Updates from: 05/02/2023 01:21:03
Category Microsoft Docs article Related commit history on GitHub Change details
business-premium M365 Campaigns Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-setup.md
Users who have been added to your Microsoft 365 for Campaigns (or Microsoft 365
2. Sign in using the username and password for the account. Users will have this information in the email they receive when they are added as users. If they can't find the email, see [user didn't receive invite email](../admin/simplified-signup/admin-invite-business-standard.md#i-shared-an-email-invite-but-the-user-didnt-receive-the-email). > [!TIP]
-> Provide your staff a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) for help signing in, getting Microsoft 365 apps, and saving, copying, and sharing files.
+> Provide your staff a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) for help signing in, getting Microsoft 365 Apps, and saving, copying, and sharing files.
## Customize your sign-in page with a privacy and consent notice
business-premium M365bp Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-add-users.md
The following information tells you how to use Microsoft 365 Business Premium to
**Not an admin?** [Learn your way around Microsoft 365](https://support.microsoft.com/office/396b8d9e-e118-42d0-8a0d-87d1f2f055fb) helps business and home users with set up.
- **No Microsoft 365 apps in your plan?** Follow the steps below, but skip the sections for installing apps. Use the [Online versions of Office](https://support.microsoft.com/office/91a4ec74-67fe-4a84-a268-f6bdf3da1804) instead.
+ **No Microsoft 365 Apps in your plan?** Follow the steps below, but skip the sections for installing apps. Use the [Online versions of Office](https://support.microsoft.com/office/91a4ec74-67fe-4a84-a268-f6bdf3da1804) instead.
## How to add a new user
And here's a quick reference to help them get started:
|**Task**|**Find the details**| |:--|:--| |Sign in to Office <br/> |Go to [https://www.office.com](https://www.office.com), select **Sign in**, and then enter your user ID and password. <br/> |
-|Install Microsoft 365 apps onto your computer. <br/><br/> |When you sign in, the home page has a link to download and install apps like Word and Outlook. Select **Install Office**. For instructions, see [How to install Office](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658). <br/> |
-|Set up your email in Outlook 2016 . <br/> |Once Microsoft 365 apps are installed on your computer, set up your email. For instructions, see [How to set up Outlook](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b). <br/> |
+|Install Microsoft 365 Apps onto your computer. <br/><br/> |When you sign in, the home page has a link to download and install apps like Word and Outlook. Select **Install Office**. For instructions, see [How to install Office](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658). <br/> |
+|Set up your email in Outlook 2016 . <br/> |Once Microsoft 365 Apps are installed on your computer, set up your email. For instructions, see [How to set up Outlook](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b). <br/> |
|Set up Skype for Business so you can connect with co-workers or business partners in your company or around the world. You can start conversations with IM, voice, or video calls. <br/> |[Install Skype for Business on your computer](https://support.microsoft.com/office/8a0d4da8-9d58-44f9-9759-5c8f340cb3fb). <br/> <br/>To learn how to use Skype for Business, [watch a video.](https://support.microsoft.com/office/3a21eca4-434d-41f1-ab06-3d4a268573b7) <br/> <br/>Have you set up Skype for Business so your employees can contact people external to your business who are using the free Skype app? If not, tell your new employee so they know what to expect when using Skype for Business. <br/> | |Install apps on your mobile device if you want to get email or use Skype for Business on your phone. <br/> |If you want to set up the Outlook mobile app so you can get email via your phone. For instructions, see [iOS](https://support.microsoft.com/office/b2de2161-cc1d-49ef-9ef9-81acd1c8e234), [Android](https://support.microsoft.com/office/886db551-8dfa-4fd5-b835-f8e532091872), [Windows Phone](https://support.microsoft.com/office/181a112a-be92-49ca-ade5-399264b3d417) <br/> <br/>If you want to use Skype for Business on your mobile device, download and install the mobile app. For instructions, see [iOS](https://support.microsoft.com/office/3239c8a3-cf55-4ff0-a967-5de51911c049#OS_Type=iOS), [Android](https://support.microsoft.com/office/4d1b7dfa-5b0b-4868-bae5-25947fb99e6e#OS_Type=Android), [Windows Phone](https://support.microsoft.com/office/4d1b7dfa-5b0b-4868-bae5-25947fb99e6e#OS_Type=Windows_Phone) <br/> | |Complete the OneDrive for Business training to help you learn how to store and organize your documents, presentations, and spreadsheets in the cloud. <br/> |Keep your business-related documents in the cloud by using OneDrive for Business. You can always get to your content, even if you're signed in to Microsoft 365 on a different computer. [Watch a video to learn how to use your OneDrive for Business](https://support.microsoft.com/office/b30da4eb-ddd2-44b6-943b-e6fbfc6b8dde) <br/><br/> **Training:** [OneDrive for Business training](https://support.microsoft.com/office/1f608184-b7e6-43ca-8753-2ff679203132) (Select OneDrive for Business). <br/> |
business-premium M365bp Devices Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-devices-overview.md
Every device, whether [managed or unmanaged](m365bp-managed-unmanaged-devices.md
Your objectives are to: - [Get everyone to set up MFA](m365bp-multifactor-authentication.md).-- [Get Microsoft 365 apps installed on devices](m365bp-install-office-apps.md).
