+# About admin roles in the Microsoft 365 admin center

+# Get started with the Microsoft 365 admin roles page

+# Assign admin roles in the Microsoft 365 admin center

+description: "You can create and use a template to save time and standardize settings when you add multiple users in the Microsoft 365 admin center."

+description: "If you're a global or user management admin of a Microsoft 365 for business subscription, you can use filters to create, edit, or delete custom user view."

+If you're a global or user management admin of a Microsoft 365 for business subscription, you can create custom user views to view a specific subset of users. These views are in addition to the standard set of views. You can create, edit, or delete custom user views, and the custom views you create are available to all admins.

+description: "Learn how to delete a Microsoft 365 user account, what to do with the user's email and OneDrive content, and whether to keep the product license."

+description: "Give a Microsoft 365 user the right to access another user's mailbox, which allows the user to read and send emails from the other user's mailbox."

+# Give mailbox permissions to another Microsoft 365 user - Admin help

+description: "The Microsoft 365 admin center lets you manage some Microsoft Intune roles, which map to business functions and give permissions to do specific tasks."

+description: "Learn how you can set a policy in the Microsoft 365 admin center to allow users to reset their own passwords using the self-service password reset tool."

+description: "Global administrators can block a former employee from logging in and block their access to Microsoft 365 services."

+description: "Once you've blocked a user from being able to log into your organization, learn two ways you can save the contents of the former employee's mailbox."

+description: "Use the Exchange admin center to wipe and block a former employee's device so that all organization data is removed and it no longer connects to Microsoft 365."

+description: "Forward a former employee's email to another employee or convert it to a shared mailbox where several people will be able to access it instead of one person."

+description: "Follow the steps in this article to access a former employee's OneDrive and Outlook data, back it up, and choose whether to give access to another employee."

+10. The user will now be able to access the former employee's OneDrive using the OneDrive URL.

+description: "You can remove a former employee's Microsoft 365 license, and then delete it from your subscription or assign the license to another user."

+description: "After you've saved and accessed all of a former employee's user data, you can delete the former employee's account in the Microsoft 365 admin center."

+description: "Block access to Microsoft 365 so a former employee can't sign in, secure organization data, and allow other employees to access their email and OneDrive data."

+description: "Resend the notification email to a new user in Microsoft 365 by resetting the user's password if they didn't get the original email with their new password. "

+# Resend a Microsoft 365 user's password - Admin help

+description: "Sign in with your Microsoft 365 admin account to reset passwords for users when you have a Microsoft 365 for business subscription."

+# Reset passwords in Microsoft 365 for business

+# Restore a user in the Microsoft 365 admin center

+description: "If you're an admin who manages password policy for a business, school, or nonprofit, you can set strong password requirements by using Windows PowerShell."

+description: "Use either simplified view in the Microsoft 365 admin center to manage common tasks or dashboard view for more complex settings and tasks."

+description: "Get the Microsoft 365 Admin app, your companion to the web-based Microsoft 365 admin center, to manage your online organization from your phone or tablet."

+# About the Microsoft 365 Admin mobile app

+description: "Understand what you need to know about the latest versions of the Office programs before you go through the sign-up process for Office 365."

+description: "Make the most of your Microsoft 365 subscription by using the help integrated throughout Microsoft 365."

+description: "Learn about Microsoft 365 Business Premium, a subscription service that takes care of the IT part for you."

+## Watch: What is Microsoft 365 Business Premium?

+description: "Learn to verify which Microsoft 365 subscriptions your organization has by going to the Your products page."

+# Which Microsoft 365 subscription do I have?

+description: "Basic Mobility and Security helps you secure and manage mobile devices with policies that control access to organization Microsoft 365 email and documents."

+description: "Basic Mobility and Security is part of the Microsoft 365 plans, while Microsoft Intune is a standalone product included with certain Microsoft 365 plans."

+description: "To manage iOS devices such as iPads and iPhones in Basic Mobility and Security, begin by creating an APNs certificate."

+description: "For devices that you can't manage with Basic Mobility and Security, you should block Exchange ActiveSync app access to Microsoft 365 email."

+description: "Sign in to Microsoft 365 and set up Basic Mobility and Security to use the built-in mobile device management to secure and manage your users' mobile devices."

+description: "Manage and secure mobile devices connected to your Microsoft 365 organization by setting up and using Basic Mobility and Security."

+You can create a policy what automatically asks the most active members or an ownerless group or team if they'll accept ownership. When a member accepts the invitation to become an owner, the action is logged in the compliance portal audit log. Guests are never invited to be owners.

+> [!Note]

+> Using a security group to limit who can be invited to be an owner requires that you possess but not necessarily assign an Azure AD Premium license for each Microsoft 365 group member in your organization.

+Notifications are sent weekly starting within 24 hours of policy creation.

+# Options for protecting your devices and app data with Microsoft 365

+# Add another email alias for a Microsoft 365 business subscription user

+# Add a user or contact to a Microsoft 365 distribution group

+# Change your Microsoft 365 email address to use your custom domain

+# Configure Microsoft 365 shared mailbox settings

+# Configure Microsoft 365 Clutter for your organization

+# Email collaboration in Microsoft 365

+## Related content

+# User email settings in Microsoft 365

+[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)

+# Using Domain Connect to add your domain to Microsoft 365

+# Assign Microsoft 365 licenses to users

+# Find your Microsoft 365 subscriptions partner or reseller

+# Language translation for Microsoft 365 Message center posts

+# Manage add-ins in the Microsoft 365 admin center

+# Deploy add-ins in the Microsoft 365 admin center

+# Track new and changed features in the Microsoft 365 Message center

+### Convert your label settings into an auto-labeling policy

+> [!NOTE]

+> This option is gradually rolling out.

