-description: "A deleted group is retained for 30 days and you can still restore the group. After 30 days, the group and its content is permanently deleted."

-## Related content

-[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md) (article)\

-[Delete groups using the Remove-UnifiedGroup cmdlet](/powershell/module/exchange/remove-unifiedgroup) (article)\

-[Manage your group-connected team site settings](https://support.microsoft.com/office/8376034d-d0c7-446e-9178-6ab51c58df42) (article)\

-[Delete a group in Outlook](https://support.microsoft.com/office/ca7f5a9e-ae4f-4cbe-a4bc-89c469d1726f) (article)

-**Bookings with me** in Outlook is a web-based personal scheduling page that integrates with the free/busy information from your Outlook calendar. Bookings with me lets people schedule a meeting or appointment with you. You can create custom meeting types to share with others so they can easily schedule time with you based on your availability and preferences. You both get an email confirmation and attendees can update or cancel scheduled meetings with you from your Bookings with me page.

-2. For mailboxes that get assigned a customized SharingPolicy, the policy must have Anonymous:SharingPolicyAction as one of the domains.

- ```Powershell:

- get-mailbox adam@contoso.com | Format-List SharingPolicy

- ```

- If the command returns:

- `SharingPolicy : "contoso.onmicrosoft.com\Default Sharing (CONTOSO)"`

- You must update the policy with one of the required domains:

- ```Powershell

- Set-SharingPolicy "Default Sharing (CONTOSO)" -Domains @{Add="Anonymous:CalendarSharingFreeBusySimple"}

- ```

-For more information, see [Set-SharingPolicy](/powershell/module/exchange/set-sharingpolicy).

-### Why is Bookings with me in preview?

-Bookings with me is in preview for all enterprise users worldwide. We're collecting feedback and making improvement while it is being integrated into scheduling experiences in Bookings and Outlook.

-No. Anyone can schedule time with you using your Bookings with me page, even if they don't have a Microsoft account. You need a Bookings license to create a Bookings with me page.

-description: "Learned how to upgrade or change to a different plan in the Microsoft 365 admin center."

-You can apply retention labels to content automatically when that content doesn't already have a retention label applied and contains sensitive information, keywords or searchable properties, or a match for [trainable classifiers](classifier-get-started-with.md). Now in preview, you can also automatically apply a retention label to cloud attachments that are stored in SharePoint or OneDrive.

-> This option is in preview and subject to change.

-Audit (Premium) in Microsoft 365 provides a default audit log retention policy for all organizations. This policy retains all Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory audit records for one year. This default policy retains audit records that contain the value of **AzureActiveDirectory**, **Exchange**, **OneDrive**, and **SharePoint** for the **Workload** property (which is the service in which the activity occurred). The default policy can't be modified. See the [More information](#more-information) section in this article for a list of record types for each workload that are included in the default policy.

-1. Go to <https://compliance.microsoft.com> and sign in with a user account that's assigned the Organization Configuration role on the Permissions page in the compliance portal.

- 

- 5. **Duration:** The amount of time to retain the audit logs that meet the criteria of the policy.

- 6. **Priority:** This value determines the order in which audit log retention policies in your organization are processed. A lower value indicates a higher priority. Valid priorities are numerical values between **1** and **10000**. A value of **1** is the highest priority, and a value of **10000** is the lowest priority. For example, a policy with a value of **5** takes priority over a policy with a value of **10**. As previously explained, any custom audit log retention policy takes priority over the default policy for your organization.

-> If you use the **New-UnifiedAuditLogRetentionPolicy** cmdlet, it's possible to create an audit log retention policy for record types or activities that aren't available in the **Create audit retention policy** tool in the dashboard. In this case, you won't be able to edit the policy (for example, change the retention duration or add and remove activities) from the **Audit retention policies** dashboard. You'll only be able to view and delete the policy in the Microsoft Purview compliance portal. To edit the policy, you'll have to use the [Set-UnifiedAuditLogRetentionPolicy](/powershell/module/exchange/set-unifiedauditlogretentionpolicy) cmdlet in Security & Compliance PowerShell.>

-To delete a policy, select the **Delete**  icon and then confirm that you want to delete the policy. The policy is removed from the dashboard, but it might take up to 30 minutes for the policy to be removed from your organization.

