+Microsoft 365 Business Basic, Standard, and Premium include antiphishing, antispam, and antimalware protection. Microsoft 365 Business Premium includes even more security capabilities, such as advanced threat protection for devices (also referred to as endpoints), email, and collaboration, and information protection. For more information about what each plan includes, see [Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWR6bM).

+The following table summarizes recommendations by subscription for securing your business data:

+| Step | Recommendations |

+|||

+| [1. Use multi-factor authentication](#1-use-multi-factor-authentication). <br/><br/>*See [What MFA is and why it matters](#what-mfa-is-and-why-it-matters).* | Microsoft 365 Business Basic or Standard: [Use security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#enabling-security-defaults).<br/><br/>Microsoft 365 Business Premium: [Use either security defaults or Conditional Access](m365bp-turn-on-mfa.md). |

+| [2. Protect your administrator accounts](#2-protect-your-administrator-accounts).<br/><br/>*See [Why you should protect admin accounts](#why-you-should-protect-admin-accounts).* | Microsoft 365 Business Basic, Standard, or Premium: [Assign admin roles](/microsoft-365/admin/add-users/assign-admin-roles). |

+| [3. Use preset security policies](#3-use-preset-security-policies).<br/><br/>*See [How preset security policies help](#how-preset-security-policies-help).* | Microsoft 365 Business Basic, Standard, or Premium: [Assign Standard or Strict preset security policies to users](/microsoft-365/security/office-365-security/preset-security-policies#use-the-microsoft-365-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users). |

+| [4. Protect all devices](#4-protect-all-devices).<br/><br/>*See [Why and how to protect devices](#why-and-how-to-protect-devices).* | Microsoft 365 Business Basic: [Turn on MFA](m365bp-turn-on-mfa.md) (for basic protection).<br/><br/>Microsoft 365 Business Standard:<br/>1. [Turn on MFA](m365bp-turn-on-mfa.md).<br/>2. [Install Microsoft 365 Apps on devices](m365bp-users-install-m365-apps.md).<br/><br/>Microsoft 365 Business Premium:<br/>1. [Turn on MFA](m365bp-turn-on-mfa.md). <br/>2. [Install Microsoft 365 Apps on devices](m365bp-users-install-m365-apps.md).<br/>3. [Secure both managed and unmanaged devices](m365bp-managed-unmanaged-devices.md). |

+| [5. Train everyone on email best practices](#5-train-everyone-on-email-best-practices).<br/><br/>*See [Why and how to protect email content](#why-and-how-to-protect-email-content).* | Microsoft 365 Basic, Standard, or Premium: <br/>1. Follow the guidance in [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats). <br/>2. Share [Protect yourself against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md) with everyone. |

+| [6. Use Microsoft Teams for collaboration and sharing](#6-use-microsoft-teams-for-collaboration-and-sharing).<br/><br/>*See [How to collaborate and share more securely](#how-to-collaborate-and-share-more-securely).* | Microsoft 365 Business Basic or Standard: [Use Microsoft Teams for collaboration and sharing](create-teams-for-collaboration.md). <br/><br/>Microsoft 365 Business Premium: <br/>1. [Use Microsoft Teams for meetings and information sharing](create-teams-for-collaboration.md). <br/>2. [Use Safe Links & Safe Attachments with Microsoft Teams](/microsoft-365/security/office-365-security/mdo-support-teams-about). <br/>3. [Use sensitivity labels with meetings](/microsoft-365/compliance/sensitivity-labels-meetings) to protect calendar items, Microsoft Teams meetings, and chat. <br/>4. [Use the default DLP policy in Microsoft Teams](/microsoft-365/compliance/dlp-teams-default-policy). |

+| [7. Set sharing settings for SharePoint and OneDrive files and folders](#7-set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders).<br/><br/>*See [Why and how to adjust sharing settings in SharePoint and OneDrive](#why-and-how-to-adjust-sharing-settings-for-files-and-folders-in-sharepoint-and-onedrive).* | Microsoft 365 Business Basic or Standard: <br/>1. Use SharePoint and OneDrive for storing and sharing files.<br/>2. [Set sharing settings for SharePoint and OneDrive](m365bp-protect-against-malware-cyberthreats.md#3-adjust-sharing-settings-for-sharepoint-and-onedrive-files-and-folders). <br/><br/>Microsoft 365 Business Premium: <br/>1. Use SharePoint and OneDrive for storing and sharing files. <br/>2. [Set sharing settings for SharePoint and OneDrive](m365bp-protect-against-malware-cyberthreats.md#3-adjust-sharing-settings-for-sharepoint-and-onedrive-files-and-folders). <br/>3. Use [Safe Links](/microsoft-365/security/office-365-security/safe-links-about) and [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about) with SharePoint and OneDrive. <br/>4. Use [sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels) and [DLP](/microsoft-365/compliance/get-started-with-the-default-dlp-policy). |