+If the label includes sensitive info types for the configured conditions, you'll see an option at the end of the label creation or editing process to automatically create an auto-labeling policy that's based on the same auto-labeling settings.

+Because auto-labeling policies don't support trainable classifiers:

+- If the label conditions contain just trainable classifiers, you won't see the option to automatically create an auto-labeling policy.

+- If the label conditions contain trainable classifiers and sensitivity info types, an auto-labeling policy will be created for just the sensitive info types.

+Although an auto-labeling policy is automatically created for you by auto-populating the values that you would have to select manually if you created the policy from scratch, you can still view and edit the values before they are saved.

+By default, all locations for SharePoint, OneDrive, and Exchange are included in the auto-label policy, and when the policy is saved, it runs in [simulation mode](#learn-about-simulation-mode). There's no check that you've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md), which is one of the prerequisites for auto-labeling to apply to content in SharePoint and OneDrive.

+> [!IMPORTANT]

+> Roll back from Customer Key to Microsoft managed keys isn't supported for SharePoint Online, OneDrive for Business, and Teams files.

+Purging of SharePoint, OneDrive for work or school, and Teams files DEPs is not supported in Customer Key. These multi-workload DEPs are used to encrypt data across multiple workloads across all tenant users. Purging such a DEP would result in data from across multiple workloads becoming inaccessible. If you decide to exit Microsoft 365 services altogether, you could pursue the path of tenant deletion per the documented process. See how to [delete a tenant in Azure Active Directory](/azure/active-directory/enterprise-users/directory-delete-howto).

+- You must use Exchange Online PowerShell to remove holds from an inactive mailbox. You can't use the Exchange admin center (EAC) or the Microsoft Purview compliance portal for these procedures. For step-by-step instructions to use Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).

+[Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell)and then run the following command to display the hold information for all inactive mailboxes in your organization.

+Run the following PowerShell command to remove a Litigation Hold.

+Run the following PowerShell command to exclude an inactive mailbox from an organization-wide retention policy.

+Alternatively, you can run the following PowerShell command to remove the inactive mailbox from all organization-wide policies:

+Use [Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell) to remove an inactive mailbox from an explicit retention policy:

+For more information about identifying specific location retention policies that are applied to an inactive mailbox, and obtaining the GUID for a retention policy, see the "Get-Mailbox" section in [How to identify the type of hold placed on a mailbox](identify-a-hold-on-an-exchange-online-mailbox.md#get-mailbox).

+\* DLP detection of sensitivity labeled email attachments is supported for Open XML-based Office file types only.

+An inactive mailbox (which is a type of soft-deleted mailbox) is used to preserve a former employee's email after they leave your organization. If that employee returns to your organization or if another employee takes on the job responsibilities of the former employee, there are two ways that you can make the contents of the inactive mailbox available to a user:

+- **Recover an inactive mailbox.** If the former employee returns to your organization, or if a new employee is hired to take on the job responsibilities of the former employee, you can recover the contents of the inactive mailbox. This method converts the inactive mailbox to a new, active mailbox that contains the contents of the inactive mailbox. After it's recovered, the inactive mailbox no longer exists. The procedures in this article describe this method.

+> You can't recover or restore an inactive mailbox that's configured with an auto-expanding archive. If you need to recover data from an inactive mailbox with an auto-expanding archive, use content search to export the data from the mailbox and then import to another mailbox. For instructions, see following articles:

+- You must use Exchange Online PowerShell to recover an inactive mailbox. You can't use the Exchange admin center (EAC) or the Microsoft Purview compliance portal for this procedure. For step-by-step instructions to use Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).

+

+ - **Microsoft 365 retention policy with Preservation Lock.** If the inactive mailbox was included in a retention policy that has [Preservation Lock](retention-preservation-lock.md), the recovered mailbox is assigned to the same retention policy.

+

+ - **Microsoft 365 retention policy without Preservation Lock.** The inactive mailbox is removed from the Microsoft 365 retention policy. However, Litigation Hold is enabled on the recovered mailbox to prevent the deletion of mailbox content based on any organization-wide retention policies that delete content older than a specific age. You can keep the Litigation Hold or remove it. For more information, see [Create a Litigation Hold](create-a-litigation-hold.md).

+- **How do you know if the soft-deleted mailbox retention period for an inactive mailbox has expired?** Run the following command:

+

+

+ - If there's a value for the **ExternalDirectoryObjectId** property, the mailbox retention period has expired, and you can recover the inactive mailbox by running the **New-Mailbox -InactiveMailbox** command.

+ - If there's a value for the **ExternalDirectoryObjectId** property, the soft-deleted mailbox retention period hasn't expired and you have to recover the mailbox by [restoring the user account](../admin/add-users/delete-a-user.md).