-> The **Get-UnifiedAuditLogRetentionPolicy** cmdlet doesn't return the default audit log retention policy for your organization.

-## More information

-As previously stated, audit records for operations in Azure Active Directory, Exchange Online, SharePoint Online, and OneDrive for Business, are retained for one year by default. The following table lists all the record types (for each of these services) included in the default audit log retention policy. This means that audit logs for any operation with this record type are retained for one year unless a custom audit log retention policy takes precedence for a specific record type, operation, or user. The Enum value (which is displayed as the value for the RecordType property in an audit record) for each record type is shown in parentheses.

-<br>

-****

-|AzureActiveDirectory|Exchange |SharePoint or OneDrive|

-||||

-description: "Learn how to audit the activities of users and administrators in your Microsoft 365 organization."

-> [!TIP]

- 

- - If **Items** is selected, you can configure settings that apply to apps that support sensitivity labels, such as Office Word and Outlook. Optionally, in preview, you can extend these labels to [include meetings](sensitivity-labels-meetings.md) from Teams and Outlook, and to protecting Teams meetings themselves by enforcing settings for Teams meetings and related chat.

-### Network share coverage and exclusions (preview)

-> If you want to use Network share coverage and exclusions, you have to register your tenant at [Network share coverage](https://aka.ms/networkfileshares-edlp).

-**Network share coverage and exclusions (preview)** extends endpoint DLP policies and actions to new and edited files on network shares and mapped network drives. If [just in time protection (preview)](endpoint-dlp-learn-about.md#just-in-time-protection-preview) is also enabled, it will also be extended to cover network shares and mapped drives when you enable network share coverage and exclusions. If you want to exclude a specific network path for all monitored devices, add the path value in **Exclude these network share paths**.

-**Restricted apps** (previously called **Unallowed apps**) is a list of applications that you create. You configure what actions DLP will take when a user uses an app on the list to ***access*** a DLP protected file on a device. It's available for Windows 10/11 and macOS devices.

-When **Access by restricted apps** is selected in a policy and a user uses an app that is on the restricted apps list to access a protected file, the activity will be `audited`, `blocked`, or `blocked with override` depending on how you configured it. That is unless the same app is a member of a **Restricted app group**, then the actions configured for activities in the **Restricted app group** override the actions configured for the access activity for the **Restricted apps** list. All activity is audited and available to review in activity explorer.

-For Windows devices, you add browsers, identified by their executable names, that will be blocked from accessing files that match the conditions of an enforced a DLP policy where the upload to cloud services restriction is set to block or block override. When these browsers are blocked from accessing a file, the end users will see a toast notification asking them to open the file through Microsoft Edge.

-Do not add protocol, for example, https://, file:// into the URL. You can use a flexible syntax to include and exclude domains, subdomains, websites, and subsites in your website groups.

-By default, when devices are onboarded, activity for Office, PDF, and CSV files is automatically audited and available for review in activity explorer. Turn this feature off if you want this activity to be audited only when onboarded devices are included in an active policy.

-> Now in preview, a sensitivity label in Outlook can apply S/MIME protection rather than encryption and permissions from the Azure Rights Management service. For more information, see [Configure a label to apply S/MIME protection in Outlook](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook).

-|*Experience for internal recipient*|Recipients receive an HTML message, which they download and open in a web browser or mobile app|Native inline experience in Outlook clients|Native inline experience for recipients in the same organization using Outlook clients. Recipients can read message from encrypted message portal using clients other than Outlook (no download or app required).|

-|*Experience for external recipient*|Recipients receive an HTML message, which they download and open in a web browser or mobile app|N/A|Native inline experience for Microsoft 365 recipients. All other recipients can read message from OME portal (no download or app required).|

-This article is a list of all sensitive information type (SIT) entity definitions. Each link takes you to the definition of that specific SIT and shows what a DLP policy looks for to detect each type. To learn more about sensitive information types, see [Sensitive information types](sensitive-information-type-learn-about.md)

-> For this scenario, Outlook calendar events are still rolling out in general availability for Windows.

