+## Week of May 08, 2023

+| Published On |Topic title | Change |

+|||--|

+| 5/8/2023 | [Security Operations Guide for Defender for Endpoint](/microsoft-365/security/defender-endpoint/mde-sec-ops-guide?view=o365-worldwide) | added |

+| 5/8/2023 | [Manual deployment for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide) | modified |

+| 5/8/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified |

+| 5/8/2023 | [Manage automation file uploads](/microsoft-365/security/defender-endpoint/manage-automation-file-uploads?view=o365-worldwide) | modified |

+| 5/8/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified |

+| 5/8/2023 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide) | modified |

+| 5/8/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified |

+| 5/8/2023 | [Administration guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-admin-guide?view=o365-worldwide) | added |

+| 5/8/2023 | [Security operations guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-operations-guide?view=o365-worldwide) | added |

+| 5/8/2023 | Add a new user to your network and systems | removed |

+| 5/8/2023 | [Maintain your environment](/microsoft-365/business-premium/m365bp-maintain-environment?view=o365-worldwide) | modified |

+| 5/8/2023 | [Secure managed and unmanaged devices](/microsoft-365/business-premium/m365bp-managed-unmanaged-devices?view=o365-worldwide) | modified |

+| 5/8/2023 | Remove company data from devices | removed |

+| 5/8/2023 | Reset Windows devices to their factory settings | removed |

+| 5/8/2023 | Reset passwords | removed |

+| 5/8/2023 | Security operations guide for Microsoft 365 Business Premium | removed |

+| 5/8/2023 | [Microsoft Purview Compliance Manager regulations list](/microsoft-365/compliance/compliance-manager-templates-list?view=o365-worldwide) | modified |

+| 5/8/2023 | Security Operations Guide for Defender for Endpoint | removed |

+| 5/9/2023 | [Security administration guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-admin-guide?view=o365-worldwide) | added |

+| 5/9/2023 | [Document compliance with Microsoft Syntex](/microsoft-365/syntex/scenario-document-compliance) | added |

+| 5/9/2023 | [Find content details with Microsoft Syntex](/microsoft-365/syntex/scenario-find-content-details) | added |

+| 5/9/2023 | [Generate documents in bulk with Microsoft Syntex](/microsoft-365/syntex/scenario-generate-documents-bulk) | added |

+| 5/9/2023 | [Automatically generate routine documents with Microsoft Syntex](/microsoft-365/syntex/scenario-generate-routine-documents) | added |

+| 5/9/2023 | [Handle incoming documents with Microsoft Syntex](/microsoft-365/syntex/scenario-handle-incoming-documents) | added |

+| 5/9/2023 | [Make information easier to find with Microsoft Syntex](/microsoft-365/syntex/scenario-organize-repositories) | added |

+| 5/9/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified |

+| 5/9/2023 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified |

+| 5/9/2023 | [Create and manage insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) | modified |

+| 5/9/2023 | [Get started with insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified |

+| 5/9/2023 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) | modified |

+| 5/9/2023 | [Scenarios and use cases for Microsoft Syntex](/microsoft-365/syntex/adoption-scenarios) | modified |

+| 5/9/2023 | [Protect against malware and other threats with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-against-malware-cyberthreats?view=o365-worldwide) | modified |

+| 5/9/2023 | [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) | modified |

+| 5/9/2023 | [Top 10 ways to secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified |

+| 5/10/2023 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365-business-premium-setup?view=o365-worldwide) | renamed |

+| 5/10/2023 | Sign up for Microsoft 365 Business Premium | removed |

+| 5/10/2023 | Get Microsoft 365 for Campaigns | removed |

+| 5/10/2023 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) | modified |

+| 5/10/2023 | [Setup overview for Microsoft 365 for Campaigns](/microsoft-365/business-premium/m365-campaigns-setup?view=o365-worldwide) | modified |

+| 5/10/2023 | [Why choose Microsoft 365 Business Premium? Productivity and security](/microsoft-365/business-premium/why-choose-microsoft-365-business-premium?view=o365-worldwide) | modified |

+| 5/10/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified |

+| 5/10/2023 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) | modified |

+| 5/10/2023 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365-business-premium-setup?view=o365-worldwide) | modified |

+| 5/10/2023 | Get Microsoft Defender for Business servers | removed |

+| 5/10/2023 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) | modified |

+| 5/10/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified |

+| 5/10/2023 | [Manage devices in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-worldwide) | modified |