+- **Consider enabling the archive mailbox after you recover an inactive mailbox.** This lets the returning user or new employee move old messages to the archive mailbox. And when the retention hold expires, the archive policy that is part of the default Exchange MRM retention policy assigned to Exchange Online mailboxes will move items that are two years or older to the archive mailbox. If you don't enable the archive mailbox, items older than two years will remain in the user's primary mailbox. For more information, see [Enable archive mailboxes](enable-archive-mailboxes.md).

+An inactive mailbox (which is a type of soft-deleted mailbox) is used to retain a former employee's email after they leave your organization. If another employee takes on the job responsibilities of the departed employee or if that employee returns to your organization, there are two ways that you can make the contents of the inactive mailbox available to a user:

+- **Restore an inactive mailbox** If another employee takes on the job responsibilities of the departed employee, or if another user needs access to the contents of the inactive mailbox, you can restore (or merge) the contents of the inactive mailbox to an existing mailbox. You can also restore the archive from an inactive mailbox. After it's restored, the inactive mailbox is preserved and is retained as an inactive mailbox. This article describes the procedures for restoring an inactive mailbox.

+> You can't recover or restore an inactive mailbox that's configured with an auto-expanding archive. If you need to recover data from an inactive mailbox with an auto-expanding archive, use content search to export the data from the mailbox and then import to another mailbox. For instructions, see following articles:

+- You must use Exchange Online PowerShell to restore an inactive mailbox. You can't use the Exchange admin center (EAC) or the Microsoft Purview compliance portal for this procedure. For step-by-step instructions to use Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).

+- **Use a Microsoft 365 retention policy or Litigation Hold or to retain inactive mailbox content.** If you want to retain the state of an inactive mailbox after it's restored, you can apply a [Microsoft 365 retention policy](retention.md) to the target mailbox or place the target mailbox on [Litigation Hold](create-a-litigation-hold.md) before you restore the inactive mailbox. This will prevent the permanent deletion of any items from the inactive mailbox after they're restored to the target mailbox.

+ > Select a sensitive information type that closely matches the format of the content you want to find. Selecting a sensitive information type that matches unnecessary content, like one that matches all text strings, or all numbers can cause excessive load in the system which could result in sensitive information being missed.

+## Working with specific types of data

+For performance reasons, it is critical that you use patterns that will minimize the number of unnecessary matches. For example, you might use a sensitive information type based on the regular expression.

+`\b\w*\b`

+This would match every individual word or number in any document or email. This would cause the service to be overloaded with matches and miss detecting true matches. Using more precise patterns can avoid this situation. Here are some recommendations for identifying the right configuration for some common types of data.

+**Email addresses**: Email addresses can be easy to identify, but because they are so common in content they may cause significant load in the system if used as a primary field. Use them only as secondary evidence. If they must be used as primary evidence, try to define a custom sensitive information type that uses logic to exclude their use as `From` or `To` fields in emails, and to exclude those with your companyΓÇÖs email address to reduce the number of unnecessary strings that need to be matched.

+**Phone numbers**: Phone numbers can come in many different formats, including or excluding country prefixes, area codes, and separators. To reduce the false negatives while keeping load to a minimum, use them only as secondary elements, exclude all likely separators, like parenthesis and dashes and only include in your sensitive data table the part that will be always present in the phone number.

+**Person's names**: DonΓÇÖt use personΓÇÖs names as primary elements if using a sensitive information type based on a regular expression as the classification element for this EDM type, because they are difficult to distinguish from common words.

+If you must use a primary element that is hard to identify with a specific pattern, like a project code name that could generate lots of matches to be processed, make sure you include keywords in the sensitive information type you use as the classification element for your EDM type. For example, if using project code names that may be regular words, you can use the word `project` as required additional evidence in close proximity to the project name regular expression-based pattern in the sensitive type used as the classification element for your EDM type. Or you might consider using a sensitive type based on a regular dictionary as the classification element for your EDM SIT.

+When trying to match numeric strings, specify the allowed ranges of numbers such as the number of digits or the starting digits, if known. If you need to match a relatively flexible range of numbers, you can use keywords in the base SIT to reduce the number of matches. For example, if trying to match account numbers consisting of 7-11 digits, add the words `account`, `customer`, `acct.` to the SIT as required additional evidence. This reduces the likelihood of unnecessary matches that could cause exceeding the limits of matches to be processed by EDM.

+If a field you need to use as a primary element follows a simple pattern that might cause large numbers of matches and you canΓÇÖt add the presence of keywords as additional evidence in the sensitive information type, you can alternatively require a minimum number of occurrences of that pattern. For example, you could use a custom sensitive information type defined in the following way to detect at least 29 other five-digit numbers surrounding a potential five-digit number to match against EDM:

+```xml

+ <Entity id="98703510-18b3-43d4-961f-15317594beb7"

+ patternsProximity="300"

+ recommendedConfidence="85"

+ relaxProximity="false">

+ <Pattern confidenceLevel="85"

+ proximity="300">

+ <IdMatch idRef="MRN"/>

+ <Match idRef="30 AccountNrs"

+ minCount="30"

+ proximity="3000"

+ uniqueResults="true"/>

+ </Pattern>

+ </Entity>

+ <Regex id="30 AccountNrs">\d{5}</Regex>

+```

+In some cases, you might have to identify certain account or record identification numbers that for historical reasons donΓÇÖt follow a standardized pattern. For example, `Medical Record Numbers` can be composed of many different permutations of letters and numbers within the same organization. Even though it might be hard at first to identify a pattern, closer inspection often lets you narrow down a pattern that describes all valid values without causing an excessive number of invalid matches. For example, it might be detected that ΓÇ£all MRNs are at least seven characters in length, have at least two numerical digits in them, and if they have any letters in them, they start with oneΓÇ¥. Creating a regular expression based on such criteria should allow you to minimize unnecessary matches while capturing all the desired values, and further analysis might allow increased precision by defining separate patterns that describe different formats.