->

-> If you configure a label to apply S/MIME protection but your version of Outlook for Windows doesn't yet support it, the label is still displayed and can be applied, but the S/MIME settings are ignored. You won't be able to select this label for Exchange auto-labeling policies.

- > [!NOTE]

- > Co-authoring is now supported for Windows and macOS, and in preview for iOS and Android. For more information, see [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md).

- - iOS: Rolling out in 12.30

-After a sensitivity label is applied to an email, meeting invite (in preview), or document, any configured protection settings for that label are enforced on the content. You can configure a sensitivity label to:

- > Although applying a default label to new documents has been supported for built-in labeling for a while, support for existing documents is still rolling out across the Office deployment channels. To identify the supported versions, use the [capabilities table](sensitivity-labels-versions.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) and the row **Apply a default label to existing documents**.

- - [Endpoint DLP policies can be applied to network shares](dlp-configure-endpoint-settings.md#network-share-coverage-and-exclusions-preview)

-## How to Request your Data Move - FINAL OPPORTUNITY

-With the launch of the Microsoft 365 Advanced Data Residency add-on and associated changes to the Move Program, we are providing a final opportunity for eligible commercial and public sector customers to receive a complimentary _Tenant_ migration into their local datacenter region. For a limited time, customers may only opt-in for complimentary migration from macro region into a local datacenter region that matches initial signup country. _Tenant_ migrations may take up to 24 months to complete, commencing at request deadline date. See table below for a list of eligible countries and associated dates.

-Eligible customers will see a page in the Microsoft 365 admin center which will allow them to request to have their applicable customer data moved to their new datacenter region.

-To access the page in the Microsoft 365 admin center, in the navigation pane on the left, expand **Settings**, and then click **Org Settings**. Select the tab **Organization profile**, then select the option **Data residency**.

-You will not see this section if your _Tenant_ is not eligible for the Microsoft 365 Move Program. If your organization has data residency requirements and you need to request migration, mark the checkbox and then Save.

-|**Customers with signup country in**|**Request period begins**|**Request deadline**|

-|:--|:--|:--|

-| Japan <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| Australia, New Zealand, Fiji <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| India <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| Canada <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| United Kingdom <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| South Korea <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| France <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| United Arab Emirates <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| South Africa <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| Switzerland, Liechtenstein <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| Norway <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| Germany <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| Brazil <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-| Sweden <br/> | Nov. 1, 2022 <br/> | Apr. 30, 2023 <br/> |

-During the migration process, Microsoft temporarily copies your address book data into Microsoft global resources where it is encrypted and only used to support business continuity and disaster recovery operations (BCDR). After Microsoft has completed the mailbox data moves, Microsoft deletes that temporary data from the global resources. Microsoft continues to invest in global and regional resources on a regular basis. In calendar year 2023, Microsoft plans to utilize regional resources for BCDR purposes during the migration process.

-### What customers are eligible to request a move?

-<details><summary>Click to expand</summary>

-Existing Microsoft 365 commercial customers who selected a country eligible for the new datacenter geo will be able to request a move. The program exists only for _Tenants_ with an eligible country code assigned to the Microsoft 365 _Tenant_ to migrate applicable customer data at rest for eligible workloads to the corresponding Microsoft 365 datacenter geo. For more information, see [Microsoft 365 Multi-Geo availability](microsoft-365-multi-geo.md#microsoft-365-multi-geo-availability) to confirm country eligibility.

-</details>

-### When will I be able to request a move?

-<details><summary>Click to expand</summary>

-Please refer to the [Data Residency Legacy Move Program](m365-dr-legacy-move-program.md) page for supported timeframes for your datacenter geo.

