-
-## Technical Questions
-
-### If a user schedules an appointment for a service consisting of an online meeting, how do they receive the Microsoft Teams link to the meeting if they leave the optional email address field empty?
-
-If the system does not have the customer's email information, there is no way for the confirmation mail to be delivered to the customer, and thus they will not receive a Teams link. The solution is to set the email address as a required field, which you can do on the Services tab of Bookings. Note that whenever you create a new service in Bookings, the customer email field is set as a required field by default.
-
-### How are staff assigned to appointments when ΓÇ£AnyoneΓÇ¥ is selected, or when customers do not have the ability to choose a staff member for the appointment?
-
-Staff are assigned randomly in these scenarios, out of all staff members available at the time of the appointment being booked. Currently there is no way to ensure equal distribution of randomly assigned appointments across all members of the staff, or to cap the number of assigned appointments to each staff member. If there is load-balancing that needs to be done across your staff after a number of random assignments, it can be done manually in the Calendar tab within the Bookings page.
-
-### How can users opt out of receiving SMS messages if they have already opted in previously?
-
-When booking an appointment with SMS text messages enabled, customers will be prompted to check the opt in box each time they book. Customers can also reply directly to the SMS message (the SMS provider) indicating that they would like the messages to cease, and then no further texts will be sent to that phone number. If the customer opts out of receiving text messages from the provider, not from Bookings itself, they will no longer receive SMS messages in the future, even when opting in from the Bookings page.
-
-## Troubleshooting
-
-### This staff member's calendar can't be synced
-
-If you receive the error, "This staff member's calendar can't be synced", this section contains several troubleshooting procedures to help you resolve the error.
-
-> [!NOTE]
-> Bookings is turned on by default for customers who have the Microsoft 365 Business Standard, Microsoft 365 A3, or Microsoft 365 A5 subscriptions. Bookings is also available to customers who have Office 365 Enterprise E3 and Office 365 Enterprise E5, but it is turned off by default. To get started, see [Get access to Microsoft Bookings](get-access.md). To turn Bookings on or off, see [Turn Bookings on or off for your organization](turn-bookings-on-or-off.md).
-
-If you are looking for information on syncing your staff's calendar, see [Add staff to Bookings](add-staff.md). Make sure on the **Staff details** page, **Events on calendar affect availability** is checked.
-
-### The staff member needs to change their calendar permissions
-
-In order for Bookings to properly sync with your staff members' calendars, each staff member must share their calendar. Each staff member must follow these instructions to share their own calendar.
-
-1. Sign in to Microsoft 365, and then select **Outlook** from the app launcher.
-
- > [!div class="mx-imgBorder"]
- > ![Image of Outlook in App launcher](../media/bookings-applauncher-outlook.png)
-
-1. At the top of the page, select **Share** \> **Calendar**.
-
- ![Image of Calendar sharing menu](../media/bookings-share-calendar.png)
-
-1. In the **People inside your organization** section, select the drop-down box next to **My Organization**, and then select **Can view when I'm busy**.
-
- > [!NOTE]
- > This setting shares your free/busy information with Bookings and with other users in your organization. It does not include any other information, such as what type of appointment you have scheduled, who you have scheduled the appointment with, or the location.
-
- > [!div class="mx-imgBorder"]
- > ![Image of calendar sharing screen with Can view when I'm busy enabled](../media/bookings-view-busy.png)
-
-1. Select **Done**.
-
-### We can't find a staff member in our organization
-
-If an employee has left your company and you removed them from your Microsoft 365 or Office 365 organization, you still need to remove that user from Bookings so they won't show up in the calendar and to prevent customers from booking appointments with them.
-
-1. Sign in to Microsoft 365, and then go to **Bookings** \> **Staff**.
-
-1. Hover your mouse cursor over the staff member's name. **Edit** and **delete** icons appear to the right of the **Phone** column.
-
-1. Select the **Delete** icon.
-
-1. In the confirmation box, select **OK**.
-
-> [!NOTE]
-> If you have more than one booking calendar, you must remove the user from all of them.
-
-To check if you have more than one calendar, in the left menu, select the drop-down arrow next to your company name, and then select **Open**. If you only have one calendar, then you will see only the option to add a booking calendar. This example shows that there is a second calendar named "Contoso CO".
-
-![Image of Choose a calendar screen with a second calendar shown](../media/bookings-choose-calendar.png)
-
-### There's a syncing error we can't identify
-
-This is a transient error and typically occurs because of an unstable internet connection. These problems usually resolve themselves after a few minutes.
-
-If you still see this error after an extended period of time or you are seeing it often, please contact support.
-
-## Additional resources
--
- - [Microsoft Bookings expands availability in the enterprises blog](https://techcommunity.microsoft.com/t5/microsoft-bookings-blog/microsoft-bookings-expands-availability-in-enterprises/ba-p/1214065)
-
- - [How Microsoft Bookings Works video](https://support.office.com/article/microsoft-bookings-69c45b78-6de4-4f28-9449-cdcc18b7ae45)
-
- - [Start using Microsoft Bookings](get-access.md)
-
- - [Turn Microsoft Bookings on or off](turn-bookings-on-or-off.md)
-
- - [Add users individually or in bulk](../admin/add-users/add-users.md?view=o365-worldwide.)
-
- - [Add staff to Bookings](add-staff.md)
-
- - [API components to automate after template has been defined](/graph/api/bookingbusiness-post-bookingbusinesses)
-
- - [URL to Bookings Calendar for Display](https://outlook.office.com/bookings/calendar)
-
- - [Bookings compliance policies](/compliance/regulatory/gdpr-dsr-Office365?view=o365-worldwide#bookings)
-
- - [Customize and publish your booking page](customize-booking-page.md)
-
- - [Tenant Mailbox configuration](/powershell/module/exchange/get-accepteddomain)
-
- - [Group Bookings](https://techcommunity.microsoft.com/t5/microsoft-bookings-blog/microsoft-bookings-now-supports-online-meetings-and-group/ba-p/1214120)
-
- - [Bookings metrics and activity tracking](metrics-and-activity-tracking.md)
-
- - [M365 Public Roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=bookings)
-
- - Submit feedback via [UserVoice](https://outlook.uservoice.com/forums/314907-microsoft-bookings/suggestions/39505261-365-admins-should-have-full-access-to-all-bookings)
bookings Comparison Chart https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/comparison-chart.md
description: "A comparison chart that shows the feature differences between the
The Bookings app in Teams lets schedulers handle their main tasks and change some settings. However, the Bookings web includes advanced features and settings that are not yet available in the Teams app.
-Teams app features are being added all the time and we will continue to update this list. See the **Is all the functionality of the original Bookings Web app available in Microsoft Teams?** section in the [FAQ](bookings-faq.md) for more details.
+Teams app features are being added all the time and we will continue to update this list. See the **Is all the functionality of the original Bookings Web app available in Microsoft Teams?** section in the [FAQ](bookings-faq.yml) for more details.
| Feature | Bookings web app | Bookings Teams app | |:|:|:|
business-video Admin Center Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/admin-center-overview.md
description: "Learn more about the Microsoft 365 admin center."
# Overview of the Microsoft 365 admin center
+- [The admin center in simplified view](#the-admin-center-in-simplified-view)
+- [The admin center in dashboard view](#the-admin-center-in-dashboard-view)
+
+## The admin center in simplified view
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWD3sq?autoplay=false]
+
+With the Microsoft 365 admin center, you can reset passwords, view your invoice, add or remove users, and much more all in one place.
+
+Sign in to Office.com with your work account, and select the app launcher.
+
+If you have permission to access the admin center, you'll see **Admin** in the list. Select it.
+
+At the top of the admin center, review the top actions for you. You may see different actions depending on what you've already set up, such as creating new accounts, using Teams, setting up email, and installing Office apps.
+
+Under **Your organization** on the **Users** tab is a list of people who can access apps and services, add new users, reset passwords, or use the **More actions** menu. Select a person to view or edit their information and settings.
+
+On the **Teams** tab, create a new team or manage existing teams. You can manage the members of a team or select **More actions** to change other Teams settings.
+
+On the **Subscriptions** tab, add more products, add licenses, or use the **More actions** menu to modify licenses or payment method.
+
+On the **Learn** tab, browse videos and articles about the admin center and other Microsoft 365 features. To explore more advanced features of the admin center, open the navigation menu and expand the headings to see more. Select **Show all** to see everything in the navigation menu or use the search bar to quickly find what you're looking for.
+
+If you need assistance, select **Help & support**. Search for topic you want help with and view the recommended solution or select the headset to contact support, and then enter your question and contact information.
+
+## The admin center in dashboard view
+ > [!VIDEO https://www.microsoft.com/videoplayer/embed/RWfvDL?autoplay=false] The Microsoft 365 admin center is where you manage your business in the cloud. You can complete such tasks as adding and removing users, changing licenses, and resetting passwords.
For more information on managing billing, passwords, users, and admins, see the
By default, the person who signs up for and buys an Microsoft 365 for business subscription gets admin permissions. That person can assign admin permissions to other people to help them manage Microsoft 365 for their organization. If you get the message "**You don't have permission to access this page or perform this action**," you aren't an admin.
-<br><br>
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/3a4e19ee-1a2a-473f-8995-06de0052c169?autoplay=false]
### Who has admin permissions in my business? <a name="bkmk_admin"> </a>
business-video Buy Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/buy-licenses.md
Title: "Buy new licenses" f1.keywords: - NOCSH--++ + audience: Admin
- AdminSurgePortfolio - adminvideo
+- commerce_purchase
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video Change Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-subscription.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - adminvideo
+- commerce_subscriptions
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/get-help-support.md
Start by [checking the current health of your services](../enterprise/view-servi
Save time by starting your service request online. We'll help you find a solution or connect you to technical support.
-1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>. If you get a message that says you don't have permission to access this page or perform this action, then you aren't an admin. [Who has admin permissions in my business?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview?#who-has-admin-permissions-in-my-business)
+1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>. If you get a message that says you don't have permission to access this page or perform this action, then you aren't an admin. (For more information, see [Who has admin permissions in my business?](admin-center-overview.md#who-has-admin-permissions-in-my-business).)
2. Select the **Need help?** button.
The administrator is expected to provide initial assistance for the customer's u
## Feature availability
-To view feature availability across Office 365 plans, see [Office 365 Service Description](/office365/servicedescriptions/office-365-platform-service-description/office-365-operated-by-21vianet)
+To view feature availability across Office 365 plans, see [Office 365 Service Description](/office365/servicedescriptions/office-365-platform-service-description/office-365-operated-by-21vianet).
## Follow us on WeChat
business Migrate From E3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/migrate-from-e3.md
Migrating is easy: First you switch licenses and all your data and user informat
This table shows the differences between Microsoft 365 Business Premium and Office 365 E3.
-| Feature | Support in Microsoft 365 Business Premium | Support in Office 365 E3 |
+| Feature | Support in Microsoft 365 Business Premium | Support in Office 365 E3 |
|:-|:--|:--|
-| **On-premises** | | |
-| Office apps<sup>1</sup> | Microsoft 365 Apps for business | Microsoft 365 Apps for enterprise |
-| **Cloud productivity apps** | | |
-| Exchange Online and Outlook | 50 GB storage limit per mailbox and unlimited Exchange Online Archiving | 100 GB storage limit per mailbox and unlimited Exchange Online Archiving |
+| **On-premises** | | |
+| Office apps<sup>1</sup> | Microsoft 365 Apps for business | Microsoft 365 Apps for enterprise |
+| **Cloud productivity apps** | | |
+| Exchange Online and Outlook | 50 GB storage limit per mailbox and unlimited Exchange Online Archiving | 100 GB storage limit per mailbox and unlimited Exchange Online Archiving |
| Teams | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Office 365 E3](../media/check-mark.png) | | OneDrive for Business | 1 TB storage limit per user | Unlimited | | Yammer, SharePoint Online, Planner, Stream | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Office 365 E3](../media/check-mark.png) |
-| StaffHub | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Office 365 E3](../media/check-mark.png) |
-| MileIQ | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | |
-| **Threat Protection** | | |
-| Defender for Office 365 Plan 1 | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | Not included, but can be added on |
-| **Identity management** | | |
-| Self-service password reset for hybrid Azure Active Directory (Azure AD) accounts, Azure AD multi-factor authentication (MFA), Conditional Access, password writeback for on-premises identities| ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | |
+| StaffHub | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Office 365 E3](../media/check-mark.png) |
+| **Threat Protection** | | |
+| Defender for Office 365 Plan 1 | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | Not included, but can be added on |
+| **Identity management** | | |
+| Self-service password reset for hybrid Azure Active Directory (Azure AD) accounts, Azure AD multi-factor authentication (MFA), Conditional Access, password writeback for on-premises identities| ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | |
| **Device and app management** | | | | Microsoft Intune, Windows AutoPilot| ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | | | Shared computer activation| ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Office 365 E3](../media/check-mark.png)|
-| Upgrade rights to Windows 10 Pro from Win 7/8.1 Pro licenses| ![Included with Microsoft 365 Business Premium](../media/check-mark.png) ||
+| Upgrade rights to Windows 10 Pro from Win 7/8.1 Pro licenses| ![Included with Microsoft 365 Business Premium](../media/check-mark.png) ||
| **Information protection** | | | |Office 365 Data Loss Prevention| ![Included with Microsoft 365 Business Premium](../media/check-mark.png)|![Included with Office 365 E3](../media/check-mark.png)| |Azure Information Protection Plan 1, BitLocker enforcement|![Included with Microsoft 365 Business Premium](../media/check-mark.png)||
If you upgraded everyone in your organization to Microsoft 365 Business Premium,
You can also complete these steps on the Devices page: 1. In the admin center, in the left nav, go to **Devices** \> **Policies**.
-
+ 2. On the **Device policies** page, choose **Add**.
-
-3. In the **Add policy** pane give the policy a name, and then choose a **Policy type** from the drop-down.
-
+
+3. In the **Add policy** pane give the policy a name, and then choose a **Policy type** from the drop-down.
+ You can set up application policies for protecting files on Android and iPhone devices, as well as Windows 10, and you can set up device configuration policies for company owned Windows 10 devices. See the following links for details:
-
+ - [Set app protection settings for Android or iOS devices](app-protection-settings-for-android-and-ios.md)
-
+ - [Set application protection settings for Windows 10 devices](protection-settings-for-windows-10-devices.md)
-
+ - [Set device protection settings for Windows 10 PCs](protection-settings-for-windows-10-pcs.md) 4. Once you set up policies, you and your employees can set up devices:
-
+ - See [Set up Windows devices for Microsoft 365 Business Premium users](set-up-windows-devices.md) for steps for Windows devices.
-
+ - See [Set up mobile devices for Microsoft 365 Business Premium users](set-up-mobile-devices.md) for steps for Android phones and iPhones. ### Mailbox Size Microsoft 365 Business Premium has a 50 GB storage limit as it uses Exchange Online Plan 1. While migrating to Microsoft 365 Business Premium, if any of your users exceed 50 GB of mailbox storage, it is recommended that you assign this user an Exchange Online Plan 2 and remove the Exchange Online Plan 1 as it's not feasible to assign both. - ### Threat protection After migrating to Microsoft 365 Business Premium, you have Defender for Office 365. See [Microsoft Defender for Office 365](../security/office-365-security/defender-for-office-365.md) for an overview. To set up, see [set up Safe Links](https://support.microsoft.com/office/61492713-53c2-47da-a6e7-fa97479e97fa), [set up Safe Attachments](https://support.microsoft.com/office/e7e68934-23dc-4b9c-b714-e82e27a8f8a5), and [set up Anti-phishing in Defender for Office 365](https://support.microsoft.com/office/86c425e1-1686-430a-9151-f7176cce4f2c).
commerce About Registration Numbers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/about-registration-numbers.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- MET150
+search.appverid: MET150
- okr_SMB - AdminSurgePortfolio - commerce_purchase-- PPM_jmueller- description: "Learn about registration numbers and under-review notifications when you buy Microsoft products or services." Last updated 03/17/2021
commerce Add Storage Space https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/add-storage-space.md
f1.keywords:
+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_purchase-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn to add and reduce file storage in your Microsoft 365 subscription. With extra file storage, you can store more content in SharePoint Online and OneDrive." Last updated 04/02/2021
Office 365 Extra File Storage is available for the following subscriptions:
## Related content
-[Manage site storage limits](https://docs.microsoft.com/sharepoint/manage-site-collection-storage-limits) (article)\
-[Set the default storage space for OneDrive users](/onedrive/set-default-storage-space)(article)
+[Manage site storage limits](/sharepoint/manage-site-collection-storage-limits) (article)\
+[Set the default storage space for OneDrive users](/onedrive/set-default-storage-space)(article)
commerce Change Payment Frequency https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/change-payment-frequency.md
f1.keywords:
+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_billing-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to change how frequently you're billed for your business subscription." Last updated 04/02/2021
When you buy a subscription, you choose monthly or annual billing. To change how
1. In the admin center, go to the **Billing**\> <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page. 2. On the **Products** tab, select the subscription that you want to change. 3. On the subscription details page, in the **Subscription and payment settings** section, select **Edit billing frequency**.
-4. In the **Edit billing frequency** pane, choose the option for how often you want to be billed, then select **Change**.
+4. In the **Edit billing frequency** pane, choose the option for how often you want to be billed, then select **Change**.
commerce Change Your Billing Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses.md
f1.keywords:
+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_billing-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to update your billing addresses for Microsoft 365 for business. You can also update the email address used to receive billing notifications." Last updated 04/07/2021
You can also change the alternate email address of other global and billing admi
[View your bill or invoice](view-your-bill-or-invoice.md)\ [Understand your bill or invoice](understand-your-invoice2.md)\ [Pay for your subscription](pay-for-your-subscription.md)\
-[Subscriptions and billing - Admin Help](../index.yml)
+[Subscriptions and billing - Admin Help](../index.yml)
commerce Manage Billing Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-billing-notifications.md
f1.keywords:
+ audience: Admin
- okr_SMB - AdminSurgePortfolio-- commerce
+- commerce_billing
search.appverid: - MET150 description: "Learn how to manage who receives billing notification emails and invoice attachments." Last updated : 03/17/2021 # Manage billing notifications and invoice attachments
To receive your invoices as attachments to your invoice notifications, use the f
[View your bill or invoice](view-your-bill-or-invoice.md) (article)\ [Understand your bill or invoice for Microsoft 365 for business](understand-your-invoice2.md) (article)\
-[Add users and assign licenses at the same time](../../admin/add-users/add-users.md) (article)
+[Add users and assign licenses at the same time](../../admin/add-users/add-users.md) (article)
commerce Manage Billing Profiles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-billing-profiles.md
f1.keywords:
-+ audience: Admin f1_keywords:
- AdminSurgePortfolio - commerce_billing-- PPM_jmueller search.appverid: MET150 description: "Learn how billing profiles support invoices." Last updated 04/02/2021
commerce Manage Payment Methods https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-payment-methods.md
f1.keywords:
+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_billing-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to manage your payment methods in the Microsoft 365 admin center." Last updated 04/02/2021
If a payment method is attached to any subscriptions or billing profiles, first
[Pay for your business subscription](pay-for-your-subscription.md) (article)\ [Manage billing profiles](manage-billing-profiles.md) (article)\
-[Change your billing frequency](change-payment-frequency.md) (article)
+[Change your billing frequency](change-payment-frequency.md) (article)
commerce Mexico Billing Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/mexico-billing-info.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- MET150
+search.appverid: MET150
description: "Learn about information specifically for Microsoft 365 for business in Mexico." - AdminSurgePortfolio - commerce_billing-- PPM_jmueller- monikerRange: 'o365-worldwide' Last updated 11/20/2020
An invoice generated by foreign entities (in this case Microsoft Corporation) th
## Related content [View your bill or invoice](view-your-bill-or-invoice.md) (article)\
-[Understand your bill or invoice for Microsoft 365 for business](understand-your-invoice2.md) (article)
+[Understand your bill or invoice for Microsoft 365 for business](understand-your-invoice2.md) (article)
commerce Pay For Subscription Billing Profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-subscription-billing-profile.md
f1.keywords:
-+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_billing-- PPM_jmueller Last updated 04/02/2021
commerce Pay For Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription.md
f1.keywords:
-+ audience: Admin
- fwlink 808700 for SEPA UI glink 906 for older uI - AdminSurgePortfolio - commerce_billing-- PPM_jmueller Last updated 05/04/2021
commerce Psd2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/psd2.md
f1.keywords:
-+ audience: Admin
- AdminSurgePortfolio - commerce_billing-- PPM_jmueller search.appverid: MET150 description: As of September 14, 2019, banks in the 31 countries of the European Economic Area are required to verify the identity of the person making an online purchase before the payment can be processed." keywords: payment services directive 2, strong customer authentication, multi-factor authentication
commerce Tax Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/tax-information.md
f1.keywords:
-+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_billing-- PPM_jmueller Last updated 03/17/2021
commerce Understand Your Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
f1.keywords:
-+ audience: Admin f1_keywords:
- AdminSurgePortfolio - commerce_billing-- PPM_jmueller search.appverid: MET150 description: "Learn how to read and understand your bill or invoice for Microsoft business products." keywords: billing accounts, organization info, invoices
commerce Understand Your Invoice2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md
f1.keywords:
-+ audience: Admin
- okr_smb - AdminSurgePortfolio - commerce_billing-- PPM_jmueller search.appverid: MET150 description: "Learn how to interpret the charges, billing, and payment information on your Microsoft 365 for business bill or invoice, and how to change the purchase order number." Last updated 05/04/2021
commerce View Your Bill Or Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
f1.keywords:
-+ audience: Admin
- OKR_SMB_Videos - AdminSurgePortfolio - commerce_billing-- PPM_jmueller description: "Find your invoice or billing statement in the Microsoft 365 admin center. You can also save and print a copy of your bill." Last updated 07/31/2020
commerce Withholding Tax Credit India https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/withholding-tax-credit-india.md
f1.keywords:
+ audience: Admin
localization_priority: None
- M365-subscription-management - Adm_O365-- MET150
+search.appverid: MET150
description: "Learn how to request a credit on your account for Withholding Tax you paid. This article only applies to customers in India." - AdminSurgePortfolio - commerce_billing-- PPM_melmar- monikerRange: 'o365-worldwide' Last updated 05/03/2021
commerce Buy Or Edit An Add On https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/buy-or-edit-an-add-on.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- MET150
+search.appverid: MET150
- okr_SMB - AdminSurgePortfolio - commerce_purchase-- PPM_jmueller- description: "Learn how to buy and manage add-ons for your Microsoft 365 for business subscription." Last updated 04/02/2021
You canΓÇÖt remove a traditional add-on. If you want to remove a traditional add
[Add storage space for your subscription](add-storage-space.md) (article)\ [Buy or remove subscription licenses](licenses/buy-licenses.md) (article)\ [Turn Recurring billing off or on](subscriptions/renew-your-subscription.md#turn-recurring-billing-off-or-on) (article)\
-[Manage payment methods](billing-and-payments/manage-payment-methods.md) (article)
+[Manage payment methods](billing-and-payments/manage-payment-methods.md) (article)
commerce Close Your Account https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/close-your-account.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - fwlink 2133922 to Delete subscription heading - commerce_subscription-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to close your account with Microsoft." Last updated 04/02/2021
You can also [use PowerShell to disable multi-factor authentication for multiple
4. Select **Delete tenant**. 5. If your organization fails one or more checks, you see a link to more information on how to pass the checks. After you pass all checks, select **Delete** to complete the process.
-After you complete this final step, your account with Microsoft is closed and deleted.
+After you complete this final step, your account with Microsoft is closed and deleted.
commerce Enter Your Product Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/enter-your-product-key.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- MET150
+search.appverid: MET150
- okr_SMB - AdminSurgePortfolio - commerce_purchase-- PPM_jmueller- description: "Learn how to redeem a Microsoft 365 Business Standard product key purchased at a retail store." Last updated 11/13/2020
If you're new to Microsoft 365 for business, learn how to [set up Microsoft 365]
Check out this list of common errors and solutions: [Problems with your Microsoft 365 for business product key?](product-key-errors-and-solutions.md)
-Or, [call Microsoft Support](../business-video/get-help-support.md).
+Or, [call Microsoft Support](../business-video/get-help-support.md).
commerce Add Licenses Bought Through Vlsc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/add-licenses-bought-through-vlsc.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- commerce-- Adm_NonTOC--- BCS160-- MET150-- MOE150-- BEA160+
+- AdminSurgePortfolio
+- commerce_licensing
+search.appverid: MET150
description: "Learn how to add licenses to your Microsoft 365 subscription purchased through the third-party partner, recognized by Microsoft." Last updated : 04/07/2021 # Add licenses to a subscription purchased through the Volume Licensing Service Center
commerce Add Licenses Using Product Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/add-licenses-using-product-key.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- commerce-- Adm_NonTOC - TopSMBIssues - AdminSurgePortfolio-- MET150-
+- commerce_licensing
+search.appverid: MET150
description: "Learn how to add licenses to or extend your subscription with a product key."+ Last updated : 04/07/2021 # Add licenses to or extend a subscription paid for using a product key
Prepaid licenses are issued to you as a 25-character alphanumeric code. After yo
## Related articles
-[Assign licenses to users](../../admin/manage/assign-licenses-to-users.md)
+[Assign licenses to users](../../admin/manage/assign-licenses-to-users.md)
commerce Allotment Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/allotment-basics.md
f1.keywords:
+ audience: Admin localization_priority: None -- commerce-
+- M365-subscription-management
+- Adm_O365
+
+- commerce_licensing
description: "Learn about the new allotments feature." Last updated : 03/17/2021 # Allotment basics
commerce Buy Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/buy-licenses.md
f1.keywords:
+ audience: Admin localization_priority: Normal - M365-subscription-management
+- Adm_o365
- okr_SMB - AdminSurgePortfolio - manage_licenses-- commerce-- MET150
+- commerce_licensing
+search.appverid: MET150
description: "Learn how to buy more licenses or reduce the number of licenses for your Microsoft 365 for business subscription." Previously updated : Last updated : 04/07/2021 # Buy or remove licenses
If you reduced the number of licenses for your subscription because someone has
[Assign licenses to users](../../admin/manage/assign-licenses-to-users.md) (article)\ [Understand subscriptions and licenses](subscriptions-and-licenses.md) (article)\
-[Try or buy a Microsoft 365 subscription](../try-or-buy-microsoft-365.md) (article)
+[Try or buy a Microsoft 365 subscription](../try-or-buy-microsoft-365.md) (article)
commerce Manage Auto Claim Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/manage-auto-claim-policies.md
f1.keywords:
+ms.review: yinggiy, pablom
audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365
-description: "Learn how to create and manage auto-claim policies that automatically assign licenses to users for certain apps."
- AdminSurgePortfolio-- commerce-- MET150
+- commerce_licensing
+description: "Learn how to create and manage auto-claim policies that automatically assign licenses to users for certain apps."
+search.appverid: MET150
Last updated : 04/06/2021 # Manage auto-claim policies
commerce Manage License Requests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/manage-license-requests.md
f1.keywords:
+ ms.audience: Admin localization_priority: Normal - M365-subscription-management-- commerce--- MET150
+- Adm_O365
+
+- MACBillingLicensesRequests
+- AdminSurgePortfolio
+- commerce_licensing
+search.appverid: MET150
description: "Learn how to review and approve or deny license requests from users for your Microsoft 365 for business subscription." Last updated 08/07/2020
When you return to the **Requests** list, you see the message **YouΓÇÖre using y
[Assign licenses to users](../../admin/manage/assign-licenses-to-users.md) (article)\ [Move users to a different subscription](../subscriptions/move-users-different-subscription.md) (article)\
-[Buy or remove subscription licenses](buy-licenses.md) (article)
+[Buy or remove subscription licenses](buy-licenses.md) (article)
commerce Manage Licenses For Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/manage-licenses-for-devices.md
f1.keywords:
+ ms.audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- Adm_TOC-- commerce description: "Learn how to assign licenses to groups for use with devices." -- okr_SMB - AdminSurgePortfolio-- MET150
+- okr_SMB
+- commerce_licensing
+search.appverid: MET150
Last updated : 03/17/2021 # Manage licenses for devices If you have Microsoft 365 Apps for enterprise (device) or Microsoft 365 Apps for Education (device), you can assign licenses to devices by using Azure AD groups. When a device has a license, anyone who uses that device can use Microsoft 365 Apps for enterprise (previously named Office 365 ProPlus). For example, let's say you have 20 laptops and tablets that are used by people in your organization. When you assign a license to each device, each person who logs in to one of the devices uses Microsoft 365 Apps for enterprise without the need for their own license. > [!IMPORTANT]
-> Device-based licensing for Microsoft 365 Apps for enterprise is available only as an add-on license for some commercial customers and some education customers. For commercial customers, the license is *Microsoft 365 Apps for enterprise (device)* and is available only through Enterprise Agreement/Enterprise Agreement Subscription. For education customers, the license is *Microsoft 365 Apps for Education (device)* and is available only through Enrollment for Education Solutions (EES). For more information, read the blog post on [education availability](https://educationblog.microsoft.com/2019/08/attention-it-administrators-announcing-device-based-subscription-for-education/). For commercial availability, contact your Microsoft account representative.
+> Device-based licensing for Microsoft 365 Apps for enterprise is available only as an add-on license for some commercial customers and some education customers. For commercial customers, the license is *Microsoft 365 Apps for enterprise (device)* and is available only through Enterprise Agreement/Enterprise Agreement Subscription. For education customers, the license is *Microsoft 365 Apps for Education (device)* and is available only through Enrollment for Education Solutions (EES). For more information, read the blog post on [education availability](https://educationblog.microsoft.com/2019/08/attention-it-administrators-announcing-office-365-proplus-device-based-subscription-for-education). For commercial availability, contact your Microsoft account representative.
To begin, you create a group in the Azure Active Directory admin center, and then assign devices to the group. To learn more about device licensing, including device requirements, what types of groups you can use, and how to configure Microsoft 365 Apps for enterprise to use device licensing, see [Device-based licensing for Microsoft 365 Apps for enterprise](/deployoffice/device-based-licensing).
When you unassign licenses from a group, you remove the licenses from all device
1. In the admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842264" target="_blank">Licenses</a> page. 2. On the **Licenses** page, choose **Microsoft 365 Apps for Education (device)** or **Microsoft 365 Apps for enterprise (device)**. 3. On the next page, choose a subscription, choose **More actions**, then choose **Unassign licenses**.
-4. In the **Unassign licenses** dialog box, choose **Unassign**.
+4. In the **Unassign licenses** dialog box, choose **Unassign**.
commerce Subscriptions And Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/subscriptions-and-licenses.md
f1.keywords:
+ ms.audience: Admin localization_priority: Normal - M365-subscription-management-- Adm_TOC-- commerce
+- Adm_O365
- okr_smb - AdminSurgePortfolio - manage_licenses-- MET150
+- commerce_licensing
+search.appverid: MET150
description: "Learn about subscriptions and licenses in Microsoft 365 for business." Last updated 07/01/2020
Different types of admins can work with licenses in different ways, depending on
[Buy or remove licenses for your business subscription](buy-licenses.md) (article)\ [Assign licenses to users](../../admin/manage/assign-licenses-to-users.md) (article)\ [Unassign licenses from users](../../admin/manage/remove-licenses-from-users.md) (article)\
-[Remove a license from a shared mailbox](../../admin/email/remove-license-from-shared-mailbox.md) (article)
+[Remove a license from a shared mailbox](../../admin/email/remove-license-from-shared-mailbox.md) (article)
commerce Manage Billing Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-billing-accounts.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_billing-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn about billing accounts and how to manage them." Last updated 03/17/2021
You can provide others with access to the billing account in the Microsoft 365 a
## Related content [Tax information](billing-and-payments/tax-information.md) (article) \
-[Understand billing profiles](billing-and-payments/manage-billing-profiles.md) (article)
+[Understand billing profiles](billing-and-payments/manage-billing-profiles.md) (article)
commerce Manage Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-partners.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to work with Microsoft-certified solution providers (partners) to purchase and manage products and services for your organization or school." Last updated 04/13/2021
commerce Manage Saas Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-saas-apps.md
f1.keywords:
-+ audience: Admin
- AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller search.appverid: MET150 description: Learn how to activate and manage third-party apps in Microsoft 365 admin center. Last updated 04/15/2021
commerce Microsoft Home Use Program Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/microsoft-home-use-program-faq.md
Title: "Microsoft Home Use Program frequently-asked questions (FAQ)"
-+ audience: Admin
- okr_SMB - AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller search.appverid: MET150 description: "Frequently-asked questions (FAQ) about the Microsoft Home Use Program." Last updated 05/01/2021
commerce Product Key Errors And Solutions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/product-key-errors-and-solutions.md
f1.keywords:
-+ audience: Admin
- okr_smb - AdminSurgePortfolio - commerce_purchase-- PPM_jmueller Last updated 05/01/2021
commerce Purchases From Microsoft Open https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/purchases-from-microsoft-open.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_purchase-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to activate, renew, or add licenses to an Microsoft 365 for business subscription." Last updated 10/21/2020
commerce Allowselfservicepurchase Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell.md
f1.keywords:
+ audience: Admin
- Adm_O365 - AdminSurgePortfolio-- commerce
+- commerce_ssp
search.appverid: - MET150 description: "Learn how to use the AllowSelfServicePurchase PowerShell cmdlet to turn self-service purchase on or off." Last updated : 03/18/2021 # Use AllowSelfServicePurchase for the MSCommerce PowerShell module
To remove the **MSCommerce** PowerShell module from your computer, run the follo
```powershell Uninstall-Module -Name MSCommerce
-```-->
+```-->
commerce Back Up Data Before Switching Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/back-up-data-before-switching-plans.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller- search.appverid: - BCS160 - MET150
where _\<orgDomain\>_ is the organization's URL.