+> [!NOTE]

+> To automate the hash and upload process after you have created it the first time, see [Refresh your exact data match sensitive information source table file](sit-use-exact-data-refresh-data.md).

+We start with a Microsoft 365 E5 trial subscription and then add the Microsoft 365 E5 subscription to it.

+2. To sign up for a new Microsoft account, go to [https://outlook.com](https://outlook.com) and create an account with a new email account and address. You'll use this account to sign up for Office 365.

+In this phase, you configure your subscription with other users and assign them Office 365 E5 licenses.

+- To list the accounts for User 2, User 3, User 4, and User 5, run the following command from the Azure Active Directory Module for Windows PowerShell prompt:

+If you need only an Office 365 test environment, you don't need to read the rest of this article.

+For other Test Lab Guides that apply to both Office 365 and Microsoft 365, see [Microsoft 365 for enterprise Test Lab Guides](m365-enterprise-test-lab-guides.md).

+On a personal computer, install Windows 10 Enterprise. You can download an evaluation version of Windows 10 Enterprise.

+> [!NOTE]

+> The Microsoft Evaluation Center is temporarily unavailable. To access this download, see [Accessing trials and kits for Windows (Eval Center workaround)](https://techcommunity.microsoft.com/t5/windows-11/accessing-trials-and-kits-for-windows-eval-center-workaround/m-p/3361125).<!-- 6049663 -->

+Use the hypervisor of your choice to create a virtual machine, and then install Windows 10 Enterprise on it. You can download an evaluation version of Windows 10 Enterprise.

+> [!NOTE]

+> The Microsoft Evaluation Center is temporarily unavailable. To access this download, see [Accessing trials and kits for Windows (Eval Center workaround)](https://techcommunity.microsoft.com/t5/windows-11/accessing-trials-and-kits-for-windows-eval-center-workaround/m-p/3361125).<!-- 6049663 -->

+To create a Windows 10 virtual machine in Microsoft Azure, ***you must have a Visual Studio-based subscription***, which has access to the image for Windows 10 Enterprise. Other types of Azure subscriptions, such as trial and paid subscriptions, don't have access to this image. For the latest information, see [Use Windows client in Azure for dev/test scenarios](/azure/virtual-machines/windows/client-images).

+Next, create a new virtual network and the WIN10 virtual machine with these commands. When prompted, provide the name and password of the local administrator account for WIN10 and store this information in a secure location.

+5. When prompted to make sure that this organization is yours, select **Join**, and then select **Done**.

+This environment includes the WIN10 computer that has:

+You're now ready to experiment with more features of [Microsoft 365 for enterprise](https://www.microsoft.com/microsoft-365/enterprise).

+Explore these other sets of Test Lab Guides:

+|[Win 10 lab guides](https://download.microsoft.com/download/2/9/9/29952cdb-b98d-4f9b-9d6e-9fb49644b0a0/Win10_21H1_Lab_05.12.zip)|[Win 11 lab guides](https://download.microsoft.com/download/9/d/9/9d9e278e-a1ea-4704-85e1-cb24f3806f45/Win11_Lab_Guides_05.09.zip)|

+> Please use a broadband internet connection to download this content and allow approximately 30 minutes for automatic provisioning. The lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available memory and 300 GB of free space is recommended. The Windows 10 lab expires August 11, 2022. The Windows 11 lab expires August 7, 2022. New versions will be published prior to expiration.

+## Week of May 09, 2022

+| Published On |Topic title | Change |

+|||--|

+| 5/9/2022 | [Microsoft Defender Experts for Hunting preview](/microsoft-365/security/defender/defenderexpertsforhuntingprev?view=o365-21vianet) | added |

+| 5/9/2022 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |

+| 5/9/2022 | [Allow cookies for LMS URLs in your browser](/microsoft-365/lti/browser-cookies?view=o365-21vianet) | added |

+| 5/9/2022 | [A collaboration governance framework for Microsoft 365](/microsoft-365/solutions/collaboration-governance-overview?view=o365-21vianet) | modified |

+| 5/9/2022 | [Deploy a data governance solution](/microsoft-365/compliance/data-governance-solution?view=o365-21vianet) | added |

+| 5/9/2022 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-21vianet) | modified |

+| 5/9/2022 | [What's new in Microsoft Purview](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |

+| 5/10/2022 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |

+| 5/10/2022 | [Configure retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-21vianet) | modified |

+| 5/10/2022 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |

+| 5/10/2022 | [Enable Corelight integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/corelight-integration?view=o365-21vianet) | modified |

+| 5/10/2022 | [Microsoft Defender Experts for Hunting preview](/microsoft-365/security/defender/defenderexpertsforhuntingprev?view=o365-21vianet) | modified |