-</details>

-### How can I request to be moved?

-<details><summary>Click to expand</summary>

-Eligible customers will see a page in their [Microsoft 365 admin center](https://admin.microsoft.com/). Please see [Data Residency Legacy Move Program](m365-dr-legacy-move-program.md) for instructions on how to request a move.

-</details>

-### Can I change my selection after requesting a move?

-<details><summary>Click to expand</summary>

-It is not possible for us to remove you from the process after you submit your request.

-</details>

-### What happens if I do not request a move before the deadline?

-<details><summary>Click to expand</summary>

-We cannot accept requests for migration after the open enrollment period.

-</details>

-### What if I want to move my data in order to get better network performance?

-<details><summary>Click to expand</summary>

-Physical proximity to a Microsoft 365 datacenter is not a guarantee for a better networking performance. There are many factors and components that affect the network performance between the end user and the Microsoft 365 service. For more information about this and performance tuning, see [Network planning and performance tuning for Microsoft 365](network-planning-and-performance.md).

-</details>

-### I am a Microsoft 365 customer in one of the new datacenter geos, but when I signed up, I selected a different country. How can I be moved to the new datacenter geo?

-<details><summary>Click to expand</summary>

-It is not possible to change the signup country associated with your _Tenant_. Instead, you need to create a new Microsoft 365 _Tenant_ with a new subscription and manually move your users and data to the new _Tenant_.

-</details>

-### Can I pilot some users?

-<details><summary>Click to expand</summary>

-You can create a separate trial _Tenant_ to test connectivity, but the trial _Tenant_ can't be combined in any way with your existing _Tenant_.

-</details>

-### My _Tenant_ has configured the Multi Geo add-on. Can I still enroll in my _Tenant_ in the Microsoft 365 Move Program? to change my default geo and move any user not in a satellite region to the new default geo?

-<details><summary>Click to expand</summary>

-Yes, your _Tenant_ is eligible to enroll but there are significant considerations as tenant-level move is not fully supported for customers that have configured [Multi-Geo](https://aka.ms/multi-geo).

-SharePoint Online and OneDrive for Business cannot migrate to the new datacenter geo at the _Tenant_ level through this program. The customer administrator can configure OneDrive for Business shares to move to any available region using Multi-Geo, but the default location for the _Tenant_ cannot be changed once Multi-Geo has been configured for a _Tenant_.

-For customers that opt-in for migration - we will move all Exchange Online mailboxes from your current default geo to your new local datacenter geo and update the default Exchange Online region. We will not move any EXO mailboxes configured in Multi Geo satellite regions to continue to respect satellite region data residency as you"ve intended. Teams chat service _Tenant_ migrations for customers with a Multi Geo configuration behave similarly to Exchange Online.

-</details>

-To provide clarity to the descriptions below on data residency functionality and behavior, it's necessary to have clear terms and definitions in order to better understand the capabilities that Microsoft provides in this area.

-|Default Geography <br/> |When an _AAD Tenant_ is created, a country is provided by the customer during the sign-up process. This country will determine the default Geography for all Microsoft 365 services. In some cases, not all services are able to provision in this single _Default Geography_. See _Microsoft 365 Service provisioning mapping_ below for a description. <br/> |

-|Microsoft 365 Service provisioning mapping <br/> |All Microsoft 365 Services will use the _Default Geography_ to determine where a given _Tenant's_ specified data will be provisioned and stored. <br/> |

-|Microsoft 365 Service provisioning country mapping <br/> |Please refer to [data maps](https://aka.ms/datamaps) to learn where a given service will provision specified customer data, based on the _Tenant Default Geography._ <br/> |

-|Primary Provisioned Geography <br/> |A given Microsoft 365 service will use the _Tenant Default Geography_ combined with the _Microsoft 365 Service provisioning country mapping_ to determine which _Geography_ to provision customer data into. <br/> |