+- [Get Microsoft 365 Apps installed on devices](m365bp-install-office-apps.md).
- [Protected unmanaged Windows and Mac devices](m365bp-protect-pcs-macs.md). Once you've achieved these objectives, proceed to [Use email securely](m365bp-protect-email-overview.md).
business-premium M365bp Install Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-install-office-apps.md
Title: "Install Microsoft 365 apps on all devices in Microsoft 365 Business Premium"
+ Title: "Install Microsoft 365 Apps on all devices in Microsoft 365 Business Premium"
f1.keywords: - NOCSH
search.appverid:
description: "How to install Office on all devices in Microsoft 365 Business Premium."
-# Install Microsoft 365 apps on all devices
+# Install Microsoft 365 Apps on all devices
-Okay, you've set up Microsoft 365 Business Premium, and now you can require users to install individual Microsoft 365 apps on their Mac, PC, or mobile devices. This is something your users should do to be part of the front lines and help protect the org against attack.
+Okay, you've set up Microsoft 365 Business Premium, and now you can require users to install individual Microsoft 365 Apps on their Mac, PC, or mobile devices. This is something your users should do to be part of the front lines and help protect the org against attack.
> [!NOTE] > This article applies primarily to unmanaged (or BYOD) devices. Microsoft 365 admins can manage Microsoft 365 installation options instead. To learn more, see the following articles:
Okay, you've set up Microsoft 365 Business Premium, and now you can require user
> - [Manage Microsoft 365 installation options in the Microsoft 365 admin center](/DeployOffice/manage-software-download-settings-office-365).
-## Watch: Install Microsoft 365 apps
+## Watch: Install Microsoft 365 Apps
> [!VIDEO https://www.microsoft.com/videoplayer/embed/acce002c-0756-4b64-ac5d-2198ee96a9b1?autoplay=false]
-For all members of the organization, the Microsoft Microsoft 365 apps can be found on the **Start** menu. If you don't see them, each user must install them.
+For all members of the organization, the Microsoft Microsoft 365 Apps can be found on the **Start** menu. If you don't see them, each user must install them.
Have them perform the following: 1. Go to [https://office.com](https://office.com), and sign in using your work account.
-2. Select **Install Office** > **Microsoft 365 apps** > **Run** , and then select **Yes**.
-3. The Microsoft 365 apps are installed. The process might take several minutes. When it completes, select **Close**.
+2. Select **Install Office** > **Microsoft 365 Apps** > **Run** , and then select **Yes**.
+3. The Microsoft 365 Apps are installed. The process might take several minutes. When it completes, select **Close**.
4. To install Microsoft Teams, go to the [office.com page](https://office.com), and then choose **Teams**. 5. Get the Windows app, and then select **Run**. Teams displays a prompt when installation is complete. ## Set up mobile devices for Microsoft 365 Business Premium users
-Use the following instructions to install Office on an iPhone or an Android phone. After you follow these steps, your work files created in Microsoft 365 apps will be protected by Microsoft 365 for business.
+Use the following instructions to install Office on an iPhone or an Android phone. After you follow these steps, your work files created in Microsoft 365 Apps will be protected by Microsoft 365 for business.
-The example is for Outlook, but applies to any other Microsoft 365 apps you want to install.
+The example is for Outlook, but applies to any other Microsoft 365 Apps you want to install.