+| 5/10/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |

+| 5/10/2022 | [Use the admin log for data connectors to view status about importing data](/microsoft-365/compliance/data-connector-admin-logs?view=o365-21vianet) | added |

+| 5/10/2022 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-21vianet) | added |

+| 5/10/2022 | [Use file plan to manage retention labels](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |

+| 5/10/2022 | [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-21vianet) | modified |

+| 5/10/2022 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |

+| 5/10/2022 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-21vianet) | modified |

+| 5/10/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 5/10/2022 | [Enable domain-joined Windows 10 devices to be managed by Microsoft 365 for business](/microsoft-365/business-premium/m365bp-manage-windows-devices?view=o365-21vianet) | modified |

+| 5/10/2022 | [Prepare for Office client deployment by Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-prepare-for-office-client-deployment?view=o365-21vianet) | modified |

+| 5/10/2022 | [Protect your administrator accounts in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-admin-accounts?view=o365-21vianet) | modified |

+| 5/10/2022 | [Edit or set application protection settings for Windows devices](/microsoft-365/business-premium/m365bp-protection-settings-for-windows-10-devices?view=o365-21vianet) | modified |

+| 5/10/2022 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup?view=o365-21vianet) | modified |

+| 5/10/2022 | [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-21vianet) | modified |

+| 5/10/2022 | View policies and devices | removed |

+| 5/10/2022 | [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 5/11/2022 | [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |

+| 5/11/2022 | [Learn about information barriers](/microsoft-365/compliance/information-barriers?view=o365-21vianet) | modified |

+| 5/11/2022 | [What's new in Microsoft Purview](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |

+| 5/11/2022 | [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-21vianet) | modified |

+| 5/11/2022 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) | modified |

+| 5/11/2022 | [Turn on network protection](/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-21vianet) | modified |

+| 5/11/2022 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |

+| 5/12/2022 | [Certificate assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-certificate-inventory-assessment?view=o365-21vianet) | added |

+| 5/12/2022 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-21vianet) | added |

+| 5/12/2022 | [Security baselines assessment configurations](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations?view=o365-21vianet) | added |

+| 5/12/2022 | [Security baselines assessment profiles](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-profiles?view=o365-21vianet) | added |

+| 5/12/2022 | [Compare Microsoft Defender Vulnerability Management offerings](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-21vianet) | added |

+| 5/12/2022 | [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-21vianet) | added |

+| 5/12/2022 | [Get Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management?view=o365-21vianet) | added |

+| 5/12/2022 | [Add users and assign licenses in Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/mdvm-add-users?view=o365-21vianet) | added |

+| 5/12/2022 | [Event timeline](/microsoft-365/security/defender-vulnerability-management/threat-and-vuln-mgt-event-timeline?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Assign device value](/microsoft-365/security/defender-vulnerability-management/tvm-assign-device-value?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-21vianet) | added |

+| 5/12/2022 | [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-21vianet) | added |

+| 5/12/2022 | [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-21vianet) | added |

+| 5/12/2022 | [Dashboard insights](/microsoft-365/security/defender-vulnerability-management/tvm-dashboard-insights?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Plan for end-of-support software and software versions](/microsoft-365/security/defender-vulnerability-management/tvm-end-of-support-software?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Create and view exceptions for security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-exception?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Exposure score in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Hunt for exposed devices](/microsoft-365/security/defender-vulnerability-management/tvm-hunt-exposed-devices?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Microsoft Secure Score for Devices](/microsoft-365/security/defender-vulnerability-management/tvm-microsoft-secure-score-devices?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Network share configuration assessment](/microsoft-365/security/defender-vulnerability-management/tvm-network-share-assessment?view=o365-21vianet) | added |

+| 5/12/2022 | [Prerequisites & permissions for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Remediate vulnerabilities](/microsoft-365/security/defender-vulnerability-management/tvm-remediation?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Security baselines assessment](/microsoft-365/security/defender-vulnerability-management/tvm-security-baselines?view=o365-21vianet) | added |

+| 5/12/2022 | [Security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-security-recommendation?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Software inventory in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Supported operating systems platforms and capabilities](/microsoft-365/security/defender-vulnerability-management/tvm-supported-os?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Vulnerable devices report](/microsoft-365/security/defender-vulnerability-management/tvm-vulnerable-devices-report?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Vulnerabilities in my organization](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Mitigate zero-day vulnerabilities](/microsoft-365/security/defender-vulnerability-management/tvm-zero-day-vulnerabilities?view=o365-21vianet) | renamed |

+| 5/12/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |

+| 5/12/2022 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-21vianet) | modified |

+| 5/12/2022 | Threat and vulnerability management | removed |

+| 5/12/2022 | [Manage Microsoft 365 Groups with PowerShell](/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershell?view=o365-21vianet) | modified |

+| 5/12/2022 | [Discover opportunities in SharePoint Syntex by using the Microsoft 365 Assessment tool](/microsoft-365/contentunderstanding/adoption-assessment-tool) | added |

+| 5/12/2022 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |

+| 5/12/2022 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-21vianet) | modified |

+| 5/12/2022 | [Enable archive mailboxes for Microsoft 365](/microsoft-365/compliance/enable-archive-mailboxes?view=o365-21vianet) | modified |