+| [8. Use Microsoft 365 Apps on devices](#8-use-microsoft-365-apps-on-devices).<br/><br/>*See [Why users should use Microsoft 365 Apps](#why-users-should-use-microsoft-365-apps).* | Microsoft 365 Business Basic: Use Outlook and Web/mobile versions of Microsoft 365 Apps. <br/><br/>Microsoft 365 Business Standard or Premium: <br/>1. [Install Microsoft 365 Apps on all devices](m365bp-users-install-m365-apps.md). <br/>2. Share the [Employee quick setup guide with users](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). |

+| [9. Manage calendar sharing for your business](#9-manage-calendar-sharing-for-your-business).<br/><br/>*See [How to prevent calendar oversharing](#how-to-prevent-calendar-oversharing).* | Microsoft 365 Business Basic or Standard: Use Outlook and Exchange Online for email and calendars.<br/><br/>Microsoft 365 Business Premium:<br/>1. Use Outlook and Exchange Online for email and calendars.<br/>2. [Get started using your default DLP policy](/microsoft-365/compliance/get-started-with-the-default-dlp-policy). |

+| [10. Maintain your environment](#10-maintain-your-environment).<br/><br/>*See [Why maintenance and operations matter](#why-maintenance-and-operations-matter).* | Microsoft 365 Basic or Standard: Use the [Microsoft 365 admin center](https://admin.microsoft.com) to view subscription information, updates, and other settings. <br/><br/>Microsoft 365 Business Premium: <br/>1. Use the [Microsoft 365 admin center](https://admin.microsoft.com) to view subscription information, updates, and other settings. <br/>2. Use the [Microsoft 365 admin center](https://admin.microsoft.com) or the [Microsoft Entra portal](https://entra.microsoft.com) for managing user accounts.<br/>3. Use the [Microsoft 365 Defender portal](https://security.microsoft.com) and the [Microsoft 365 Purview compliance portal](https://compliance.microsoft.com/) for viewing and managing security & compliance capabilities. If preferred, you can use the [Intune admin center](https://intune.microsoft.com) to view or manage devices. |

+The following sections describe each method in more detail, including why and how to implement our recommendations in your environment.

+| Subscription | Recommendation |

+|||

+| [Microsoft 365 Business Premium](index.md) | [Use either security defaults or Conditional Access](m365bp-turn-on-mfa.md). |

+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Use security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#enabling-security-defaults). |

+### What MFA is and why it matters

+Microsoft 365 Business Premium also includes [Azure AD Premium P1](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) for advanced administration. It enables you to set up and configure [Conditional Access](/azure/active-directory/conditional-access/overview) policies instead of security defaults, for more stringent requirements. See [Turn on multi-factor authentication](m365bp-turn-on-mfa.md).

+## 2. Protect your administrator accounts

+| [Microsoft 365 Business Premium](index.md) <br/>[Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) <br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Assign admin roles](/microsoft-365/admin/add-users/assign-admin-roles). |

+### Why you should protect admin accounts

+Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. Make sure to set up and manage the right number of admin and user accounts for your business. We also recommend adhering to the information security principle of least privilege, which means that users and applications should be granted access only to the data and operations they require to perform their jobs.

+Microsoft 365 Business Basic, Standard, and Premium include the [Microsoft 365 admin center](https://admin.microsoft.com) and the [Microsoft Entra portal](https://entra.microsoft.com) to set up and manage your admin accounts. See [Protect your administrator accounts](m365bp-protect-admin-accounts.md).

+## 3. Use preset security policies

+| [Microsoft 365 Business Premium](index.md)<br/>[Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Assign Standard or Strict preset security policies to users](/microsoft-365/security/office-365-security/preset-security-policies#use-the-microsoft-365-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users). |

+### How preset security policies help

+[Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies) save time by applying recommended spam, anti-malware, and anti-phishing policies to users all at once. Preset security policies take the guesswork out of implementing protection for email and collaboration content.