+| 5/10/2023 | [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | modified |

+| 5/10/2023 | Recover from a ransomware attack | removed |

+| 5/11/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified |

+| 5/11/2023 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) | modified |

+| 5/11/2023 | [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) | modified |

+| 5/11/2023 | [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/reports-defender-for-office-365?view=o365-worldwide) | modified |

+| 5/11/2023 | [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) | modified |

+| 5/11/2023 | [Malaysia passport number entity definition](/microsoft-365/compliance/sit-defn-malaysia-passport-number?view=o365-worldwide) | added |

+| 5/11/2023 | [Singapore driver's license number entity definition](/microsoft-365/compliance/sit-defn-singapore-drivers-license-number?view=o365-worldwide) | added |

+| 5/11/2023 | [Singapore passport number entity definition](/microsoft-365/compliance/sit-defn-singapore-passport-number?view=o365-worldwide) | added |

+| 5/11/2023 | [South Korea driver's license number entity definition](/microsoft-365/compliance/sit-defn-south-korea-drivers-license-number?view=o365-worldwide) | added |

+| 5/11/2023 | [South Korea passport number entity definition](/microsoft-365/compliance/sit-defn-south-korea-passport-number?view=o365-worldwide) | added |

+| 5/11/2023 | [UAE identity card number entity definition](/microsoft-365/compliance/sit-defn-uae-identity-card-number?view=o365-worldwide) | added |

+| 5/11/2023 | [UAE passport number entity definition](/microsoft-365/compliance/sit-defn-uae-passport-number?view=o365-worldwide) | added |

+| 5/11/2023 | [Data Residency Legacy Move Program](/microsoft-365/enterprise/m365-dr-legacy-move-program?view=o365-worldwide) | modified |

+| 5/11/2023 | [Overview and Definitions](/microsoft-365/enterprise/m365-dr-overview?view=o365-worldwide) | modified |

+| 5/11/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified |

+| 5/12/2023 | [Restore a deleted Microsoft 365 group](/microsoft-365/admin/create-groups/restore-deleted-group?view=o365-worldwide) | modified |

+| 5/12/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified |

+| 5/12/2023 | [Malaysia passport number entity definition](/microsoft-365/compliance/sit-defn-malaysia-passport-number?view=o365-worldwide) | modified |

+| 5/12/2023 | [Singapore passport number entity definition](/microsoft-365/compliance/sit-defn-singapore-passport-number?view=o365-worldwide) | modified |

+| 5/12/2023 | [South Korea driver's license number entity definition](/microsoft-365/compliance/sit-defn-south-korea-drivers-license-number?view=o365-worldwide) | modified |

+| 5/12/2023 | [South Korea passport number entity definition](/microsoft-365/compliance/sit-defn-south-korea-passport-number?view=o365-worldwide) | modified |

+| 5/12/2023 | [UAE identity card number entity definition](/microsoft-365/compliance/sit-defn-uae-identity-card-number?view=o365-worldwide) | modified |

+| 5/12/2023 | [UAE passport number entity definition](/microsoft-365/compliance/sit-defn-uae-passport-number?view=o365-worldwide) | modified |

+| 5/12/2023 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) | modified |

+| 5/12/2023 | [Impersonation insight](/microsoft-365/security/office-365-security/anti-phishing-mdo-impersonation-insight?view=o365-worldwide) | modified |

+| 5/12/2023 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) | modified |

+## May-2023 (Release version: 10.8295.22621.1023)

+|OS |KB |Release version |

+||||

+|Windows Server 2012 R2, 2016 |[KB 5005292](https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)|10.8295.22621.1023|

+

+**What's new**

+- Supports new security settings management capabilities

+ - [Azure AD RBAC](../../admin/add-users/about-admin-roles.md): Membership in the **Global Administrator**, **Security Administrator**, **Global Reader**, or **Security Reader** roles gives users the required permissions _and_ permissions for other features in Microsoft 365.

+The Microsoft Report Message and Report Phishing add-ins for Outlook and Outlook on the web (formerly known as Outlook Web App or OWA) makes it easy for users to report false positives and false negatives to Microsoft for analysis. False positives are good email that was blocked or sent to the Junk Email folder. False negatives are unwanted email or phishing that was delivered to the Inbox.

+The Report Message add-in provides the option to report both spam and phishing messages. The Report Phishing add-in provides the option to report phishing messages only.