+| 5/12/2022 | [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-21vianet) | modified |

+| 5/12/2022 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-21vianet) | modified |

+| 5/12/2022 | [Quarantine notifications (end-user spam notifications) in Microsoft 365](/microsoft-365/security/office-365-security/use-spam-notifications-to-release-and-report-quarantined-messages?view=o365-21vianet) | modified |

+| 5/12/2022 | [Use file plan to manage retention labels](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |

+| 5/12/2022 | [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |

+| 5/12/2022 | [Manage information barriers policies](/microsoft-365/compliance/information-barriers-edit-segments-policies?view=o365-21vianet) | modified |

+| 5/12/2022 | [Information barriers](/microsoft-365/compliance/information-barriers-solution-overview?view=o365-21vianet) | modified |

+| 5/12/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |

+| 5/13/2022 | [Add your brand to encrypted messages](/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-21vianet) | modified |

+| 5/13/2022 | [Set up and configure the Moodle plugin](/microsoft-365/lti/moodle-plugin-configuration?view=o365-21vianet) | modified |

+| 5/13/2022 | [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-21vianet) | added |

+| 5/13/2022 | [Troubleshooting mode scenarios in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshooting-mode-scenarios?view=o365-21vianet) | added |

+| 5/13/2022 | [Bookings in Outlook](/microsoft-365/bookings/bookings-in-outlook?view=o365-21vianet) | modified |

+| 5/13/2022 | [Microsoft Purview solutions trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-21vianet) | modified |

+| 5/13/2022 | [Enhancing mail flow with MTA-STS ](/microsoft-365/compliance/enhancing-mail-flow-with-mta-sts?view=o365-21vianet) | modified |

+| 5/13/2022 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |

+| 5/13/2022 | [Allow cookies for LMS URLs in your browser](/microsoft-365/lti/browser-cookies?view=o365-21vianet) | modified |

+| 5/13/2022 | [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-21vianet) | modified |

+| 5/13/2022 | [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-21vianet) | modified |

+| 5/13/2022 | [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-21vianet) | modified |

+| 5/13/2022 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |

+| 5/13/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |

+| 5/13/2022 | [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-21vianet) | modified |

+| 5/13/2022 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-21vianet) | modified |

+| 5/13/2022 | [Security baselines assessment configurations](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations?view=o365-21vianet) | modified |

+| 5/13/2022 | [Security baselines assessment profiles](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-profiles?view=o365-21vianet) | modified |

+| 5/13/2022 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |

+| 5/13/2022 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-21vianet) | modified |

+| 5/13/2022 | [Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-manage-log4shell-guidance?view=o365-21vianet) | modified |

+| 5/13/2022 | [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-21vianet) | modified |

+| 5/13/2022 | [Block vulnerable applications (beta)](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-21vianet) | modified |

+| 5/13/2022 | [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-21vianet) | modified |

+| 5/13/2022 | [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-21vianet) | modified |

+| 5/13/2022 | [Microsoft Defender Experts for Hunting preview](/microsoft-365/security/defender/defenderexpertsforhuntingprev?view=o365-21vianet) | modified |

+| 5/13/2022 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |

+| 5/13/2022 | [Remove blocked connectors from the Restricted entities portal in Microsoft 365](/microsoft-365/security/office-365-security/remove-blocked-connectors?view=o365-21vianet) | modified |

+ Title: "Reprovision a Windows 365 Cloud PC in Microsoft 365 Lighthouse"

+f1.keywords: NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- M365-subscription-management

+- Adm_O365

+- AdminSurgePortfolib

+- M365-Lighthouse

+search.appverid: MET150

+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to reprovision a Windows 365 Cloud PC in Microsoft 365 Lighthouse."

+# Reprovision a Windows 365 Cloud PC in Microsoft 365 Lighthouse

+Microsoft 365 Lighthouse supports reprovisioning Cloud PCs that have a provisioning policy. You may need to reprovision a device for a new user or if the device isn't working properly. When a reprovision is triggered, the Cloud PC will be deleted and recreated as a new Cloud PC. All user data, applications, customizations, and the like will be deleted.

+## Before you begin

+You must be a Cloud PC Administrator in the partner tenant.

+## Reprovision a Windows 365 Cloud PC

+1. In the left navigation pane in Lighthouse, select **Windows 365**.

+2. Select the **All Cloud PCs** tab.

+3. From the **Filters** drop-down list, select license type.

+4. From the filtered list, select a device.

+5. In the device details pane, select **Reprovision**.

+6. In the confirmation dialog, select **Reprovision**.

+> [!NOTE]

+> The current user of the Cloud PC will be signed out immediately and all user data removed.

+## Check the device action status

+1. In the left navigation pane in Lighthouse, select **Windows 365**.

+2. Select the **All Cloud PCs** tab.

+3. From the device list, select a device.

+4. In the device details pane, select **Device action status** tab.

+The tab displays any current actions queued for this device, including the action type, status, and timestamp.

+## Related content

+[Provisioning Overview](/windows-365/enterprise/provisioning) (article)\

+[Edit provisioning policies](/windows-365/enterprise/edit-provisioning-policy) (article)

+This article describes what's included in Defender for Business, with links to learn more about these features and capabilities.

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about security</a>. We'd love to hear from you!