-|Microsoft 365 Multi-Geo Capabilities <br/> |Microsoft 365 Multi-Geo Capabilities allows a single _Tenant_ to store customer data-at-rest across multiple geographies rather than be limited to the single _Primary Provisioned Geography_. Please see the Multi-Geo description for more detail. <br/> |

-|Preferred Data Location (PDL) <br/> |Used for _Tenants_ with a Multi-Geo subscription. A property set by the administrator that indicates where the user or shared resource's s data should be stored at-rest. Please see the Multi-Geo description for more detail. <br/> |

-|Privacy and Security Product Terms <br/> |Privacy and Security Terms for Microsoft 365 services provides some customer data location related commitments. The document can be found <a href="https://www.microsoft.com/licensing/terms/en-US/product/PrivacyandSecurityTerms/EAEAS" target="_blank">here</a>. The extract of the relevant section (on November 1, 2022) is:<br>**Office 365 Services.** If Customer provisions its _Tenant_ in Australia, Brazil, Canada, the European Union, France, Germany, India, Japan, Norway, Qatar, South Africa, South Korea, Sweden, Switzerland, the United Kingdom, the United Arab Emirates, or the United States, Microsoft will store the following Customer Data at rest only within that Geo: (1) Exchange Online mailbox content (e-mail body, calendar entries, and the content of e-mail attachments), (2) SharePoint Online site content and the files stored within that site, (3) files uploaded to OneDrive for Business, and (4) Microsoft Teams chat messages (including private messages, channel messages, meeting messages and images used in chats), and for customers using Microsoft Stream (on SharePoint), meeting recordings.

-When a customer creates a new AAD _Tenant_, the customer will enter a country during the creation process. This country is what defines the _Default Geography_ for the _Tenant_. There are multiple paths to creating _Tenants_. They can be created through AAD forms, they can be created when trying out new Microsoft 365 services (trials), etc. Once a _Tenant_ is created, the _Default Geography_ cannot be changed.

-Microsoft 365 services are not deployed to all Microsoft data centers globally. The larger services, like Exchange Online, SharePoint Online and Microsoft Teams are universally deployed to all _Geographies_. Other services make decisions on where to deploy their services based on the number of customers, regional affiliations, and software architectures. When a customer first uses a service in this category, the provisioning logic will use the _Default Geography_ and the supported _Geographies_ to determine where to provision a given customer.

-Over time, a particular service may deploy their software to additional _Geographies_, so the provisioning locations for new customers can change over time, and this does not necessarily cause customer data to be moved to a new _Geography_.

-In order to understand where your data, for a given service is stored, your primary tool for understanding this is in the _Tenant_ Admin Center. As a _Tenant_ administrator you can find the actual data location by navigating to Admin->Settings->Org Settings->Organization Profile->Data Location. Currently the data location is available for Exchange Online, SharePoint Online and Microsoft Teams. In addition to this resource, please see the [Data Maps page](o365-data-locations.md).

-Once a Microsoft 365 service provisions a _Tenant_ into a particular _Geography_, there are five ways that this data could be moved to another _Geography_:

-1. For _Local Geographies_ that have Microsoft data centers, and for _Tenants_ that have the same country, there are options to migrate data from the _Regional Geographies_ into the _Local Geographies_. This option is typically only available for 6 months after a _Local Region Geography_ has been established.

-1. If a _Tenant_ has sign up country as a _Local Region Geography_ or _Expanded Local Region Geography_ and has a subscription to the _Advanced Data Residency_ service add-on, then the _Tenant_ data for the included services will be migrated from the _Regional Geography_ to the relevant _Local Region Geography_.

-1. At times Microsoft reopens Migration opt in from _Regional Geography_ to the relevant _Local Geographies_ or _Expanded Local Geographies_.

-Microsoft does not disclose the exact addresses of its data centers. We established this policy to help secure our data center facilities. However, we do list city locations. Please see Table 5 in the [Country/Region-specific Data Center City Locations](m365-dr-overview.md#countryregion-specific-data-center-city-locations) on the Overview and Definitions page to learn more.