+Admins can install and enable the add-ins for the organization. Both add-ins are available through [Centralized Deployment](../../admin/manage/centralized-deployment-of-add-ins.md). Individual users can install the add-ins for themselves.

+After the add-in is installed and enabled, users see the following icons based on their Outlook client:

+ - <u>The **Report Message** icon in the Classic Ribbon</u>:

+ - <u>The **Report Message** icon in the Simplified Ribbon</u>: Select :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More commands** \> **Report Message** in the **Protection** section.

+ - <u>The **Report Phishing** icon in the Classic Ribbon</u>:

+ - <u>The **Report Phishing** icon in the Simplified Ribbon</u>: Select :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More commands** \> **Report phishing** in the **Protection** section.

+ - <u>The Report Message add-in</u>:

+ - <u>The Report Phishing add-in</u>:

+- You need to be assigned permissions before you can do the procedures in this article. You have the following options:

+ - [Email & collaboration RBAC in the Microsoft 365 Defender portal](mdo-portal-permissions.md): Membership in the **Organization Management** role group.

+ - [Exchange Online RBAC](/Exchange/permissions-exo/permissions-exo): Membership in the **Organization Management** role group.

+ - [Azure AD RBAC](../../admin/add-users/about-admin-roles.md): Membership in the **Global Administrator** role gives users the required permissions _and_ permissions for other features in Microsoft 365.

+- For organizational installs, the organization needs to be configured to use OAuth authentication. For more information, see [Determine if Centralized Deployment of add-ins works for your organization](../../admin/manage/centralized-deployment-of-add-ins.md).

+- Currently, reporting messages in shared mailboxes or other mailboxes by a delegate using the add-ins isn't supported. Messages aren't sent to the [reporting mailbox](submissions-user-reported-messages-custom-mailbox.md) or to Microsoft. Built-in reporting in Outlook on the web in shared mailboxes or other mailboxes by a delegate is supported. Messages are sent to the reporting mailbox or to Microsoft.

+- The add-ins aren't available for on-premises Exchange mailboxes.

+ > [!NOTE]

+ > Reported messages are available to admins on the **User reported** tab of **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=user> **only** if both of the following settings are configured on the **User reported** page at <https://security.microsoft.com/securitysettings/userSubmission>:

+ >

+ > - The toggle on the **User reported** page is **On** :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::.

+ > - **Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options"** is selected.

+- Organizations that use URL filtering or a third-party security solutions (for example, a proxy and/or firewall) must be able to reach the following URLs using the HTTPS protocol:

+ - `ipagave.azurewebsites.net`

+ - `outlook.office.com`

+>

+> When you follow these instructions to centrally deploy the add-ins, a corresponding app registration is also deployed in Azure. If you delete the app registration for the add-in in Azure, the add-in is also deleted from the organization.

+2. On the **Integrated apps** page, select :::image type="icon" source="../../media/m365-cc-sc-get-apps-icon.png" border="false"::: **Get apps**.

+ > :::image type="content" source="../../media/microsoft-365-admin-center-integrated-apps.png" alt-text="The Integrated apps page in the Microsoft 365 admin center where you select Get apps." lightbox="../../media/microsoft-365-admin-center-integrated-apps.png":::

+3. In the **Microsoft 365 Apps** page that opens, enter **Report Message** in the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" border="false"::: **Search** box.

+ In the search results, select **Get it now** in the **Report Message** entry or the **Report Phishing** entry to start the **Deploy New App** wizard.

+4. On the **Add users** page, configure the following settings:

+ - **Is this a test deployment?**: Leave the toggle at :::image type="icon" source="../../media/scc-toggle-off.png" border="false"::: **No**, or set the toggle to :::image type="icon" source="../../media/scc-toggle-on.png" border="false"::: **Yes**.

+ - **Specific users/groups**: Find and select users and groups in the search box. After each selection, the user or group appears in the **To be added** section that appears below the search box. To remove a selection, select :::image type="icon" source="../../media/m365-cc-sc-remove-selection-icon.png" border="false"::: on the entry.

+ - **Email notification**: By default, **Send email notification to assigned users** is selected. Select **View email sample** to open the [Add-in deployment email alerts](/microsoft-365/admin/manage/add-in-deployment-email-alerts) article.

+ When you're finished on the **Add users** page, select **Next**.