+>

+## Video: Enterprise-grade protection for small and medium-sized businesses

+## What's included with Defender for Business

+- [Try the interactive guide: Get started with Defender for Business](https://aka.ms/MDB-GetStartedGuide)

+3. Select **Endpoints**, then select **Advanced features**.

+## See also

+- [Microsoft Defender for Business](../defender-business/mdb-overview.md) (for small and medium-sized businesses)

+- Microsoft Defender for Endpoint Plans 1 and 2

+- Microsoft Defender for Business

+> [!NOTE]

+> Both the account the user signs in with and the device being used to complete the sign in process, must be in the same tenant where the device is onboarded to Microsoft Defender for Endpoint.

+- [Microsoft Defender for Business](../defender-business/index.yml)

+> Next-generation protection is also included in Microsoft Defender for Business and Microsoft 365 Business Premium. [Compare security features in Microsoft 365 plans for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md).

+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)

+- [Microsoft Defender for Endpoint Plans 1 and 2](defender-endpoint-plan-1-2.md)

+> [!IMPORTANT]

+> [Defender for Endpoint Plan 1](defender-endpoint-plan-1.md) and [Microsoft Defender for Business](../defender-business/mdb-overview.md) include only the following manual response actions:

+> - Run antivirus scan

+> - Isolate device

+> - Stop and quarantine a file

+> - Add an indicator to block or allow a file

+- [Microsoft Defender for Endpoint Plans 1 and 2](defender-endpoint-plan-1-2.md)

+> [Defender for Endpoint Plan 1](defender-endpoint-plan-1.md) and [Microsoft Defender for Business](../defender-business/mdb-overview.md) include only the following manual response actions:

+> [!IMPORTANT]

+> - This action is not currently supported for macOS and Linux. Use live response to run the action. For more information on live response, see [Investigate entities on devices using live response](live-response.md)

+> - A Microsoft Defender Antivirus (Microsoft Defender AV) scan can run alongside other antivirus solutions, whether Microsoft Defender AV is the active antivirus solution or not. Microsoft Defender AV can be in Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).

+> [!IMPORTANT]

+> - Isolating devices from the network is not currently supported for macOS and Linux. Use live response to run the action. For more information on live response, see [Investigate entities on devices using live response](live-response.md).

+> - Full isolation is available for devices on Windows 10, version 1703, Windows 11, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2022.

+> - Selective isolation is available for devices on Windows 10, version 1709 or later, and Windows 11.

+> - When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.

+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)

+- [Microsoft Defender for Business](../defender-business/mdb-overview.md)

+## What is web content filtering?

+Web content filtering is part of the [Web protection](web-protection-overview.md) capabilities in Microsoft Defender for Endpoint and Microsoft Defender for Business. Web content filtering enables your organization to track and regulate access to websites based on their content categories. Many of these websites (even if they're not malicious) might be problematic because of compliance regulations, bandwidth usage, or other concerns.

+Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave, and Opera). For more information about browser support, see the [prerequisites](#prerequisites) section.

+- If you are using Defender for Endpoint, your security team can conveniently deploy policies to groups of users using device groups defined in [Microsoft Defender for Endpoint role-based access control settings](/microsoft-365/security/defender-endpoint/rbac).

+- If you are using Defender for Business, you can define one web content filtering policy that will be applied to all users.

+Before trying out this feature, make sure you meet the requirements described in the following table:

+| Requirement | Description |

+|:|:|

+| Subscription | Your subscription must include one of the following:<br/>- [Windows 10/11 Enterprise E5](/windows/deployment/deploy-enterprise-licenses)<br/>- [Microsoft 365 E5](https://www.microsoft.com/microsoft-365/enterprise/e5?activetab=pivot%3aoverviewtab)<br/>- Microsoft 365 E5 Security<br/>- [Microsoft 365 E3](https://www.microsoft.com/microsoft-365/enterprise/e3?activetab=pivot%3aoverviewtab)<br/>- [Microsoft Defender for Endpoint Plan 1 or Plan 2](../defender/eval-defender-endpoint-overview.md)<br/>- [Microsoft Defender for Business](../defender-business/mdb-overview.md) |

+| Portal access | You must have access to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>. |

+| Operating system | Your organization's devices must be running one of the following operating systems with the [latest antivirus/antimalware updates](manage-updates-baselines-microsoft-defender-antivirus.md): <br/>- Windows 11<br/>- Windows 10 Anniversary Update (version 1607) or later |

+| Related protection | [Windows Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview) and [network protection](network-protection.md) must be enabled on your organization's devices. |

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> and sign in.

+2. In the navigation pane, select **Settings** \> **Endpoints** \> **General** \> **Advanced Features**.

+3. Scroll down until you see **Web content filtering**.

+4. Switch the toggle to **On**, and then select **Save preferences**.

+ > [!IMPORTANT]

+ > If you're using Defender for Business, scoping does not apply. Skip this step and proceed to step 5.

+> - Blocking the "Uncategorized" category could lead to unexpected and undesired results.

+Network Protection does not currently support SSL inspection, which might result in some sites being allowed by Web Content Filtering that would normally be blocked. Sites would be allowed due to a lack of visibility into encrypted traffic after the TLS handshake has taken place and an inability to parse certain redirects. This includes redirections from some web-based mail login pages to the mailbox page. As an accepted workaround, you can create a custom block indicator for the login page to ensure no users are able to access the site. Keep in mind, this might block their access to other services associated with the same website.