-To help a _Tenant_ comply with national, regional, and industry-specific requirements governing the collection and use of individuals' data, Microsoft 365 offers the most comprehensive set of compliance offerings of any global cloud productivity provider. Please review [our compliance offerings](/compliance/regulatory/offering-home) and more details in the [Microsoft Purview](https://go.microsoft.com/fwlink/p/?linkid=862317) section on the Microsoft Trust Center. Also, certain Microsoft 365 plans offer further compliance solutions to help a _Tenant_ manage their data, comply with legal and regulatory requirements, and monitor actions taken on their data.

-Please review the [Products available by region](https://go.microsoft.com/fwlink/p/?linkid=2093451) page to find data residency information for Microsoft Azure.

-Practically, this means that there are a number of tenants that didn't opt in to move and remain in the _Macro Region Geography_ data centers. On or about November 1, 2022 with the introduction of the Advanced Data Residency add-on, all tenants that remain in the _Macro Region Geography_ data centers will have another six month period to opt in for data migration to their _Local Region Geography_. See the [Legacy Move Program page](m365-dr-legacy-move-program.md#how-to-request-your-data-movefinal-opportunity) for more details.

-7. **Configure your security policies**. Defender for Business includes default security policies for next-generation protection and firewall protection that can be applied to your company's devices. These default policies use recommended settings and are designed to provide strong protection for your devices. You can start with your default policies, and add more later. See [Set up, review, and edit your security policies and settings](mdb-configure-security-settings.md).

-3. **Assign roles and permissions to your security team**. People on your security team need certain permissions to perform tasks, such as reviewing detected threats & remediation actions, viewing & editing policies, onboarding devices, and using reports. You can grant these permissions through roles. See [Assign roles and permissions](mdb-roles-permissions.md).

-Network devices aren't managed as standard endpoints, as Defender for Endpoint doesn't have a sensor built into the network devices themselves. These types of devices require an agentless approach where a remote scan obtains the necessary information from the devices. To do this, a designated Microsoft Defender for Endpoint device is used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for Endpoint's vulnerability management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-> To see details about other anti-malware policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

-description: Admins can learn how the impersonation insight works. They can quickly determine which senders are legitimately sending email into their organizations from domains that don't pass email authentication checks (SPF, DKIM, or DMARC).

-Impersonation is where the sender of an email message looks very similar to a real or expected sender email address. Attackers often user impersonated sender email addresses in phishing or other types of attacks in an effort to gain the trust of the recipient. There are basically two types of impersonation:

-Domain impersonation is different from [domain spoofing](anti-phishing-protection-spoofing-about.md), because the impersonated domain is typically a real, registered domain. Messages from senders in the impersonated domain can and often do pass regular email authentication checks that would otherwise identify spoofing attempts (SPF, DKIM, and DMARC).

-You can use the impersonation insight in the Microsoft 365 Defender portal to quickly identify messages from impersonated senders or sender domains that you've configured for impersonation protection.

-1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Anti-phishing** in the **Policies** section. To go directly to the **Anti-phishing** page, use <https://security.microsoft.com/antiphishing>.

-2. On the **Anti-phishing** page, the impersonation insight looks like this:

- :::image type="content" source="../../media/m365-sc-impersonation-insight.png" alt-text="The impersonation insight on the Anti-phishing policy page in the Microsoft 365 Defender portal." lightbox="../../media/m365-sc-impersonation-insight.png":::

- The insight has two modes:

- - **Insight mode**: If impersonation protection is enabled and configured in any anti-phishing policies, the insight shows the number of detected messages from impersonated domains and impersonated users (senders) over the past seven days. This is the total of all detected impersonated senders from all anti-phishing policies.

- - **What if mode**: If impersonation protection isn't enabled and configured in any active anti-phishing policies, the insight shows you how many messages *would* have been detected by our impersonation protection capabilities over the past seven days.

-To view information about the impersonation detections, click **View impersonations** in the impersonation insight.