For example, if the domain of the organization is contoso.onmicrosoft.com, then the direct URL to the team site would be `https://contoso.onmicrosoft.com/_layouts/15/start.aspx#/SitePages/Home.aspx`.
-Of course, users can also download SharePoint Online documents from the SharePoint team site to their local computer or to another location at any time.
+Of course, users can also download SharePoint Online documents from the SharePoint team site to their local computer or to another location at any time.
commerce Cancel Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/cancel-your-subscription.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to cancel your Microsoft 365 for business trial or paid subscription." Last updated 04/08/2021
When the cancellation becomes effective, your users lose access to their data. B
- To move email, contacts, tasks, and calendar information to another account, see [Export or backup email, contacts, and calendar to an Outlook .pst file](https://support.microsoft.com/office/14252b52-3075-4e9b-be4e-ff9ef1068f91.aspx). -- To save a document library or list content (such as contacts) from a SharePoint Online environment (OneDrive for Business or team sites) to file shares or to a local computer, see [Manual migration of SharePoint Online content](https://docs.microsoft.com/sharepoint/troubleshoot/migration-tool/content-manual-migration).
+- To save a document library or list content (such as contacts) from a SharePoint Online environment (OneDrive for Business or team sites) to file shares or to a local computer, see [Manual migration of SharePoint Online content](/sharepoint/troubleshoot/migration-tool/content-manual-migration).
### Uninstall Office (optional)
commerce Change Plans Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/change-plans-manually.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Change subscriptions manually by buying a new subscription and ensuring that both the subscriptions are listed and active." Last updated 03/17/2021
If you moved all users from one subscription to another, and you no longer need
If you moved only some users to a different subscription, [remove licenses](../licenses/buy-licenses.md) that you no longer need. ## Call support to help you change plans
-[Call Microsoft support](../../business-video/get-help-support.md)
+[Call Microsoft support](../../business-video/get-help-support.md)
commerce Important Information E4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/important-information-e4.md
f1.keywords:
+ audience: Admin
- customer-email - commerce_subscriptions-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Important information about upgrading or changing plans for customers with an Office 365 E4 subscription." Last updated 08/14/2020
You can choose to maintain the same functionality you had with E4 or take advant
When it's time to renew your subscription, consider upgrading to one of these plans.
-If you bought your subscription directly from Microsoft and you want to upgrade now, see [Upgrade from an Office 365 E4 subscription](upgrade-Office-365-E4.md). You wonΓÇÖt lose any data when you upgrade from E4 to a new plan.
+If you bought your subscription directly from Microsoft and you want to upgrade now, see [Upgrade from an Office 365 E4 subscription](upgrade-Office-365-E4.md). You wonΓÇÖt lose any data when you upgrade from E4 to a new plan.
commerce Manage Self Service Purchases Admins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins.md
f1.keywords:
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- Adm_TOC - AdminSurgePortfolio - okr_smb-- commerce
+- commerce_ssp
search.appverid: - MET150 description: "Admins can learn how to manage self-service purchases made by users in their organization." Last updated : 03/26/2021 # Manage self-service purchases (Admin)
When you choose to cancel a self-service purchase subscription, users with licen
For common questions about self-service purchases, see [Self-service purchases FAQ](self-service-purchase-faq.md).
-If you have questions or need help with self-service purchases, [contact support](../../business-video/get-help-support.md).
+If you have questions or need help with self-service purchases, [contact support](../../business-video/get-help-support.md).
commerce Manage Self Service Purchases Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-purchases-users.md
f1.keywords:
+ audience: Admin localization_priority: Normal--- commerce -++
+- AdminSurgePortfolio
+- commerce_ssp
search.appverid: - MET150 description: "Users can learn how to manage their self-service purchases." Last updated : 03/17/2021 # Manage self-service purchases (Users)
You can view a list of all self-service purchased subscriptions that you bought.
For common questions about self-service purchases, see [Self-service purchases FAQ](self-service-purchase-faq.md).
-If you have questions or need help with self-service purchases, [contact support](../../business-video/get-help-support.md).
+If you have questions or need help with self-service purchases, [contact support](../../business-video/get-help-support.md).
commerce Manage Self Service Signup Subscriptions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-signup-subscriptions.md
f1.keywords:
+ audience: Admin
- AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller--- MET150
+search.appverid: MET150
description: "Learn how to manage free self-service sign-up subscriptions for your organization." Last updated 03/17/2021
You use the [**Set-MsolCompanySettings**](/powershell/module/msonline/set-msolco
## I have a self-service sign-up subscription that blocks directory deletion
-The self-service sign-up products that individual users can sign up for also create a guest user for authentication in your Azure AD directory. To avoid data loss, these self-service products block directory deletions until they're fully deleted from the directory. They can only be deleted by the Azure AD admin. For more information, see [Delete a directory in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-delete-howto).
+The self-service sign-up products that individual users can sign up for also create a guest user for authentication in your Azure AD directory. To avoid data loss, these self-service products block directory deletions until they're fully deleted from the directory. They can only be deleted by the Azure AD admin. For more information, see [Delete a directory in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-delete-howto).
commerce Move Users Different Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/move-users-different-subscription.md
f1.keywords:
-+ audience: Admin
- AdminSurgePortfolio - manage_licenses - commerce_subscriptions-- PPM_nicholak search.appverid: MET150 description: "Learn how to move users between subscriptions." Last updated 07/01/2020
commerce Reactivate Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/reactivate-your-subscription.md
f1.keywords:
-+ audience: Admin
- fwlink 874703 - AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller search.appverid: MET150 description: "Learn how to reactivate your subscription when it expires, is disabled, or canceled." Last updated 04/07/2021
commerce Renew Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/renew-your-subscription.md
f1.keywords:
-+ audience: Admin
- SaRA - AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller search.appverid: MET150 description: "Learn how to renew your Microsoft 365 by turning recurring billing off or on." Last updated 05/04/2021
commerce Self Service Purchase Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/self-service-purchase-faq.md
f1.keywords:
+ audience: Admin localization_priority: Normal--- commerce + - AdminSurgePortfolio - aka.ms/self-service-purchase-faq
+- commerce_ssp
search.appverid: - MET150 description: "Find answers to commonly asked questions about self-service purchases."
commerce Upgrade Office 365 E4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-Office-365-E4.md
f1.keywords:
-+ audience: Admin
- customer-email - commerce_subscriptions-- PPM_jmueller search.appverid: MET150 description: "Learn how to upgrade from an Office 365 E4 subscription." Last updated 08/14/2020
commerce Upgrade From Teams Free https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-from-teams-free.md
f1.keywords:
-+ audience: Admin
- Adm_O365 - commerce_subscriptions-- PPM_jmueller search.appverid: MET150 description: "Learn how to upgrade from Microsoft Teams Free to a new Microsoft 365 for business subscription."
commerce Upgrade To Different Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md
f1.keywords:
-+ audience: Admin
- SaRA - AdminSurgePortfolio - commerce_subscriptions-- PPM_jmueller search.appverid: MET150 description: "Learn how to upgrade to a different plan." Last updated 04/21/2021
commerce Verify Academic Eligibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/verify-academic-eligibility.md
Title: "Verify academic eligibility for Microsoft 365 Education subscriptions" f1.keywords: - CSH-- FWLink 2135711
+- FWLink-2135711
+ audience: Admin
localization_priority: Normal
- M365-subscription-management - Adm_O365-- commerce -- MET150
+- AdminSurgePortfolio
+- commerce_subscriptions
+search.appverid: MET150
description: "Learn how to verify your school's eligibility for Microsoft 365 Education academic pricing." Last updated 07/21/2020
To learn how to deploy Microsoft 365 for your school, visit [Microsoft 365 Educa
[Understand subscriptions and licenses in Microsoft 365 for business](../licenses/subscriptions-and-licenses.md) (article)\ [Assign licenses to users](../../admin/manage/assign-licenses-to-users.md) (article)\ [Buy or remove subscription licenses](../licenses/buy-licenses.md) (article)\
-[Move users to a different subscription](move-users-different-subscription.md) (article)
+[Move users to a different subscription](move-users-different-subscription.md) (article)
commerce What If My Subscription Expires https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires.md
f1.keywords:
+ audience: Admin
localization_priority: Priority
- M365-subscription-management - Adm_O365-- Adm_TOC - AdminSurgePortfolio-- commerce-- MET150
+- commerce_subscriptions
+search.appverid: MET150
description: "Learn what happens to your data when your Microsoft 365 for business subscription expires, is disabled, or if you cancel." Last updated : 04/08/2021 # What happens to my data and access when my Microsoft 365 for business subscription ends?
The following table explains what you can expect when a paid Microsoft 365 for b
*For most offers, in most countries and regions. > [!NOTE]
+>
> **What is "customer data"?** Customer data, as defined in the [Microsoft Online Service Terms](https://go.microsoft.com/fwlink/p/?LinkId=613649), refers to all data, including all text, sound, or image files that are provided to Microsoft by, or on behalf of, the customer through the customer's use of Microsoft 365 services. To learn more about the protection of customer data, see the [Get started with the Microsoft Service Trust Portal](../../compliance/get-started-with-service-trust-portal.md). ## What happens if I cancel a subscription?
To learn how to cancel, see [Cancel your subscription](cancel-your-subscription.
> If you want your subscription data to be deleted before the typical Disabled stage is over, you can [close your account](../close-your-account.md). > [!NOTE]
+>
> If you explicitly delete a subscription, then it skips the Expired and Disabled stages and the SharePoint Online data and content, including OneDrive, is deleted immediately. ## What are my options if my subscription is about to expire?
While a subscription is active, you and your end users have normal access to you
Before the subscription actually reaches its expiration date, you have a few options: - **Enable recurring billing for the subscription.**- - If **Recurring billing** is already turned on, you don't have to take any action. Your subscription is automatically billed, and you are charged for an additional year or month, depending on your current payment frequency. If for any reason you've turned **Recurring billing** off, you can always [turn Recurring billing back on](renew-your-subscription.md).- - If you purchased Microsoft 365 Apps for business with a prepaid card, you can [turn on Recurring billing](renew-your-subscription.md) for your subscription.- - If you're an Open Volume Licensing customer with a prepaid, one-year subscription, contact your partner to purchase a new product key. You'll receive instructions via email to activate your key in the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=282016). To learn how to find a new partner, or the partner you've worked with in the past, see [Find your partner or reseller](../../admin/manage/find-your-partner-or-reseller.md).- - If you have Microsoft 365 Apps for business, see [Manage recurring billing for your subscription](renew-your-subscription.md).- - **Let the subscription expire.**- - If you're paying by credit card or invoice and you don't want to continue your subscription, [turn Recurring billing off](renew-your-subscription.md). Your subscription ends on its expiration date, and you can ignore all related email notifications.- - If you're an Open Volume Licensing customer working with a partner, you can let your subscription expire by taking no action.- - If you're a Microsoft 365 Business Standard customer, and you prepaid for your subscription and activated it with a product key, you can let your subscription expire by taking no action.- - **Cancel before the subscription expires.** For details, see [Cancel your subscription](cancel-your-subscription.md). ## What happens after my subscription expires?
Here's what you can expect when your subscription is in each state.
### State: Expired
- **What to expect:** The Expired stage lasts for 30 days for most subscriptions, including subscriptions purchased through [Microsoft Open](https://go.microsoft.com/fwlink/p/?LinkID=613298), in most countries and regions. For Volume Licensing products, except for Microsoft Open, the Expired stage lasts 90 days.
+**What to expect:** The Expired stage lasts for 30 days for most subscriptions, including subscriptions purchased through [Microsoft Open](https://go.microsoft.com/fwlink/p/?LinkID=613298), in most countries and regions. For Volume Licensing products, except for Microsoft Open, the Expired stage lasts 90 days.
In this state, users have normal access to the Microsoft 365 portal, Office applications, and services such as email and SharePoint Online.
As an admin, you still have access to the admin center. Don't worryΓÇöglobal or
### State: Disabled
- **What to expect:** If you don't reactivate your subscription while it is in the Expired stage, it moves into a Disabled stage, which lasts for 90 days for most subscriptions, in most countries and regions. For Volume Licensing products, the Disabled stage lasts 30 days.
+**What to expect:** If you don't reactivate your subscription while it is in the Expired stage, it moves into a Disabled stage, which lasts for 90 days for most subscriptions, in most countries and regions. For Volume Licensing products, the Disabled stage lasts 30 days.
In this state, your access decreases significantly. Your users can't sign in, or access services like email or SharePoint Online. Office applications eventually move into a read-only, reduced functionality mode and display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380.aspx). You can still sign in and get to the admin center, but can't assign licenses to users. Your customer data, including all user data, email, and files on team sites, is available only to you and other admins.
As a global or billing admin, you can [reactivate the subscription](reactivate-y
### State: Deleted
- **What to expect:** If you don't reactivate your subscription while it is expired or disabled, the subscription is deleted.
+**What to expect:** If you don't reactivate your subscription while it is expired or disabled, the subscription is deleted.
Admins and users no longer have access to the services or Office applications that came with the subscription. All customer dataΓÇöfrom user data to documents and emailΓÇöis permanently deleted and is unrecoverable. At this point, you can't reactivate the subscription. However, as a global or billing admin, you can still access the admin center to manage other subscriptions, or to buy new subscriptions to meet your business needs. > [!NOTE]
+>
> - Adding a new subscription of the same type that has been deleted does not restore the data that was associated with the deleted subscription. > - If a CSP license is suspended, there is no 30 day Expired stage, and services are disabled immediately. Data is deleted after 90 days if the tenant is not reactivated by adding a new license.
At this point, you can't reactivate the subscription. However, as a global or bi
When your trial ends, you can't continue using Microsoft 365 for free. You have a few options: - **Buy Microsoft 365.** When your trial expires, it moves into the Expired stage, giving you another 30 days (for most trials, in most countries and regions) to purchase Microsoft 365. To learn how to convert your trial into a paid subscription, see [Buy a subscription from your free trial](../try-or-buy-microsoft-365.md#buy-a-subscription-from-your-free-trial).- - **Extend your trial.** Need more time to evaluate Microsoft 365? In certain cases, you can [extend your trial](../extend-your-trial.md).- - **Cancel the trial or let it expire.** If you decide not to buy Microsoft 365, you can let your trial expire or [cancel it](cancel-your-subscription.md). Back up any data you want to keep. Soon after the 30 day Expired stage, your trial account information and data is permanently erased. > [!NOTE]
+>
> The information on this page is subject to the [Microsoft Policy Disclaimer and Change Notice](https://go.microsoft.com/fwlink/p/?LinkId=613651). Return to this site periodically to review any changes. ## Related content
commerce Try Or Buy Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/try-or-buy-microsoft-365.md
f1.keywords:
-+ audience: Admin
- AdminSurgePortfolio - commerce_purchase-- PPM_jmueller search.appverid: MET150 description: "Learn how to get a free trial or buy a subscription for Microsoft 365 for business." Last updated 08/07/2020
commerce Understand Proposal Workflow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/understand-proposal-workflow.md
f1.keywords:
-+ audience: Admin
- AdminSurgePortfolio - commerce_purchase-- PPM_jmueller search.appverid: MET150 description: "Learn about proposals to help you buy Microsoft products and services."
commerce Use A Promo Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/use-a-promo-code.md
f1.keywords:
-+ audience: Admin
- AdminSurgePortfolio - okr_SMB - commerce_purchase-- PPM_jmueller search.appverid: MET150 description: "Learn how to apply a promotional code to your Microsoft 365 subscription to reduce price, and how to troubleshoot promo code in case of an error." Last updated 03/17/2021
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
There are two different methods for automatically applying a sensitivity label t
- If you have Exchange mail flow rules or data loss prevention (DLP) policies that apply IRM encryption: When content is identified by these rules or policies and an auto-labeling policy, the label is applied. If that label applies encryption, the IRM settings from the Exchange mail flow rules or DLP policies are ignored. However, if that label doesn't apply encryption, the IRM settings from the mail flow rules or DLP policies are applied in addition to the label. - Email that has IRM encryption with no label will be replaced by a label with any encryption settings when there is a match by using auto-labeling. - Incoming email is labeled when there is a match with your auto-labeling conditions:
- - If the label is configured for [encryption](encryption-sensitivity-labels.md), that encryption isn't applied.
+ - If the label is configured for [encryption](encryption-sensitivity-labels.md), that encryption is applied. However, this configuration isn't currently supported.
- If the label is configured to apply [dynamic markings](sensitivity-labels-office-apps.md#dynamic-markings-with-variables), be aware that this can result in the names of people outside your organization.
- - When the label applies encryption, the [Rights Management issuer and Rights Management owner](/azure/information-protection/configure-usage-rights#rights-management-issuer-and-rights-management-owner) is the person who sends the email.
+ - When the label applies encryption, the [Rights Management issuer and Rights Management owner](/azure/information-protection/configure-usage-rights#rights-management-issuer-and-rights-management-owner) is the person who sends the email. There currently isn't a way to set a Rights Manager owner for all incoming email messages that are automatically encrypted.
## Compare auto-labeling for Office apps with auto-labeling policies
Make sure you're aware of the prerequisites before you configure auto-labeling p
- One or more sensitivity labels [created and published](create-sensitivity-labels.md) (to at least one user) that you can select for your auto-labeling policies. For these labels: - It doesn't matter if the auto-labeling in Office apps label setting is turned on or off, because that label setting supplements auto-labeling policies, as explained in the introduction. - If the labels you want to use for auto-labeling are configured to use visual markings (headers, footers, watermarks), note that these are not applied to documents.
- - If the labels apply [encryption](encryption-sensitivity-labels.md), they must be configured for the **Assign permissions now** setting.
+ - If the labels apply [encryption](encryption-sensitivity-labels.md):
+ - When the auto-labeling policy includes locations for SharePoint or OneDrive, the label must be configured for the **Assign permissions now** setting.
+ - When the auto-labeling policy is just for Exchange, the label can be configured for either **Assign permissions now** or **Let users assign permissions** (for the Do Not Forward or Encrypt-Only options).
### Learn about simulation mode
compliance Compliance Manager Templates List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-list.md
Read more about [how to view and manage your templates](compliance-manager-templ
- [Microsoft Data Protection Baseline](compliance-manager-assessments.md#data-protection-baseline-default-assessment) - [European Union GDPR](/compliance/regulatory/gdpr) (Microsoft 365, Office 365, Intune) - [ISO 27001:2013](/compliance/regulatory/offering-iso-27001)-- NIST 800-53 Rev.4
+- NIST 800-53 Revs. 4 and 5
> [!NOTE] > For US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers: the Cybersecurity Maturity Model Certification (CMMC) Levels 1 through 5 templates are included, in addition to the templates listed above.
Read more about [how to view and manage your templates](compliance-manager-templ
## Premium templates - AICPA/CICA Generally Accepted Privacy Principles (GAPP) (Microsoft 365)-- Alabama - Policy 621: Data Breach Notification (Microsoft 365)
+- Alabama - Policy 621: Data Breach Notification - DRAFT (Microsoft 365)
- Alaska - Chapter 48 - Personal Information Protection Act (Microsoft 365) - Albania - The Law on the Protection of Personal Data No. 9887 - Antigua and Barbuda-Data Protection Act /2013 (Microsoft 365) - Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources - [Argentina - Personal Data Protection Act 25.326](/compliance/regulatory/offering-pdpa-argentina) (Microsoft 365)-- Arkansas - Personal Information Protection Act (Microsoft 365)
+- Arizona - Notification of Breaches in Security Systems (Microsoft 365)
+- Arkansas Code Title 4, Subtitle 7, Chapter 110, Personal Information Protection Act (Microsoft 365)
+- ARMA - Implementing the Generally Accepted Record Keeping Principles (GARP) (Microsoft 365)
+- Armenia - Law of the Republic of Armenia on the Protection of Personal Data (Microsoft 365)
- Asia Pacific Economic Cooperation (APEC) Privacy Framework - Australia - ASD Essential 8 (Microsoft 365) - Australia - National Archives Act - Australia - Public Records Office Victoria Recordkeeping Standards (Microsoft 365) - Australia - Spam Act 2003 (Microsoft 365)-- Australia Privacy (Credit Reporting) Code 2014 (Version 2.1)
+- Australia Privacy (Credit Reporting) Code (Microsoft 365)
+- Australia Privacy Act (Microsoft 365)
- Australian Energy Sector Cyber Security Framework (AESCSF) (Microsoft 365)-- [Australian Information Security Registered Assessor Program (IRAP) Version 2](/compliance/regulatory/offering-ccsl-irap-australia) (Microsoft 365)
+- [Australian Information Security Registered Assessor Program (IRAP) Version 3](/compliance/regulatory/offering-ccsl-irap-australia) (Microsoft 365)
- [Australian Prudential Regulation Authority CPS](/compliance/regulatory/offering-apra-australia) (Microsoft 365) - Austrian Telecommunications Act 2003 (Microsoft 365) - Bahamas - Data Protection Act (Microsoft 365) - Barbados - Data Protection Bill 2019 (Microsoft 365)
+- Barbados - Electronic Transactions Act (Microsoft 365)
- Belarus Law On Information, Informatization and Protection of information (Microsoft 365)
+- Belgium - Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Microsoft 365)
- [Belgium NBB Dec 2015](/compliance/regulatory/offering-nbb-fsma-belgium) (Microsoft 365) - Bermuda - Electronic Transaction Act (Microsoft 365) - Bosnia and Herzegovina Law on the Protection of Personal Data
+- Botswana - Data Protection Act (Microsoft 365)
- Brazil - Consumer Protection Code Law No. 8078 (Office 365) - Brazil - General Data Protection Law (LGPD) (Microsoft 365) - Bulgaria Law for Protection of Personal Data 2002 (Microsoft 365) - California - Civil Code Section 1798 - California - Database Breach Act (California SB 1386) - California - Education Code-EDC, Title 3, Division 14, Part 65, Chapter 2.5- Social Media Privacy-- California - SB-327 Information privacy: connected devices (Microsoft 365)
+- California - Privacy Rights Act (CPRA) (Microsoft 365)
+- California - SB-327 Information Privacy: Connected Devices (Microsoft 365)
- California Consumer Credit Reporting Agencies Act (Microsoft 365) - [California Consumer Privacy Act (CCPA)](/compliance/regulatory/offering-ccpa) (Microsoft 365) - Canada - Breach of Security Safeguards Regulations (Microsoft 365) - Canada - British Columbia - Information Privacy & Security - FOIPPA (Microsoft 365)-- [Canada - Office of the Superintendent of Financial Institutions](/compliance/regulatory/offering-osfi-canada) (Microsoft 365)-- Canada - Personal Health Information Protection Act (PHIPA) (Microsoft 365)
+- [Canada - Office of the Superintendent of Financial Institutions Cyber Security Self-Assessment Guide](/compliance/regulatory/offering-osfi-canada) (Microsoft 365)
+- Canada - Personal Health Information Protection Act (PHIPA) 2020 (Microsoft 365)
- Canada - Personal Information Protection and Electronic Documents Act (PIPEDA) (Microsoft 365) - Canada - Protected B-- Canada Cybersecure (Microsoft 365)
+- Canada Cybersecure - Baseline Cyber Security Controls for Small and Medium Organizations (Microsoft 365)
- CAN-SPAM Act (Microsoft 365) - [CDSA Content Protection & Security Standard](/compliance/regulatory/offering-cdsa) (Microsoft 365)-- [CFR - Code of Federal Regulations Title 21](/compliance/regulatory/offering-fda-cfr-title-21-part-11) (Microsoft 365)-- Chemical Facility Anti-Terrorism Standards (CFATS) (Microsoft 365)
+- Central Bank of Kuwait Cybersecurity Framework (Microsoft 365)
+- [CFR - Code of Federal Regulations Title 21, Part 11, Electronic Records, Electronic Signatures](/compliance/regulatory/offering-fda-cfr-title-21-part-11) (Microsoft 365)
- Children's Online Privacy Protection Rule (COPPA) (Microsoft 365) - China - Personal Information Security Specification (Microsoft 365) - [CIS Implementation Group 1, Group 2, Group 3](/compliance/regulatory/offering-cis-benchmark) - [Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)](/compliance/regulatory/offering-csa-star-attestation) - CMMC Level 1, Level 2, Level 3, Level 4, Level 5 (Microsoft 365)
+- CMS Information Systems Security and Privacy Policy (IS2P2) (Microsoft 365)
- COBIT 5 (Microsoft 365)-- Colombia - Decree No. 1377/2013 (used to be the Colombia Law 1581/2012)
+- Code of Maryland State Government - Protection of Information by Government Agencies (Microsoft 365)
+- Colombia - Decree No. 1377/2013 (Microsoft 365)
- Colombia - External Circular Letter 007 of 2018 (Microsoft 365) - Colombia - Law 1266/2008- Habeas Data Act (Microsoft 365)-- Colombia - Law 1581/2012 (Microsoft 365)-- Commission Statement and Guidance on Public Company Cybersecurity Disclosures - US
+- Colorado Protections for Consumer Data Privacy (Microsoft 365)
+- Colorado Revised Statutes, Section 6-1-716, Notice of Security Breach (Microsoft 365)
- Computer Fraud and Abuse Act (CFAA) (Microsoft 365)
+- Connecticut - Display and Use of Social Security Numbers and Personal Information (Microsoft 365)
- Connecticut General Statutes - General Provisions for state contractors who receive confidential information (Microsoft 365)
+- Connecticut Information Security Program to Safeguard Personal Information (Microsoft 365)
- Connecticut State Law - Breach of security re computerized data containing personal information (Microsoft 365)-- Consumer Personal Information Security Breach Notification Act (Microsoft 365)
+- Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (Microsoft 365)
- [Criminal Justice Information Services (CJIS) Security Policy](/compliance/regulatory/offering-cjis) (Microsoft 365)-- Croatia - Personal Data Protection Act (Microsoft 365)
+- Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software - FDA (Microsoft 365)
- Cybersecurity Law of the People's Republic of China (Microsoft 365)
+- Cybersecurity Maturity Model Certification (CMMC) Levels 1 through 5 (Microsoft 365)
- Cyprus The Processing of Personal Data Law (Microsoft 365) - Czech - Act No. 110/2019 Coll. on Personal Data Processing - 2019 (Microsoft 365) - Czech - On Cyber Security and Change of Related Acts (Act on Cyber Security) - Act No. 181 (Microsoft 365)
+- D.C. Law 16-237 - Consumer Personal Information Security Breach Notification Act (Microsoft 365)
+- Delaware - Student Data Privacy Protection Act (Microsoft 365)
- Delaware Computer Security Breaches- Commerce and Trade Subtitle II - 12B-100 to 12B-104-- Denmark - The Data Protection Act - Denmark - Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment
+- Denmark - The Data Protection Act (Microsoft 365)
- [DFARS](/compliance/regulatory/offering-dfars) (Microsoft 365) - Directive 2013/40/EU Of The European Parliament And Of The Council (Microsoft 365) - Dubai - Health Data Protection Regulation (Microsoft 365) - Dubai Consumer Protection Regulations (Telecommunications Regulatory Authority)(Microsoft 365) - Dubai ISR (Microsoft 365)
+- e-CFR - Identity Theft Rules (Microsoft 365)
- Electronic Code of Federal Regulations - Part 748.0 and Appendix A (Microsoft 365)-- ENISA Information Assurance Framework - Estonia - Personal Data Protection Act (Microsoft 365) - Estonia - The system of security measures for information systems (Microsoft 365)
+- EU - Directive 2006/24/EC (Microsoft 365)
- EU - ePrivacy Directive 2002 58 EC (Microsoft 365)-- EU - EudraLex Volume 4 ΓÇö GMP Guidelines, Annex 11-- EU Directive 2006/24/EC
+- EudraLex - The Rules Governing Medicinal Products in the European Union (Microsoft 365)
+- European Network and Information Security Agency (ENISA) - Cloud Computing Information Assurance Framework (Microsoft 365)
- FDIC Privacy Rules (Microsoft 365) - [Federal Financial Institutions Examination Council (FFIEC) Information Security Booklet](/compliance/regulatory/offering-ffiec-us) (Microsoft 365, Intune)-- [FedRamp High Security Controls](/compliance/regulatory/offering-fedramp) (Office 365)-- [FedRamp High Security Controls_NIST 800-53](/compliance/regulatory/offering-fedramp) (Microsoft 365)-- [FedRAMP Moderate](/compliance/regulatory/offering-fedramp)-- Finland - Data Protection Act-- Finnish Criteria for Assessment of Information Security of Cloud Services (Microsoft 365)-- FINRA Cybersecurity Checklist-- France - Act 78-17 Of 6 January 1978 On Information Technology, Data Files and Civil Liberties (Microsoft 365)
+- [FedRAMP Moderate](/compliance/regulatory/offering-fedramp) (Microsoft 365)
+- FedRAMP SSP High Baseline (Microsoft 365)
+- Finland - Data Protection Act (Microsoft 365)
+- Finnish Criteria for Assessment of Information Security of Cloud Services
+- FINRA Cybersecurity Checklist (Microsoft 365)
+- Florida Title XXXII, Chapter 501, Section 501.171, Security of confidential personal information (Microsoft 365)
+- France - The Data Protection Act (Microsoft 365)
- Freedom of Information Act (FOIA) (Microsoft 365) - FTC Privacy of Consumer Financial Information (Microsoft 365)-- Ghana Data Protection Act-- Generally Accepted Recordkeeping Principles (Microsoft 365)
+- Georgia (US) Personal Identity Protection Act (Microsoft 365)
+- Georgia Law on Personal Data Protection (Microsoft 365)
+- Germany - Annotated text of the Minimum Requirements for Risk Management (Microsoft 365)
- [Germany - Cloud Computing Compliance Controls Catalog (C5)](/compliance/regulatory/offering-c5-germany) (Microsoft 365) - Germany - Federal Data Protection Act (Microsoft 365)
+- Germany - Supervisory Requirements for IT in Financial Institutions (BAIT) (Microsoft 365)
+- Ghana - Data Protection Act (Microsoft 365)
- [Gramm-Leach-Bliley Act, Title V, Subtitle A, Financial Privacy](/compliance/regulatory/offering-GLBA) (Microsoft 365)-- Greece - Law 2472/1997 on the Protection of individuals with regard to the processing of personal data (Microsoft 365)
+- Guam's Notification of Breaches of Personal Information (Microsoft 365)
+- Guidelines and Functional Requirements for Electronic Records Management Systems (ICA Module 2) (Microsoft 365)
- Hawaii - Security Breach of Personal Information Chapter 487N - [HIPAA/HITECH](/compliance/regulatory/offering-hipaa-hitech) (Microsoft 365, Intune) - [HITRUST](/compliance/regulatory/offering-hitrust) (Microsoft 365)
+- Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection (Microsoft 365)
- Hong Kong - Personal Data (Privacy) Ordinance (Microsoft 365)-- India - IT Act of 2000 (Microsoft 365)
+- Idaho Identity Theft (Microsoft 365)
+- Illinois (740 ILCS 14/1) Biometric Information Privacy Act (Microsoft 365)
+- Illinois Personal Information Protection Act (Microsoft 365)
- India Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules
+- India - Information Technology Act (Microsoft 365)
+- Indiana Disclosure of Security Breach (Microsoft 365)
- Indonesia - Law 11/2008 (Microsoft 365)-- Indonesia - Peraturan Pemerintah No.82 Tahun 2012 - Government Regulation - Data Protection Regulation (Microsoft 365)-- IRAP v3-- [IRS-P1075](/compliance/regulatory/offering-irs-1075) (Microsoft 365)-- IRS - Revenue Procedure 98-25 Automated Records-- ISO 15489 (Microsoft 365)
+- Information Management Standard for Australian Government - National Archives of Australia (NAA) (Microsoft 365)
+- Iowa - Student Personal Information Protection Act (Microsoft 365)
+- Iowa Code. Title XVI. Chapter 715C. Personal Information Security Breach Protection (Microsoft 365)
+- Ireland Data Protection Act (Microsoft 365)