+## 4. Protect all devices

+| Subscription | Recommendations |

+| [Microsoft 365 Business Premium](index.md) | 1. [Turn on MFA](m365bp-turn-on-mfa.md).<br/>2. [Install Microsoft 365 Apps on devices](m365bp-users-install-m365-apps.md).<br/>3. [Secure managed and unmanaged devices](m365bp-managed-unmanaged-devices.md). |

+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) | 1. [Turn on MFA](m365bp-turn-on-mfa.md).<br/>2. [Install Microsoft 365 Apps on devices](m365bp-users-install-m365-apps.md). |

+| [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Turn on MFA](m365bp-turn-on-mfa.md). |

+### Why and how to protect devices

+## 5. Train everyone on email best practices

+| [Microsoft 365 Business Premium](index.md)<br/>[Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) <br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | 1. Follow the guidance in [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats).<br/>2. Share [Protect yourself against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md) with everyone. |

+### Why and how to protect email content

+## 6. Use Microsoft Teams for collaboration and sharing

+| [Microsoft 365 Business Premium](index.md) | 1. [Use Microsoft Teams for meetings and information sharing](create-teams-for-collaboration.md). <br/>2. [Use Safe Links & Safe Attachments with Microsoft Teams](/microsoft-365/security/office-365-security/mdo-support-teams-about). <br/>3. [Use sensitivity labels with meetings](/microsoft-365/compliance/sensitivity-labels-meetings) to protect calendar items, Microsoft Teams meetings, and chat. <br/>4. [Use the default DLP policy in Microsoft Teams](/microsoft-365/compliance/dlp-teams-default-policy). |

+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Use Microsoft Teams](create-teams-for-collaboration.md). |

+### How to collaborate and share more securely

+## 7. Set sharing settings for SharePoint and OneDrive files and folders

+| [Microsoft 365 Business Premium](index.md) | 1. Use SharePoint and OneDrive for storing and sharing files. <br/>2. [Set sharing settings for SharePoint and OneDrive](m365bp-protect-against-malware-cyberthreats.md#3-adjust-sharing-settings-for-sharepoint-and-onedrive-files-and-folders). <br/>3. Use [Safe Links](/microsoft-365/security/office-365-security/safe-links-about) and [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about) with SharePoint and OneDrive. <br/>4. Use [sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels) and [DLP](/microsoft-365/compliance/get-started-with-the-default-dlp-policy). |

+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) <br/> [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) |1. Use SharePoint and OneDrive for storing and sharing files.<br/>2. [Set sharing settings for SharePoint and OneDrive](m365bp-protect-against-malware-cyberthreats.md#3-adjust-sharing-settings-for-sharepoint-and-onedrive-files-and-folders). |

+### Why and how to adjust sharing settings for files and folders in SharePoint and OneDrive

+## 8. Use Microsoft 365 Apps on devices

+| [Microsoft 365 Business Premium](index.md)<br/> [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) | 1. [Install Microsoft 365 Apps on all devices](m365bp-users-install-m365-apps.md). <br/>2. Share the [Employee quick setup guide with users](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). |

+| [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use Outlook and Web/mobile versions of Microsoft 365 Apps. |

+### Why users should use Microsoft 365 Apps

+## 9. Manage calendar sharing for your business

+| [Microsoft 365 Business Premium](index.md) | 1. Use Outlook and Exchange Online for email and calendars.<br/>2. [Get started using your default DLP policy](/microsoft-365/compliance/get-started-with-the-default-dlp-policy). |

+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use Outlook and Exchange Online for email and calendars. |

+### How to prevent calendar oversharing

+You can help people in your organization share their calendars appropriately for better collaboration. You can manage what level of detail they can share, such as by limiting the details that are shared to free/busy times only, so that users don't accidentally overshare important information.

+## 10. Maintain your environment

+| [Microsoft 365 Business Premium](index.md) | 1. Use the [Microsoft 365 admin center](https://admin.microsoft.com) to view subscription information, updates, and other settings. <br/>2. Use the [Microsoft 365 admin center](https://admin.microsoft.com) or the [Microsoft Entra portal](https://entra.microsoft.com) for managing user accounts.<br/>3. Use the [Microsoft 365 Defender portal](https://security.microsoft.com) and the [Microsoft 365 Purview compliance portal](https://compliance.microsoft.com/) for viewing and managing security & compliance capabilities. If preferred, you can use the [Intune admin center](https://intune.microsoft.com) to view or manage devices. |

+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/> [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use the [Microsoft 365 admin center](https://admin.microsoft.com) to view subscription information, updates, and other settings. If preferred, you can use the [Microsoft Entra portal](https://entra.microsoft.com) to manage user accounts. |

+### Why maintenance and operations matter

+Microsoft 365 Business Basic, Standard, and Premium include the [Microsoft 365 admin center](https://admin.microsoft.com) and the [Microsoft Entra portal](https://entra.microsoft.com) for managing user accounts.