## [iPhone](#tab/iPhone)
-Watch a short video on how to set up Microsoft 365 apps on iOS devices with Microsoft 365 for business.<br><br>
+Watch a short video on how to set up Microsoft 365 Apps on iOS devices with Microsoft 365 for business.<br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWee2n]
Locate Outlook on the iPhone, and restart it. When prompted, enter a PIN and ver
Follow these links for additional information on how to: -- Install Microsoft 365 apps: [Install Office on your PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658)
+- Install Microsoft 365 Apps: [Install Office on your PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658)
- Install other apps: [Project](https://support.microsoft.com/office/install-project-7059249b-d9fe-4d61-ab96-5c5bf435f281), [Visio](https://support.microsoft.com/office/install-visio-f98f21e3-aa02-4827-9167-ddab5b025710), or [Skype for Business](https://support.microsoft.com/office/install-skype-for-business-8a0d4da8-9d58-44f9-9759-5c8f340cb3fb)
For additional details and information:
- Set up email in Outlook: [Windows](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b) or [Mac](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b#PickTab=Outlook_for_Mac) -- [Upgrade users to the latest Microsoft 365 apps](../admin/setup/upgrade-users-to-latest-office-client.md)
+- [Upgrade users to the latest Microsoft 365 Apps](../admin/setup/upgrade-users-to-latest-office-client.md)
For additional details and information:
For additional details and information:
- Set up email in Outlook: [Windows](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b) or [Mac](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b#PickTab=Outlook_for_Mac) -- [Upgrade users to the latest Microsoft 365 apps](../admin/setup/upgrade-users-to-latest-office-client.md)
+- [Upgrade users to the latest Microsoft 365 Apps](../admin/setup/upgrade-users-to-latest-office-client.md)
Follow these links for additional information on how to: -- Install Microsoft 365 apps: [Install Office on your PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658)
+- Install Microsoft 365 Apps: [Install Office on your PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658)
- Install other apps: [Project](https://support.microsoft.com/office/install-project-7059249b-d9fe-4d61-ab96-5c5bf435f281), [Visio](https://support.microsoft.com/office/install-visio-f98f21e3-aa02-4827-9167-ddab5b025710), or [Skype for Business](https://support.microsoft.com/office/install-skype-for-business-8a0d4da8-9d58-44f9-9759-5c8f340cb3fb)
business-premium M365bp Map Protection Features To Intune Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-map-protection-features-to-intune-settings.md
Under **Manage how user access Office files in mobile devices**
|Force users to save work files to OneDrive for Business <br/> Note that only OneDrive for Business is allowed |Select which storage services corporate data can be saved to | |Encrypt work files |Encrypt app data | |Under **Manage how user access Office files in mobile devices** ||
-|Require a PIN or fingerprint to access Microsoft 365 apps | Require PIN to access <br/> This also sets: <br/> **Allow simple PIN** to **Yes** <br/> **Pin Length** to 4 <br/> **Allow fingerprint instead of PIN** to **Yes** <br/> **Disable app PIN when device PIN is managed** to **No** |
+|Require a PIN or fingerprint to access Microsoft 365 Apps | Require PIN to access <br/> This also sets: <br/> **Allow simple PIN** to **Yes** <br/> **Pin Length** to 4 <br/> **Allow fingerprint instead of PIN** to **Yes** <br/> **Disable app PIN when device PIN is managed** to **No** |
|Reset PIN when login fails this many times (this is disabled if PIN isn't required) |Number of attempts before PIN reset |
-|Require users to sign in again after Microsoft 365 apps have been idle for (this is disabled if PIN isn't required) | Recheck the access requirements after (minutes) <br/> This also sets: <br/> **Timeout** is set to minutes <br/> This is same number of minutes you set in Microsoft 365 Business. <br/> **Offline grace period** is set to 720 minutes by default |
+|Require users to sign in again after Microsoft 365 Apps have been idle for (this is disabled if PIN isn't required) | Recheck the access requirements after (minutes) <br/> This also sets: <br/> **Timeout** is set to minutes <br/> This is same number of minutes you set in Microsoft 365 Business. <br/> **Offline grace period** is set to 720 minutes by default |
|Deny access to work files on jailbroken or rooted devices |Block managed apps from running on jailbroken or rooted devices |
-|Allow users to copy content from Microsoft 365 apps into personal apps | Restrict cut, copy, and paste with other apps <br/> If the Microsoft 365 Business Premium option is set to **On**, then these three options are also set to **All Apps** in Intune: <br/> **Allow app to transfer data to other apps** <br/> **Allow app to receive data from other apps** <br/> **Restrict cut, copy, and paste with other apps** <br/> If the Microsoft 365 Business option is set to **On**, then all the Intune options are set to: <br/> **Allow app to transfer data to other apps** is set to **Policy managed apps** <br/> **Allow app to receive data from other apps** is set to **All Apps** <br/> **Restrict cut, copy, and paste with other apps** is set to **Policy Managed apps with Paste-In** |
+|Allow users to copy content from Microsoft 365 Apps into personal apps | Restrict cut, copy, and paste with other apps <br/> If the Microsoft 365 Business Premium option is set to **On**, then these three options are also set to **All Apps** in Intune: <br/> **Allow app to transfer data to other apps** <br/> **Allow app to receive data from other apps** <br/> **Restrict cut, copy, and paste with other apps** <br/> If the Microsoft 365 Business option is set to **On**, then all the Intune options are set to: <br/> **Allow app to transfer data to other apps** is set to **Policy managed apps** <br/> **Allow app to receive data from other apps** is set to **All Apps** <br/> **Restrict cut, copy, and paste with other apps** is set to **Policy Managed apps with Paste-In** |
## Windows 10 app protection settings
business-premium M365bp Multifactor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-multifactor-authentication.md
When MFA is enforced, the authenticator app serves as a second form of authentic
## Next objective
-Proceed to [install Microsoft 365 apps](m365bp-install-office-apps.md).