+- IRS - Revenue Procedure 98-25 Automated Records (Microsoft 365)
+- IRS-P1075 (Microsoft 365)
+- ISO 15489-1:2016 (Microsoft 365)
+- ISO 16175-1:2020 (Microsoft 365)
+- ISO 19791 - Information technology ΓÇö Security techniques ΓÇö Security assessment of operational systems (Microsoft 365)
- [ISO 22301:2019](/compliance/regulatory/offering-iso-22301) (Microsoft 365)
+- ISO 23081-1:2017 (Microsoft 365)
- ISO 27005:2018 (Microsoft 365) - [ISO 27017:2015](/compliance/regulatory/offering-iso-27017) (Microsoft 365)-- ISO 27799 Health informatics ΓÇö Information security management in health using ISO/IEC 27002 (Microsoft 365)
+- ISO 27034-1 Information technology ΓÇö Security techniques ΓÇö Application security (Microsoft 365)
+- ISO 27799: 2016, Health informatics ΓÇö Information security management in health (Microsoft 365)
+- ISO 28000 ΓÇô Specifications for Security Management Systems for the Supply Chain (Microsoft 365)
- ISO 31000:2018 (Microsoft 365)-- ISO 80001-1 Application of risk management for IT-networks incorporating medical devices (Microsoft 365)-- [ISO/IEC 27018:2014](/compliance/regulatory/offering-iso-27018)
+- ISO 55001 ΓÇô Asset management -- Management systems--Requirements (Microsoft 365)
+- ISO IEC 80001-1:2010 (Microsoft 365)
+- ISO/IEC 27001:2013 (Microsoft 365)
+- [ISO/IEC 27018:2019](/compliance/regulatory/offering-iso-27018) (Microsoft 365)
+- ISO/IEC 27033-1:2015 (Microsoft 365)
- [ISO/IEC 27701:2019](/compliance/regulatory/offering-iso-27701) (Microsoft 365) - Israel - Privacy Protection (Transfer of Data to Databases Abroad) Regulations (Microsoft 365)
+- Israel Privacy Law (Microsoft 365)
- ITU X.1052 Information Security Management Framework (Microsoft 365) - Japan - Act on Prohibition of Unauthorized Computer Access (Microsoft 365) - Japan - Common Model of Information Security Measures for Government Agencies and Related Agencies (Microsoft 365)-- Japan - Common Standards for Information Security Measures for Government Agencies and Related Agencies-- Japan Privacy Mark
+- Japan - Common Standards for Information Security Measures for Government Agencies and Related Agencies (Microsoft 365)
+- Japan Privacy Mark - JIS Q 15001 : 2017 (Microsoft 365)
- Japanese Act on the Protection of Personal Information (Law No. 57 of 2003) (Microsoft 365)-- Joint Commission AHO Information Management Standard (Microsoft 365)
+- Joint Commission Information Management Standard (Microsoft 365)
+- Jordan Cloud Platforms & Services Policy (Microsoft 365)
+- Kansas Consumer Information, Security Breach Statute (Microsoft 365)
+- Kentucky Data Breach Notification (Microsoft 365)
- Kenya Data Protection Act (Microsoft 365)-- Korea - The Act on Promotion of Information and Communications Network Utilization and Data - Protection (Microsoft 365)-- Korea - Use and Protection of Credit Information Act (Special Law) (Microsoft 365)
+- Korea - Credit Information Use And Protection Act (Microsoft 365)
+- Korea - The Act on Promotion of Information and Communications Network Utilization and Data Protection (Microsoft 365)
- Korea Personal Information Protection Act (Microsoft 365)-- Kuwait - CSF (Microsoft 365)
+- Law of The Republic of Uzbekistan on Personal Data (Microsoft 365)
+- Louisiana Database Security Breach Notification Law (Act No. 382) (Microsoft 365)
- Luxembourg Act (Microsoft 365) - Maine - Act to Protect the Privacy of Online Consumer Information - Maine - Notice of Risk to Personal Data (Microsoft 365) - Malaysia - Personal Data Protection Act (PDPA) (Microsoft 365) - Malaysia Risk Management in Technology (RMiT) (Microsoft 365)-- Massachusetts - 201 CMR 17.00: Standards For The Protection Of Personal Information Of - Residents Of The Commonwealth (Microsoft 365)
+- Malta - Data Protection Act (Microsoft 365)
+- Maryland Personal Information Protection Act - Security Breach Notification Requirements, HB 1154 (Microsoft 365)
+- Maryland's Student Data Privacy Act (Microsoft 365)
+- Massachusetts Data Breach Notification Law 93H section 1-6 (Microsoft 365)
- Mauritius Data Protection Act 2004 (Microsoft 365) - Mexico - Federal Consumer Protection Law (Microsoft 365)-- Mexico Federal Data Protection Law (Microsoft 365)
+- Mexico - Federal Law on Protection of Personal Data Held by Private Parties (Microsoft 365)
+- Michigan Identity Theft Protection Act (Microsoft 365)
- Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 (Microsoft 365)
+- Mississippi Security Breach Notification (Microsoft 365)
+- Montana - Impediment of Identity Theft (Microsoft 365)
+- Montenegro - Law on Personal Data Protection (Microsoft 365)
- [Motion Picture Association (MPA) Content Security Best Practices](/compliance/regulatory/offering-mpaa) (Microsoft 365) - Myanmar - Law Protecting the Privacy and Security of Citizens-- NAIC - Standards for Safeguarding Customer Information Model Regulation MDL-673 (Microsoft 365)
+- National Archives Universal Electronic Records Management (ERM) Requirements (Microsoft 365)
+- Nebraska's Data Protection and Consumer Notification of Data Security Breach Act (Microsoft 365)
- Nepal - Right to Information Act - [NERC CIP](/compliance/regulatory/offering-nerc-cip) (Microsoft 365)-- Netherlands - Personal Data Protection Act / 1999 (Microsoft 365) - Nevada Chapter 603A - Security and Privacy of Personal Information (Microsoft 365)
+- Nevada Senate Bill 220 Online Privacy Law (Microsoft 365)
+- New Hampshire Right to Privacy Act (Microsoft 365)
+- New Jersey Security Breach Disclosure (Microsoft 365)
+- New Mexico Chapter 57 - Privacy Protection (Article 57-12B-1 through 4) (Microsoft 365)
+- New Mexico Consumer Information Privacy Act (Microsoft 365)
+- New Mexico's Data Breach Notification Act (Microsoft 365)
+- New York - 23 NYCRR Part 500 (Microsoft 365)
+- New York City Administrative Code - Security Breach Notification (Microsoft 365)
+- New York General Business Law - Data Security Breach Notification and Data Security Protections (Microsoft 365)
- New York Privacy Act - DRAFT (Microsoft 365)-- New Zealand Health Data Retention Policy (Office 365)-- New Zealand Health Information Privacy Code 1994 (Microsoft 365)-- New Zealand Health Information Security Framework (HISF) -2015 (Microsoft 365)-- New Zealand Privacy Act 2020 (Microsoft 365)-- New Zealand Public Records Act (Microsoft 365)-- New Zealand Telecommunications Information Privacy Code 2003
+- New Zealand - Privacy Act / 2020 (Microsoft 365)
+- New Zealand - Public Records Act (Microsoft 365)
+- New Zealand - Reserve Bank BS11 Outsourcing Policy (Microsoft 365)
+- New Zealand - Telecommunications Information Privacy Code (Microsoft 365)
+- New Zealand Health Data Retention Policy (Microsoft 365)
+- New Zealand Health Information Privacy Code (Microsoft 365)
+- New Zealand Health Information Security Framework (HISF) (Microsoft 365)
+- New Zealand Information Security Manual (NZISM)
- Nigeria Data Protection Regulation (Microsoft 365) - NIST 800-37 (Microsoft 365)-- NIST 800-53
+- NIST 800-53 rev.5 (Microsoft 365)
- NIST 800-63 Digital Identity Guidelines (Microsoft 365)
+- NIST 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification (Microsoft 365)
+- NIST 800-137A -- Assessing Information Security Continuous Monitoring (ISCM) Programs (Microsoft 365)
- [NIST 800-171](/compliance/regulatory/offering-nist-sp-800-171) (Microsoft 365)
+- NIST 800-184: Guide for Cybersecurity Event Recovery (Microsoft 365)
- [NIST CSF](/compliance/regulatory/offering-nist-csf) (Microsoft 365) - NIST Privacy Framework-- NIST Special Publication 800-128 (Microsoft 365)
+- NIST SP 1800-5 IT Asset Management (Microsoft 365)
- NIST Special Publication 1800-1 Securing Electronic Health Records on Mobile Devices (Microsoft 365)-- NIST Special Publication 1800-5 IT Asset Management-- Norway - Personal Data Act (Microsoft 365)-- NYDFS (Microsoft 365)
+- NIST Special Publication 800-128 (Microsoft 365)
+- NIST Special Publication 800-210: General Access Control Guidance for Cloud Systems (Microsoft 365)
+- North Carolina - Identity Theft Protection Act (Microsoft 365)
+- North Dakota Chapter 51-30 Notice of Security Breach for Personal Information (Microsoft 365)
+- Ohio - Security Breach Notification (Microsoft 365)
+- Ohio Data Protection Act 2018 (Microsoft 365)
+- Oklahoma Security Breach Notification Act (Microsoft 365)
- Oman - Electronic Transactions Law (Microsoft 365)
+- Oregon Consumer Identity Theft Information Protection Act (Microsoft 365)
- OWASP ProActive Controls for Developers 2018 v3.0 (Microsoft 365)-- Pakistan Electronic Data Protection Act 2005 -Draft (Microsoft 365)
+- Pakistan - Electronic Data Protection Act - DRAFT (Microsoft 365)
- [PCI DSS v3.2.1](/compliance/regulatory/offering-pci-dss) (Microsoft 365)
+- Pennsylvania Breach of Personal Information Notification Act (Microsoft 365)
- Peruvian Legislation Law 29733 Law of Data Privacy Protection - Philippines BSP Information Security Management Guidelines (Microsoft 365) - Philippines Data Privacy Act of 2012 (Microsoft 365) - Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017 (Microsoft 365) - Puerto Rico - Citizen Information on Data Banks Security Act (Microsoft 365) - Qatar Cloud Security Policy-- RBNZ BS11 Outsourcing Policy (Microsoft 365) - Republic of Moldova Law on Personal Data Protection (Microsoft 365) - [Reserve Bank of India Cyber Security Framework](/compliance/regulatory/offering-rbi-irdai-india) (Microsoft 365)
+- Revisions to the principles for the sound management of operational risk (Basel III Ops Risks) (Microsoft 365)
+- Rhode Island - Identity Theft Protection Act (Microsoft 365)
- Romania - Data Protection Law 190/2018 (Microsoft 365) - Russia - Federal Law 149-FZ On Information, Information Technology and Information Security - [Russian Federation Federal Law Regarding Personal Data](/compliance/regulatory/offering-russia-data-localization) (Microsoft 365) - Saint Lucia Data Protection Act (Microsoft 365)
+- [Sarbanes-Oxley Act](/compliance/regulatory/offering-sox)
- [SEC 17-4(a)](/compliance/regulatory/offering-sec-17a-4) (Microsoft 365)-- SIG (Microsoft 365)
+- Singapore - ABS Guidelines on Control Objectives and Procedures for Outsourced Service Providers (Microsoft 365)
- Singapore - Banking Act (Cap.19) - Singapore - Cybersecurity 2018 (Microsoft 365) - Singapore - IMDA IoT Cyber Security Guide (Microsoft 365) - Singapore - Monetary Authority of Singapore Technology Risk Management Framework (Microsoft 365) - [Singapore - Multi-Tier Cloud Security (MTCS) Standard](/compliance/regulatory/offering-mtcs-singapore) (Microsoft 365)-- Singapore - Outsourced Service Provider Audit Report (OSPAR) (Microsoft 365) - Singapore - Personal Data Protection Act / 2012 (Microsoft 365) - Singapore Spam Control Act (Microsoft 365)-- [SOC 1](/compliance/regulatory/offering-soc) (Microsoft 365)-- [SOC 2](/compliance/regulatory/offering-soc) (Microsoft 365)-- South Africa Consumer Protection ACT 68 2008 (Microsoft 365)
+- Slovakia Act on the Protection of Personal Data (Microsoft 365)
- South Africa Consumer Protection ACT 68 2008 (Microsoft 365) - South Africa Electronic Communications and Transactions Act, 2002 (Microsoft 365)
+- South Africa - Promotion of Access to Information Act (Microsoft 365)
- South African POPIA (Microsoft 365)
+- South Carolina - Breach Notification (Microsoft 365)
+- South Dakota - Notice of Breach (Microsoft 365)
- Spain - Nation Security Framework (Microsoft 365)
+- Standardized Information Gathering (SIG) Questionnaire (Microsoft 365)
- SWIFT Customer Security Controls (Microsoft 365) - Switzerland - Federal Act on Data Protection (FADP) (Microsoft 365)
+- [System and Organization Controls (SOC) 1](/compliance/regulatory/offering-soc)
+- [System and Organization Controls (SOC) 2](/compliance/regulatory/offering-soc)
- Taiwan - Implementation Rules for the Internal Audit and Internal Control System of Electronic Payment Institutions - 2015 (Microsoft 365) - Taiwan - Regulations Governing Approval and Administration of Financial Information Service Enterprises Engaging in Interbank Funds Transfer and Settlement (Microsoft 365) - Taiwan - Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions (Microsoft 365)-- Taiwan- Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries (Microsoft 365) - Taiwan Personal Data Protection Act (PDPA) (Microsoft 365)
+- Tennessee 47-18-2107 Release of Personal Consumer Information (Microsoft 365)
- Texas - Identity Theft Enforcement and Protection Act (Microsoft 365)
+- Texas Privacy Policy to Protect Social Security Numbers (Microsoft 365)
- Thailand PDPA (Microsoft 365) - Trade Secrets Act of The Republic of China (Microsoft 365) - Trinidad and Tobago Data Protection (Act 13 of 2011) (Microsoft 365) - [Trusted Information Security Assessment Exchange](/compliance/regulatory/offering-tisax-germany) - Turkey - KVKK Protection of Personal Data 6698 (Microsoft 365)-- UAE - Federal Law No 2 of 2019 On the Use of the Information and Communication Technology (ICT) in Health Fields
+- UAE - Federal Decree Law on Combating Cyber Crimes (Microsoft 365)
+- UAE - Federal Law Concerning Electronic Transactions and Commerce
+- UAE - Federal Law No 2 of 2019 On the Use of the Information and Communication Technology (ICT) in Health Fields (Microsoft 365)
+- UAE - NESA Information Assurance Standards (Microsoft 365)
+- UAE Regulatory Policy TRA - Internet of Things (Microsoft 365)
+- UAE's Federal Decree Law Regulating the Telecommunications Sector (Microsoft 365)
+- Uganda - The Data Protection and Privacy Act (Microsoft 365)
+- UK - Cyber Security for Defence Suppliers Standard 05-138 (Microsoft 365)
- UK - The Offshore Petroleum Activities Regulations / 2011 (Microsoft 365) - [UK Cyber Essentials](/compliance/regulatory/offering-cyber-essentials-plus-uk) (Microsoft 365)-- UK- Cyber Security for Defense Suppliers Standard (Microsoft 365)
+- UK Data Protection Act (Microsoft 365)
+- UK Data Retention Act (Microsoft 365)
- UK Privacy and Electronic Communications (Microsoft 365) - Ukraine - Protection of Personal Data Law (Microsoft 365)-- US DoE 10 CFR Part 810 (Microsoft 365)
+- United States of America Privacy Act (Microsoft 365)
+- US - Clarifying Lawful Overseas Use of Data (CLOUD) Act (Microsoft 365)
+- US - Commission Statement and Guidance on Public Company Cybersecurity Disclosures (Microsoft 365)
+- US - Department of Energy (DOE) Assistance to Foreign Atomic Energy Activities (Microsoft 365)
+- [US - Family Educational Rights and Privacy Act (FERPA)](/compliance/regulatory/offering-ferpa)
- US - Federal Information Security Modernization Act of 2014 (FISMA) (Microsoft 365)-- [US FERPA](/compliance/regulatory/offering-ferpa) (Microsoft 365)-- US-Cloud Act (Microsoft 365)
+- US - Protecting and Securing Chemical Facilities From Terrorist Attacks Act (Microsoft 365)
- Utah Consumer Credit Protection Act (Microsoft 365)-- Uzbekistan Law on Personal Data
+- Utah Electronic Information or Data Privacy (Microsoft 365)
+- Vermont - Act on Data Privacy and Consumer Protection (Microsoft 365)
- Victorian Protective Data Security Standards V2.0 (VPDSS 2.0) (Microsoft 365) - Vietnam - Consumer Rights Protection Law (Microsoft 365) - Vietnam - Law of Cybersecurity (Microsoft 365) - Vietnam - Law of Network Information Security - Vietnam - Law on Information Technology (Microsoft 365)
+- Virginia Breach of Personal Information Act (Microsoft 365)
+- Washington DC - Consumer Security Breach Notification Standard (Microsoft 365)
+- West Virginia - Breach of Security of Consumer Information (Microsoft 365)
+- Wisconsin Security Breach Notification (Microsoft 365)
- Yemen - Yemen Law of the Right of Access to Information (Microsoft 365)
compliance Compliance Manager Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-whats-new.md
+
+ Title: "What's new in Microsoft Compliance Manager"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+search.appverid:
+- MOE150
+- MET150
+description: "Find out whatΓÇÖs new in Compliance Manger and whatΓÇÖs to come. Read about updated assessments, new assessment templates, new actions, and more."
++
+# What's new in Microsoft Compliance Manager
+
+**In this article:** Learn about recent updates in Compliance Manager.
+
+## May 2021
+
+### New assessment templates
+
+We published 75 new assessment templates, including:
+- Australia Privacy Act
+- CIS Microsoft 365 Foundation Levels 1 and 2
+- Germany - Supervisory Requirements for IT in Financial Institutions (BAIT)
+- Sarbanes-Oxley Act
+- South Africa - Promotion of Access to Information Act
+
+Check out the complete list of [assessment templates](compliance-manager-templates-list.md).
+
+## April 2021
+
+### Support for US Government DoD customers
+
+Compliance Manager is now available to US Government DoD customers, in addition to US Government Community (GCC) Moderate and GCC High customers.
+
+## March 2021
+
+### Active and inactive templates
+
+Each assessment page and assessment template page has an activated templates counter. This counter shows how many eligible templates you're using according to your licensing agreement. View [Template types: included and premium, active and inactive](compliance-manager-templates.md#template-types-included-and-premium-active-and-inactive) to learn more.
compliance Content Search Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search-reference.md
Title: "Content search reference"
+ Title: "Feature reference for Content search"
f1.keywords: - NOCSH
description: "This article contains reference information about the Content search eDiscovery tool in the Microsoft 365 compliance center to help you learn the many details about Content search."
-# Content search reference
+# Feature reference for Content search
+
+This article describes features and functionality of Content search.
## Content search limits
Keep the following things in mind when using the keyword list to create a search
- If you have a search query that contains keywords for non-English characters (such as Chinese characters), you can click **Query language-country/region**![Query language-country/region icon in Content search](../media/8d4b60c8-e1f1-40f9-88ae-ee2a7eca0886.png) and select a language-country culture code value for the search. The default language/region is neutral. How can you tell if you need to change the language setting for a content search? If you're certain content locations contain the non-English characters you're searching for, but the search returns no results, the language setting may be the cause.
+## Partially indexed items
+
+- Partially indexed items in mailboxes are included in the estimated search results. Partially indexed items from SharePoint and OneDrive aren't included in the estimated search results. For more information, see [Partially indexed items in eDiscovery](partially-indexed-items-in-content-search.md).
+ ## Searching OneDrive accounts - To collect a list of the URLs for the OneDrive sites in your organization, see [Create a list of all OneDrive locations in your organization](/onedrive/list-onedrive-urls). This script in this article creates a text file that contains a list of all OneDrive sites. To run this script, you have to install and use the SharePoint Online Management Shell. Be sure to append the URL for your organization's MySite domain to each OneDrive site that you want to search. This is the domain that contains all your OneDrive; for example, `https://contoso-my.sharepoint.com`. Here's an example of a URL for a user's OneDrive site: `https://contoso-my.sharepoint.com/personal/sarad_contoso_onmicrosoft.com`.
If the Exchange Online license (or the entire Microsoft 365 license) is removed
If you need to preserve the data in a disconnected mailbox so that it's searchable, you must place a hold on the mailbox before removing the license. This preserves the data and keeps the disconnected mailbox searchable until the hold is removed. For more information about holds, see [How to identify the type of hold placed on an Exchange Online mailbox](identify-a-hold-on-an-exchange-online-mailbox.md).
-## Partially indexed items
--- As previously explained, partially indexed items in mailboxes are included in the estimated search results. Partially indexed items from SharePoint and OneDrive aren't included in the estimated search results.--- If a partially indexed item matches the search query (because other message or document properties meet the search criteria), it isn't included in the estimated number of unindexed items. If a partially indexed item is excluded by the search criteria, it isn't included in the estimated number of unindexed items. For more information, see [Partially indexed items in Content Search in Office 365](partially-indexed-items-in-content-search.md).- ## Searching for content in a SharePoint Multi-Geo environment If it's necessary for an eDiscovery manager to search for content in SharePoint and OneDrive in different regions in a [SharePoint multi-geo environment](../enterprise/multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md), then you need to do the following things to make that happen:
compliance Content Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search.md
To access to the **Content search** page in the Microsoft 365 compliance center
7. Review the search settings (and edit if necessary), and then submit the search to start it. To access this content search again or access other content searches listed on the **Content search** page, select the search and then click **Open**.
-
+ ## Next steps Here's a list of next steps to perform after you create and run a Content search.
Here's a list of next steps to perform after you create and run a Content search
- [Export search results](export-search-results.md) - [Export a search report](export-a-content-search-report.md)+
+## More information
+
+For more information about Content search, such as searching for content in different Microsoft 365 services, see [Feature reference for Content search](content-search-reference.md).
compliance Delete Items In The Recoverable Items Folder Of Mailboxes On Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold.md
# Delete items in the Recoverable Items folder of cloud-based mailboxes on hold The Recoverable Items folder for an Exchange Online mailbox exists to protect from accidental or malicious deletions. It's also used to store items that are retained and accessed by compliance features, such as holds and eDiscovery searches. However, in some situations organizations might have data that's been unintentionally retained in the Recoverable Items folder that they must delete. For example, a user might unknowingly send or forward an email message that contains sensitive information or information that may have serious business consequences. Even if the message is permanently deleted, it might be retained indefinitely because a legal hold has been placed on the mailbox. This scenario is known as *data spillage* because data has been unintentionally *spilled* into Office 365. In these situations, you can delete items in a user's Recoverable Items folder for an Exchange Online mailbox, even if that mailbox is placed on hold with one of the different hold features in Office 365. These types of holds include Litigation Holds, In-Place Holds, eDiscovery holds, and retention policies created in the security and compliance center in Office 365 or Microsoft 365.
-
- This article explains how admins can delete items from the Recoverable Items folder for cloud-based mailboxes that are on hold. This procedure involves disabling access to the mailbox and disabling single item recovery, disabling the Managed Folder Assistant from processing the mailbox, temporarily removing the hold, deleting items from the Recoverable Items folder, and then reverting the mailbox to its previous configuration. Here's the process:
+
+This article explains how admins can delete items from the Recoverable Items folder for cloud-based mailboxes that are on hold. This procedure involves disabling access to the mailbox and disabling single item recovery, disabling the Managed Folder Assistant from processing the mailbox, temporarily removing the hold, deleting items from the Recoverable Items folder, and then reverting the mailbox to its previous configuration. Here's the process:
[Step 1: Collect information about the mailbox](#step-1-collect-information-about-the-mailbox)
Additionally, you need to get the mailbox client access settings so you can temp
Get-Mailbox <username> | FL LitigationHoldEnabled,InPlaceHolds ```
- > [!TIP]
+ > [!TIP]
> If there are too many values in the *InPlaceHolds* property and not all of them are displayed, you can run the `Get-Mailbox <username> | Select-Object -ExpandProperty InPlaceHolds` command to display each value on a separate line. 5. Run the following command to get information about any organization-wide retention policies.
Additionally, you need to get the mailbox client access settings so you can temp
If your organization has any organization-wide retention policies, you'll have to exclude the mailbox from these policies in Step 3. It may take up to 24 hours to replicate the change.
- > [!TIP]
+ > [!TIP]
> If there are too many values in the *InPlaceHolds* property and not all of them are displayed, you can run the `Get-OrganizationConfig | Select-Object -ExpandProperty InPlaceHolds` command to display each value on a separate line. 6. Run the following command to determine if a delay hold is applied to the mailbox.
Perform the following steps in Exchange Online PowerShell.
Set-CASMailbox <username> -EwsEnabled $false -ActiveSyncEnabled $false -MAPIEnabled $false -OWAEnabled $false -ImapEnabled $false -PopEnabled $false ```
- > [!NOTE]
+ > [!NOTE]
> It might take up to 60 minutes to disable all client access methods to the mailbox. Note that disabling these access methods won't disconnect the mailbox owner if they are currently signed in. If the owner isn't signed in, they won't be able to access their mailbox after these access methods are disabled. 2. Run the following command to increase the deleted item retention period the maximum of 30 days. This assumes that the current setting is less than 30 days.
Perform the following steps in Exchange Online PowerShell.
Set-Mailbox <username> -SingleItemRecoveryEnabled $false ```
- > [!NOTE]
+ > [!NOTE]
> It might take up to 60 minutes to disable single item recovery. Don't delete items in the Recoverable Items folder until this period has elapsed. 4. Run the following command to prevent the Managed Folder Assistant from processing the mailbox. As previously explained, you can disable the Managed Folder Assistant only if a retention policy with a Preservation Lock is not applied to the mailbox.
compliance Endpoint Dlp Getting Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-getting-started.md
In this deployment scenario, you'll onboard devices that have not been onboarded
- Onboard Windows machines using Microsoft Endpoint Configuration Manager - Onboard Windows 10 machines using Mobile Device Management tools - Onboard Windows 10 machines using a local script
- - Onboard non-persistent virtual desktop infrastructure (VDI) machines.
+ - Onboard non-persistent virtual desktop infrastructure (VDI) machines in single-session scenarios
Once done and endpoint is onboarded, it should be visible in the devices list and also start reporting audit activity logs to Activity explorer.
Now that you have onboarded devices and can view the activity data in Activity e
- [Onboarding tools and methods for Windows 10 machines](/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints) - [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1) - [Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join)-- [Download the new Microsoft Edge based on Chromium](https://support.microsoft.com/help/4501095/download-the-new-microsoft-edge-based-on-chromium)
+- [Download the new Microsoft Edge based on Chromium](https://support.microsoft.com/help/4501095/download-the-new-microsoft-edge-based-on-chromium)
compliance Information Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-protection.md
To help prevent accidental oversharing of sensitive information, use the followi
|Capability|What problems does it solve?|Get started| |:|:|:|
-|[Learn about data loss prevention](dlp-learn-about-dlp.md)| Helps prevent unintentional sharing of sensitive items. | [Get started with the default DLP policy](get-started-with-the-default-dlp-policy.md)|
-|[Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md)| Extends DLP capabilities to items that are used and shared on Windows 10 computers. | [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md)|
-|[Learn about the Microsoft Compliance Extension (preview)](dlp-chrome-learn-about.md) | Extends DLP capabilities to the Chrome browser | [Get started with the Microsoft Compliance Extension (preview)](dlp-chrome-get-started.md)|
-|[Learn about Microsoft 365 data loss prevention on-premises scanner (preview)](dlp-on-premises-scanner-learn.md)|Extends DLP monitoring of file activities and protective actions for those files to on-premises file shares and SharePoint folders and document libraries.|[Get started with Microsoft 365 data loss prevention on-premises scanner (preview)](dlp-on-premises-scanner-get-started.md)|
+|[Data loss prevention](dlp-learn-about-dlp.md)| Helps prevent unintentional sharing of sensitive items. | [Get started with the default DLP policy](get-started-with-the-default-dlp-policy.md)|
+|[Endpoint data loss prevention](endpoint-dlp-learn-about.md)| Extends DLP capabilities to items that are used and shared on Windows 10 computers. | [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md)|
+|[Microsoft Compliance Extension (preview)](dlp-chrome-learn-about.md) | Extends DLP capabilities to the Chrome browser | [Get started with the Microsoft Compliance Extension (preview)](dlp-chrome-get-started.md)|
+|[Microsoft 365 data loss prevention on-premises scanner (preview)](dlp-on-premises-scanner-learn.md)|Extends DLP monitoring of file activities and protective actions for those files to on-premises file shares and SharePoint folders and document libraries.|[Get started with Microsoft 365 data loss prevention on-premises scanner (preview)](dlp-on-premises-scanner-get-started.md)|
|[Protect sensitive information in Microsoft Teams chat and channel messages](dlp-microsoft-teams.md) | Extends some DLP functionality to Teams chat and channel messages | [Learn about the default data loss prevention policy in Microsoft Teams (preview)](dlp-teams-default-policy.md)|
compliance Keyword Queries And Search Conditions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/keyword-queries-and-search-conditions.md
The following table lists email message properties that can be searched by using
|Received|The date that an email message was received by a recipient.|`received:04/15/2016` <br/> `received>=01/01/2016 AND received<=03/31/2016`|Messages that were received on April 15, 2016. The second example returns all messages received between January 1, 2016 and March 31, 2016.| |Recipients|All recipient fields in an email message. These fields are To, Cc, and Bcc.<sup>1</sup>|`recipients:garthf@contoso.com` <br/> `recipients:contoso.com`|Messages sent to garthf@contoso.com. The second example returns messages sent to any recipient in the contoso.com domain.| |Sent|The date that an email message was sent by the sender.|`sent:07/01/2016` <br/> `sent>=06/01/2016 AND sent<=07/01/2016`|Messages that were sent on the specified date or sent within the specified date range.|
-|Size|The size of an item, in bytes.|`size>26214400` <br/> `size:1..1048567`|Messages larger than 25??MB. The second example returns messages from 1 through 1,048,567 bytes (1 MB) in size.|
+|Size|The size of an item, in bytes.|`size>26214400` <br/> `size:1..1048567`|Messages larger than 25 MB. The second example returns messages from 1 through 1,048,567 bytes (1 MB) in size.|
|Subject|The text in the subject line of an email message. <br/> **Note:** When you use the Subject property in a query, the search returns all messages in which the subject line contains the text you're searching for. In other words, the query doesn't return only those messages that have an exact match. For example, if you search for `subject:"Quarterly Financials"`, your results will include messages with the subject "Quarterly Financials 2018".|`subject:"Quarterly Financials"` <br/> `subject:northwind`|Messages that contain the phrase "Quarterly Financials" anywhere in the text of the subject line. The second example returns all messages that contain the word northwind in the subject line.| |To|The To field of an email message.<sup>1</sup>|`to:annb@contoso.com` <br/> `to:annb ` <br/> `to:"Ann Beebe"`|All examples return messages where Ann Beebe is specified in the To: line.| |||||
The following table lists the contact properties that are indexed and that you c
> [!TIP] > To search for values that contain spaces or special characters, use double quotation marks (" ") to contain the phrase; for example, `businessaddress:"123 Main Street"`.
-| Property | Property description |
+|Property |Property description |
|:--|:--| |BusinessAddress|The address in the **Business Address** property. The property is also called the **Work** address on the contact properties page.| |BusinessPhone|The phone number in any of the **Business Phone** number properties.|
For more information about creating queries using the `SensitiveType` property,
Boolean search operators, such as **AND**, **OR**, and **NOT**, help you define more-precise searches by including or excluding specific words in the search query. Other techniques, such as using property operators (such as `>=` or `..`), quotation marks, parentheses, and wildcards, help you refine a search query. The following table lists the operators that you can use to narrow or broaden search results.
-| Operator | Usage | Description |
+|Operator |Usage |Description |
|:--|:--|:--| |AND|keyword1 AND keyword2|Returns items that include all of the specified keywords or `property:value` expressions. For example, `from:"Ann Beebe" AND subject:northwind` would return all messages sent by Ann Beebe that contained the word northwind in the subject line. <sup>2</sup>| |+|keyword1 + keyword2 + keyword3|Returns items that contain *either* `keyword2` or `keyword3` *and* that also contain `keyword1`. Therefore, this example is equivalent to the query `(keyword2 OR keyword3) AND keyword1`. <br/> The query `keyword1 + keyword2` (with a space after the **+** symbol) isn't the same as using the **AND** operator. This query would be equivalent to `"keyword1 + keyword2"` and return items with the exact phase `"keyword1 + keyword2"`.|
To search for Skype for Business conversations that occurred within a specific d
kind:im AND subject:conversation AND (received=startdate..enddate) ```
+## Character limits for searches
+
+There is a 4,000 character limit for search queries when searching for content in SharePoint sites and OneDrive accounts.
+Here is how the total number of characters in the search query are calculated:
+
+- The characters in keyword search query (including both user and filter fields) count against this limit.
+
+- The characters in any location property (such as the URLs for all the SharePoint sites or OneDrive locations being searched) count against this limit.
+
+- The characters in all the search permissions filters that are applied to the user running the search count against the limit.
+
+For more information about character limits, see [eDiscovery search limits](limits-for-content-search.md#search-limits).