+To sign up for the **Defender Vulnerability Management Standalone** public preview or if you have any questions, [contact us](mailto:mdvmtrial@microsoft.com) (mdvmtrial@microsoft.com).

+> [!IMPORTANT]

+> **If you have an existing Defender for Endpoint Plan 2 or Microsoft 365 E5 license**, to sign up you need to follow these steps:

+[Defender Vulnerability Management add-on public preview](#defender-vulnerability-management-add-on-public-preview-for-defender-for-endpoint-plan-2-customers) to access the newly available features.

+> [!NOTE]

+> Once you activate the trial it can take up to 4 hours for the new features to become available in the portal.

+- [Learn more about Defender Vulnerability Management](defender-vulnerability-management.md)

+description: Use Microsoft Defender Vulnerability Management to block vulnerable applications

+keywords: Microsoft Defender Vulnerability Management, Microsoft Defender for Endpoint block vulnerable applications, mdvm, vulnerability management

+ms.technology: mdvm

+For more information, see [Microsoft Threat Experts in Microsoft 365 overview](/microsoft-365/security/defender/microsoft-threat-experts).

+- [What is Defender for Office 365?](/microsoft-365/security/defender/microsoft-365-defender)

+|SOC Oversight|All assets connected to approved networks are identified and categorized|SOC Oversight, BU owners, application owners, IT asset owners, etc.|Centralized asset management system to discover and list asset category and attributes based on risk.|ServiceNow or other assets. <br><br>[Microsoft 365 Device Inventory](/microsoft-365/security/defender-endpoint/device-discovery)|Only 70% of assets have been discovered. Microsoft 365 Defender remediation tracking only effective for known assets|Mature asset lifecycle management services to ensure Microsoft 365 Defender has 100% coverage|N|

+keywords: Microsoft 365 security, Getting started with Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Endpoint, MDO, MDE, new defender security portal

+If you're familiar with the Security & Compliance Center (protection.office.com), this article describes some of the changes and improvements in Microsoft 365 Defender.

+If you're looking for compliance-related items, visit the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a>.

+

+

+

+Here's an [example on advanced hunting](advanced-hunting-example.md) in Microsoft Defender for Office 365.

+

+

+

+

+- **Anti-phishing policies in EOP**: Turn spoof intelligence on or off, turn unauthenticated sender indicators in Outlook on or off, and specify the action for blocked spoofed senders. For more information, see [Configure anti-phishing policies in EOP](configure-anti-phishing-policies-eop.md).

+ - Turn unauthenticated sender indicators in Outlook on or off.

+ ^\* This setting is available only if you selected **Enable spoof intelligence** on the previous page. For more information, see [Unauthenticated sender indicators](set-up-anti-phishing-policies.md#unauthenticated-sender-indicators).

+|**Show (?) for unauthenticated senders for spoof** <br/><br/> _EnableUnauthenticatedSender_|Selected <br/><br/> `$true`|Selected <br/><br/> `$true`|Selected <br/><br/> `$true`|Adds a question mark (?) to the sender's photo in Outlook for unidentified spoofed senders. For more information, see [Unauthenticated sender indicators](set-up-anti-phishing-policies.md#unauthenticated-sender-indicators).|

+|**Show "via" tag** <br/><br/> _EnableViaTag_|Selected <br/><br/> `$true`|Selected <br/><br/> `$true`|Selected <br/><br/> `$true`|Adds a via tag (chris@contoso.com via fabrikam.com) to the From address if it's different from the domain in the DKIM signature or the **MAIL FROM** address. <br/><br/> For more information, see [Unauthenticated sender indicators](set-up-anti-phishing-policies.md#unauthenticated-sender-indicators).|

+- **Unauthenticated sender indicators**: Available in the **Safety tips & indicators** section only when spoof intelligence is turned on. See the details in the next section.

+### Unauthenticated sender indicators

+Unauthenticated sender indicators are part of the [Spoof settings](#spoof-settings) that are available in the **Safety tips & indicators** section in anti-phishing policies in both EOP and Defender for Office 365. The following settings are available only when spoof intelligence is turned on:

+- **Show (?) for unauthenticated senders for spoof**: Adds a question mark to the sender's photo in the From box if the message does not pass SPF or DKIM checks **and** the message does not pass DMARC or [composite authentication](email-validation-and-authentication.md#composite-authentication). When this setting is turned off, the question mark isn't added to the sender's photo.

+- **Show "via" tag**: Adds the via tag (chris@contoso.com <u>via</u> fabrikam.com) in the From box if the domain in the From address (the message sender that's displayed in email clients) is different from the domain in the DKIM signature or the **MAIL FROM** address. For more information about these addresses, see [An overview of email message standards](how-office-365-validates-the-from-address.md#an-overview-of-email-message-standards).

+- Allow the spoofed sender in the [spoof intelligence insight](learn-about-spoof-intelligence.md) or manually in the [Tenant Allow/Block List](tenant-allow-block-list.md). Allowing the spoofed sender will prevent the via tag from appearing in messages from the sender, even if the **Show "via" tag** setting is turned on in the policy.