+To access VL invoices in the Microsoft 365 admin center, you must satisfy the following conditions:

+### Network share coverage and exclusions (preview)

+ - [Endpoint DLP policies can be applied to network shares](dlp-configure-endpoint-settings.md#network-share-coverage-and-exclusions-preview)

+Multi-Geo capabilities in OneDrive and SharePoint Online enable control of shared resources like SharePoint team sites and Microsoft 365 group mailboxes stored at rest in a specified _Macro Region Geography_ or _Local Region Geography_.

+These instructions will allow you to enable SharePoint in your _Satellite Geography_ location, so your Multi-Geo satellite users can take advantage of both OneDrive and SharePoint Multi-Geo capabilities in Microsoft 365.

+You can find the actual data location in _Tenant_ Admin Center. As a _Tenant_ administrator you can find the actual data location, for committed data, by navigating to Admin->Settings->Org Settings->Organization Profile->Data Location. If you do not have a _Tenant_ created, you can have a _Tenant_ created when signing up for a Microsoft 365 trial.

+This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access. This rule also blocks execution of untrusted files that may have been saved by Office macros that are allowed to run in Office files.

+> You can use the Microsoft Defender for Endpoint app along with the Approved Client app and Compliant Device (Require device to be marked as compliant) controls in Azure AD Conditional Access policies. There's no exclusion required for the Microsoft Defender for Endpoint app while setting up Conditional Access. Although Microsoft Defender for Endpoint on Android & iOS (App ID - dd47d17a-3194-4d86-bfd5-c6ae6f5651e3) isn't an approved app, it is able to report device security posture in both these grant permissions. However, internally Defender requests **MSGraph/User.read** scope and **Intune Tunnel** scope (in case of Defender+Tunnel scenarios). So these scopes must be excluded*. To exclude MSGraph/User.read scope, any one cloud app can be excluded. To exclude Tunnel scope, you need to exclude ΓÇÿMicrosoft Tunnel GatewayΓÇÖ.These permission and exclusions enables the flow for compliance information to Conditional Access.

+*Please note that applying a Conditional Access policy to All Cloud Apps could inadvertently block user access in some cases, so itΓÇÖs not recommended. Read more about [Conditional Access policies on Cloud Apps](/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#all-cloud-apps)

+> You can use '-g' flag to validate URLs for a specific datacenter region even without being onboarded to that region<br>

+> For example:<br>

+> 'MDEClientAnalyzer.cmd -g EU' will force the analyzer to test cloud URLs in Europe region.

+3. Toggle off **Connect On Demand** to disable VPN.

+Microsoft Defender for Endpoint on iOS enables the App Protection Policy scenario. End-users can install the latest version of the app directly from the Apple app store. Ensure the device is registered to Authenticator with the same account being used to onboard in Defender for successful MAM registration.

+Microsoft Defender for Endpoint can be configured to send threat signals to be used in App Protection Policies (APP, also known as MAM) on iOS/iPadOS. With this capability, you can use Microsoft Defender for Endpoint to protect access to corporate data from unenrolled devices as well.

+Follow the steps in the link below to set up app protection policies with Microsoft Defender for Endpoint [Configure Defender risk signals in app protection policy (MAM)](ios-install-unmanaged.md)

+## Jailbreak detection

+Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. These jailbreak checks are done periodically. If a device is detected to be jailbroken,

+1. A **High**-risk alert will be reported to the Microsoft 365 Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device will be blocked from accessing corporate data.

+1. User data on app will be cleared. When user opens the app after jailbreaking the VPN profile also will be deleted and no web protection will be offered.

+### Configure compliance policy against jailbroken devices

+Reducing cyber risk requires comprehensive risk-based vulnerability management to identify, assess, remediate, and track all your biggest vulnerabilities across your most critical assets, all in a single solution. Visit this [page](next-gen-threat-and-vuln-mgt.md) to learn more about Microsoft Defender Vulnerability Management in Microsoft Defender for Endpoint.

+> To get the list of all the apps including unmanaged apps, the admin has to enable **Send full application inventory data on personally owned iOS/iPadOS devices** in the Intune Admin Portal for the supervised devices marked as "Personal".

+ :::image type="content" source="images/tvm-user-privacy2.png" alt-text="Screenshot of the end user privacy screen." lightbox="images/tvm-user-privacy2.png":::

+> [!NOTE]

+> If youΓÇÖre using SSL inspection solution within your iOS device, please allow list these domain names **securitycenter.windows.com** (in commercial environment) and **securitycenter.windows.us** (in GCC environment) for TVM feature to work.

+## Disable sign out

+Defender for Endpoint on iOS supports deployment without sign out button in the app to prevent users from signing out of the Defender app. This is important to prevent users from tampering the device.