+
+> [!NOTE]
+> The 4,000 character limit applies to Content search, Core eDiscovery, and Advanced eDiscovery.
+ ## Search tips and tricks - Keyword searches are not case-sensitive. For example, **cat** and **CAT** return the same results.
compliance Search For Content https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-for-content.md
Use the Content Search tool in the Security & Compliance Center to quickly find
The first step is to starting using the Content Search tool to choose content locations to search and configure a keyword query to search for specific items. Or, you can just leave the query blank and return all items in the target locations. -- [Create and run](content-search.md) a content search
+- [Create and run](content-search.md) a Content search
+
+- [Feature reference] for Content search (content-search-reference.md)
- [Build search queries and use conditions](keyword-queries-and-search-conditions.md) to narrow your search
compliance Sensitivity Labels Coauthoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-coauthoring.md
Make sure you understand the following prerequisites before you turn on this fea
- Microsoft 365 Apps for enterprise: - **Windows**: Preview: [Current Channel (Preview)](https://office.com/insider)
- - **macOS**: Preview: [Beta Channel](https://office.com/insider)
+ - **macOS**: Preview: [Current Channel (Preview)](https://office.com/insider)
- **iOS**: Not yet supported - **Android**: Not yet supported
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application version required for each
|[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | 16.43+ | 2.46+ | Rolling out: 16.0.13628+ | Yes <sup>\*</sup> | |[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | 2101+ | Rolling out: 16.45+ | Rolling out: 2.47+ | Rolling out: 16.0.13628+ | Rolling out |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | Rolling out: 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
-|[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Beta Channel](https://office.com/insider) | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
+|[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
| **Footnote:**
The numbers listed are the minimum Office application version required for each
|[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions: <br /> - Do Not Forward](encryption-sensitivity-labels.md#let-users-assign-permissions) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions: <br /> - Encrypt-Only](encryption-sensitivity-labels.md#let-users-assign-permissions) |2011+ | 16.48+ | 4.2112.0+ | 4.2112.0+ | Yes |
-|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | 2101+ | 16.43+ <sup>\*</sup> | Rolling out: 4.2111+ | Rolling out: 4.2111+ | Yes |
+|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | 2101+ | 16.43+ <sup>\*</sup> | 4.2111+ | 4.2111+ | Yes |
|[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | Under review | Under review | Under review | Under review | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | 16.44+ <sup>\*</sup> | Under review | Under review | Yes | |[Different settings for default label and mandatory labeling](#outlook-specific-options-for-default-label-and-mandatory-labeling) | Rolling out in Preview: [Beta Channel](https://office.com/insider) | 16.43.1108+ | 4.2111+ | 4.2111+ | Yes |
For Microsoft Word 2016, Excel 2016, PowerPoint 2016, and Outlook 2016, specify
| | |
-Deploy this setting by using Group Policy, or by using the [Office cloud policy service](https://docs.microsoft.com/DeployOffice/overview-office-cloud-policy-service).
+Deploy this setting by using Group Policy, or by using the [Office cloud policy service](/DeployOffice/overview-office-cloud-policy-service).
> [!NOTE] > If you use the Group Policy setting **Use the Sensitivity feature in Office to apply and view sensitivity labels** and set this to **1**, there are some situations where the Azure Information Protection client might still load in Office apps. Blocking the add-in from loading in each app prevents this happening.
compliance Sensitivity Labels Sharepoint Onedrive Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files.md
description: "Administrators can enable sensitivity label support for Word, Exce
>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).* > [!NOTE]
-> There's a current issue that results in labeled and encrypted files failing to open in Office on the web:
+> There's a current issue that results in some labeled and encrypted files failing to open in Office on the web:
> > While we investigate an issue related to specific document properties, you won't be able to open many files in Office on the web. For these files, you can continue to open and edit them in your desktop and mobile Office apps. Or, do the following: >
description: "Administrators can enable sensitivity label support for Word, Exce
> 3. Save the file in the original location (SharePoint or OneDrive), and close the desktop app. > 4. Open the file in Office on the web, and reapply the original label that applies encryption. >
-> Files that are created and edited only in Office on the web aren't affected.
+> Files that are labeled only in Office on the web aren't affected.
Enable sensitivity labels for Office files in SharePoint and OneDrive so that users can apply your [sensitivity labels](sensitivity-labels.md) in Office for the web. When this feature is enabled, users will see the **Sensitivity** button on the ribbon so they can apply labels, and see any applied label name on the status bar.
To enable the new capabilities, use the [Set-SPOTenant](/powershell/module/share
1. Using a work or school account that has global administrator or SharePoint admin privileges in Microsoft 365, connect to SharePoint. To learn how, see [Getting started with SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).
- > [!NOTE]
- > If you have Microsoft 365 Multi-Geo, use the -Url parameter with [Connect-SPOService](/powershell/module/sharepoint-online/connect-sposervice), and specify the SharePoint Online Administration Center site URL for one of your geo-locations.
+ Note: If you have Microsoft 365 Multi-Geo, use the -Url parameter with [Connect-SPOService](/powershell/module/sharepoint-online/connect-sposervice), and specify the SharePoint Online Administration Center site URL for one of your geo-locations.
2. Run the following command and press **Y** to confirm:
If you have Microsoft 365 Multi-Geo, you must run this command for each of your
After you've enabled sensitivity labels for Office files in SharePoint and OneDrive, consider automatically labeling these files by using auto-labeling policies. For more information, see [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md).
-Need to share your labeled and encrypted documents with people outside your organization? See [Sharing encrypted documents with external users](sensitivity-labels-office-apps.md#sharing-encrypted-documents-with-external-users).
+Need to share your labeled and encrypted documents with people outside your organization? See [Sharing encrypted documents with external users](sensitivity-labels-office-apps.md#sharing-encrypted-documents-with-external-users).
compliance Tls 1.0 And 1.1 Deprecation For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365.md
You'll need to update applications that call Microsoft 365 APIs over TLS 1.0 or
## More information
-For more information, see [Preparing for the mandatory use of TLS 1.2 in Office 365](https://support.microsoft.com/help/4057306/preparing-for-tls-1-2-in-office-365).
+For more information, see [Preparing for the mandatory use of TLS 1.2 in Office 365](https://support.microsoft.com/help/4057306/preparing-for-tls-1-2-in-office-365).
+
+## References
+
+The following resources provide guidance to help make sure that your clients are using TLS 1.2 or a later version and to disable TLS 1.0 and 1.1:
+
+- For Windows 7 clients that connect to Office 365, make sure that TLS 1.2 is the default secure protocol in WinHTTP in Windows. For more information, see [KB 3140245 - Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows](https://support.microsoft.com/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in).
+- To address weak TLS usage by removing TLS 1.0 and 1.1 dependencies, see [TLS 1.2 support at Microsoft](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/).
+- [New IIS functionality](https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/) makes it easier to find clients on [Windows Server 2012 R2](https://support.microsoft.com/help/4025335/windows-8-1-windows-server-2012-r2-update-kb4025335) and [Windows Server 2016](https://support.microsoft.com/help/4025334/windows-10-update-kb4025334) that connect to the service by using weak security protocols.
+- Get more information about how to [solve the TLS 1.0 problem](https://www.microsoft.com/download/details.aspx?id=55266).
+- For general information about our approach to security, go to the [Office 365 Trust Center](https://www.microsoft.com/trustcenter/cloudservices/office365).
+- [Preparing for TLS 1.0/1.1 Deprecation - Office 365 Skype for Business](https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Preparing-for-TLS-1-0-1-1-Deprecation-O365-Skype-for-Business/ba-p/222247)
+- [Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649)
+- [Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and/ba-p/607761)
+- [Exchange Server TLS guidance Part 3: Turning Off TLS 1.0/1.1](https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-3-turning-off-tls-1-0-1-1/ba-p/607898)
+- [Enable TLS 1.1 and TLS 1.2 support in Office Online Server](/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-online-server)
+
knowledge Manage Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/manage-topics.md
Title: 'Manage topics in the topic center in Microsoft Viva Topics'
-description: 'How to manage topics in the Topic Center.'
+description: 'How to manage topics in the topic center.'
localization_priority: None
</br> - In the Viva Topics topic center, a knowledge manager can view the **Manage topics** page to review topics that have been identified in the source locations as specified by your knowledge admin.
- ![Topic Center](../media/knowledge-management/topic-center.png) </br>
+ ![Topic Center](../media/knowledge-management/topic-center.png)
+
+## Topic stages
+Knowledge managers help to guide discovered topics through the various topic lifecycle stages: **Suggested**, **Confirmed**, **Published**, and **Removed**.
+ ![Topic Lifecycle chart](../media/knowledge-management/topic-lifecycle.png)
-Knowledge managers help to guide discovered topics through the various topic lifecycle stages:
+- **Suggested**: A topic has been identified by AI and has enough supporting resources, connections, and properties. (These are marked as a **Suggested Topic** in the UI.)
-- **Suggested**: A topic has been identified by AI and has enough supporting resources, connections, and properties.-- **Confirmed**: A topic that has been suggested by AI is validated. Validation is done by confirmation from a knowledge manager. Additionally, a topic can be confirmed if there is a net positive 2 votes from end users received via the feedback mechanisms on the topic card.
+- **Confirmed**: A topic that has been suggested by AI is validated. Topic validation must be confirmed by a knowledge manager. For a topic to be confirmed, there must be a net of two positive votes received from users who voted using the feedback mechanism on the topic card. For example, if one user voted positive and one user voted negative for a particular topic, you would still need two more positive votes for the topic to be confirmed.
+
- **Published**: A confirmed topic that has been curated: manual edits have been made to improve its quality.-- **Removed**: A topic is rejected by a knowledge manager and will no longer be visible to viewers. The topic can be in any state when it is removed (suggested, confirmed, or published). When a published topic is removed, the page with the curated details will need to be deleted manually through the Pages Library of the topic center.
- ![Topic Lifecycle chart](../media/knowledge-management/topic-lifecycle.png) </br>
+- **Removed**: A topic is rejected by a knowledge manager and will no longer be visible to viewers. A topic can be removed in any state (suggested, confirmed, or published). For a topic to be removed, there must be a net of two negative votes received from users who voted using the feedback mechanisms on the topic card. For example, if one user voted negative and one user voted positive for a particular topic, you would still need two more negative votes for the topic to be removed. When a published topic is removed, the page with the curated details will need to be deleted manually through the Pages Library of the topic center.
> [!Note]
-> On the Manage Topics page, each knowledge manager will only be able to see topics where they have access to the underlying files and pages connected to the topic. This permission trimming will be reflected in the list of topics that appear in the **Suggested**, **Confirmed**, **Removed**, and **Published** tabs. The topic counts, however, show the total counts in the organization regardless of permissions.
+> On the **Manage topics** page, each knowledge manager will only be able to see topics where they have access to the underlying files and pages connected to the topic. This permission trimming will be reflected in the list of topics that appear in the **Suggested**, **Confirmed**, **Published**, and **Removed** tabs. The topic counts, however, show the total counts in the organization regardless of permissions.
## Requirements
To manage topics in the topic center, you need to:
- Have the [**Who can manage topics**](./topic-experiences-user-permissions.md) permission. Knowledge admins can give users this permission in the Viva Topics topic permissions settings.
-You will not be able to view the Manage Topics page in the topic center unless you have the **Who can manage topics** permission.
-
-In the topic center, a knowledge manager can review topics that have been identified in the source locations you specified, and can either confirm or reject them. A knowledge manager can also create and publish new topic pages if one was not found in topic discovery, or edit existing ones if they need to be updated.
+You will not be able to view the **Manage topics** page in the topic center unless you have the **Who can manage topics** permission.
+In the topic center, a knowledge manager can review topics that have been identified in the source locations you specified, and can either confirm or remove them. A knowledge manager can also create and publish new topic pages if one was not found in topic discovery, or edit existing ones if they need to be updated.
## Review suggested topics
-On the topic center Manage Topics page, topics that were discovered in your specified SharePoint source locations will be listed in the **Suggested** tab. If needed, a knowledge manager can review unconfirmed topics and choose to confirm or reject them.
+On the **Manage topics** page, topics that were discovered in your specified SharePoint source locations will be listed on the **Suggested** tab. If needed, a knowledge manager can review unconfirmed topics and choose to confirm or remove them.
- ![Suggested Topics](../media/knowledge-management/quality-score.png) </br>
+ ![Suggested Topics](../media/knowledge-management/quality-score.png)
To review a suggested topic:
-1. On the **Manage topics** page, select the **Suggested** tab, select the topic to open the topic page.</br>
+1. On the **Manage topics** page, select the **Suggested** tab, and then select the topic to open the topic page.
2. On the topic page, review the topic page, and select **Edit** if you need to make any changes to the page. Publishing any edits will move this topic to the **Published** tab.
-3. After reviewing the topic, go back to the Manage Topics page. For the selected topic, you can:
+3. After reviewing the topic, go back to the **Manage topics** page. For the selected topic, you can:
- Select the check mark to confirm the topic.
- - Select the **x** if you want to reject the topic.
+ - Select the **x** if you want to remove the topic.
Confirmed topics will be removed from the **Suggested** list and will now display in the **Confirmed** list.
- Rejected topics will be removed from the **Suggested** list and will now display in the **Removed** tab.
-
- </br>
+ Removed topics will be removed from the **Suggested** list and will now display in the **Removed** tab.
### Quality score
-Each topic that appears on your Suggested Topics page has a quality score assigned to it. The quality score is a reflection of the amount of information that the average user will see for the information on the topic, keeping in mind that each user might see more or less information because of the permissions they might or might not have on the information in a topic.
+Each topic that appears on the **Suggested** topics page has a quality score assigned to it. The quality score is a reflection of the amount of information that the average user will see for the information on the topic, keeping in mind that each user might see more or less information because of the permissions they might or might not have on the information in a topic.
The quality score can help give insight to the topics with the most information and can be useful for finding topics that may need to be manually edited. For example, a topic with a lower quality score might be the result of some users not having SharePoint permissions to pertinent files or sites that AI has included in the topic. A contributor could then edit the topic to include the information (when appropriate), which will then be viewable to all users who can view the topic. ### Impressions
-The **Impressions** column displays the number of times a topic has been shown to end users. This includes views through topic answer cards in search and through topic highlights. It does not reflect the click-through on these topics, but that the topic has been displayed. The **Impressions** column will show for topics in the **Suggested**, **Confirmed**, **Published**, and **Removed** tabs on the Manage Topics page.
+The **Impressions** column displays the number of times a topic has been shown to end users. This includes views through topic answer cards in search and through topic highlights. It does not reflect the click-through on these topics, but that the topic has been displayed. The **Impressions** column will show for topics in the **Suggested**, **Confirmed**, **Published**, and **Removed** tabs on the **Manage topics** page.
## Confirmed topics
-On the Manage Topics page, topics that were discovered in your specified SharePoint source locations and have been confirmed by a knowledge manager or "crowdsourced" confirmed by a net two or more people (balancing negative user votes against positive user votes) through the card feedback mechanism will be listed in the **Confirmed** tab. If needed, a user with permissions to manage topics can review confirmed topics and choose to reject them.
+On the **Manage topics** page, topics that were discovered in your specified SharePoint source locations and have been confirmed by a knowledge manager or "crowdsourced" confirmed by a net two or more people (balancing negative user votes against positive user votes) through the card feedback mechanism will be listed in the **Confirmed** tab. If needed, a user with permissions to manage topics can review confirmed topics and choose to reject them.
To review a confirmed topic:
-1. On the **Confirmed** tab, select the topic to open the topic page.</br>
+1. On the **Confirmed** tab, select the topic to open the topic page.
2. On the topic page, review the topic page, and select **Edit** if you need to make any changes to the page. Note that you can still choose to reject a confirmed topic. To do this, go to the selected topic on the **Confirmed** tab, and select the **x** if you want to reject the topic. ## Published topics+ Published topics have been edited so that specific information will always appear to whoever encounters the page. Manually created topics are listed here as well.
- ![Manage Topics](../media/knowledge-management/manage-topics-new.png) </br>
+ ![Manage Topics](../media/knowledge-management/manage-topics-new.png)
knowledge Scale Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/scale-topics.md
+
+ Title: "Manage topics at scale in Microsoft Viva Topics"
++++
+audience: admin
+
+search.appverid:
+
+ - enabler-strategic
+ - m365initiative-viva-topics
+localization_priority: None
+description: "Learn about best practices to manage the many topics in your organization using Viva Topics."
+
+# Manage topics at scale in Microsoft Viva Topics
+
+When you index your SharePoint sites or your entire organization for Viva Topics, many topics might be generated. When this happens and you see thousands of suggested topics on the **Manage topics** page, it can be challenging to know where to start. This article describes how Viva Topics helps you optimize which topics and information are shown to users who are searching for information, even in large organizations with large numbers of topics.
+
+First, a reminder of the four states for topics:
+
+- **Suggested**: A topic has been identified by AI and has enough supporting resources, connections, and properties. (These are marked as a **Suggested Topic** in the UI.)
+
+- **Confirmed**: A topic that has been suggested by AI is validated. Topic validation must be confirmed by a knowledge manager. For a topic to be confirmed, there must be a net of two positive votes received from users who voted using the feedback mechanism on the topic card. For example, if one user voted positive and one user voted negative for a particular topic, you would still need two more positive votes for the topic to be confirmed.
+
+- **Published**: A confirmed topic that has been curated: manual edits have been made to improve its quality.
+
+- **Removed**: A topic is rejected by a knowledge manager and will no longer be visible to viewers. A topic can be removed in any state (suggested, confirmed, or published). For a topic to be removed, there must be a net of two negative votes received from users who voted using the feedback mechanisms on the topic card. For example, if one user voted negative and one user voted positive for a particular topic, you would still need two more negative votes for the topic to be removed. When a published topic is removed, the page with the curated details will need to be deleted manually through the Pages Library of the topic center.
+
+## Knowledge manager role
+
+When you configure Viva Topics, you'll add a group of users who are granted permissions to see the **Manage topics** experience in the topic center. It will appear only for these users who hold the role of primary curation for the topics. They'll have access to data about the topics and will be able to see lists of all topics that they have access to review and curate.
+
+Employees in this role should have broad permissions to view a wide array of topics. Or if permissions are segmented, you might want to select a group of users that represent different areas of the business and can curate for their own areas.
+
+When you first review topics in the topic center, suggested topics are purely AI-defined. Knowledge managers might want to review each one before rolling out Viva Topics to a broad user community. When working at scale, this approach is rarely a practical because of the thousands of topics.
+
+The recommended approach is to find a balance of the most pertinent or important topics for your initial set of users and focus on curation of those topics before rollout of Viva Topics. Begin to collect feedback from the users and allow crowdsourcing to determine the usage and contribution patterns of your users to inform the strategies suggested in this article.
+
+It's important to recognize that the system will identify and show both AI-suggested and human-curated published topics to all users. However, this doesn't mean that every suggested topic will be shown to all end users. The security settings in place will show only the topics that each employee can access based on the permissions that are set on the content itself.
+
+As a knowledge manager with permissions to view the **Manage topics** page, you might see a much larger number of topics listed because of your own elevated permissions, depending on your role in the organization and level of access. You'll also have access to views that allow you see topics listed in a single location rather than accessing them by using highlights or search.
+
+In addition, there is likely a smaller percentage of topics that will be viewed by most users and a larger set of more topics that will be seen much less frequently due to permissions. As a result, it is good to first focus any curation tasks on the topics that are the most important for your organization and that are the most likely to be seen more broadly.
+
+This article covers a few strategies for curation. These strategies might mean that the less frequent or less common topics might not be fully curated by knowledge managers. However, these suggested topics remain useful and can provide insight or a pointer to a person, which can save an employee hours of looking for a starting point. Allowing crowdsourced updates to topics is beneficial and provides more content and coverage for the less common topics.
+
+This article provides some guidance and best practices to approach topic management and curation.
+
+## Understanding suggested topics
+
+When topics are discovered by AI, they're marked as a **Suggested Topic**, both on the **Manage topics** page, and in the topic cards that are presented to users. Any topic that hasn't been marked as removed will be shown to usersΓÇöthis includes confirmed, published, and suggested topics. Topics in all three states are available to end users.
+
+Within a topic card or page, we use various cues to show how the AI has generated the information. The system uses a variety of evidence to add the resources, primarily through the content itself.
+
+- Labels show that a topic is suggested and that it was discovered by Viva Topics.
+
+ ![Sample card showing a suggested topic and includes suggested people and suggested resources.](../media/knowledge-management/scale-topics-sample-card-suggested-topic.png)
+
+- Information on the card states where a definition has come from by specifying its source.
+
+- Suggested people are derived by aggregating people who have written or edited documents with topic evidence. If a person writes a document that has a topic name in the title, and that document has many views, it might only require one document to establish the person as related. However, in many cases more evidence is better, and people who are listed have worked on multiple documents.
+
+ ![Page showing a suggested topic and include suggested people, files, and pages.](../media/knowledge-management/scale-topics-sample-page-suggested-topic.png)
+
+- For the files and pages shown, the system identifies how many times the topic has been mentioned in the document, but the topic also must be mentioned in a specific context that identifies the reference to the topic of specific type (such as project or team). This is what counts as evidence for the AI. The system also considers the occurrence of a topic name in the titles of documents, types of documents, and other analytics features (such as views).
+
+ ![Image of a banner that says Suggested topic and Microsoft Viva discovered this topic.](../media/knowledge-management/scale-topics-suggested-you-have-access.png)
+
+ ![Image of a banner that says Suggested topic and Edit this page to describe your involvement in this topic.](../media/knowledge-management/scale-topics-suggested-describe-your-involvement.png)
+
+ ![Image of a banner that says Suggested topic and Edit this page if you can add people connected to the topic.](../media/knowledge-management/scale-topics-suggested-add-people.png)
+
+These attributes demonstrate that the content has been added by AI, and how the AI has made that determination.
+
+### Communication
+
+When communicating to your users about Viva Topics, it's important to clarify the difference between AI-suggested topics and content and their curated equivalents.
+
+As a reader, you should view suggested topics with a more critical eye. They shouldn't be perceived as authoritative sources of organizational truth. Rather, they're a way-finding tool to access tacit knowledge that is presented through the content that you have access to. The AI has discovered the topic and has enough evidence to show it to you, but its value hasn't been confirmed by a person.
+
+### Crowdsourced controls
+
+Suggested topics can be improved by curation of the page and through crowdsourced feedback on the topic.
+
+When users interact with a suggested topic, they might be asked a simple question in the UI. For example: *Was this topic relevant to the page?* *Is this person relevant for the topic?* *Was this definition accurate?* By using the feedback to such questions, the accuracy of the topics can increase without the need for a named individual to curate the page.
+
+The home page of a topic center is another location where feedback on suggested topics is gathered. In the topic center, a user can see the topics that they have been associated with and are given the option to either confirm this association or have it removed.
+
+ ![Example of topic center displaying suggested topics for the user to confirm or remove their connection to suggested topics.](../media/knowledge-management/scale-topics-topic-center-confirm-connections.png)
+
+When you allow broad crowdsourcing of topics, you should consider the following factors:
+
+- Users will see the **Edit** option on topic pages and can edit the pages in the same experience as other modern SharePoint pages.
+
+- Some **Suggested Topic** web parts can't be removed. The topic name, alternate names, definition, suggested people, and suggested resources can't be removed.
+
+- It can take some time for a suggested or confirmed topic that has been published to be moved to the **Published** list on the **Manage topics** page.
+
+ - The estimated time for a topic to appear in search, highlights, hashtags, or annotations is 2 hours.
+
+ - The estimated time for a topic to appear in **Published** list on the **Managed topics** page is no more than 24 hours in most cases. You should see them within 2 hours, but because there's a full sync every 24 hours, the wait shouldn't be longer than 24 hours.
+
+- It's possible that a user might leave a published topic in a checked-out or editing state. A knowledge manager can see these in the Pages Library of the topic center and either can discard the user's changes to republish the topic or contact that user to request that they check in the topic.
+
+### Topic visibility and content is based on a user's permissions
+
+When you review the list of suggested topics as a knowledge manager, keep in mind that the contents on a suggested topic will be dynamically based on permissions. The suggested content and people that are shown to you might not be the same as those who are presented to any user or another knowledge manager.
+
+Based on the permissions to view content that is associated with a topic, each user might see a different set of suggested resources, people, alternative names, and definition.
+
+## Prioritize the topics for curation
+
+You can use the following strategies to identify topics that are likely to be prominent, and therefore are good candidates for curation.
+
+### Taxonomies
+
+Using existing taxonomies can provide a list of topics that are likely to be prominent for users. For example, these could be:
+
+- Products and services that your organization provides
+
+- Teams in your organization
+
+- High-profile projects
+
+This approach could also be taken on a departmental or functional level, with subject-matter experts who understand that area of your organization. The goal isn't to have them review a selection or all of the topics. Rather, they bring their own domain expertise to guide selective curation.
+
+### Search
+
+Common search terms are often discovered as topics. By using the [top query reports in Microsoft Search](/sharepoint/view-search-usage-reports), you can identify the most frequent search terms in your organization. If topics have been discovered for these terms, they're good candidates for curation. These topics can be presented as answer cards in Microsoft Search.
+
+If you're currently using [Microsoft Search bookmarks](/microsoftsearch/manage-bookmarks), consider which of these can be replaced with a topic. A bookmark answer card contains a title, description, and URL. In some circumstances, a topic card might be more useful to a user, and a topic card also shows resources and people.
+
+In the user's search experience, when a user searches for a term like *travel*, search results are displayed in the following priority order in Microsoft Search:
+
+1. Published or confirmed topics
+
+2. Bookmarks
+
+3. Suggested topics
+
+### Impressions and quality score
+
+The [impressions](manage-topics.md#impressions) count and [quality score](manage-topics.md#quality-score) are important metrics for understanding the behavior of a topic. The value of these metrics will be limited when only knowledge managers or IT teams have access to topics. Exposing topics to a pilot group of users will generate more representative data for these measures.
+
+Topics with a high impression count are likely to be more frequently interacted with. The quality score for these topics will give a sense of how rich those topics are. Topics with a high impression count and a low quality score are good targets for curation.
+
+### Key terms from the information architecture of larger organizational sites
+
+Larger portal sites within your organization might have invested time in organizing their information architecture and the navigation of their site around key topic areas for their business units, product lines, major projects, and so on. Reviewing these terms and identifying and curating topics for these terms can help users who are looking for information on these areas.
+
+### Leverage internal knowledge bases or wiki sites
+
+If your organization has invested in knowledge bases or wiki sites, these can provide a list of topics to use for your initial curation efforts. If they're particularly large, select the most viewed or edited topics as a starting point.
+
+## See also
+
+[Manage topics in the topic center](manage-topics.md)
+
+[Topic center overview](topic-center-overview.md)
knowledge Topic Center Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-center-overview.md
The topic center is created during Viva Topics setup. After setup completes, an
1. In the Microsoft 365 admin center, select **Settings**, and then select **Org settings**. 2. On the **Services** tab, select **Topic Experiences**.
- ![Connect people to knowledge](../media/admin-org-knowledge-options-completed.png) </br>
+ ![Connect people to knowledge](../media/admin-org-knowledge-options-completed.png)
3. Select the **Topic center** tab. Under **Site address** is a link to your Topic center.
- ![knowledge-network-settings](../media/knowledge-network-settings-topic-center.png) </br>
+ ![knowledge-network-settings](../media/knowledge-network-settings-topic-center.png)
On the topic center home page, you can see the topics in your organization to wh
- Suggested connections - You will see topics listed under **We've listed you on these topics. Did we get it right?** These are topics in which your connection to the topic has been suggested through AI. For example, you might be an author of a related file or site. You are asked to confirm that you should stay listed as a related person for the topic.
- ![Suggested connections](../media/knowledge-management/my-topics.png) </br>
+ ![Suggested connections](../media/knowledge-management/my-topics.png)
- Confirmed connections - These are topics in which you are pinned on the topic page or you've confirmed a suggested connection to the topic. Topics will move from the suggested to confirmed section when you confirm a suggested connection.
- ![Confirmed topics](../media/knowledge-management/my-topics-confirmed.png) </br>
+ ![Confirmed topics](../media/knowledge-management/my-topics-confirmed.png)
Once a user confirms their connection to a topic, the user can make edits to the topic page to curate their connection. For example, they can provide more information about their connection to the topic. ## Manage topics page
-To work in the **Manage Topics** section of topic center, you need to have the required Manage Topic permissions needed for the knowledge manager role. Your admin can assign these permissions to users during [knowledge management setup](set-up-topic-experiences.md), or new users can be [added afterwards](topic-experiences-knowledge-rules.md) by an admin through the Microsoft 365 admin center.
+To work on the **Manage topics** page of topic center, you need to have the required Manage topics permissions needed for the knowledge manager role. Your admin can assign these permissions to users during [knowledge management setup](set-up-topic-experiences.md), or new users can be [added afterwards](topic-experiences-knowledge-rules.md) by an admin through the Microsoft 365 admin center.
-On the Manage Topics page, the topic dashboard shows all the topics, you have access to, that were identified from your specified source locations. Each topic will show the date the topic was discovered. A user who was assigned Manage topics permissions can review the unconfirmed topics and choose to:
-- Confirm the topic: Indicates to users that an AI-suggested topic has been validated by a human curator. -- Publish the topic: Edit the topic information to improve the quality of the topic that was initially identified, and highlights the topic to all users who have view access to topics.
+On the **Manage topics** page, the topic dashboard shows all the topics, you have access to, that were identified from your specified source locations. Each topic will show the date the topic was discovered. A user who was assigned Manage topics permissions can review the unconfirmed topics and choose to:
+
+- Confirm the topic: Indicates to users that an AI-suggested topic has been validated by a human curator.
+
+- Publish the topic: Edit the topic information to improve the quality of the topic that was initially identified, and highlights the topic to all users who have view access to topics.
+
- Remove the topic: Makes the topic undiscoverable to end users. The topic is moved to the **Removed** tab and can be confirmed later if needed.
-> [!Note]
-> See [Manage topics](manage-topics.md) for more details about topic managing topics in the Manage topics page.
+For more information about how to manage topics on the **Manage topics page, see [Manage topics](manage-topics.md).
## Create or edit a topic If you have Create and edit topics permissions, you can: - [Edit existing topics](edit-a-topic.md): You can make changes to existing topic pages that were created through discovery.+ - [Create new topics](create-a-topic.md): You can create new topics for ones that were not found through discovery, or if AI tools did not find enough evidence to create a topic.
learning Configure Sharepoint Content Source https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/learning/configure-sharepoint-content-source.md
Previously updated : 04/30/2021 Last updated : 05/12/2021 audience: admin
- m365initiative-viva-learning localization_priority: None description: "Learn how to configure SharePoint as a learning content source for Microsoft Viva Learning (Preview)."-+ # Coming soon: Configure SharePoint as a learning content source for Microsoft Viva Learning (Preview)
learning Content Sources 365 Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/learning/content-sources-365-admin-center.md
Previously updated : 04/30/2021 Last updated : 05/12/2021 audience: admin
- m365initiative-viva-learning localization_priority: None description: "Learn how to configure learning content sources for Microsoft Viva Learning (Preview) in the Microsoft 365 admin center."- # Configure learning content sources for Microsoft Viva Learning (Preview) in the Microsoft 365 admin center
learning Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/learning/index.md
Previously updated : 04/30/2021 Last updated : 05/12/2021 audience: enabler ms.prod: microsoft-365-enterprise
- m365initiative-viva-learning localization_priority: None description: "Learn how to find resources for Microsoft Viva Learning (Preview)."- # Introduction to Microsoft Viva Learning (Preview)
learning Overview Viva Learning https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/learning/overview-viva-learning.md
Previously updated : 04/30/2021 Last updated : 05/12/2021 audience: admin
- m365initiative-viva-learning localization_priority: None description: "Learn about Microsoft Viva Learning (Preview) in your Microsoft 365 environment."- # Overview of Microsoft Viva Learning (Preview)
learning Set Up Teams Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/learning/set-up-teams-admin-center.md
Previously updated : 04/30/2021 Last updated : 05/12/2021 audience: admin
- m365initiative-viva-learning localization_priority: None description: "Learn how to configure Microsoft Viva Learning (Preview) in the Teams admin center."- # Set up Microsoft Viva Learning (Preview) in the Teams admin center
lti Teams Classes Lms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-lms.md
+
+ Title: Use Microsoft Teams classes in your Learning Management System
++++
+audience: admin
++
+f1.keywords:
+- CSH
+
+localization_priority: Normal
+
+description: "Integrate Microsoft Teams classes in your Learning Management System"
+++
+# Use Microsoft Teams classes in your Learning Management System
+
+> [!IMPORTANT]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+Microsoft Teams class teams is a Learning Tools Interoperability (LTI) app that helps educators and students easily navigate between their Learning Management System (LMS) and Teams. Users can access their class teams associated with their course directly from within their LMS.
+
+## Approve the app in the Microsoft Azure tenant
+
+The following tasks are completed by the Microsoft Office 365 admin and the Blackboard Learn Ultra admin.