+5. On the **Accept permissions requests** page, read the app permissions and capabilities information carefully before you select **Next**.

+6. On the **Review and finish deployment** page, review your settings. Select **Back** to make changes.

+ When you're finished on the **Review and finish deployment** page, select **Finish deployment**.

+ A progress indicator appears on the **Review and finish deployment** page.

+7. On the **Deployment completed page**, you can select **view this deployment** to close the page and go to [the details of the add-in](#view-and-edit-settings-for-the-report-message-or-report-phishing-add-ins). Or, select **Done** to close the page.

+> In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), reported messages aren't sent to Microsoft for analysis. They are sent only to the reporting mailbox that you identify. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md).

+1. In the Microsoft 365 admin center at <https://portal.office365.us/adminportal/home#/Settings/AddIns>, select **Settings** \> **Add-ins** \> **Deploy Add-in** \> **Upload custom apps**.

+2. In the **Upload custom apps** flyout that opens, select **I have a URL for the manifest file**.

+ When you're finished, select **Install**. In the success dialog, select **OK**.

+5. Back on the **Add-ins** page, select the add-in you installed, and then select :::image type="icon" source="../../media/m365-cc-sc-edit-icon.png" border="false"::: **Edit**.

+ When you're finished, select **Save**.

+2. On the **Deployed apps** tab of the **Integrated apps** page, select the **Report Message** add-in or the **Report Phishing** add-in by doing one of the following steps:

+ - In the **Name** column, select the icon or text for the add-in. This selection takes you to the **Overview** tab in the details flyout as described in the next steps.

+ - In the **Name** column, select **Γï«** **Edit row**, and then select :::image type="icon" source="../../media/m365-cc-sc-add-internal-icon.png" border="false"::: **Edit users** to go to the **Users** tab in the details flyout as described in the next step.

+ - In the **Name** column, select **Γï«** **Edit row**, and then select :::image type="icon" source="../../media/m365-cc-sc-show-trends-icon.png" border="false"::: **Check usage data** to go to the **Usage** tab in the details flyout as described in the next step.

+ - **Actions** section: Select **Remove app** to remove the app.

+ - **Assigned users** section: Select **Edit users** to go to the **Users** tab.

+ - **Usage** section: Select **Check usage data** to got to the **Usage** tab.

+ - **Is this a test deployment?**: Leave the toggle at :::image type="icon" source="../../media/scc-toggle-off.png" border="false"::: **No**, or set the toggle to :::image type="icon" source="../../media/scc-toggle-on.png" border="false"::: **Yes**.

+ - **Specific users/groups**: Find and select users and groups in the search box. After each selection, the user or group appears in the **Added users** section that appears below the search box. To remove a selection, select :::image type="icon" source="../../media/m365-cc-sc-remove.png" border="false"::: on the entry.

+ - **Email notification** section: **Send email notification to assigned users** and **View email sample** aren't selectable.

+ If you made any updates on this tab, select **Update** to save your changes.

+ - In the **Report** column, select :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **Download** to download the information filtered by **Date range** to the file named **UsageData.csv**.

+ When you're finished viewing the information on the tabs, select :::image type="icon" source="../../media/m365-cc-sc-close-icon.png" border="false"::: **Close** to close the details flyout.

+1. Do either of the following steps:

+ - Open the Microsoft commercial marketplace at <https://appsource.microsoft.com/marketplace/apps>. On the **AppSource** page, enter **Report message** in the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" border="false"::: **Search** box, and then select the **Report Message** or **Report Phishing** in the results.

+ :::image type="content" source="../../media/microsoft-appsource-find-report-message-add-in.png" alt-text="Search results on the Microsoft commercial marketplace page for the Report Message add-in." lightbox="../../media/microsoft-appsource-find-report-message-add-in.png":::

+2. On the details page of the add-in, select **Get it now**.

+ :::image type="content" source="../../media/ReportMessageGETITNOW.png" alt-text="The details page of the Report Message add-in where you select Get it now." lightbox="../../media/ReportMessageGETITNOW.png":::

+4. When the installation is finished, you get the following **Launch** page:

+Individual users in Microsoft 365 GCC or GCC High can't get the Report Message or Report Phishing add-ins using the Microsoft commercial marketplace.

+In supported versions of Outlook, use the Report Message or the Report Phishing add-ins to submit false positives and false negatives. For more information, see [Report false positives and false negatives in Outlook](submissions-outlook-report-messages.md).