+This configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. Admins can use the following steps to configure the Disable sign out

+### Configure Disable sign out

+**For enrolled devices(MDM)**

+1. In the Microsoft Intune admin center, navigate to Apps > App configuration policies > Add > Managed devices.

+1. Give the policy a name, select Platform > iOS/iPadOS

+1. Select Microsoft Defender for Endpoint as the target app.

+1. In Settings page, select Use configuration designer and add **DisableSignOut** as the key and value type as **String**.

+1. By default, DisableSignOut = false.

+1. Admin needs to make **DisableSignOut = true** to disable the sign-out button in the app. Users will not see the sign out button once the policy is pushed.

+1. Click Next and assign this policy to targeted devices/users.

+**For unenrolled devices(MAM)**

+1. In the Microsoft Intune admin center, navigate to Apps > App configuration policies > Add > Managed apps.

+1. Give the policy a name.

+1. Under the Select Public Apps, choose Microsoft Defender for Endpoint as the target app.

+1. In Settings page, addΓÇ»**DisableSignOut** as the key and value as **true**, under the General Configuration Settings.

+1. By default, DisableSignOut = false.

+1. Admin needs to make **DisableSignOut = true** to disable the sign-out button in the app. Users will not see the sign out button once the policy is pushed.

+1. Click Next and assign this policy to targeted devices/users.

+1. **Verify that the Intune connector is enabled in Security portal**. <br> On the [unified security console](https://security.microsoft.com), go to **Settings** > **Endpoints** > **Advanced Features** and ensure that **Microsoft Intune connection** is enabled.

+2. **Verify that the APP connector is enabled in Intune portal**. <br> In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** and ensure that the Connection status is enabled.

+ Select the **Platform, Apps, Data protection, Access requirements** settings that your organization requires for your policy.

+ 3.Set sign-in security requirements for your protection policy. <br>

+Select **Setting > Max allowed device threat level** in **Conditional Launch > Device Conditions** and enter a value. This will need to be configured to either Low, Medium, High, or Secured. The actions available to you will be **Block access** or **Wipe data**. Select **Action: "Block Access"**. Microsoft Defender for Endpoint on iOS shares this Device Threat Level.

+4.Assign user groups for whom the policy needs to be applied.<br>

+Ensure the device is registered to Authenticator with the same account being used to onboard in Defender for successful MAM registration.

+> [!NOTE]

+> Skip this step if you configure zero touch (silent) onboarding. Manually launching application is not necessary if zero touch (silent) onboarding is configured.

+### May-2023 (Build: 101.98.70 | Release version: 20.123022.19870.0)

+| Build: | **101.98.70** |

+|--|--|

+| Release version: | **20.123022.19870.0** |

+| Engine version: | **1.1.20300.4** |

+| Signature version: | **1.389.1396.0** |

+##### What's new

+- Bug and performance fixes

+Need help in deploying or configuring Defender for Endpoint on Android & iOS? If you have at least 150 licenses for the product, use your [FastTrack benefits](/microsoft-365/fasttrack/introduction). Learn more about FastTrack at [Microsoft FastTrack](https://fasttrack.microsoft.com/).

+- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, manage email notifications, manage evaluation lab, and manage allowed/blocked lists for indicators

+1. In the incident queue:

+ - A tag titled *Attack Disruption* appears next to affected incidents

+2. On the incident page:

+ - A tag titled *Attack Disruption*

+ - A yellow banner at the top of the page that highlights the automatic action taken

+ - The current asset status is shown in the incident graph if an action is done on an asset, e.g., account disabled or device contained

+3. Via API:

+ An **(attack disruption)** string is added to the end of the titles of incidents with high confidence likely to be automatically disrupted. For example:

+ *BEC financial fraud attack launched from a compromised account (attack disruption)*

+- Attack story

+ The full story of the attack, including all the alerts, assets, and remediation actions taken.

+| Entra portal | Access and administer the [Microsoft Entra](/entra) family to protect your business with decentralized identity, identity protection, governance, and more, in a multi-cloud environment | [entra.microsoft.com](https://entra.microsoft.com/) |

+ Title: Configure Microsoft Syntex for pay-as-you-go billing

+# Configure Microsoft Syntex for pay-as-you-go billing

+Some Microsoft Syntex features are billed on a pay-as-you-go basis. These features use an Azure subscription for billing and track usage and cost with a Syntex meter. Read the [Microsoft Syntex pay-as-you-go terms of service](/legal/microsoft-365/microsoft-syntex-pay-as-you-go-terms) before you configure pay-as-you-go.