+
+Before managing the integration within Blackboard Learn Ultra, the Microsoft Office 365 admin must approve the Blackboard **MSFT Teams for Learn Ultra Azure** app for the institutionΓÇÖs Microsoft Azure tenant.
+
+1. Find your Microsoft Tenant ID. See [how to find the tenant](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant).
+
+2. Redirect the Microsoft Identity Platform Admin Consent Endpoint according to the following example:
+
+ `https://login.microsoftonline.com/{tenant}/adminconsent?client\_id=2d94989f-457a-47c1-a637-e75acdb11568`
+
+ > [!NOTE]
+ > Replace {tenant} with your organizationΓÇÖs Microsoft tenant ID.
+
+## Register the integration apps
+
+As a Blackboard Learn Ultra admin, you'll need to register 2 LTI 1.3 integration apps within your Test environment:
+
+- The Blackboard Learn Class Teams integration to support the roster sync
+
+- The Microsoft Teams class team LTI app
+
+1. Make a note of the following LTI Client IDs for both Apps:
+
+ - Blackboard - f1561daa-1b21-4693-ba90-6c55f1a0eb41
+
+ - Microsoft - 027328b7-c2e3-4c9e-aaa1-07802dae6c89
+
+2. Access the Admin Panel, and under **Integrations**, locate the LTI Tool Providers.
+
+ ![this is the LTI Tool Provider dialog shows a list of providers](../media/lti-media/lti-tool-providers.png)
+
+3. Select **Register LTI1.3/Advantage Tool**.
+
+4. Enter the first of the Client IDs provided (either Blackboard or Microsoft), and select **Submit**.
+
+ ![the LTI register tool with a field to enter the client id](../media/lti-media/register-tool.png)
+
+5. Review the pre-populated settings and ensure that the tool status is marked as approved.
+
+6. Scroll to the bottom, and then select **Submit**.
+
+7. Repeat the previous steps to register the second of the LTI apps within your environment.
+
+## Set up the REST Application and Cross Origin Resource Sharing
+
+The Blackboard Learn Ultra admin will also need to configure the REST Application and the Cross Origin Resource Sharing configuration.
+
+Complete the following to set up the REST Application
+
+1. Access the Learn Administration Tools, and then select **REST API Integrations** from the **Integrations** section.
+
+2. Select **Create integrations** and enter the same Application/Client ID that you entered for the Blackboard Learn Class Teams Integration LTI tool.
+
+3. Enter the Learn User (this could be your own learn admin username), or select **Browse** to locate.
+
+4. Select **Yes** for **End User Access**.
+
+5. Select **Yes** for **Authorized to Act as User**
+
+6. Select **Submit** once complete.
+
+## Set up Cross-Origin Resource Sharing
+
+1. Access the Learn Administration Tools, and select **Cross-Origin Resource Sharing** from the **Integrations** section.
+
+2. Select **Create Configuration**.
+
+3. Enter `https://bb-ms-teams-ultra-ext.api.blackboard.com` in the origin.
+
+4. Add the word **Authorization** in the **Allowed Headers**.
+
+5. Set **Available** to **Yes**.
+
+6. Select **Submit** once complete.
+
+## Enable Class Teams in Blackboard Learn
+
+Once you've enabled the LTI tools, your next step will be to set up the Microsoft Class Teams integration from your own Microsoft Office 365 tenant. You can do this by following these steps as the Blackboard Learn Ultra admin.
+
+1. In **Learn Admin** > **Tools and Utilities**, select **Microsoft Teams Integration Admin**.
+
+ ![the tools and utilities dialog with a list of available tools](../media/lti-media/tools-utilities.png)
+
+2. Select the checkbox for **Enable Microsoft Teams**.
+
+3. Enter your tenant ID as referenced in the section under Microsoft O365 Admin
+
+ > [!NOTE]
+ > You won't be able to save the settings until the app has been approved by the O365 admin. See [Approve the app in Microsoft Azure tenant](#approve-the-app-in-the-microsoft-azure-tenant).
+
+4. When the global O365 admin has approved the Blackboard Teams application in your Microsoft Tenant, select **Submit**.
lti Use Onedrive With Lms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/use-onedrive-with-lms.md
+
+ Title: Use OneDrive Learning Tools Interoperability
++++
+audience: admin
++
+f1.keywords:
+- CSH
+
+localization_priority: Normal
+
+description: "Create and grade assignments, build and curate course content, and collaborate on files in real time with the new OneDrive Learning Tools Interoperability App."
++
+# Use Microsoft OneDrive with your Learning Management System
+
+> [!IMPORTANT]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+Learn the benefits of using Microsoft OneDrive with your Learning Management System (LMS).
+
+**Brings Microsoft Office 365 directly into your workflows**
+
+The Microsoft OneDrive Learning Tools Interoperability (LTI) App integrates with your LMS to bring Microsoft OneDrive and Microsoft Office 365 directly into your most important workflows that include:
+
+- Attaching resources and organizing content.
+- Starting collaborative documents.
+- Creating and grading assignments.
+
+**Secure and fully compliant with latest LTI standards**
+
+The Microsoft OneDrive LTI App is compatible with LTI 1.3 and LTI Advantage. This advantage allows for a highly secure and tightly integrated user experience.
+
+**Modern and Rich User Experience**
+
+The Microsoft OneDrive LTI App brings the best of Microsoft right into your LMS experience. We're improving upon the existing Office 365 integration in your LMS by delivering a more modern user experience, complete with a new and expanded Microsoft OneDrive file picker and richer editing experiences for Office files. Microsoft will also fully own the Microsoft OneDrive LTI App going forward, which means youΓÇÖll always get the latest and greatest from Microsoft automatically.
+
+The Microsoft OneDrive LTI App allows you to:
+
+- Attach Office 365 files including Word documents, PowerPoint presentations, and Excel from the Rich Content Editor.
+
+- Distribute Office 365 cloud assignments.
+
+- View and organize your personal and course Microsoft OneDrive files.
+
+- Create collaborations where course members can work together on shared documents in real time.
+
+- Access multiple Microsoft OneDrive accounts, including personal and school accounts.
+
+- Integrate Office 365 files with your course modules.
+
+- Use your Microsoft account for single sign-on with your LMS.
+
+## Integrate with Canvas
+
+The person who performs this integration should be an admin of Canvas and an admin of the Microsoft 365 tenant.
+
+1. Sign in to the Microsoft Azure portal with the tenant admin account. The Azure tenant administrator should also have the Group administrator role.
+
+ ![group administrator highlighted](../media/lti-media/lti-group-admin.png)
+
+2. Sign in to the Microsoft [OneDrive LTI portal](https://odltiappnl.azurewebsites.net/admin).
+
+3. Accept the permissions to complete the sign-in.
+
+ ![accept permissions](../media/lti-media/lti-permissions.png)
+
+4. Select **Add LTI Tenant**.
+
+ ![add LTI tenant](../media/lti-media/lti-add-tenant.png)
+
+5. Select **LTI Consumer Platform** as **Canvas** from the dropdown.
+
+6. Select **Canvas Base URL** and then select **Next**.
+
+ ![select Canvas and add base URL](../media/lti-media/lti-canvas-base-url.png)
+
+ The next screen shows fields that are confidential to you.
+
+7. Select **Next** from ?? page. CAN REVIEWERS FILL IN THE BLANK HERE?
+
+8. Select **Next** in the screen that shows information that's confidential to you.
+
+ The final screen of the Azure portal shows the next steps for adding your Canvas instance.
+
+9. Copy the Developer Keys from this screen. You'll use when you create the Canvas instance.
+
+## Add the Canvas instance
+
+1. In your Canvas instance, deselect **Admin** > **Developer Keys**.
+
+2. Choose **LTI Key** in the dropdown on **Developer Key**.
+
+ ![Get the LTI developer keys](../media/lti-media/lti-developer-keys.png)
+
+3. Paste the developer keys here.
+
+ ![Paste the developer keys](../media/lti-media/lti-developer-keys.png)
+
+ The key gets created in **OFF** mode
+
+ ![The created developer keys in the off mode](../media/lti-media/lti-copy-developer-keys.png)
+
+4. Copy the highlighted text.
+ This serves as Client ID in Microsoft OneDrive LTI portal.
+
+5. Paste the text into the **Client ID** field in Microsoft OneDrive LTI portal, and then select **Next**.
+
+6. Select **Save**.
+
+7. View the settings by selecting **View LTI Tenants**.
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
#### [Overview](next-gen-threat-and-vuln-mgt.md) #### [Get started]() ##### [Permissions & prerequisites](tvm-prerequisites.md)
-##### [Supported operating systems and platforms](tvm-supported-os.md)
+##### [Supported operating systems platforms and capabilities](tvm-supported-os.md)
##### [Assign device value](tvm-assign-device-value.md) #### [Assess your security posture]() ##### [Dashboard insights](tvm-dashboard-insights.md)
security Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)-- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
## Why attack surface reduction rules are important
If you are configuring attack surface reduction rules by using Group Policy or P
|Rule name|GUID|File & folder exclusions|Minimum OS supported| ||::|||
+|[Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers)|`56a863a9-875e-4185-98a7-b882c64b5ce5`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709)|
|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes)|`7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater| |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes)|`D4F940AB-401B-4EFC-AADC-AD5F3C50688A`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater| |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem)|`9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater|
If you are configuring attack surface reduction rules by using Group Policy or P
|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware)|`c1db55ab-c21a-4637-bb3f-a12568109d35`|Supported|[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater| |
+### Block abuse of exploited vulnerable signed drivers
+
+This rule prevents an application from writing a vulnerable signed driver to disk. In-the-wild, vulnerable signed drivers can be exploited by local applications \- _that have sufficient privileges_ \- to gain access to the kernel. Vulnerable signed drivers enable attackers to disable or circumvent security solutions, eventually leading to system compromise.
+
+This rule does not block a driver already existing on the system from being loaded.
+
+This rule is supported in all versions in which ASR is supported; which is:
+
+- [Windows 10 Pro, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- [Windows 10 Enterprise, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- [Windows Server, version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
+- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
+
+Intune Name: `Block abuse of exploited vulnerable signed drivers`
+
+GUID: `56a863a9-875e-4185-98a7-b882c64b5ce5`
+
+See [Microsoft Endpoint Manager custom procedure](enable-attack-surface-reduction.md#microsoft-endpoint-manager-custom-procedure) for MEM custom rules procedure information.
+
+You can run this command in the command line to enable the ASR rule:
+
+```powershell
+"& {&'Add-MpPreference' -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled"}
+```
+
+You can use this Web site to [Submit a driver for analysis](https://www.microsoft.com/en-us/wdsi/driversubmission).
+ ### Block Adobe Reader from creating child processes This rule prevents attacks by blocking Adobe Reader from creating processes.
security Customize Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/customize-controlled-folders.md
Previously updated : 03/24/2021 Last updated : 05/10/2021 ms.technology: mde
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> [!TIP]
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
-
-Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
-
-This article describes how to customize controlled folder access capabilities, and includes the following sections:
+Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients. This article describes how to customize controlled folder access capabilities, and includes the following sections:
- [Protect additional folders](#protect-additional-folders) - [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders)
This article describes how to customize controlled folder access capabilities, a
## Protect additional folders
-Controlled folder access applies to many system folders and default locations, including folders such as **Documents**, **Pictures**, and **Movies**. You can add additional folders to be protected, but you cannot remove the default folders in the default list.
+Controlled folder access applies to many system folders and default locations, including folders such as **Documents**, **Pictures**, and **Movies**. You can add other folders to be protected, but you cannot remove the default folders in the default list.
Adding other folders to controlled folder access can be helpful for cases when you don't store files in the default Windows libraries, or you've changed the default location of your libraries.
-You can also specify network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists).
+You can also specify network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](configure-extension-file-exclusions-microsoft-defender-antivirus.md).
-You can use the Windows Security app, Group Policy, PowerShell cmdlets, or mobile device management configuration service providers to add and remove additional protected folders.
+You can use the Windows Security app, Group Policy, PowerShell cmdlets, or mobile device management configuration service providers to add and remove protected folders.
### Use the Windows Security app to protect additional folders
-1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Security**.
+1. Open the Windows Security app by selecting the shield icon in the task bar, or by searching for *security* in the Start menu.
2. Select **Virus & threat protection**, and then scroll down to the **Ransomware protection** section.
You can use the Windows Security app, Group Policy, PowerShell cmdlets, or mobil
5. Choose **Yes** on the **User Access Control** prompt. The **Protected folders** pane displays.
-4. Select **Add a protected folder** and follow the prompts to add folders.
+6. Select **Add a protected folder** and follow the prompts to add folders.
### Use Group Policy to protect additional folders
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)?preserve=true), right-click the Group Policy Object you want to configure, and then and select **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)?preserve=true).
-2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+2. Right-click the Group Policy Object you want to configure, and then select **Edit**.
-3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**.
+3. In your **Group Policy Management Editor**, go to **Computer configuration** > **Policies** > **Administrative templates**.
-4. Double-click **Configured protected folders** and set the option to **Enabled**. Select **Show** and enter each folder.
+4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. <br/>**NOTE**: On older versions of Windows, you might see **Windows Defender Antivirus** instead of **Microsoft Defender Antivirus**.
+
+5. Double-click **Configured protected folders**, and then set the option to **Enabled**. Select **Show**, and specify each folder that you want to protect.
+
+6. Deploy your Group Policy Object as you usually do.
### Use PowerShell to protect additional folders 1. Type **PowerShell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
-2. Enter the following cmdlet:
+2. Type the following PowerShell cmdlet, replacing `<the folder to be protected>` with the folder's path (such as `"c:\apps\"`):
```PowerShell Add-MpPreference -ControlledFolderAccessProtectedFolders "<the folder to be protected>" ```
-3. Repeat step 2 until you have added all the folders you want to protect. Folders that are added are visible in the Windows Security app.
+3. Repeat step 2 for each folder that you want to protect. Folders that are protected are visible in the Windows Security app.
- ![Screenshot of a PowerShell window with the cmdlet above entered](/microsoft-365/security/defender-endpoint/images/cfa-allow-folder-ps)
+ :::image type="content" source="images/cfa-allow-folder-ps.png" alt-text="PowerShell window with cmdlet shown":::
> [!IMPORTANT]
-> Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
+> Use `Add-MpPreference` to append or add apps to the list and not `Set-MpPreference`. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
### Use MDM CSPs to protect additional folders
-Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders.
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders.
## Allow specific apps to make changes to controlled folders
You can specify if certain apps are always considered safe and give write access
> [!IMPORTANT] > By default, Windows adds apps that are considered friendly to the allowed list. Such apps that are added automatically are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.
-When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allow list and may be blocked by controlled folder access.
+When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allowlist and may be blocked by controlled folder access.
An allowed application or service only has write access to a controlled folder after it starts. For example, an update service will continue to trigger events after it's allowed until it is stopped and restarted.
An allowed application or service only has write access to a controlled folder a
### Use Group Policy to allow specific apps
-1. On your Group Policy management device, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)?preserve=true), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)?preserve=true), right-click the Group Policy Object you want to configure and select **Edit**.
2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
An allowed application or service only has write access to a controlled folder a
### Use MDM CSPs to allow specific apps
-Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders.
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders.
## Allow signed executable files to access protected folders
-Microsoft Defender for Endpoint certificate and file indicators can allow signed executable files to access protected folders. For implementation details, see [Create indicators based on certificates](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/indicator-certificates).
+Microsoft Defender for Endpoint certificate and file indicators can allow signed executable files to access protected folders. For implementation details, see [Create indicators based on certificates](indicator-certificates.md).
> [!Note] > This does no apply to scripting engines, including Powershell ## Customize the notification
-For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Configure alert notifications in Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-email-notifications).
+For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Configure alert notifications in Microsoft Defender for Endpoint](configure-email-notifications.md).
## See also
security Enable Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
You can also exclude ASR rules from triggering based on certificate and file has
> Excluding files or folders can severely reduce the protection provided by ASR rules. Excluded files will be allowed to run, and no report or event will be recorded. > If ASR rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). - You can specify individual files or folders (using folder paths or fully qualified resource names), but you can't specify which rules the exclusions apply to. An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists).
Example:
> [!WARNING] > Do not use quotes as they are not supported for either the **Value name** column or the **Value** column.
+## Microsoft Endpoint Manager custom procedure
+
+You can use a Microsoft Endpoint Manager (MEM) admin center to configure custom ASR rules.
+
+1. Open the Microsoft Endpoint Manager (MEM) admin center. In the **Home** menu, click **Devices**, select **Configuration profile**, and then click **Create profile**.
+
+ ![MEM Create Profile](images/mem01-create-profile.png)
+
+2. In **Create a profile**, in the following two drop-down lists, select the following:
+
+ - In **Platform**, select **Windows 10 and later**
+ - In **Profile type**, select **Templates**
+
+ Select **Custom**, and then click **Create**.
+
+ ![MEM rule profile attributes](images/mem02-profile-attributes.png)
+
+3. The Custom template tool opens to step **1 Basics**. In **1 Basics**, in **Name**, type a name for your template, and in **Description** you can type an optional description.
+
+ ![MEM basic attributes](images/mem03-1-basics.png)
+
+4. Click **Next**. Step **2 Configuration settings** opens. For OMA-URI Settings, click **Add**. Two options now appear: **Add** and **Export**.
+
+ ![MEM Configuration settings](images/mem04-2-configuration-settings.png)
+
+5. Click **Add** again. The **Add Row OMA-URI Settings** opens. In **Add Row**, do the following:
+
+ - In **Name**, type a name for the rule.
+ - In **Description**, type a brief description.
+ - In **OMA-URI**, type or paste the specific OMA-URI link for the rule that you are adding.
+ - In **Data type**, select **String**.
+ - In **Value**, type or paste the GUID value, the \= sign and the State value with no spaces (_GUID=StateValue_). Where: {0 : Disable (Disable the ASR rule)}, {1 : Block (Enable the ASR rule)}, {2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)}, {6 : Warn (Enable the ASR rule but allow the end-user to bypass the block)}
+
+ ![MEM OMA URI configuration](images/mem05-add-row-oma-uri.png)
+
+6. Click **Save**. **Add Row** closes. In **Custom**, click **Next**. In step **3 Scope tags**, scope tags are optional. Do one of the following:
+
+ - Click **Select Scope tags**, select the scope tag (optional) and then click **Next**.
+ - Or click **Next**
+
+7. In step **4 Assignments**, in **Included Groups** - for the groups that you want this rule to apply - select from the following options:
+
+ - **Add groups**
+ - **Add all users**
+ - **Add all devices**
+
+ ![MEM assignments](images/mem06-4-assignments.png)
+
+8. In **Excluded groups**, select any groups that you want to exclude from this rule, and then click **Next**.
+
+9. In step **5 Applicability Rules** for the following settings, do the following:
+
+ - In **Rule**, select either **Assign profile if**, or **DonΓÇÖt assign profile if**
+ - In **Property**, select the property to which you want this rule to apply
+ - In **Value**, enter the applicable value or value range
+
+ ![MEM Applicability rules](images/mem07-5-applicability -rules.png)
+
+10. Click **Next**. In step **6 Review + create**, review the settings and information you have selected and entered, and then click **Create**.
+
+ ![MEM Review and create](images/mem08-6-review-create.png)
+
+>[!NOTE]
+> Rules are active and live within minutes.
+
+>[!NOTE]
+> Conflict handling:
+> If you assign a device two different ASR policies, the way conflict is handled is rules that are assigned different states, there is no conflict management in place, and the result is an error.
+> Non-conflicting rules will not result in an error, and the rule will be applied correctly. The result is that the first rule is applied, and subsequent non-conflicting rules are merged into the policy.
+ ## PowerShell > [!WARNING]
security Enable Exploit Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-exploit-protection.md
ms.technology: mde Last updated : 05/11/2021 # Enable exploit protection - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> [!TIP]
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
-[Exploit protection](exploit-protection.md) helps protect against malware that uses exploits to infect devices and spread. Exploit protection consists of a number of mitigations that can be applied to either the operating system or individual apps.
+[Exploit protection](exploit-protection.md) helps protect against malware that uses exploits to infect devices and spread. Exploit protection consists of many mitigations that can be applied to either the operating system or individual apps.
> [!IMPORTANT] > .NET 2.0 is not compatible with some exploit protection capabilities, specifically, Export Address Filtering (EAF) and Import Address Filtering (IAF). If you have enabled .NET 2.0, usage of EAF and IAF are not supported.
You can enable each mitigation separately by using any of these methods:
- [Group Policy](#group-policy) - [PowerShell](#powershell)
-Exploit protection is configured by default in Windows 10. You can set each mitigation to on, off, or to its default value. Some mitigations have additional options.
-
-You can [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) and deploy them to other devices.
+Exploit protection is configured by default in Windows 10. You can set each mitigation to on, off, or to its default value. Some mitigations have more options. You can [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) and deploy them to other devices.
You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the device. ## Windows Security app
-1. Open the Windows Security app by selecting the shield icon in the task bar or by searching the start menu for **Security**.
+1. Open the Windows Security app by either selecting the shield icon in your task bar, or by searching the Start menu for **Security**.
2. Select the **App & browser control** tile (or the app icon on the left menu bar) and then select **Exploit protection settings**. 3. Go to **Program settings** and choose the app you want to apply mitigations to. <br/> - If the app you want to configure is already listed, select it, and then select **Edit**. - If the app is not listed, at the top of the list select **Add program to customize** and then choose how you want to add the app. <br/>
- - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
+ - Use **Add by program name** to have the mitigation applied to any running process with that name. Specify a file with its extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. 4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You are notified if you need to restart the process or app, or if you need to restart Windows.
If you add an app to the **Program settings** section and configure individual m
|Enabled in **Program settings** | Enabled in **System settings** | Behavior | |:|:|:|
-|![Check mark yes](/security/defender-endpoint/images/svg/check-yes) | ![Check mark no](/security/defender-endpoint/images/svg/check-no) | As defined in **Program settings** |
-|![Check mark yes](/security/defender-endpoint/images/svg/check-yes) | ![Check mark yes](/security/defender-endpoint/images/svg/check-yes) | As defined in **Program settings** |
-|![Check mark no](/security/defender-endpoint/images/svg/check-no) | ![Check mark yes](/security/defender-endpoint/images/svg/check-yes) | As defined in **System settings** |
-|![Check mark no](/security/defender-endpoint/images/svg/check-no) | ![Check mark yes](/security/defender-endpoint/images/svg/check-yes) | Default as defined in **Use default** option |
+|Yes | No | As defined in **Program settings** |
+|Yes | Yes | As defined in **Program settings** |
+|No | Yes | As defined in **System settings** |
+|No | Yes | Default as defined in **Use default** option |
### Example 1: Mikael configures Data Execution Prevention in system settings section to be off by default
The result is that DEP is enabled for *test.exe*. DEP will not be enabled for an
3. Go to **Program settings** and choose the app you want to apply mitigations to.<br/> - If the app you want to configure is already listed, select it, and then select **Edit**. - If the app is not listed, at the top of the list select **Add program to customize** and then choose how you want to add the app.<br/>
- - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
+ - Use **Add by program name** to have the mitigation applied to any running process with that name. Specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. 4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
The result is that DEP is enabled for *test.exe*. DEP will not be enabled for an
3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
- ![Create endpoint protection profile](/microsoft-365/security/defender-endpoint/images/create-endpoint-protection-profile)<br/>
+ :::image type="content" source="images/create-endpoint-protection-profile.png" alt-text="Create endpoint protection profile":::
4. Select **Configure** > **Windows Defender Exploit Guard** > **Exploit protection**.
-5. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings:
+5. Upload an [XML file](/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings:
- ![Enable network protection in Intune](/microsoft-365/security/defender-endpoint/images/enable-ep-intune)<br/>
+ :::image type="content" source="images/enable-ep-intune.png" alt-text="Enable network protection in Intune":::
6. Select **OK** to save each open blade, and then choose **Create**.
The result is that DEP is enabled for *test.exe*. DEP will not be enabled for an
## MDM
-Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode.
+Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode.
## Microsoft Endpoint Manager
Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](htt
3. Specify a name and a description, and then choose **Next**.
-4. Select **Select XML File** and browse to the location of the exploit protection XML file. Select the file, and then choose **Next**.
+4. Choose **Select XML File** and browse to the location of the exploit protection XML file. Select the file, and then choose **Next**.
5. Configure **Scope tags** and **Assignments** if necessary.
-6. Under **Review + create**, review the configuration and then choose **Create**.
+6. Under **Review + create**, review your configuration settings, and then choose **Create**.
## Microsoft Endpoint Configuration Manager
Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](htt
## Group Policy
-1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**. 3. Expand the tree to **Windows components** > **Windows Defender Exploit Guard** > **Exploit Protection** > **Use a common set of exploit protection settings**.
-4. Select **Enabled** and type the location of the [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard), and then choose **OK**.
+4. Select **Enabled** and type the location of the [XML file](/windows/client-management/mdm/policy-csp-exploitguard), and then choose **OK**.
## PowerShell
If you wanted to apply DEP at the system level, you'd use the following command:
Set-Processmitigation -System -Enable DEP ```
-To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app.
+To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this action forces the mitigation to be disabled only for that app.
If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example:
If you need to restore the mitigation back to the system default, you need to in
Set-Processmitigation -Name test.exe -Remove -Disable DEP ```
-This table lists the individual **Mitigations** (and **Audits**, when available) to be used with the `-Enable` or `-Disable` cmdlet parameters.
+The following table lists the individual **Mitigations** (and **Audits**, when available) to be used with the `-Enable` or `-Disable` cmdlet parameters.
| Mitigation type | Applies to | Mitigation cmdlet parameter keyword | Audit mode cmdlet parameter | | :-- | : | :- | :-- |
Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu
## Customize the notification
-See the [Windows Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) article for more information about customizing the notification when a rule is triggered and blocks an app or file.
+For information about customizing the notification when a rule is triggered and an app or file is blocked, see [Windows Security](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center).
## See also
security Gov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/gov.md
Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/45
Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245)) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
-Windows 10, version 1709 | ![No](images/svg/check-no.svg)<br />Note: Won't be supported | ![Yes](images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)<br />Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade | ![No](images/svg/check-no.svg)<br />Note: Won't be supported
+Windows 10, version 1709 | ![No](images/svg/check-no.svg)<br />Note: Won't be supported | ![Yes](images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)<br />Note: [Deprecated](/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade | ![No](images/svg/check-no.svg)<br />Note: Won't be supported
Windows 10, version 1703 and earlier | ![No](images/svg/check-no.svg)<br />Note: Won't be supported | ![No](images/svg/check-no.svg)<br />Note: Won't be supported | ![No](images/svg/check-no.svg)<br />Note: Won't be supported Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows Server 2016 | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
Windows 8.1 Enterprise | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/ch
Windows 8 Pro | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows 7 SP1 Enterprise | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows 7 SP1 Pro | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
-Linux | ![Yes](images/svg/check-yes.svg) In preview<br />See note below | ![Yes](images/svg/check-yes.svg) In preview<br />See note below | ![Yes](images/svg/check-yes.svg) In preview<br />See note below
-macOS | ![Yes](images/svg/check-yes.svg) In preview<br />See note below | ![Yes](images/svg/check-yes.svg) In preview<br />See note below | ![Yes](images/svg/check-yes.svg) In preview<br />See note below
+Linux | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
+macOS | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
Android | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog iOS | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog
iOS | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/c
> Where a patch is specified, it must be deployed prior to device onboarding in order to configure Defender for Endpoint to the correct environment. > [!NOTE]
-> Trying to onboard Windows devices older than Windows 10 or Windows Server 2019 using [Microsoft Monitoring Agent](configure-server-endpoints.md#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)? You'll need to choose "Azure US Government" under "Azure Cloud" if using the [setup wizard](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard), or if using a [command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line) or a [script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation) - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
-
-> [!NOTE]
-> You'll need version 101.25.72 and above for Linux, and version 101.25.69 and above for macOS.
+> Trying to onboard Windows devices older than Windows 10 or Windows Server 2019 using [Microsoft Monitoring Agent](configure-server-endpoints.md#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)? You'll need to choose "Azure US Government" under "Azure Cloud" if using the [setup wizard](/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard), or if using a [command line](/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line) or a [script](/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation) - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
### OS versions when using Azure Defender for Servers
-The following OS versions are supported when using [Azure Defender for Servers](https://docs.microsoft.com/azure/security-center/security-center-wdatp):
+The following OS versions are supported when using [Azure Defender for Servers](/azure/security-center/security-center-wdatp):
OS version | GCC | GCC High | DoD :|:|:|:
SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
## Feature parity with commercial Defender for Endpoint for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
-These are the known gaps as of April 2021:
+These are the known gaps:
Feature name | GCC | GCC High | DoD :|:|:|:
-Management and APIs: Streaming API | ![Yes](images/svg/check-yes.svg) | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
+Management and APIs: Streaming API | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
Web content filtering | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development Integrations: Azure Sentinel | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Alerts <br /> ![No](images/svg/check-no.svg) Incidents & Raw data: In development | ![Yes](images/svg/check-yes.svg) Alerts <br /> ![No](images/svg/check-no.svg) Incidents & Raw data: In development Integrations: Microsoft Cloud App Security | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
security Linux Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-exclusions.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
security Linux Preferences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-preferences.md
Specifies the merge policy for exclusions. It can be a combination of administra
#### Scan exclusions Entities that have been excluded from the scan. Exclusions can be specified by full paths, extensions, or file names.
+(Exclusions are specified as an array of items, administrator can specify as many elements as necessary, in any order.)
||| |:|:|
The following configuration profile contains entries for all settings described
{ "$type":"excludedPath", "isDirectory":true,
- "path":"/home"
+ "path":"/run"
+ },
+ {
+ "$type":"excludedPath",
+ "isDirectory":true,
+ "path":"/home/*/git"
}, { "$type":"excludedFileExtension",
security Mac Install With Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-intune.md
ms.technology: mde
# Intune-based deployment for Microsoft Defender for Endpoint on macOS - [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -
-> [!NOTE]
-> This documentation explains the legacy method for deploying and configuring Microsoft Defender for Endpoint on macOS devices. The native experience is now available in the MEM console. The release of the native UI in the MEM console provide admins with a much simpler way to configure and deploy the application and send it down to macOS devices. <br> <br>
->The blog post [MEM simplifies deployment of Microsoft Defender for Endpoint for macOS](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995) explains the new features. To configure the app, go to [Settings for Microsoft Defender for Endpoint on macOS in Microsoft InTune](https://docs.microsoft.com/mem/intune/protect/antivirus-microsoft-defender-settings-macos). To deploy the app, go to [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos).
- **Applies to:** - [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
This topic describes how to deploy Microsoft Defender for Endpoint on macOS thro
Before you get started, see [the main Microsoft Defender for Endpoint on macOS page](microsoft-defender-endpoint-mac.md) for a description of prerequisites and system requirements for the current software version. - ## Overview The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender for Endpoint on Macs, via Intune. More detailed steps are available below.
The following table summarizes the steps you would need to take to deploy and ma
| [Microsoft Defender for Endpoint configuration settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/mac-preferences#intune-profile-1)<br/><br/> **Note:** If you're planning to run a third-party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav | | [Configure Microsoft Defender for Endpoint and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-10) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
-## Download installation and onboarding packages
+## Download the onboarding package
-Download the installation and onboarding packages from Microsoft Defender Security Center:
+Download the onboarding packages from Microsoft Defender Security Center:
1. In Microsoft Defender Security Center, go to **Settings** > **Device Management** > **Onboarding**.
Download the installation and onboarding packages from Microsoft Defender Securi
![Onboarding settings screenshot](images/atp-mac-install.png)
-3. Select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
-
-4. Select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
+3. Select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
-5. Download **IntuneAppUtil** from [https://docs.microsoft.com/intune/lob-apps-macos](https://docs.microsoft.com/intune/lob-apps-macos).
-
-6. From a command prompt, verify that you have the three files.
-
-
- ```bash
- ls -l
- ```
-
- ```Output
- total 721688
- -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil
- -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
- -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
- ```
-7. Extract the contents of the .zip files:
+4. Extract the contents of the .zip file:
```bash unzip WindowsDefenderATPOnboardingPackage.zip
Download the installation and onboarding packages from Microsoft Defender Securi
inflating: jamf/WindowsDefenderATPOnboarding.plist ```
-8. Make IntuneAppUtil an executable:
-
- ```bash
- chmod +x IntuneAppUtil
- ```
-
-9. Create the wdav.pkg.intunemac package from wdav.pkg:
-
- ```bash
- ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
- ```
- ```Output
- Microsoft Intune Application Utility for Mac OS X
- Version: 1.0.0.0
- Copyright 2018 Microsoft Corporation
+## Create System Configuration profiles
- Creating intunemac file for /Users/test/Downloads/wdav.pkg
- Composing the intunemac file output
- Output written to ./wdav.pkg.intunemac.
+The next step is to create system configuration profiles that Microsoft Defender for Endpoint needs.
+In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/), open **Devices** > **Configuration profiles**.