-## View information about messages from senders in impersonated domains

-On the **Impersonation insight** page that appears after you click **View impersonations** in the impersonation insight, verify that the **Domains** tab is selected. The **Domains** tab contains the following information:

- - **Yes**: The domain was configured as trusted domain (an exception for impersonation protection) in the anti-phishing policy. Messages from senders in the impersonated domain were detected, but allowed.

- - **No**: The domain was configured for impersonation protection in the anti-phishing policy. Messages from senders in the impersonated domain were detected and acted upon based on the action for impersonated domains in the anti-phishing policy.

-You can click selected column headings to sort the results.

-To filter the results, you can use the  **Search** box to enter a comma-separated list of values to filter the results.

-### View details about messages from senders in impersonated domains

-On the **Domains** tab on the **Impersonation insight** page, select one of the available impersonation detections. The details flyout that appears contains the following information and features:

- - If the **Allowed to impersonate** value for this entry was **No**, the toggle is off. To exempt all senders in this domain from evaluation by impersonation protection, slide the toggle to on: . The domain is added to the **Trusted domains** list in the impersonation protection settings of the anti-phishing policy.

- - If the **Allowed to impersonate** value for this entry was **Yes**, the toggle is on. To return all senders in this domain to evaluation by impersonation protection, slide the toggle to off: . The domain is removed from the **Trusted domains** list in the impersonation protection settings of the anti-phishing policy.

-## View information about messages from impersonated senders

-On the **Impersonation insight** page that appears after you click **View impersonations** in the impersonation insight, click the **Users** tab. The **Users** tab contains the following information:

- - **Yes**: The sender was configured as trusted user (an exception for impersonation protection) in the anti-phishing policy. Messages from the impersonated sender were detected, but allowed.

- - **No**: The sender was configured for impersonation protection in the anti-phishing policy. Messages from the impersonated sender were detected and acted upon based on the action for impersonated users in the anti-phishing policy.

-You can click selected column headings to sort the results.

-To filter the results, you can use the **Filter sender** box to enter a comma-separated list of values to filter the results.

-### View details about messages from impersonated senders

-On the **Users** tab on the **Impersonation insight** page, select one of the available impersonation detections. The details flyout that appears contains the following information and features:

- - If the **Allowed to impersonate** value for this entry was **No**, the toggle is off. To exempt the sender from evaluation by impersonation protection, slide the toggle to on: . The sender is added to the **Trusted users** list in the impersonation protection settings of the anti-phishing policy.

- - If the **Allowed to impersonate** value for this entry was **Yes**, the toggle is on. To return the sender to evaluation by impersonation protection, slide the toggle to off: . The sender is removed from the **Trusted users** list in the impersonation protection settings of the anti-phishing policy.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-> To see details about other anti-phishing policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

- To change the list of entries from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

- To change the list of entries from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

- To change the list of entries from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

- To change the list of entries from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-Select  **Filter** to filter the policies by **Time range** (creation date) or **Status**.

-Use the  **Search** box and a corresponding value to find specific anti-phishing policies.

-> To see details about other anti-phishing policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

- To change the list of entries from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-> To see details about other anti-spam policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

- To change the list of users from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-> To see details about other users in the Training campaign without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-> To see details about other outbound spam policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

- - **Data loss prevention**

- - **Data loss prevention rule**

-> To see details about other quarantined messages without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

-> To see details about other quarantined files without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

-> To see details about other quarantined messages without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

- - **Data loss prevention**

-> To see details about other quarantined messages without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

-To change the list from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-> To see details about other Safe Attachments policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.

- To change the list of URLs from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-To change the list of policies from normal to compact spacing, select :::image type="icon" source="../../media/m365-cc-sc-standard-icon.png" border="false"::: **Change list spacing to compact or normal**, and then select :::image type="icon" source="../../media/m365-cc-sc-compact-icon.png" border="false":::.

-> To see details about other Safe Links policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** buttons at the top of the policy details flyout.