- IntuneAppUtil successfully processed "wdav.pkg",
- to deploy refer to the product documentation.
- ```
+### Onboarding blob
-## Client device setup
+This profile contains a license information for Microsoft Defender for Endpoint, without it it will report that it is not licensed.
-You don't need any special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/intune-user-help/enroll-your-device-in-intune-macos-cp).
+1. Select **Create Profile** under **Configuration Profiles**
+1. Select **Platform**=**macOS**, **Profile type**=**Templates**. **Template name**=**Custom**. Click **Create**.
-1. Confirm device management.
-
- ![Confirm device management screenshot](images/mdatp-3-confirmdevicemgmt.png)
-
- Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**:
+ ![Custom Configuration Profile creation](images/mdatp-6-systemconfigurationprofiles-1.png)
- ![Management profile screenshot](images/mdatp-4-managementprofile.png)
+1. Choose a name for the profile, e.g. "MDATP onboarding for macOS". Click **Next**.
-2. Select **Continue** and complete the enrollment.
+ ![Custom Configuration Profile - name](images/mdatp-6-systemconfigurationprofiles-2.png)
- You may now enroll more devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
+1. Choose a name for the configuration profile name, e.g. "MDATP onboarding for macOS".
+1. Select intune/WindowsDefenderATPOnboarding.xml that you extracted from the onboarding package above as configuration profile file.
-3. In Intune, open **Manage** > **Devices** > **All devices**. Here you can see your device among those listed:
+ ![Import a configuration from a file for Custom Configuration Profile](images/mdatp-6-systemconfigurationprofiles.png)
- > [!div class="mx-imgBorder"]
- > ![Add Devices screenshot](images/mdatp-5-alldevices.png)
+1. Click **Next**.
+1. Assign devices on the **Assignment** tab. Click **Next**.
-## Approve System Extensions
+ ![Custom Configuration Profile - assignment](images/mdatp-6-systemconfigurationprofiles-2.png)
-To approve the system extensions:
+1. Review and **Create**.
+1. Open **Devices** > **Configuration profiles**, you can see your created profile there.
-1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**.
+ ![Custom Configuration Profile - done](images/mdatp-6-systemconfigurationprofiles-3.png)
-2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Extensions**. Select **Create**.
+### Approve System Extensions
-3. In the **Basics** tab, give a name to this new profile.
+This profile is needed for macOS 10.15 (Catalina) or newer. It will be ignored on older macOS.
-4. In the **Configuration settings** tab, add the following entries in the **Allowed system extensions** section:
+1. Select **Create Profile** under **Configuration Profiles**
+1. Select **Platform**=**macOS**, **Profile type**=**Templates**. **Template name**=**Extensions**. Click **Create**.
+1. In the **Basics** tab, give a name to this new profile.
+1. In the **Configuration settings** tab, expand **System Extensions** add the following entries in the **Allowed system extensions** section:
Bundle identifier | Team identifier --|-
To approve the system extensions:
com.microsoft.wdav.netext | UBF8T346G9 > [!div class="mx-imgBorder"]
- > ![Screenshot of the extension settings in Configuration settings on the Basics tab](images/mac-system-extension-intune2.png)
-
-5. In the **Assignments** tab, assign this profile to **All Users & All devices**.
-
-6. Review and create this configuration profile.
+ > ![System extension settings](images/mac-system-extension-intune2.png)
-## Create System Configuration profiles
-
-1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**.
+1. In the **Assignments** tab, assign this profile to **All Users & All devices**.
+1. Review and create this configuration profile.
-2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**.
+### Kernel Extensions
-3. Open the configuration profile and upload intune/kext.xml. This file was created in one of the preceding sections.
+This profile is needed for macOS 10.15 (Catalina) or older. It will be ignored on newer macOS.
-4. Select **OK**.
+> [!CAUTION]
+> Apple Silicon (M1) devices do not support KEXT. Installation of a configuration profile consisting KEXT policies will fail on these devices.
- ![Import a configuration from a file for Custom Configuration Profile](images/mdatp-6-systemconfigurationprofiles.png)
+1. Select **Create Profile** under **Configuration Profiles**
+1. Select **Platform**=**macOS**, **Profile type**=**Templates**. **Template name**=**Extensions**. Click **Create**.
+1. In the **Basics** tab, give a name to this new profile.
+1. In the **Configuration settings** tab, expand **Kernel Extensions**.
+1. Set **Team identifier** to **UBF8T346G9** and click Next.
-5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
+ > ![Kernel extension settings](images/mac-kernel-extension-intune2.png)
-6. Repeat steps 1 through 5 for more profiles.
+1. In the **Assignments** tab, assign this profile to **All Users & All devices**.
+1. Review and create this configuration profile.
-7. Create another profile, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file.
-
-8. Download **fulldisk.mobileconfig** from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/fulldisk.mobileconfig) and save it as **tcc.xml**. Create another profile, give it any name and upload this file to it.<a name="create-system-configuration-profiles-step-8" id = "create-system-configuration-profiles-step-8"></a>
+### Full Disk Access
> [!CAUTION] > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device. > > This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Intune, we recommend you update the deployment with this configuration profile.
-9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download **netfilter.mobileconfig** from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. <a name = "create-system-configuration-profiles-step-9" id = "create-system-configuration-profiles-step-9"></a>
+Download [**fulldisk.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/kext.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
+
+Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "MDATP Full Disk Access" as profile name, and downloaded **fulldisk.mobileconfig** as Configuration profile name.
+
+### Network Filter
+
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+
+Download [**netfilter.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/kext.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
+
+Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "MDATP Network Filter" as profile name, and downloaded **netfilter.mobileconfig** as Configuration profile name.
+
+### Notifications
-10. To allow Microsoft Defender for Endpoint on macOS and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. <a name = "create-system-configuration-profiles-step-10" id = "create-system-configuration-profiles-step-10"></a>
+This profile is used to allow Microsoft Defender for Endpoint on macOS and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina) or newer.
-11. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
+Download [**notif.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/kext.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
+
+Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "MDATP Network Filter" as profile name, and downloaded **notif.mobileconfig** as Configuration profile name.
+
+### View Status
Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**:
Once the Intune changes are propagated to the enrolled devices, you can see them
## Publish application
-1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**.
+This step enables deploying Microsoft Defender for Endpoint to enrolled machines.
-2. Select **App type=Other/Line-of-business app**.
+1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/), open **Apps**.
-3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
+ > ![Ready to create application](images/mdatp-8-app-before.png)
-4. Select **Configure** and add the required information.
+1. Select By platform => macOS => Add.
+1. Choose **App type**=**macOS**, click **Select**
-5. Use **macOS High Sierra 10.14** as the minimum OS.
+ > ![Specify application type](images/mdatp-9-app-type.png)
-6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value.
+1. Keep default values, click **Next**.
- > [!CAUTION]
- > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender for Endpoint on macOS](mac-updates.md) for additional information about how the product is updated.
- >
- > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Microsoft Defender for Endpoint. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender for Endpoint on macOS](mac-updates.md) for additional information about how the product is updated. If you deployed Microsoft Defender for Endpoint with *Ignore app version* set to **No**, please change it to **Yes**. If Microsoft Defender for Endpoint still cannot be installed on a client device, then uninstall Microsoft Defender for Endpoint and push the updated policy.
-
- > [!div class="mx-imgBorder"]
- > ![Display of App information in App add](images/mdatp-8-intuneappinfo.png)
+ > ![Application properties](images/mdatp-10-properties.png)
-7. Select **OK** and **Add**.
+1. Add assignments, click **Next***.
- > [!div class="mx-imgBorder"]
- > ![Device status shown in Notifications window](images/mdatp-9-intunepkginfo.png)
+ > ![Intune assignments info screenshot](images/mdatp-11-assignments.png)
-8. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**.
+1. Review and **Create**.
+1. You can visit **Apps** => **By platform** => **macOS** to see it on the list of all applications.
- > [!div class="mx-imgBorder"]
- > ![Client apps screenshot](images/mdatp-10-clientapps.png)
+ > ![Applications list](images/mdatp-12-applications.png)
-9. Change **Assignment type** to **Required**.
+(You can find detailed information on the [Intune's page for Defender deployment](https://docs.microsoft.com/en-us/mem/intune/apps/apps-advanced-threat-protection-macos))
-10. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
+ > [!CAUTION]
+ > You have to create all required configuration profiles and push them to all machines, as explained above.
- > [!div class="mx-imgBorder"]
- > ![Intune assignments info screenshot](images/mdatp-11-assignments.png)
+## Client device setup
-11. After some time the application will be published to all enrolled devices. You can see it listed in **Monitor** > **Device**, under **Device install status**:
+You don't need any special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/intune-user-help/enroll-your-device-in-intune-macos-cp).
- > [!div class="mx-imgBorder"]
- > ![Intune device status screenshot](images/mdatp-12-deviceinstall.png)
+1. Confirm device management.
+
+ ![Confirm device management screenshot](images/mdatp-3-confirmdevicemgmt.png)
+
+ Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**:
+
+ ![Management profile screenshot](images/mdatp-4-managementprofile.png)
+
+2. Select **Continue** and complete the enrollment.
+
+ You may now enroll more devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
+
+3. In Intune, open **Manage** > **Devices** > **All devices**. Here you can see your device among those listed:
+
+ > [!div class="mx-imgBorder"]
+ > ![Add Devices screenshot](images/mdatp-5-alldevices.png)
## Verify client device state
Once the Intune changes are propagated to the enrolled devices, you can see them
2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that were added in Intune: ![Profiles screenshot](images/mdatp-15-managementprofileconfig.png)
-3. You should also see the Microsoft Defender icon in the top-right corner:
+3. You should also see the Microsoft Defender for Endpoint icon in the top-right corner:
> [!div class="mx-imgBorder"]
- > ![Microsoft Defender icon in status bar screenshot](images/mdatp-icon-bar.png)
+ > ![Microsoft Defender for Endpoint icon in status bar screenshot](images/mdatp-icon-bar.png)
## Troubleshooting
security Mac Preferences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-preferences.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
Specify the merge policy for exclusions. This can be a combination of administra
#### Scan exclusions Specify entities excluded from being scanned. Exclusions can be specified by full paths, extensions, or file names.
+(Exclusions are specified as an array of items, administrator can specify as many elements as necessary, in any order.)
|Section|Value| |:|:|
Specify content excluded from being scanned by full file path.
| **Possible values** | valid paths | | **Comments** | Applicable only if *$type* is *excludedPath* |
+## Supported exclusion types
+
+The follow table shows the exclusion types supported by Defender for Endpoint on Mac.
+
+Exclusion | Definition | Examples
+||
+File extension | All files with the extension, anywhere on the device | `.test`
+File | A specific file identified by the full path | `/var/log/test.log`<br/>`/var/log/*.log`<br/>`/var/log/install.?.log`
+Folder | All files under the specified folder (recursively) | `/var/log/`<br/>`/var/*/`
+Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
+
+> [!IMPORTANT]
+> The paths above must be hard links, not symbolic links, in order to be successfully excluded. You can check if a path is a symbolic link by running `file <path-name>`.
+
+File, folder, and process exclusions support the following wildcards:
+
+Wildcard | Description | Example | Matches | Does not match
+||||
+\* | Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) | `/var/\*/\*.log` | `/var/log/system.log` | `/var/log/nested/system.log`
+? | Matches any single character | `file?.log` | `file1.log`<br/>`file2.log` | `file123.log`
+ ##### Path type (file / directory) Indicate if the *path* property refers to a file or directory.
The following templates contain entries for all settings described in this docum
<key>path</key> <string>/home</string> </dict>
+ <dict>
+ <key>$type</key>
+ <string>excludedPath</string>
+ <key>isDirectory</key>
+ <true/>
+ <key>path</key>
+ <string>/Users/*/git</string>
+ </dict>
<dict> <key>$type</key> <string>excludedFileExtension</string>
The following templates contain entries for all settings described in this docum
<key>path</key> <string>/home</string> </dict>
+ <dict>
+ <key>$type</key>
+ <string>excludedPath</string>
+ <key>isDirectory</key>
+ <true/>
+ <key>path</key>
+ <string>/Users/*/git</string>
+ </dict>
<dict> <key>$type</key> <string>excludedFileExtension</string>
security Mac Resources https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-resources.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
If you can reproduce a problem, increase the logging level, run the system for s
```bash sudo mdatp diagnostic create ```+ ```console Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip" ```
If you can reproduce a problem, increase the logging level, run the system for s
```bash mdatp log level set --level info ```+ ```console Log level configured successfully ```
There are several ways to uninstall Microsoft Defender for Endpoint on macOS. No
### From the command line -- ```sudo rm -rf '/Applications/Microsoft Defender ATP.app'```-- ```sudo rm -rf '/Library/Application Support/Microsoft/Defender/'```
+- ```sudo '/Library/Application Support/Microsoft/Defender/uninstall/uninstall'```
## Configuring from the command line
security Mcafee To Microsoft Defender Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-onboard.md
- m365solution-scenario Previously updated : 03/03/2021 Last updated : 05/10/2021
Deployment methods vary, depending on which operating system is selected. Refer
|Operating system |Method | |||
-|Windows 10 |- [Group Policy](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-script) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
-|- Windows 8.1 Enterprise <br/>- Windows 8.1 Pro <br/>- Windows 7 SP1 Enterprise <br/>- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)<br/><br/>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). |
-|- Windows Server 2019 and later <br/>- Windows Server 2019 core edition <br/>- Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-sccm#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent devices](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-vdi) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
-|- Windows Server 2016 <br/>- Windows Server 2012 R2 <br/>- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)<br/><br/>iOS<br/><br/>Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Onboard non-Windows devices](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows) |
+|Windows 10 |- [Group Policy](configure-endpoints-gp.md)<br/>- [Configuration Manager](configure-endpoints-sccm.md)<br/>- [Mobile Device Management (Intune)](configure-endpoints-mdm.md)<br/>- [Local script](configure-endpoints-script.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
+|- Windows 8.1 Enterprise <br/>- Windows 8.1 Pro <br/>- Windows 7 SP1 Enterprise <br/>- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](onboard-downlevel.md)<p>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent). |
+|- Windows Server 2019 and later <br/>- Windows Server 2019 core edition <br/>- Windows Server version 1803 and later |- [Local script](configure-endpoints-script.md) <br/>- [Group Policy](configure-endpoints-gp.md) <br/>- [Configuration Manager](configure-endpoints-sccm.md) <br/>- [System Center Configuration Manager](configure-endpoints-sccm.md) <br/>- [VDI onboarding scripts for non-persistent devices](configure-endpoints-vdi.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
+|- Windows Server 2016 <br/>- Windows Server 2012 R2 <br/>- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](configure-server-endpoints.md)<br/>- [Azure Defender](/azure/security-center/security-center-wdatp) |
+|macOS<br/>- 11.3.1 (Big Sur)<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<p>iOS<p>Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Onboard non-Windows devices](configure-endpoints-non-windows.md) |
## Run a detection test
To verify that your onboarded devices are properly connected to Microsoft Defend
|Operating system |Guidance | |||
-|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/run-detection-test). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint on Mac](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac). |
-|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint on Linux](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux). |
+|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](run-detection-test.md). <p>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
+|macOS<br/>- 11.3.1 (Big Sur)<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <p>For more information, see [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md). |
+|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <p>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <p>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <p>For more information, see [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md). |
## Uninstall McAfee
To do this, visit the Microsoft Defender for Endpoint demo scenarios site ([http
**Congratulations**! You have completed your [migration from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md#the-migration-process)! -- [Visit your security operations dashboard](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
+- [Visit your security operations dashboard](security-operations-dashboard.md) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
- [Manage Microsoft Defender for Endpoint, post migration](manage-atp-post-migration.md).
security Mcafee To Microsoft Defender Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-prepare.md
- m365solution-scenario Previously updated : 03/03/2021 Last updated : 05/10/2021
Now that you've updated your organization's devices, the next step is to get Mic
1. Buy or try Microsoft Defender for Endpoint today. [Start a free trial or request a quote](https://aka.ms/mdatp).
-2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#check-license-state).
+2. Verify that your licenses are properly provisioned. [Check your license state](production-deployment.md#check-license-state).
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#tenant-configuration).
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](production-deployment.md#tenant-configuration).
-4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#network-configuration).
+4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](production-deployment.md#network-configuration).
At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
At this point, you are ready to grant access to your security administrators and
## Grant access to the Microsoft Defender Security Center
-The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/use).
+The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](use.md).
Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
-1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prepare-deployment#role-based-access-control).
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](prepare-deployment.md#role-based-access-control).
-2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+2. Set up and configure RBAC. We recommend using [Intune](/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](/mem/intune/fundamentals/role-based-access-control).
If your organization requires a method other than Intune, choose one of the following options:
- - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
- - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
- - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
+ - [Configuration Manager](/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+ - [Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm)
+ - [Windows Admin Center](/windows-server/manage/windows-admin-center/overview)
-3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/rbac)).
+3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](rbac.md)).
## Configure device proxy and internet connectivity settings
To enable communication between your devices and Microsoft Defender for Endpoint
|Capabilities | Operating System | Resources | |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-proxy-internet) |
-|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections)
+|[Endpoint detection and response](overview-endpoint-detection-response.md) (EDR) |- [Windows 10](/windows/release-health/release-information) <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](configure-proxy-internet.md) |
+|EDR |- [Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](onboard-downlevel.md#configure-proxy-and-internet-connectivity-settings) |
+|EDR |macOS: <br/>- 11.3.1 (Big Sur)<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) |[Microsoft Defender for Endpoint on macOS: Network connections](microsoft-defender-endpoint-mac.md#network-connections) |
+|[Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) |- [Windows 10](/windows/release-health/release-information) <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](configure-network-connections-microsoft-defender-antivirus.md)<br/> |
+|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](microsoft-defender-endpoint-mac.md#network-connections) |
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](microsoft-defender-endpoint-linux.md#network-connections)
## Next step
security Mcafee To Microsoft Defender Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-setup.md
## Enable Microsoft Defender Antivirus and confirm it's in passive mode
-On certain versions of Windows, such as Windows Server, Microsoft Defender Antivirus might have been uninstalled or disabled when your McAfee solution was installed. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. (To learn more about this, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).)
+On certain versions of Windows, such as Windows Server, Microsoft Defender Antivirus might have been uninstalled or disabled when your McAfee solution was installed. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. (To learn more about this, see [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md).)
This step of the migration process includes the following tasks: - [Setting DisableAntiSpyware to false on Windows Server](#set-disableantispyware-to-false-on-windows-server)
This step of the migration process includes the following tasks:
### Set DisableAntiSpyware to false on Windows Server
-The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) registry key was used in the past to disable Microsoft Defender Antivirus, and deploy another antivirus product, such as McAfee. In general, you should not have this registry key on your Windows devices and endpoints; however, if you do have `DisableAntiSpyware` configured, here's how to set its value to false:
+The [DisableAntiSpyware](/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) registry key was used in the past to disable Microsoft Defender Antivirus, and deploy another antivirus product, such as McAfee. In general, you should not have this registry key on your Windows devices and endpoints; however, if you do have `DisableAntiSpyware` configured, here's how to set its value to false:
1. On your Windows Server device, open Registry Editor.
The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
5. Set the value to `0`. (This sets the registry key's value to *false*.) > [!TIP]
-> To learn more about this registry key, see [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware).
+> To learn more about this registry key, see [DisableAntiSpyware](/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware).
### Reinstall Microsoft Defender Antivirus on Windows Server
If you're using Windows Server 2016 and are having trouble enabling Microsoft De
`mpcmdrun -wdenable` > [!TIP]
-> Still need help? See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016).
+> Still need help? See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server.md).
### Set Microsoft Defender Antivirus to passive mode on Windows Server
Because your organization is still using McAfee, you must set Microsoft Defender
1. Open Registry Editor, and then navigate to <br/> `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`.
-2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+2. Edit (or create) a DWORD entry called **ForcePassiveMode**, and specify the following settings:
- Set the DWORD's value to **1**.
Because your organization is still using McAfee, you must set Microsoft Defender
> [!NOTE] > You can use other methods to set the registry key, such as the following:
->- [Group Policy Preference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11))
->- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
->- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)
+>- [Group Policy Preference](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11))
+>- [A package in Configuration Manager](/mem/configmgr/apps/deploy-use/packages-and-programs)
### Enable Microsoft Defender Antivirus on your Windows client devices
To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
|Method |What to do | |||
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. <br/>If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).|
-|Control Panel in Windows |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows). <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
-|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
+|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <p>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<p>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. <br/>If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure).<p>3. Select **Properties**, and then select **Configuration settings: Edit**.<p>4. Expand **Microsoft Defender Antivirus**. <p>5. Enable **Cloud-delivered protection**.<p>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<p>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<p>8. Select **Review + save**, and then choose **Save**.<p>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](/intune/device-profiles).|
+|Control Panel in Windows |Follow the guidance here: [Turn on Microsoft Defender Antivirus](/mem/intune/user-help/turn-on-defender-windows). <p>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
+|[Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](use-group-policy-microsoft-defender-antivirus.md) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <p>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <p>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
### Confirm that Microsoft Defender Antivirus is in passive mode
Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen
|Method |What to do | |||
-|Command Prompt |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. |
-|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet. <br/><br/>3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
+|Command Prompt |1. On a Windows device, open Command Prompt as an administrator. <p>2. Type `sc query windefend`, and then press Enter.<p>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. |
+|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.<p>2. Run the [Get-MpComputerStatus](/powershell/module/defender/Get-MpComputerStatus) cmdlet. <p>3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
> [!NOTE] > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. ## Get updates for Microsoft Defender Antivirus
-Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).
+Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](microsoft-defender-antivirus-compatibility.md).
There are two types of updates related to keeping Microsoft Defender Antivirus up to date: - Security intelligence updates - Product updates
-To get your updates, follow the guidance in [Manage Microsoft Defender Antivirus updates and apply baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus).
+To get your updates, follow the guidance in [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).
## Add Microsoft Defender for Endpoint to the exclusion list for McAfee
The specific exclusions to configure depend on which version of Windows your end
|OS |Exclusions | |--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/> |
-|- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|- Windows 10, [version 1803](/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](/windows/release-health/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<p>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<p>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<p>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/> |
+|- [Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<p>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
## Add McAfee to the exclusion list for Microsoft Defender Antivirus During this step of the setup process, you add McAfee and your other security solutions to the Microsoft Defender Antivirus exclusion list.
-When you add [exclusions to Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
+When you add [exclusions to Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md), you should add path and process exclusions. Keep the following points in mind:
- Path exclusions exclude specific files and whatever those files access. - Process exclusions exclude whatever a process touches, but does not exclude the process itself. - If you list each executable (.exe) as both a path exclusion and a process exclusion, the process and whatever it touches are excluded.
You can choose from several methods to add your exclusions to Microsoft Defender
|Method | What to do| |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>7. Choose **Review + save**, and then choose **Save**. |
-|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
-|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
-|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |
-|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
+|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <p>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<p>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<p>3. Under **Manage**, select **Properties**. <p>4. Select **Configuration settings: Edit**.<p>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<p>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<p>7. Choose **Review + save**, and then choose **Save**. |
+|[Microsoft Endpoint Configuration Manager](/mem/configmgr/) |1. Using the [Configuration Manager console](/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <p>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
+|[Group Policy Object](/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<p>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<p>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<p>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<p>5. Click **OK**.<p>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.<p>7. Click **OK**. |
+|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <p>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<p>3. Specify your path and process exclusions. |
+|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<p>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
## Add McAfee to the exclusion list for Microsoft Defender for Endpoint
-To add exclusions to Microsoft Defender for Endpoint, you create [indicators](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-indicators#create-indicators-for-files).
+> [!IMPORTANT]
+> In general, you shouldn't have to add exclusions for Defender for Endpoint, especially if you have already defined exclusions for Microsoft Defender Antivirus. However, if you run into issues where Microsoft Defender Antivirus won't stay in passive mode, perform the following task. Otherwise, skip this section and proceed to [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
+
+To add exclusions to Microsoft Defender for Endpoint, you create [indicators](indicator-file.md).
1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.
To add exclusions to Microsoft Defender for Endpoint, you create [indicators](ht
### Find a file hash using CMPivot
-CMPivot is an in-console utility for Configuration Manager. CMPivot provides access to the real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
+CMPivot is an in-console utility for Configuration Manager. CMPivot provides access to the real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](/mem/configmgr/core/servers/manage/cmpivot-overview).
To use CMPivot to get your file hash, follow these steps:
-1. Review the [prerequisites](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#prerequisites).
+1. Review the [prerequisites](/mem/configmgr/core/servers/manage/cmpivot#prerequisites).
-2. [Start CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot).
+2. [Start CMPivot](/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot).
3. Connect to Configuration Manager (`SCCM_ServerName.DomainName.com`).
File(c:\\windows\\notepad.exe)
| Collection type | What to do | |--|--|
-|[Device groups](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<br/><br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/><br/>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).<br/><br/>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**. <br/><br/>3. Choose **+ Add device group**.<br/><br/>4. Specify a name and description for the device group.<br/><br/>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations#how-threats-are-remediated).<br/><br/>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/machine-tags). <br/><br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <br/><br/>8. Choose **Done**. |
-|[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/><br/>Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
-|[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/><br/> Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). |
+|[Device groups](machine-groups.md) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<p> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <p>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).<p>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**. <p>3. Choose **+ Add device group**.<p>4. Specify a name and description for the device group.<p>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](automated-investigations.md#how-threats-are-remediated).<p>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](machine-tags.md). <p>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <p>8. Choose **Done**. |
+|[Device collections](/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <p>Device collections are created by using [Configuration Manager](/mem/configmgr/). |Follow the steps in [Create a collection](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
+|[Organizational units](/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<p> Organizational units are defined in [Azure Active Directory Domain Services](/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](/azure/active-directory-domain-services/create-ou). |
## Configure antimalware policies and real-time protection Using Configuration Manager and your device collection(s), configure your antimalware policies. -- See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies).
+- See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies).
-- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
+- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md).
> [!TIP] > You can deploy the policies before your organization's devices on onboarded.
security Mssp List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mssp-list.md
The following managed security service providers can be accessed through the por
Logo |Partner name | Description :|:|:
+![Image of Aujas logo](images/aujas-logo.png) | [Aujas managed MDE Service](https://go.microsoft.com/fwlink/?linkid=2162429) | Aujas cybersecurity provides 24*7 managed security services across the entire enterprise spectrum, using Microsoft Defender for endpoints through its Cyber Defense Centers.
![Image of BDO Digital logo](images/bdo-logo.png)| [BDO Digital](https://go.microsoft.com/fwlink/?linkid=2090394) | BDO Digital's Managed Defense leverages best practice tools, AI, and in-house security experts for 24/7/365 identity protection ![Image of BlueVoyant logo](images/bluevoyant-logo.png)| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender for Endpoint provides support in monitoring, investigating, and mitigating advanced attacks on endpoints ![Image of Cloud Security Center logo](images/cloudsecuritycenter-logo.png)| [Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2099315) | InSpark's Cloud Security Center is a 24x7 managed service that delivers protect, detect & respond capabilities
Logo |Partner name | Description
![Image of Dell Technologies Advanced Threat Protection logo](images/dell-logo.png)| [Dell Technologies Advanced Threat Protection](https://go.microsoft.com/fwlink/?linkid=2091004) | Professional monitoring service for malicious behavior and anomalies with 24/7 capability ![Image of DXC-Managed Endpoint Threat Detection and Response logo](images/dxc-logo.png)| [DXC-Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2090395) | Identify endpoint threats that evade traditional security defenses and contain them in hours or minutes, not days ![Image of eSentire log](images/esentire-logo.png) | [eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2154970) | 24x7 threat investigations and response via Microsoft Defender for Endpoint.
+![Image of expel logo](images/expel-logo.png)| [Expel Managed detection and response for Microsoft Defender Endpoint](https://go.microsoft.com/fwlink/?linkid=2162430) | Expel helps your security keep up by detecting security risks in Microsoft Defender Endpoint.
![Image of NTT Security logo](images/ntt-logo.png)| [NTT Security](https://go.microsoft.com/fwlink/?linkid=2095320) | NTT's EDR Service provides 24/7 security monitoring & response across your endpoint and network ![Image of OneVinn logo](images/onevinn-logo.png) | [Onevinn MDR](https://go.microsoft.com/fwlink/?linkid=2155203)| 24/7 Managed Detection and Response built on Microsoft Defender and Azure Sentinel, enriched with Onevinn's threat intelligence. ![Image of Quorum Cyber logo](images/quorum-logo.png) | [Quorum Cyber](https://go.microsoft.com/fwlink/?linkid=2155202)| A cutting-edge Threat Hunting & Security Engineering service.
security Switch To Microsoft Defender Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration.md
- m365solution-overview Previously updated : 02/11/2021 Last updated : 05/10/2021 ms.technology: mde # Make the switch from a non-Microsoft endpoint solution to Microsoft Defender for Endpoint
-If you are planning to switch from a non-Microsoft endpoint protection solution to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint), you're in the right place. Use this article as a guide.
+If you are planning to switch from a non-Microsoft endpoint protection solution to [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) (Defender for Endpoint), you're in the right place. Use this article as a guide.
:::image type="content" source="images/nonms-mde-migration.png" alt-text="Overview of migrating to Defender for Endpoint":::
When you switch to Microsoft Defender for Endpoint, you follow a process that ca
|Phase |Description | |--|--| |[Prepare for your migration](switch-to-microsoft-defender-prepare.md) |During [the **Prepare** phase](switch-to-microsoft-defender-prepare.md), you update your organization's devices, get Microsoft Defender for Endpoint, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender for Endpoint. |
-|[Set up Microsoft Defender for Endpoint](switch-to-microsoft-defender-setup.md) |During [the **Setup** phase](switch-to-microsoft-defender-setup.md), you enable Microsoft Defender Antivirus and make sure it's in passive mode, and you configure settings & exclusions for Microsoft Defender Antivirus, Microsoft Defender for Endpoint, and your existing endpoint protection solution. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[Set up Microsoft Defender for Endpoint](switch-to-microsoft-defender-setup.md) |During [the **Setup** phase](switch-to-microsoft-defender-setup.md), you enable Microsoft Defender Antivirus and make sure it's in passive mode. You also configure settings & exclusions for Microsoft Defender Antivirus and your existing endpoint protection solution. Then, you create your device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
|[Onboard to Microsoft Defender for Endpoint](switch-to-microsoft-defender-onboard.md) |During [the **Onboard** phase](switch-to-microsoft-defender-onboard.md), you onboard your devices to Microsoft Defender for Endpoint and verify that those devices are communicating with Microsoft Defender for Endpoint. Last, you uninstall your existing endpoint protection solution and make sure that protection through Microsoft Defender Antivirus & Microsoft Defender for Endpoint is in active mode. | ## What's included in Microsoft Defender for Endpoint?
-In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender for Endpoint. However, Microsoft Defender for Endpoint includes much more than antivirus and endpoint protection. Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender for Endpoint.
+In this migration guide, we focus on [next-generation protection](microsoft-defender-antivirus-in-windows-10.md) and [endpoint detection and response](overview-endpoint-detection-response.md) capabilities as a starting point for moving to Microsoft Defender for Endpoint. However, Microsoft Defender for Endpoint includes much more than antivirus and endpoint protection. Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender for Endpoint.
| Feature/Capability | Description | |||
-| [Threat & vulnerability management](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) | Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices). |
-| [Attack surface reduction](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
-| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
-| [Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches. |
+| [Threat & vulnerability management](next-gen-threat-and-vuln-mgt.md) | Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](overview-attack-surface-reduction.md) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](microsoft-defender-antivirus-in-windows-10.md) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](overview-endpoint-detection-response.md) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches. |
| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
-| [Behavioral blocking and containment](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
-| [Automated investigation and remediation](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
-| [Threat hunting service](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+| [Behavioral blocking and containment](behavioral-blocking-containment.md) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](automated-investigations.md) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](microsoft-threat-experts.md) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
-**Want to learn more? See [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection).**
+**Want to learn more? See [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md).**
## Next step
security Switch To Microsoft Defender Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard.md
- m365solution-migratetomdatp Previously updated : 03/03/2021 Last updated : 05/10/2021
Deployment methods vary, depending on which operating system is selected. Refer
|Operating system |Method | |||
-|Windows 10 |- [Group Policy](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-script) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
-|- Windows 8.1 Enterprise <br/>- Windows 8.1 Pro <br/>- Windows 7 SP1 Enterprise <br/>- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)<br/><br/>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). |
-|- Windows Server 2019 and later <br/>- Windows Server 2019 core edition <br/>- Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-sccm#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent devices](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-vdi) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
-|- Windows Server 2016 <br/>- Windows Server 2012 R2 <br/>- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)<br/><br/>iOS<br/><br/>Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Onboard non-Windows devices](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows) |
+|Windows 10 |- [Group Policy](configure-endpoints-gp.md)<br/>- [Configuration Manager](configure-endpoints-sccm.md)<br/>- [Mobile Device Management (Intune)](configure-endpoints-mdm.md)<br/>- [Local script](configure-endpoints-script.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
+|- Windows 8.1 Enterprise <br/>- Windows 8.1 Pro <br/>- Windows 7 SP1 Enterprise <br/>- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](onboard-downlevel.md)<p>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent). |
+|- Windows Server 2019 and later <br/>- Windows Server 2019 core edition <br/>- Windows Server version 1803 and later |- [Local script](configure-endpoints-script.md) <br/>- [Group Policy](configure-endpoints-gp.md) <br/>- [Configuration Manager](configure-endpoints-sccm.md) <br/>- [System Center Configuration Manager](configure-endpoints-sccm.md) <br/>- [VDI onboarding scripts for non-persistent devices](configure-endpoints-vdi.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
+|- Windows Server 2016 <br/>- Windows Server 2012 R2 <br/>- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](configure-server-endpoints.md)<br/>- [Azure Defender](/azure/security-center/security-center-wdatp) |
+|macOS<br/>- 11.3.1 (Big Sur) <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<p>iOS<p>Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Onboard non-Windows devices](configure-endpoints-non-windows.md) |
## Run a detection test
To verify that your onboarded devices are properly connected to Microsoft Defend
|Operating system |Guidance | |||
-|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/run-detection-test). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint on macOS](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac). |
-|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint on Linux](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux). |
+|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](run-detection-test.md). <p>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
+|macOS<br/>- 11.3.1 (Big Sur) <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <p>For more information, see [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md). |
+|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <p>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <p>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <p>For more information, see [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md). |
## Uninstall your non-Microsoft solution
To do this, visit the Microsoft Defender for Endpoint demo scenarios site ([http
**Congratulations**! You have completed your [migration to Microsoft Defender for Endpoint](switch-to-microsoft-defender-migration.md#the-migration-process)! -- [Visit your security operations dashboard](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
+- [Visit your security operations dashboard](security-operations-dashboard.md) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
- [Manage Microsoft Defender for Endpoint, post migration](manage-atp-post-migration.md).
security Switch To Microsoft Defender Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare.md
- m365solution-migratetomdatp Previously updated : 03/03/2021 Last updated : 05/10/2021
Need help updating your organization's devices? See the following resources:
Now that you've updated your organization's devices, the next step is to get Microsoft Defender for Endpoint, assign licenses, and make sure the service is provisioned. 1. Buy or try Microsoft Defender for Endpoint today. [Start a free trial or request a quote](https://aka.ms/mdatp).
-2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#check-license-state).
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#tenant-configuration).
-4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#network-configuration).
+2. Verify that your licenses are properly provisioned. [Check your license state](/microsoft-365/security/defender-endpoint/production-deployment#check-license-state).
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](/microsoft-365/security/defender-endpoint/production-deployment#tenant-configuration).
+4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](/microsoft-365/security/defender-endpoint/production-deployment#network-configuration).
At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
At this point, you are ready to grant access to your security administrators and
## Grant access to the Microsoft Defender Security Center
-The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/use).
+The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](use.md).
Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
-1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prepare-deployment#role-based-access-control).
-2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](prepare-deployment.md#role-based-access-control).
+2. Set up and configure RBAC. We recommend using [Intune](/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](/mem/intune/fundamentals/role-based-access-control).
If your organization requires a method other than Intune, choose one of the following options:
- - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
- - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
- - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
-3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/rbac)).
+ - [Configuration Manager](/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+ - [Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm)
+ - [Windows Admin Center](/windows-server/manage/windows-admin-center/overview)
+3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](rbac.md)).
## Configure device proxy and internet connectivity settings
To enable communication between your devices and Microsoft Defender for Endpoint
|Capabilities | Operating System | Resources | |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-proxy-internet) |
-|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections) |
+|[Endpoint detection and response](overview-endpoint-detection-response.md) (EDR) |- [Windows 10](/windows/release-health/release-information) <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](configure-proxy-internet.md) |
+|EDR |- [Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](onboard-downlevel.md#configure-proxy-and-internet-connectivity-settings) |
+|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](microsoft-defender-endpoint-mac.md#network-connections) |
+|[Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) |- [Windows 10](/windows/release-health/release-information) <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](configure-network-connections-microsoft-defender-antivirus.md)<br/> |
+|Antivirus |macOS: <br/>- 11.3.1 (Big Sur)<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) |[Microsoft Defender for Endpoint on macOS: Network connections](microsoft-defender-endpoint-mac.md#network-connections) |
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](microsoft-defender-endpoint-linux.md#network-connections) |
## Next step
security Switch To Microsoft Defender Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup.md
- m365solution-migratetomdatp Previously updated : 05/06/2021 Last updated : 05/10/2021
2. [Get updates for Microsoft Defender Antivirus](#get-updates-for-microsoft-defender-antivirus). 3. [Add Microsoft Defender for Endpoint to the exclusion list for your existing endpoint solution](#add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-your-existing-solution). 4. [Add your existing solution to the exclusion list for Microsoft Defender Antivirus](#add-your-existing-solution-to-the-exclusion-list-for-microsoft-defender-antivirus).
-5. [Add your existing solution to the exclusion list for Microsoft Defender for Endpoint](#add-your-existing-solution-to-the-exclusion-list-for-microsoft-defender-for-endpoint).
-6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
-7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
+5. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
+6. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
## Enable Microsoft Defender Antivirus and confirm it's in passive mode
Because your organization is still using your existing endpoint protection solut
1. Open Registry Editor, and then navigate to <br/> `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`.
-2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+2. Edit (or create) a DWORD entry called **ForcePassiveMode**, and specify the following settings:
- Set the DWORD's value to **1**. - Under **Base**, select **Hexadecimal**.
When you add [exclusions to Microsoft Defender Antivirus scans](/windows/securit
You can choose from several methods to add your exclusions to Microsoft Defender Antivirus, as listed in the following table: - |Method | What to do| |--|--| |[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/>**NOTE**: Intune is now Microsoft Endpoint Manager. | 1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<p> 2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<p> 3. Under **Manage**, select **Properties**.<p> 4. Select **Configuration settings: Edit**.<p> 5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<p> 6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<p> 7. Choose **Review + save**, and then choose **Save**. |
You can choose from several methods to add your exclusions to Microsoft Defender
|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <p>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**.<p>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<p>3. Specify your path and process exclusions. | |Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<p>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
-## Add your existing solution to the exclusion list for Microsoft Defender for Endpoint
-
-To add exclusions to Microsoft Defender for Endpoint, you create [indicators](/microsoft-365/security/defender-endpoint/manage-indicators#create-indicators-for-files).
-
-1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.<br/>
-
-1. In the navigation pane, choose **Settings** > **Rules** > **Indicators**.<br/>
-
-2. On the **File hashes** tab, choose **Add indicator**.<br/>
-
-3. On the **Indicator** tab, specify the following settings:
- - File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.)
- - Under **Expires on (UTC)**, choose **Never**.<br/>
-
-4. On the **Action** tab, specify the following settings:
- - **Response Action**: **Allow**
- - Title and description<br/>
-
-5. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**.<br/>
-
-6. On the **Summary** tab, review the settings, and then select **Save**.
-
-### Find a file hash using CMPivot
-
-CMPivot is an in-console utility for Configuration Manager. CMPivot provides access to the real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](/mem/configmgr/core/servers/manage/cmpivot-overview).
-
-To use CMPivot to get your file hash, follow these steps:
-
-1. Review the [prerequisites](/mem/configmgr/core/servers/manage/cmpivot#prerequisites).
-
-2. [Start CMPivot](/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot).
-
-3. Connect to Configuration Manager (`SCCM_ServerName.DomainName.com`).
-
-4. Select the **Query** tab.
-
-5. In the **Device Collection** list, and choose **All Systems (default)**.
-
-6. In the query box, type the following query:<br/>
-
- ```kusto
- File(c:\\windows\\notepad.exe)
- | project Hash
- ```
-
- > [!NOTE]
- > In the query above, replace *notepad.exe* with the your third-party security product process name.
- ## Set up your device groups, device collections, and organizational units | Collection type | What to do |
security Symantec To Microsoft Defender Atp Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-onboard.md
Deployment methods vary, depending on which operating system is selected. Refer
|Operating system |Method | |||
-|Windows 10 |- [Group Policy](configure-endpoints-gp.md)<br/>- [Configuration Manager](configure-endpoints-sccm.md)<br/>- [Mobile Device Management (Intune)](configure-endpoints-mdm.md)<br/>- [Local script](configure-endpoints-script.md) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
-|- Windows 8.1 Enterprise <br/>- Windows 8.1 Pro <br/>- Windows 7 SP1 Enterprise <br/>- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint)<br/><br/>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). |
-|- Windows Server 2019 and later <br/>- Windows Server 2019 core edition <br/>- Windows Server version 1803 and later |- [Local script](configure-endpoints-script.md) <br/>- [Group Policy](configure-endpoints-gp.md) <br/>- [Configuration Manager](/configure-endpoints-sccm.md) <br/>- [System Center Configuration Manager](configure-endpoints-sccm.md#onboard-devices-using-system-center-configuration-manager)<br/>- [VDI onboarding scripts for non-persistent devices](configure-endpoints-vdi.md) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
-|- Windows Server 2016 <br/>- Windows Server 2012 R2 <br/>- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](configure-server-endpoints.md)<br/>- [Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)<br/><br/>iOS<br/><br/>Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Onboard non-Windows devices](configure-endpoints-non-windows.md) |
+|Windows 10 |- [Group Policy](configure-endpoints-gp.md)<br/>- [Configuration Manager](configure-endpoints-sccm.md)<br/>- [Mobile Device Management (Intune)](configure-endpoints-mdm.md)<br/>- [Local script](configure-endpoints-script.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
+|- Windows 8.1 Enterprise <br/>- Windows 8.1 Pro <br/>- Windows 7 SP1 Enterprise <br/>- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint)<p>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent). |
+|- Windows Server 2019 and later <br/>- Windows Server 2019 core edition <br/>- Windows Server version 1803 and later |- [Local script](configure-endpoints-script.md) <br/>- [Group Policy](configure-endpoints-gp.md) <br/>- [Configuration Manager](configure-endpoints-sccm.md) <br/>- [System Center Configuration Manager](configure-endpoints-sccm.md#onboard-devices-using-system-center-configuration-manager)<br/>- [VDI onboarding scripts for non-persistent devices](configure-endpoints-vdi.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
+|- Windows Server 2016 <br/>- Windows Server 2012 R2 <br/>- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](configure-server-endpoints.md)<br/>- [Azure Defender](/azure/security-center/security-center-wdatp) |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)<p>iOS<p>Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Onboard non-Windows devices](configure-endpoints-non-windows.md) |
## Run a detection test
To verify that your onboarded devices are properly connected to Microsoft Defend
|Operating system |Guidance | |||
-|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](run-detection-test.md). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md). |
-|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md). |
+|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](run-detection-test.md). <p>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
+|macOS<br/>- 11.3.1 (Big Sur)<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <p>For more information, see [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md). |
+|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <p>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <p>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <p>For more information, see [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md). |
## Uninstall Symantec
security Symantec To Microsoft Defender Atp Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-prepare.md
This migration phase includes the following steps:
To get started, you must have Microsoft Defender for Endpoint, with licenses assigned and provisioned. 1. Buy or try Microsoft Defender for Endpoint today. [Visit Microsoft Defender for Endpoint to start a free trial or request a quote](https://aka.ms/mdatp).
-2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#check-license-state).
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#tenant-configuration).
-4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/production-deployment#network-configuration).
+2. Verify that your licenses are properly provisioned. [Check your license state](production-deployment.md#check-license-state).
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](production-deployment.md#tenant-configuration).
+4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](production-deployment.md#network-configuration).
At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
At this point, you are ready to grant access to your security administrators and
## Grant access to the Microsoft Defender Security Center
-The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/use).
+The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](use.md).
Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
-1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prepare-deployment#role-based-access-control).
-2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).<br/>
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](prepare-deployment.md#role-based-access-control).
+2. Set up and configure RBAC. We recommend using [Intune](/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](/mem/intune/fundamentals/role-based-access-control).<br/>
If your organization requires a method other than Intune, choose one of the following options:
- - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
- - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
- - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
-3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/rbac)).
+ - [Configuration Manager](/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+ - [Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm)
+ - [Windows Admin Center](/windows-server/manage/windows-admin-center/overview)
+3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](rbac.md)).
## Configure device proxy and internet connectivity settings
To enable communication between your devices and Microsoft Defender for Endpoint
|Capabilities | Operating System | Resources | |:-|:-|:|
-|[Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-proxy-internet) |
-|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on Mac: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections) |
+|[Endpoint detection and response](overview-endpoint-detection-response.md) (EDR) |- [Windows 10](/windows/release-health/release-information/) <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](configure-proxy-internet.md) |
+|EDR |- [Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](onboard-downlevel.md#configure-proxy-and-internet-connectivity-settings) |
+|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](microsoft-defender-endpoint-mac.md#network-connections) |
+|[Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) |- [Windows 10](/windows/release-health/release-information/) <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](configure-network-connections-microsoft-defender-antivirus.md)<br/> |
+|Antivirus |macOS: <br/>- 11.3.1 (Big Sur)<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) |[Microsoft Defender for Endpoint on Mac: Network connections](microsoft-defender-endpoint-mac.md#network-connections) |
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](microsoft-defender-endpoint-linux.md#network-connections) |
## Next step
security Symantec To Microsoft Defender Atp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-setup.md
- M365-security-compliance - m365solution-symantecmigrate Previously updated : 03/03/2021 Last updated : 05/10/2021
3. [Get updates for Microsoft Defender Antivirus](#get-updates-for-microsoft-defender-antivirus). 4. [Add Microsoft Defender for Endpoint to the exclusion list for Symantec](#add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-symantec). 5. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-antivirus).
-6. [Add Symantec to the exclusion list for Microsoft Defender for Endpoint](#add-symantec-to-the-exclusion-list-for-microsoft-defender-for-endpoint).
-7. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
-8. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
+6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
+7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
## Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)
Because your organization is still using Symantec, you must set Microsoft Defend
1. Open Registry Editor, and then navigate to <br/> `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`.
-2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+2. Edit (or create) a DWORD entry called **ForcePassiveMode**, and specify the following settings:
- Set the DWORD's value to **1**. - Under **Base**, select **Hexadecimal**.
To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
|Method |What to do | |||
-|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](/intune/device-profiles).|
+|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<p>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure).<p>3. Select **Properties**, and then select **Configuration settings: Edit**.<p>4. Expand **Microsoft Defender Antivirus**. <p>5. Enable **Cloud-delivered protection**.<p>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<p>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<p>8. Select **Review + save**, and then choose **Save**.<br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](/intune/device-profiles).|
|Control Panel in Windows |Follow the guidance here: [Turn on Microsoft Defender Antivirus](/mem/intune/user-help/turn-on-defender-windows). <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
-|[Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/><br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
+|[Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <p>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<p>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <p>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
### Verify that Microsoft Defender Antivirus is in passive mode
Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Def
|Method |What to do | |||
-|Command Prompt |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. |
-|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](/powershell/module/defender/Get-MpComputerStatus) cmdlet.<br/> <br/>3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
+|Command Prompt |1. On a Windows device, open Command Prompt as an administrator. <p>2. Type `sc query windefend`, and then press Enter.<p>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. |
+|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.<p>2. Run the [Get-MpComputerStatus](/powershell/module/defender/Get-MpComputerStatus) cmdlet.<p>3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
> [!NOTE] > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
This step of the setup process involves adding Microsoft Defender for Endpoint t
|OS |Exclusions | |--|--|
-|- Windows 10, [version 1803](/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](/windows/release-health/release-information))<br/>- Windows 10, version 1703 or 1709 with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/><br/> |
-|- [Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>- [Windows 7](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>- [Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016)<br/><br/>- [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>- [Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|- Windows 10, [version 1803](/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](/windows/release-health/release-information))<br/>- Windows 10, version 1703 or 1709 with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<p>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<p>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<p>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<p> |
+|- [Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2) <p>- [Windows 7](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<p>- [Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016)<p>- [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<p>- [Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<p>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<p>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
## Add Symantec to the exclusion list for Microsoft Defender Antivirus
You can choose from several methods to add your exclusions to Microsoft Defender
|Method | What to do| |--|--|
-|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>7. Choose **Review + save**, and then choose **Save**. |
-|[Microsoft Endpoint Configuration Manager](/mem/configmgr/) |1. Using the [Configuration Manager console](/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
-|[Group Policy Object](/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/><br/>- Set the option to **Enabled**.<br/><br/>- Under the **Options** section, click **Show...**.<br/><br/>- Specify each folder on its own line under the **Value name** column.<br/><br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/><br/>- Set the option to **Enabled**.<br/><br/>- Under the **Options** section, click **Show...**.<br/><br/>- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.<br/>7. Click **OK**. |
-|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |
-|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
-
-## Add Symantec to the exclusion list for Microsoft Defender for Endpoint
-
-To add exclusions to Microsoft Defender for Endpoint, you create [indicators](/microsoft-365/security/defender-endpoint/manage-indicators#create-indicators-for-files).
-
-1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.
-
-1. In the navigation pane, choose **Settings** > **Rules** > **Indicators**.
-
-1. On the **File hashes** tab, choose **Add indicator**.
-
-1. On the **Indicator** tab, specify the following settings:
- - File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.)
- - Under **Expires on (UTC)**, choose **Never**.
-
-1. On the **Action** tab, specify the following settings:
- - **Response Action**: **Allow**
- - Title and description
-
-1. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**.
-
-1. On the **Summary** tab, review the settings, and then click **Save**.
-
-### Find a file hash using CMPivot
-
-CMPivot is an in-console utility for Configuration Manager. CMPivot provides access to the real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](/mem/configmgr/core/servers/manage/cmpivot-overview).
-
-To use CMPivot to get your file hash, follow these steps:
-
-1. Review the [prerequisites](/mem/configmgr/core/servers/manage/cmpivot#prerequisites).<br/>
-
-2. [Start CMPivot](/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot).
-
-3. Connect to Configuration Manager (`SCCM_ServerName.DomainName.com`).
-
-4. Select the **Query** tab.
-
-5. In the **Device Collection** list, and choose **All Systems (default)**.
-
-6. In the query box, type the following query:<br/>
- ```kusto
- File(c:\\windows\\notepad.exe)
- | project Hash
- ```
-
- > [!NOTE]
- > In the query above, replace *notepad.exe* with the your third-party security product process name.
-
+|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<p>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<p>3. Under **Manage**, select **Properties**. <p>4. Select **Configuration settings: Edit**.<p>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<p>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<p>7. Choose **Review + save**, and then choose **Save**. |
+|[Microsoft Endpoint Configuration Manager](/mem/configmgr/) |1. Using the [Configuration Manager console](/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <p>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
+|[Group Policy Object](/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<p>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<p>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<p>4. Double-click the **Path Exclusions** setting and add the exclusions.<p>- Set the option to **Enabled**.<p>- Under the **Options** section, click **Show...**.<p>- Specify each folder on its own line under the **Value name** column.<p>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<p>5. Click **OK**.<p>6. Double-click the **Extension Exclusions** setting and add the exclusions.<p>- Set the option to **Enabled**.<p>- Under the **Options** section, click **Show...**.<p>- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.<br/>7. Click **OK**. |
+|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <p>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<p>3. Specify your path and process exclusions. |
+|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<p>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
## Set up your device groups, device collections, and organizational units | Collection type | What to do | |--|--|
-|[Device groups](/microsoft-365/security/defender-endpoint/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).<br/><br/>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**. <br/><br/>3. Choose **+ Add device group**.<br/><br/>4. Specify a name and description for the device group.<br/><br/>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](/microsoft-365/security/defender-endpoint/automated-investigations#how-threats-are-remediated).<br/><br/>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](/microsoft-365/security/defender-endpoint/machine-tags).<br/> <br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <br/><br/>8. Choose **Done**. |
+|[Device groups](/microsoft-365/security/defender-endpoint/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).<p>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**. <p>3. Choose **+ Add device group**.<p>4. Specify a name and description for the device group.<p>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](/microsoft-365/security/defender-endpoint/automated-investigations#how-threats-are-remediated).<p>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](/microsoft-365/security/defender-endpoint/machine-tags).<br/> <br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <p>8. Choose **Done**. |
|[Device collections](/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/>Device collections are created by using [Configuration Manager](/mem/configmgr/). |Follow the steps in [Create a collection](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). | |[Organizational units](/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/> Organizational units are defined in [Azure Active Directory Domain Services](/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](/azure/active-directory-domain-services/create-ou). |
security Symantec To Microsoft Defender Endpoint Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-migration.md
- m365solution-symantecmigrate - m365solution-overview Previously updated : 03/03/2021 Last updated : 05/10/2021 # Migrate from Symantec to Microsoft Defender for Endpoint
-If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide.
+If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide.
**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
When you switch from Symantec to Microsoft Defender for Endpoint, you follow a p
|Phase |Description | |--|--| |[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During the **Prepare** phase, you get Microsoft Defender for Endpoint, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender for Endpoint. |
-|[Set up Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender for Endpoint, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[Set up Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
|[Onboard to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender for Endpoint and verify that those devices are communicating with Microsoft Defender for Endpoint. Last, you uninstall Symantec and make sure protection through Microsoft Defender for Endpoint is in active mode. | ## What's included in Microsoft Defender for Endpoint?
-In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender for Endpoint. However, Microsoft Defender for Endpoint includes much more than antivirus and endpoint protection. Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender for Endpoint.
+In this migration guide, we focus on [next-generation protection](microsoft-defender-antivirus-in-windows-10.md) and [endpoint detection and response](overview-endpoint-detection-response.md) capabilities as a starting point for moving to Microsoft Defender for Endpoint. However, Microsoft Defender for Endpoint includes much more than antivirus and endpoint protection. Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender for Endpoint.
| Feature/Capability | Description | |||
-| [Threat & vulnerability management](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) | Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices). |
-| [Attack surface reduction](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
-| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
-| [Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches. |
+| [Threat & vulnerability management](next-gen-threat-and-vuln-mgt.md) | Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](overview-attack-surface-reduction.md) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](microsoft-defender-antivirus-in-windows-10.md) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](overview-endpoint-detection-response.md) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches. |
| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
-| [Behavioral blocking and containment](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
-| [Automated investigation and remediation](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
-| [Threat hunting service](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+| [Behavioral blocking and containment](behavioral-blocking-containment.md) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](automated-investigations.md) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](microsoft-threat-experts.md) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
-**Want to learn more? See [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection).**
+**Want to learn more? See [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md).**
## Next step
security Tvm Supported Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-supported-os.md
Title: Supported operating systems and platforms for threat and vulnerability management
+ Title: Supported operating systems platforms and capabilities
description: Ensure that you meet the operating system or platform requisites for threat and vulnerability management, so the activities in your all devices are properly accounted for.
-keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, Microsoft Defender for Endpoint-tvm supported os, Microsoft Defender for Endpoint-tvm,
+keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, Microsoft Defender for Endpoint-tvm supported os, Microsoft Defender for Endpoint-tvm, supported operating systems, supported platforms, linux support, mac support
search.appverid: met150 search.product: eADQiWindows 10XVcnh ms.prod: m365-security
ms.technology: mde
-# Supported operating systems and platforms - threat and vulnerability management
+# Supported operating systems, platforms and capabilities - for threat and vulnerability management
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
Before you begin, ensure that you meet the following operating system or platfor
>[!NOTE] >The supported systems and platforms for threat and vulnerability management may be different from the [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md) list.
-Operating system | Security assessment support
-:|:
-Windows 7 | Operating System (OS) vulnerabilities
-Windows 8.1 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment |
-Windows 10, versions 1607-1703 | Operating System (OS) vulnerabilities
-Windows 10, version 1709 or later |Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
-Windows Server 2008 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
-Windows Server 2012 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
-Windows Server 2016 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
-Windows Server 2019 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
-macOS 10.14 "Mojave" and above | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities
-Linux | Not supported (planned)
+## Capabilities per supported operating systems (OS) and platforms
+
+In the following table, "Yes" indicates that a threat and vulnerability management capability is supported for the OS or platform on that row.
+
+Supported OS or platform | OS vulnerabilities | Software product vulnerabilities | OS configuration assessment | Security controls configuration assessment | Software product configuration assessment
+:|:|:|:|:|:
+Windows 7 | Yes | Not supported | Not supported | Not supported | Not supported
+Windows 8.1 | Yes | Yes | Yes | Yes| Yes
+Windows 10, versions 1607-1703 | Yes | Not supported | Not supported | Not supported | Not supported
+Windows 10, version 1709 or later | Yes | Yes | Yes | Yes | Yes
+Windows Server 2008 R2 | Yes | Yes | Yes | Yes | Yes
+Windows Server 2012 R2 | Yes | Yes | Yes | Yes | Yes
+Windows Server 2016 | Yes | Yes | Yes | Yes | Yes
+Windows Server 2019 | Yes | Yes | Yes | Yes | Yes
+macOS 10.14 "Mojave" and above | Yes | Yes | Yes (preview) | Yes (preview) | Yes (preview)
+Red Hat Enterprise Linux 7.2 or higher **(preview)** (\* See "Important" notice below) | Yes | Yes | Yes | Yes | Yes
+CentOS 7.2 or higher **(preview)** | Yes | Yes | Yes | Yes | Yes
+Ubuntu 16.04 LTS or higher LTS **(preview)** | Yes | Yes | Yes | Yes | Yes
+
+>[!IMPORTANT]
+> \* Red Hat Enterprise Linux:
+> “The vulnerability data provided and shown as part of your Microsoft Defender for Endpoint services is made available to you in its raw form, “AS IS”, from Red Hat, Inc., and might not be up to date. The data that is accessible in the Red Hat Security Data API is licensed under the Creative Commons Attribution 4.0 International License. You bear the risk in using this data. Microsoft and its third-party suppliers disclaim any and all liability for consequential and other indirect damages and implied warranties, including implied warranties of non-infringement, merchantability and fitness for a particular purpose. © 2020 Red Hat. All rights reserved. © 2020 Microsoft. All rights reserved.”
## Related articles
security Anti Malware Protection Faq Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop.md
- Title: Anti-malware protection FAQ
- - NOCSH
-----
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
- - m365initiative-defender-office365
-
- - seo-marvel-apr2020
-description: Admins can view frequently asked questions and answers about anti-malware protection in Exchange Online Protection (EOP).
--
-# Anti-malware protection FAQ
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-This article provides frequently asked questions and answers about anti-malware protection for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
-
-For questions and answers about the quarantine, see [Quarantine FAQ](quarantine-faq.md).
-
-For questions and answers about anti-spam protection, see [Anti-spam protection FAQ](anti-spam-protection-faq.md).
-
-For questions and answers about anti-spoofing protection, see [Anti-spoofing protection FAQ](anti-spoofing-protection-faq.md).
-
-## What are best practice recommendations for configuring and using the service to combat malware?
-
-See [EOP anti-malware policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-malware-policy-settings).
-
-## How often are the malware definitions updated?
-
-Each server checks for new malware definitions from our anti-malware partners every hour.
-
-## How many anti-malware partners do you have? Can I choose which malware engines we use?
-
-We have partnerships with multiple anti-malware technology providers, so messages are scanned with the Microsoft anti-malware engines, two added signature based engines, plus URL and file reputation scans from multiple sources. Our partners are subject to change, but EOP always uses anti-malware protection from multiple partners. You can't choose one anti-malware engine over another.
-
-## Where does malware scanning occur?
-
-We scan for malware in messages that are sent to or sent from a mailbox (messages in transit). For Exchange Online mailboxes, we also have [malware zero-hour auto purge (ZAP)](zero-hour-auto-purge.md) to scan for malware in messages that have already been delivered. If you resend a message from a mailbox, then it's scanned again (because it's in transit).
-
-## If I make a change to an anti-malware policy, how long does it take after I save my changes for them to take effect?
-
-It might take up to 1 hour for the changes to take effect.
-
-## Does the service scan internal messages for malware?
-
-For organizations with Exchange Online mailbox, the service scans for malware in all inbound and outbound messages, including messages sent between internal recipients.
-
-A standalone EOP subscription scans messages as they enter or leave your on-premises email organization. Messages sent between internal users aren't scanned for malware. However, you can use the built-in anti-malware scanning features of Exchange Server. For more information, see [Antimalware protection in Exchange Server](/Exchange/antispam-and-antimalware/antimalware-protection/antimalware-protection).
-
-## Do all anti-malware engines used by the service have heuristic scanning enabled?
-
-Yes. Heuristic scanning scans for both known (signature match) and unknown (suspicious) malware.
-
-## Can the service scan compressed files (such as .zip files)?
-
-Yes. The anti-malware engines can drill into compressed (archive) files.
-
-## Is the compressed attachment scanning support recursive (.zip within a .zip within a .zip) and if so, how deep does it go?
-
-Yes, recursive scanning of compressed files scans many layers deep.
-
-## Does the service work with legacy Exchange versions and non-Exchange environments?
-
-Yes, the service is server agnostic.
-
-## What's a zero-day virus and how is it handled by the service?
-
-A zero-day virus is a first generation, previously unknown variant of malware that's never been captured or analyzed.
-
-After a zero-day virus sample is captured and analyzed by our anti-malware engines, a definition and unique signature is created to detect the malware.
-
-When a definition or signature exists for the malware, it's no longer considered zero-day.
-
-## How can I configure the service to block specific executable files (such as \*.exe) that I fear may contain malware?
-
-You can enable the **Common Attachment Types Filter** (also known as common attachment blocking) as described in [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).
-
-You can also create an Exchange mail flow rule (also known as transport rule) that blocks any email attachment that has executable content.
-
-Follow the steps in [How to reduce malware threats through file attachment blocking in Exchange Online Protection](https://support.microsoft.com/help/2959596) to block the file types listed in [Supported file types for mail flow rule content inspection in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments#supported-file-types-for-mail-flow-rule-content-inspection).
-
-For increased protection, we also recommend using the **Any attachment file extension includes these words** condition in mail flow rules to block some or all of the following extensions: `ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh`.
-
-## Why did a specific malware get past the filters?
-
-There are two possible reasons why you might have received malware:
-
-1. Most likely, the attachment does not actually contain malicious code. Some anti-malware engines that run on computers might be more aggressive and could stop messages with truncated payloads.
-
-2. The malware you received is a new variant (see [What's a zero-day virus and how is it handled by the service?](#whats-a-zero-day-virus-and-how-is-it-handled-by-the-service)). The time it takes for a malware definition update is dependent on our anti-malware partners.
-
-## How can I submit malware that made it past the filters to Microsoft? Also, how can I submit a file that I believe was incorrectly detected as malware?
-
-See [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
-
-## I received an email message with an unfamiliar attachment. Is this malware or can I disregard this attachment?
-
-We strongly advise that you do not open any attachments that you do not recognize. If you would like us to investigate the attachment, go to the Malware Protection Center and submit the possible malware to us as described previously.
-
-## Where can I get the messages that have been deleted by the malware filters?
-
-The messages contain active malicious code and therefore we do not allow access to these messages. They are unceremoniously deleted.
-
-## I am not able to receive a specific attachment because it is being falsely filtered by the malware filters. Can I allow this attachment through via mail flow rules?
-
-No. You can't use Exchange mail flow rules to skip malware filtering.
-
-## Can I get reporting data about malware detections?
-
-Yes, you can access reports in the admin center. For more information about reporting, see the following links:
-
-Exchange Online customers: [Monitoring, Reporting, and Message Tracing in Exchange Online](/exchange/monitoring/monitoring)
-
-Exchange Online Protection customers: [Reporting and message trace in Exchange Online Protection](reporting-and-message-trace-in-exchange-online-protection.md)
-
-## Is there a tool that I can use to follow a malware-detected message through the service?
-
-Yes, the message trace tool enables you to follow email messages as they pass through the service. For more information about how to use the message trace tool to find out why a message was detected to contain malware, see [Message trace in the Security & Compliance Center](message-trace-scc.md).
-
-## Can I use a third-party anti-spam and anti-malware provider in conjunction with Exchange Online?
-
-Yes. In most cases, we recommend that you point your MX records to (that is, deliver email directly to) EOP. If you need to route your email somewhere else first, you need to enable [Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) so EOP can use the true message source in filtering decisions.
-
-## Are spam and malware messages being investigated as to who sent them, or being transferred to law enforcement entities?
-
-The service focuses on spam and malware detection and removal, though we may occasionally investigate especially dangerous or damaging spam or attack campaigns and pursue the perpetrators.
-
-We often with our legal and digital crime units to take the following actions:
--- Take down a spam botnet.-- Block an attacker from using the service.-- Pass the information on to law enforcement for criminal prosecution.-
-## For more information
-
-[Configure anti-malware policies](configure-anti-malware-policies.md)
-
-[Anti-malware protection](anti-malware-protection.md)
security Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection.md
EOP offers multi-layered malware protection that's designed to catch all known m
In EOP, messages that are found to contain malware in *any* attachments are quarantined, and can only be released from quarantine by an admin. For more information, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md).
-For more information about anti-malware protection, see the [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md).
+For more information about anti-malware protection, see the [Anti-malware protection FAQ](anti-malware-protection-faq-eop.yml).
To configure anti-malware policies, see [Configure anti-malware policies](configure-anti-malware-policies.md).
security Anti Spam And Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection.md
The following table contains links to topics that explain how anti-malware prote
|Topic|Description| ||| |[Anti-malware protection in EOP](anti-malware-protection.md)|Provides overview information about how the service offers multi-layered malware protection that's designed to catch all known malware traveling to or from your organization.|
-|[Anti-malware protection FAQ](anti-malware-protection-faq-eop.md)|Provides a detailed list of frequently asked questions and answers about anti-malware protection in the service.|
+|[Anti-malware protection FAQ](anti-malware-protection-faq-eop.yml)|Provides a detailed list of frequently asked questions and answers about anti-malware protection in the service.|
|[Configure anti-malware policies in EOP](configure-anti-malware-policies.md)|Describes how to configure the default company-wide anti-malware policy, as well as create custom anti-malware policies that you can apply to specified users, groups, or domains in your organization.| |[Recover from a ransomware attack](recover-from-ransomware.md)|| |[Virus detection in SharePoint Online](virus-detection-in-spo.md)|
The following table contains links to topics that explain how anti-spam protecti
|Topic|Description| ||| |[Anti-spam protection in EOP](anti-spam-protection.md)|Provides overview information about the main anti-spam protection features included in the service.|
-|[Anti-spam protection FAQ](anti-spam-protection-faq.md)|Provides frequently asked questions and answers about anti-spam protection.|
+|[Anti-spam protection FAQ](anti-spam-protection-faq.yml)|Provides frequently asked questions and answers about anti-spam protection.|
|[Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md)|Provides information about how you can configure anti-spam policies (also known as spam filter policies or content filter policies). You can configure the default company-wide anti-spam policy or create custom anti-spam policies that apply to specific users, groups, or domains in your organization.| |[Configure connection filtering](configure-the-connection-filter-policy.md)|Shows how you can add source IP address to the IP Allow List and the IP Block List in the default connection filter policy.| |[Create safe sender lists in EOP](create-safe-sender-lists-in-office-365.md)|Learn the recommended methods to keep good messages from being identified as spam.|
security Anti Spam Protection Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-protection-faq.md
- Title: Anti-spam protection FAQ
- - NOCSH
-----
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
- - m365initiative-defender-office365
-
- - seo-marvel-apr2020
-description: Admins can view frequently asked questions and answers about anti-spam protection in Exchange Online Protection (EOP).
--
-# Anti-spam protection FAQ
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-This topic provides frequently asked questions and answers about anti-malware protection for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
-
-For questions and answers about the quarantine, see [Quarantine FAQ](quarantine-faq.md).
-
-For questions and answers about anti-malware protection, see [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md).
-
-For questions and answers about anti-spoofing protection, see [Anti-spoofing protection FAQ](anti-spoofing-protection-faq.md).
-
-## By default, what happens to a spam-detected message?
-
-**For inbound messages:** The majority of spam is deleted via connection filtering, which is based on the IP address of the source email server. Anti-spam policies (also known as spam filter policies or content filter policies) inspect and classify messages as spam, bulk, or phishing. By default, messages that are classified as spam or bulk are delivered to the recipient's Junk Email folder, while messages classified as phishing are quarantined. You can modify the default anti-spam policy (applies to all recipients), or you can create custom anti-spam policies with stricter settings for specific groups of users (for example, you can quarantine spam that's sent to executives). For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md) and [Recommended anti-spam policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-spam-policy-settings).
-
-> [!IMPORTANT]
-> In hybrid deployments where EOP protects on-premises mailboxes, you need to configure two Exchange mail flow rules (also known as transport rules) in your on-premises Exchange organization to detect the EOP spam filtering headers that are added to messages. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
-
- **For outbound messages:** The message is either routed through the [high-risk delivery pool](high-risk-delivery-pool-for-outbound-messages.md) or is returned to the sender in a non-delivery report (also known as an NDR or bounce message). For more information about outbound spam protection, see [Outbound spam controls](outbound-spam-controls.md).
-
-## What's a zero-day spam variant and how is it handled by the service?
-
-A zero-day spam variant is a first generation, previously unknown variant of spam that's never been captured or analyzed, so our anti-spam filters don't yet have any information available for detecting it. After a zero-day spam sample is captured and analyzed by our spam analysts, if it meets the spam classification criteria, our anti-spam filters are updated to detect it, and it's no longer considered "zero-day."
-
-**Note:** If you receive a message that may be a zero-day spam variant, in order to help us improve the service, please submit the message to Microsoft using one of the methods described in [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
-
-## Do I need to configure the service to provide anti-spam protection?
-
-After you sign up for the service and add your domain, spam filtering is automatically enabled. By default, spam filtering is tuned to protect you without needing any additional configuration (aside from the previously noted exception for standalone EOP standalone customers in hybrid environments). As an admin, you can edit the default spam filtering settings to best meet the needs of your organization. For greater granularity, you can also create anti-spam policies and outbound anti-spam policies that are applied to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies.
-
-For more information, see the following topics:
-
-[Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md)
-
-[Configure connection filtering in EOP](configure-the-connection-filter-policy.md)
-
-[Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md)
-
-[Configure the outbound spam policy](configure-the-outbound-spam-policy.md)
-
-## If I make a change to an anti-spam policy, how long does it take after I save my changes for them to take effect?
-
-It may take up to 1 hour for the changes to take effect.
-
-## Is bulk email filtering automatically enabled?
-
-Yes. For more information about bulk email, see [What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md).
-
-## Does the service provide URL filtering?
-
-Yes, the service has a URL filter that checks for URLs within messages. If URLs associated with known spam or malicious content are detected then the message is marked as spam.
-
-## How can customers using the service send false negative (spam) and false positive (non-spam) messages to Microsoft?
-
-Spam and non-spam messages can be submitted to Microsoft for analysis in several ways. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
-
-## Can I get spam reports?
-
-Yes, for example you can get a spam detection report in the Microsoft 365 admin center. This report shows spam volume as a count of unique messages. For more information about reporting, see the following links:
-
-Exchange Online customers: [Monitoring, Reporting, and Message Tracing in Exchange Online](/exchange/monitoring/monitoring)
-
-Standalone EOP customers: [Reporting and message trace in Exchange Online Protection](reporting-and-message-trace-in-exchange-online-protection.md)
-
-## Someone sent me a message and I can't find it. I suspect that it may have been detected as spam. Is there a tool that I can use to find out?
-
-Yes, the message trace tool enables you to follow email messages as they pass through the service, in order to find out what happened to them. For more information about how to use the message trace tool to find out why a message was marked as spam, see [Was a message marked as spam?](/exchange/monitoring/trace-an-email-message/message-trace-faq#was-a-message-marked-as-spam)
-
-## Will the service throttle (rate limit) my mail if my users send outbound spam?
-
-If more than half of the mail that is sent from a user through the service within a certain time frame (for example, per hour), is determined to be spam by EOP, the user will be blocked from sending messages. In most cases, if an outbound message is determined to be spam, it is routed through the high-risk delivery pool, which reduces the probability of the normal outbound-IP pool being added to a block list.
-
-You can send a notification to a specified email address when a sender is blocked sending outbound spam. For more information about this setting, see [Configure the outbound spam policy](configure-the-outbound-spam-policy.md).
-
-## Can I use a third-party anti-spam and anti-malware provider in conjunction with Exchange Online?
-
-Yes. Although we recommend that you point your MX record to Microsoft, we realize that there are legitimate business reasons to route your email to somewhere other than Microsoft first.
--- **Inbound**: Change your MX records to point to the third-party provider, and then redirect the messages to EOP for additional processing. For more information, see [Enhanced Filtering for connectors in Exchange Online](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors).--- **Outbound**: Configure smart host routing from Microsoft 365 to the destination third-party provider.-
-## Does Microsoft have any documentation about how I can protect myself from phishing scams?
-
-Yes. For more information, see [Protect your privacy on the internet](https://support.microsoft.com/help/4091455)
-
-## Are spam and malware messages being investigated as to who sent them, or being transferred to law enforcement entities?
-
-The service focuses on spam and malware detection and removal, though we may occasionally investigate especially dangerous or damaging spam or attack campaigns and pursue the perpetrators. This may involve working with our legal and digital crime units to take down a spammer botnet, blocking the spammer from using the service (if they're using it for sending outbound email), and passing the information on to law enforcement for criminal prosecution.
-
-## What are a set of best outbound mailing practices that will ensure that my mail is delivered?
-
-The guidelines presented below are best practices for sending outbound email messages.
--- **The source email domain should resolve in DNS.**-
- For example, if the sender is user@fabrikam, the domain fabrikam resolves to the IP address 192.0.43.10.
-
- If a sending domain has no A-record and no MX record in DNS, the service will route the message through its higher risk delivery pool regardless of whether or not the content of the message is spam. For more information about the higher risk delivery pool, see [High-risk delivery pool for outbound messages](high-risk-delivery-pool-for-outbound-messages.md).
--- **Outbound mail eserver should have a reverse DNS (PTR) entry.**-
- For example, if the email source IP address is 192.0.43.10, the reverse DNS entry would be `43-10.any.icann.org`.`
--- **The HELO/EHLO and MAIL FROM commands should be consistent and be present in the form of a domain name rather than an IP address.**-
- The HELO/EHLO command should be configured to match the reverse DNS of the sending IP address so that the domain remains the same across the various parts of the message headers.
--- **Ensure that proper SPF records are set up in DNS.**-
- SPF records are a mechanism for validating that mail sent from a domain really is coming from that domain and is not spoofed. For more information about SPF records, see the following links:
-
- [Set up SPF to help prevent spoofing](set-up-spf-in-office-365-to-help-prevent-spoofing.md)
-
- [Domains FAQ](../../admin/setup/domains-faq.yml#how-can-i-validate-spf-records-for-my-domain)
--- **Signing email with DKIM, sign with relaxed canonicalization.**-
- If a sender wants to sign their messages using Domain Keys Identified Mail (DKIM) and they want to send outbound mail through the service, they should sign using the relaxed header canonicalization algorithm. Signing with strict header canonicalization may invalidate the signature when it passes through the service.
--- **Domain owners should have accurate information in the WHOIS database.**-
- This identifies the owners of the domain and how to contact them by entering the stable parent company, point of contact, and name servers.
--- **For bulk mailers, the From: name should reflect who is sending the message, while the subject line of the message should be a brief summary on what the message is about.**-
- The message body should have a clear indication of the offering, service, or product. For example, if a sender is sending out a bulk mailing for the Contoso company, the following is what the email From and Subject should resemble:
-
- > From: marketing@contoso.com <br> Subject: New updated catalog for the Christmas season!
-
- The following is an example of what not to do because it is not descriptive:
-
- > From: user@hotmail.com <br> Subject: Catalogs
--- **If sending a bulk mailing to many recipients and the message is in newsletter format, there should be a way of unsubscribing at the bottom of the message.**-
- The unsubscribe option should resemble the following:
-
- > This message was sent to example@contoso.com by sender@fabrikam.com. Update Profile/Email Address | Instant removal with **SafeUnsubscribe**&trade; | Privacy Policy
--- **If sending bulk email, list acquisition should be performed using double opt-in. If you are a bulk mailer, double opt-in is an industry best practice.**-
- Double opt-in is the practice of requiring a user to take two actions to sign up for marketing mail:
-
- 1. Once when the user clicks on a previously unchecked check box where they opt-in to receive further offers or email messages from the marketer.
-
- 2. A second time when the marketer sends a confirmation email to the user's provided email address asking them to click on a time-sensitive link that will complete their confirmation.
-
- Using double opt-in builds a good reputation for bulk email senders.
--- **Bulk senders should create transparent content for which they can be held accountable:**-
- 1. Verbiage requesting that recipients add the sender to the address book should clearly state that such action is not a guarantee of delivery.
-
- 2. When constructing redirects in the body of the message, use a consistent link style.
-
- 3. Don't send large images or attachments, or messages that are solely composed of an image.
-
- 4. When employing tracking pixels (web bugs or beacons), clearly state their presence in your public privacy or P3P settings.
--- **Format outbound bounce messages.**-
- When generating delivery status notification messages (also known as non-delivery reports, NDRs, or bounce messages), senders should follow the format of a bounce as specified in [RFC 3464](https://www.ietf.org/rfc/rfc3464.txt).
--- **Remove bounced email addresses for non-existent users.**-
- If you receive an NDR indicating that an email address is no longer in use, remove the non-existent email alias from your list. Email addresses change over time, and people sometimes discard them.
--- **Use Hotmail's Smart Network Data Services (SNDS) program.**-
- Hotmail uses a program called Smart Network Data Services that allows senders to check complaints submitted by end users. The SNDS is the primary portal for troubleshooting delivery problems to Hotmail.
security Anti Spoofing Protection Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spoofing-protection-faq.md
- Title: Anti-spoofing protection FAQ
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
- - m365initiative-defender-office365
-description: Admins can view frequently asked questions and answers about anti-spoofing protection in Exchange Online Protection (EOP).
--
-# Anti-spoofing protection FAQ
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-This article provides frequently asked questions and answers about anti-spoofing protection for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
-
-For questions and answers about anti-spam protection, see [Anti-spam protection FAQ](anti-spam-protection-faq.md).
-
-For questions and answers about anti-malware protection, see [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md)
-
-## Why did Microsoft choose to junk unauthenticated inbound email?
-
-Microsoft believes that the risk of continuing to allow unauthenticated inbound email is higher than the risk of losing legitimate inbound email.
-
-## Does junking unauthenticated inbound email cause legitimate email to be marked as spam?
-
-When Microsoft enabled this feature in 2018, some false positives happened (good messages were marked as bad). However, over time, senders adjusted to the requirements. The number of messages that were misidentified as spoofed became negligible for most email paths.
-
-Microsoft itself first adopted the new email authentication requirements several weeks before deploying it to customers. While there was disruption at first, it gradually declined.
-
-## Is spoof intelligence available to Microsoft 365 customers without Defender for Office 365?
-
-Yes. As of October 2018, spoof intelligence is available to all organizations with mailboxes in Exchange Online, and standalone EOP organizations without Exchange Online mailboxes.
-
-## How can I report spam or non-spam messages back to Microsoft?
-
-See [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
-
-## I'm an admin and I don't know all of sources for messages in my email domain!
-
-See [You don't know all sources for your email](email-validation-and-authentication.md#you-dont-know-all-sources-for-your-email).
-
-## What happens if I disable anti-spoofing protection for my organization?
-
-We do not recommend disabling anti-spoofing protection. Disabling the protection will allow more phishing and spam messages to be delivered in your organization. Not all phishing is spoofing, and not all spoofed messages will be missed. However, your risk will be higher.
-
-Now that [Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) is available, we no longer recommended turning off anti-spoofing protection when your email is routed through another service before EOP.
-
-## Does anti-spoofing protection mean I will be protected from all phishing?
-
-Unfortunately, no. Attackers will adapt to use other techniques (for example, compromised accounts or accounts in free email services). However, anti-phishing protection works much better to detect these other types of phishing methods. The protection layers in EOP are designed work together and build on top of each other.
-
-## Do other large email services block unauthenticated inbound email?
-
-Nearly all large email services implement traditional SPF, DKIM, and DMARC checks. Some services have other, more strict checks, but few go as far as EOP to block unauthenticated email and treat them as spoofed messages. However, the industry is becoming more aware about issues with unauthenticated email, particularly because of the problem of phishing.
-
-## Do I still need to enable the Advanced Spam Filter setting "SPF record: hard fail" (_MarkAsSpamSpfRecordHardFail_) if I enable anti-spoofing?
-
-No. This ASF setting is no longer required. Anti-spoofing protection considers both SPF hard fails and a much wider set of criteria. If you have anti-spoofing enabled and the **SPF record: hard fail** (_MarkAsSpamSpfRecordHardFail_) turned on, you will probably get more false positives.
-
-We recommend that you disable this feature as it provides almost no additional benefit for detecting spam or phishing message, and would instead generate mostly false positives. For more information, see [Advanced Spam Filter (ASF) settings in EOP](advanced-spam-filtering-asf-options.md).
-
-## Does Sender Rewriting Scheme help fix forwarded email?
-
-SRS only partially fixes the problem of forwarded email. By rewriting the SMTP **MAIL FROM**, SRS can ensure that the forwarded message passes SPF at the next destination. However, because anti-spoofing is based upon the **From** address in combination with the **MAIL FROM** or DKIM-signing domain (or other signals), it's not enough to prevent SRS forwarded email from being marked as spoofed.
security Configure The Outbound Spam Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy.md
For detailed syntax and parameter information, see [Remove-HostedOutboundSpamFil
[High-risk delivery pool for outbound messages](high-risk-delivery-pool-for-outbound-messages.md)
-[Anti-spam protection FAQ](anti-spam-protection-faq.md)
+[Anti-spam protection FAQ](anti-spam-protection-faq.yml)
[Auto-forwarded messages report](mfi-auto-forwarded-messages-report.md)
security Create Block Sender Lists In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365.md
When messages are successfully blocked due to a user's Blocked Senders list, the
## Use blocked sender lists or blocked domain lists
-When multiple users are affected, the scope is wider, so the next best option is blocked sender lists or blocked domain lists in anti-spam policies. Messages from senders on the lists are marked as **Spam**, and the action that you've configured for the **Spam** filter verdict is taken on the message. For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).
+When multiple users are affected, the scope is wider, so the next best option is blocked sender lists or blocked domain lists in anti-spam policies. Messages from senders on the lists are marked as **High confidence spam**, and the action that you've configured for the **High confidence spam** filter verdict is taken on the message. For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).
The maximum limit for these lists is approximately 1000 entries.
security Delegated Administration Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/delegated-administration-faq.md
- Title: Delegated administration FAQ
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: Admins can view frequently asked questions and answers about delegated administration tasks in Microsoft 365 for Microsoft partners and resellers.
--
-# Delegated administration FAQ
---
-This article provides frequently asked questions and answers about delegated administration tasks in Microsoft 365 for Microsoft partners and resellers. Delegated administration includes the ability to manage Exchange Online Protection (EOP) settings for other tenants (companies).
-
-## I'm a reseller and I need to manage my customer tenants. How does this work?
-
-If you're a Microsoft partner or reseller, and you've signed up to be a Microsoft advisor, you can request _delegated administration_ capabilities in your customer's Microsoft 365 organization.
-
-Delegated administration allows you to manage Microsoft 365 (including EOP settings) as if you were an admin within that organization. The steps to configure delegated administration are described in the following list:
-
-1. Sign up to be a [Microsoft Office 365 Advisor](https://partner.microsoft.com/?cloudbenefits).
-
-2. Sign up for delegated administration. Before you can start administering a customer's tenant, they must authorize you as a delegated administrator. To obtain their approval, you first [send them an offer for delegated administration](https://support.microsoft.com/office/26530dc0-ebba-415b-86b1-b55bc06b073e). You can also offer delegated administration to your customer at a later time.
-
-3. Create the delegated admin account using the steps in [Add, change, or delete a subscription advisor partner](../../admin/misc/add-partner.md).
-
-Visit [Partners: Build your business and administer partner subscription](https://support.microsoft.com/office/30dd1681-47e0-4cbc-abfe-a222cd111319) for more information about how to set up delegated administration.
-
-## I'm a customer, not a reseller. How can set up delegated administrator for my subtenants?
-
-Delegated administration is only available for resellers and partners. However, there's a sample PowerShell script that will help you apply policies to your subtenants (companies). For more information, see [Sample script for applying EOP settings to multiple tenants](sample-script-for-applying-eop-settings-to-multiple-tenants.md).
-
-## Can I prevent my subtenant admin from modifying my policy?
-
-No. Microsoft 365 does not currently have this capability.
-
-## Can I get consolidated reporting across all of my subtenants?
-
-Consolidated reporting across the companies you manage isn't available in Microsoft 365 admin center reports. However, you can get reports by using [Microsoft Graph](/graph/overview).
security Eop Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-features.md
The following table provides a list of features that are available in the Exchan
|Phone and web technical support 24 hours a day, seven days a week|For more information about EOP help and support options, see [Help and support for EOP](help-and-support-for-eop.md).| |**Other features**|| |A geo-redundant global network of servers|EOP runs on a worldwide network of datacenters that are designed to help provide the best availability. For more information, see the "EOP data centers" section in [Exchange Online Protection overview](exchange-online-protection-overview.md).|
-|Message queuing when the on-premises server cannot accept mail|Messages in deferral remain in our queues for one day. Message retry attempts are based on the error we get back from the recipient's mail system. On average, messages are retried every 5 minutes. For more information, see [EOP queued, deferred, and bounced messages FAQ](eop-queued-deferred-and-bounced-messages-faq.md).|
+|Message queuing when the on-premises server cannot accept mail|Messages in deferral remain in our queues for one day. Message retry attempts are based on the error we get back from the recipient's mail system. On average, messages are retried every 5 minutes. For more information, see [EOP queued, deferred, and bounced messages FAQ](eop-queued-deferred-and-bounced-messages-faq.yml).|
|Office 365 Message Encryption available as an add-on service|For more information, see [Encryption in Office 365](../../compliance/encryption.md).| |
security Eop General Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-general-faq.md
- Title: EOP general FAQ
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: Get answers to the most common general questions about the Exchange Online Protection (EOP) cloud-hosted email filtering service.
--
-# EOP general FAQ
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-Here we answer the most common general questions about Exchange Online Protection (EOP) cloud-hosted email filtering service. For additional frequently asked questions (FAQ) topics, go to the following links:
--- [EOP queued, deferred, and bounced messages FAQ](eop-queued-deferred-and-bounced-messages-faq.md)--- [Delegated administration FAQ](delegated-administration-faq.md)--- [Anti-spam protection FAQ](anti-spam-protection-faq.md)--- [Quarantine FAQ](quarantine-faq.md)--- [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md)--- [Message Trace FAQ](/exchange/monitoring/trace-an-email-message/message-trace-faq)-
-## What is EOP?
-
-EOP is a cloud-hosted email filtering service built to protect customers from spam and malware, and to implement custom policy rules. EOP is included in any Microsoft 365 subscription that contains Exchange Online mailboxes. EOP is also available as a standalone offering to help protect on-premises email environments.
-
-## How do I sign up for an EOP trial or purchase EOP?
-
-Sign up for an EOP trial or purchase EOP via the web at the [Exchange Online Protection home page](https://products.office.com/exchange/exchange-email-security-spam-protection). Note that the functionality for a trial purchase is the same as for a paid subscription, but also includes the additional features provided with the [Exchange Enterprise CAL with Services](https://products.office.com/exchange/microsoft-exchange-server-licensing-licensing-overview) subscription plan.
-
-## How is EOP priced?
-
-EOP is licensed by user. For the latest pricing information, see the [Exchange Online Protection home page](https://products.office.com/exchange/exchange-email-security-spam-protection).
-
-## How long does it take to put EOP into production?
-
-When you change your MX record, as per the steps outlined in [Set up your EOP service](set-up-your-eop-service.md), and your mail flows through EOP, filtering begins immediately. The MX record may take as long as 24-48 hours to propagate via DNS. You can fine tune your protection settings at any time during this process.
-
-## Do I have to use all features of Microsoft 365 to use EOP? What if I just want EOP protection and that's all?
-
-You can use EOP to protect your on-premises mailboxes without using any other features of Microsoft 365. This is known as a standalone subscription. A list of EOP features can be found in the [Exchange Online Protection Service Description](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description).
-
-## Why do I need a Microsoft 365 tenant when signing up for email filtering through EOP?
-
-Microsoft 365 is the name given to a collection of products and services that may be accessed through a Microsoft 365 tenant. Think of the Microsoft 365 tenant as the starting point to which you may add licenses for email filtering.
-
-## Does EOP have a communication portal where I can find out about known issues and expected resolutions? What about new features?
-
-The Microsoft 365 admin center will have some of this information. If you are impacted by a Service Level Event then you should see a communication alert (typically accompanied by a bell icon) after signing in to the Microsoft 365 admin center. We recommend that you read and act on any items as appropriate.
-
-Regarding new EOP features, the [Microsoft 365 for business roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=O365) is a good resource for finding out information about upcoming new features. We'll also be posting blog articles about new features to the [Microsoft 365 Blogs](https://www.microsoft.com/microsoft-365/blog/) website.
-
-## Does the service work with legacy Exchange versions (such as Exchange Server 2010) and non-Exchange environments?
-
-Yes, the service is server agnostic and can be used with any SMTP mail transfer agent.
-
-## What size organization can use the service?
-
-Any size. The EOP network has sufficient capacity to accommodate your growth, no matter how fast your organization grows.
-
-## What permissions do I need to set up EOP?
-
-In order to configure EOP, you must be a global admin, or an Exchange Company Administrator (the Organization Management role group).
-
-## How do I know my data and private information are safe?
-
-To learn more about the steps we've taken to ensure the safety of your data and private information, including information about Service Level Agreements (SLAs), go to the [Office 365 Trust Center](https://www.microsoft.com/trust-center).
-
-## Are there any limits I should be aware of, such as message size limitations?
-
-Yes. For more information about limits in EOP, see [Exchange Online Protection Limits](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-limits).
-
-## Does EOP support PowerShell?
-
-Yes, full EOP functionality is available via PowerShell: Exchange Online PowerShell for organizations with Exchange Online Mailboxes; standalone EOP PowerShell for standalone EOP organizations. For more information, see [Exchange Online PowerShell](/powershell/exchange/exchange-online-powershell) and [Exchange Online Protection PowerShell](/powershell/exchange/exchange-online-protection-powershell).
security Eop Queued Deferred And Bounced Messages Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-queued-deferred-and-bounced-messages-faq.md
- Title: EOP queued, deferred, and bounced messages FAQ
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: Find answers to the most common questions about messages that have been queued, deferred, or bounced during the Exchange Online Protection (EOP) filtering process.
--
-# EOP queued, deferred, and bounced messages FAQ
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-This topic provides answers to frequently asked questions about messages that have been queued, deferred, or bounced during the Exchange Online Protection (EOP) filtering process.
-
-## Why is mail queuing?
-
-Messages are queued or deferred if the service is unable to make a connection to the recipient server for delivery. It will not defer messages if a 500-series error is returned from the recipient network.
-
-## How does a message become deferred?
-
-Messages will be held when a connection to the recipient server cannot be made and the recipient's server is returning a "temporary failure" such as a connection time-out, connection refused, or a 400-series error. If there is a permanent failure, such as a 500-series error, then the message will be returned to the sender.
-
-## How long does a message remain in deferral and what is the retry interval?
-
-Messages in deferral will remain in our queues for 1 day. Message retry attempts are based on the error we get back from the recipient's mail system. The first few deferrals are 15 minutes or less, with subsequent retries (over the next half dozen or so) increasing the interval over multiple retries to a max of 60 minutes. The interval duration expansion is dynamic, taking into consideration multiple variables like queue sizes and internal message priority. In basic, it's 15 minutes (or less) to start, then expanding from there over the next few hours to 60 mins max.
-
-## After your email server is restored, how are queued messages distributed?
-
-After your email server is restored, all queued messages are automatically processed in the order in which they were received and queued when the server became unavailable.
security Quarantine Email Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-email-messages.md
Both users and admins can work with quarantined messages:
- Admins and users can report false positives to Microsoft in quarantine.
-For more information about, quarantine, see [Quarantine FAQ](quarantine-faq.md).
+For more information about, quarantine, see [Quarantine FAQ](quarantine-faq.yml).
security Quarantine Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-faq.md
- Title: Quarantined messages FAQ
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
- - m365initiative-defender-office365
-description: Admins can view frequently asked questions and answers about quarantined messages in Exchange Online Protection (EOP).
---
-# Quarantined messages FAQ
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-This topic provides frequently asked questions and answers about quarantined email messages for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
-
-For questions and answers about anti-spam protection, see [Anti-spam protection FAQ](anti-spam-protection-faq.md).
-
-For questions and answers about anti-malware protection, see [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md).
-
-For questions and answers about anti-spoofing protection, see [Anti-spoofing protection FAQ](anti-spoofing-protection-faq.md).
-
-## How do I manage messages that were quarantined for malware?
-
-Only admins can manage messages that were quarantined for malware. For more information, see [Manage quarantined messages and files as an admin](manage-quarantined-messages-and-files.md).
-
-## How do I quarantine spam?
-
-By default, messages that are classified as spam or bulk email by spam filtering are delivered to the user's mailbox, and are moved to the Junk Email folder. But you can create and configure anti-spam policies to quarantine spam or bulk email messages instead. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
-
-## How do I give users access to the quarantine?
-
-A user must have a valid account to access their own messages in quarantine. Standalone EOP requires that users are represented as mail users in EOP (manually created or created via directory synchronization). For more information about managing users in standalone EOP environments, see [Manage mail users in EOP](manage-mail-users-in-eop.md).
-
-## What messages can end users access in quarantine?
-
-Users can access spam, bulk email, and (as of April 2020) phishing messages where they are a recipient. End users can't access quarantined malware, high confidence phishing or messages that were quarantined because of the **Deliver the message to the hosted quarantine** action in mail flow rules (also known as transport rules). For more information about users accessing quarantined messages, see [Find and release quarantined messages as a user](find-and-release-quarantined-messages-as-a-user.md).
-
-## How long are messages kept in the quarantine?
-
-You configure how long spam, phishing, and bulk email messages are kept in the quarantine by using anti-spam policies. The default is 30 days, which is also the maximum. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md)
-
-For messages that were quarantined by the mail flow rule action **Deliver the message to the hosted quarantine**, the messages are kept in quarantine for 30 days. You can't configure this duration.
-
-After the time period expires, the messages are deleted and are not recoverable.
-
-## Can I release or report more than one quarantined message at a time?
-
-In the Security & Compliance Center, you can select and release up to 100 messages at a time.
-
-Admins can use the the [Get-QuarantineMessage](/powershell/module/exchange/get-quarantinemessage) and [Release-QuarantineMessage](/powershell/module/exchange/release-quarantinemessage) cmdlets in Exchange Online PowerShell or standalone EOP PowerShell to find and release quarantined messages in bulk, and to report false positives in bulk.
-
-## Are wildcards supported when searching for quarantined messages? Can I search for quarantined messages for a specific domain?
-
-Wildcards aren't supported in the Security & Compliance Center. For example, when searching for a sender, you need to specify the full email address. But, you can use wildcards in Exchange Online PowerShell or standalone EOP PowerShell.
-
-For example, copy the following PowerShell code into NotePad and save the file as .ps1 in a location that's easy for you to find (for example, C:\Data\QuarantineRelease.ps1).
-
-Then, after you connect to [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) or [Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell), run the following command to run the script:
-
-```powershell
-& C:\Data\QuarantineRelease.ps1
-```
-
-The script does the following actions:
--- Find unreleased messages that were quarantined as spam from all senders in the fabrikam domain. The maximum number of results is 50,000 (50 pages of 1000 results).-- Save the results to a CSV file.-- Release the matching quarantined messages to all original recipients.-
-```powershell
-$Page = 1
-$List = $null
-
-Do
-{
-Write-Host "Getting Page " $Page
-
-$List = (Get-QuarantineMessage -Type Spam -PageSize 1000 -Page $Page | where {$_.Released -like "False" -and $_.SenderAddress -like "*fabrikam.com"})
-Write-Host " " $List.count " rows in this page match"
-Write-Host " Exporting list to appended CSV for logging"
-$List | Export-Csv -Path "C:\Data\Quarantined Message Matches.csv" -Append -NoTypeInformation
-
-Write-Host "Releasing page " $Page
-$List | foreach {Release-QuarantineMessage -Identity $_.Identity -ReleaseToAll}
-
-$Page = $Page + 1
-
-} Until ($Page -eq 50)
-```
-
-After you release a message, you can't release it again.
solutions End Life Cycle Groups Teams Sites Yammer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/end-life-cycle-groups-teams-sites-yammer.md
Teams-specific content is primarily in the form of conversations.
Conversations in channels cannot be copied or moved using native Microsoft Teams functionality. They can however be exported using the Graph API.
-Additionally, if a retention policy is applied to Teams, the conversations are retained and available through eDiscovery searches. (Items found in eDiscovery searches can be exported, however there no context or structure from their original source remains ΓÇô they are simply individual messages.)
+Additionally, if a retention policy is applied to Teams, the conversations are retained and available through eDiscovery searches. Using advanced eDiscovery you can [reconstruct a Teams chat conversation](/microsoft-365/compliance/conversation-review-sets).
+ ### Archiving a team
Conversations can be moved to another Yammer group by any user, not just owners
**Export network data**
-Yammer network administrators can perform an [export of network data](/yammer/manage-security-and-compliance/export-yammer-enterprise-data), however doing so will export all conversations for the entire network. The resulting export however lists the Group ID, so it is possible to filter conversations based on this.
+Yammer network administrators can perform an [export of network data](/yammer/manage-security-and-compliance/export-yammer-enterprise-data), however doing so will export all conversations for the entire network. The resulting export however lists the Group ID, so it is possible to filter conversations based on this.