+Proceed to [install Microsoft 365 Apps](m365bp-install-office-apps.md).
business-premium M365bp Protect Admin Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-admin-accounts.md
When you sign up for Microsoft 365 and enter your information, you automatically
## Create other admin accounts
-Use admin accounts only for Microsoft 365 administration. Admins should have a separate user account for their regular use of Microsoft 365 apps, and only use their administrative account when necessary to manage accounts and devices, and while working on other admin functions. It's also a good idea to remove the Microsoft 365 license from your admin accounts so you don't have to pay for extra licenses.
+Use admin accounts only for Microsoft 365 administration. Admins should have a separate user account for their regular use of Microsoft 365 Apps, and only use their administrative account when necessary to manage accounts and devices, and while working on other admin functions. It's also a good idea to remove the Microsoft 365 license from your admin accounts so you don't have to pay for extra licenses.
You'll want to set up at least one other Global admin account to give admin access to another trusted employee. You can also create separate admin accounts for user management (this role is called **User management administrator**). For more information, see [about admin roles](/office365/admin/add-users/about-admin-roles).
business-premium M365bp Set Up Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-set-up-compliance.md
For more information about compliance features in Microsoft 365 for business, se
Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2198022).
-Sensitivity labels are available in Microsoft 365 apps (such as Outlook, Word, Excel, and PowerPoint). Examples of labels include:
+Sensitivity labels are available in Microsoft 365 Apps (such as Outlook, Word, Excel, and PowerPoint). Examples of labels include:
- Normal - Personal
business-premium M365bp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup.md
Microsoft 365 Business Premium includes a guided process, as shown in the follow
:::image type="content" source="media/m365bp-dashboardview.png" alt-text="Screenshot of the dashboard view of the Microsoft 365 admin center."lightbox="media/m365bp-dashboardview.png":::
-3. To install your Microsoft 365 apps (Office), select the download button, and then follow the prompts. Alternately, you can skip this step for now and install your apps later. Then select **Continue**.
+3. To install your Microsoft 365 Apps (Office), select the download button, and then follow the prompts. Alternately, you can skip this step for now and install your apps later. Then select **Continue**.
:::image type="content" source="media/m365bp-installoffice.png" alt-text="Screenshot of the Install Office download button."lightbox="media/m365bp-installoffice.png":::
If you'd prefer to have a Microsoft partner help you get and set up Microsoft 36
[:::image type="content" source="media/employee-setup-guide.png" alt-text="Screenshot of employee setup guide steps.":::](https://support.microsoft.com/en-us/office/employee-quick-setup-in-microsoft-365-for-business-7f34c318-e772-46a5-8c0a-ab86661542d1)
-After you have added users to your Microsoft 365 subscription, give them a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). The guide walks them through signing in, getting Microsoft 365 apps, and saving, copying, and sharing files.
+After you have added users to your Microsoft 365 subscription, give them a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). The guide walks them through signing in, getting Microsoft 365 Apps, and saving, copying, and sharing files.
## Next objective
business-premium M365bp Trial Playbook Microsoft Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium.md
When you [start a trial or purchase Microsoft 365 Business Premium](get-microsof
- [Safe Links](../security/office-365-security/safe-links-about.md), [Safe Attachments](../security/office-365-security/safe-attachments-about.md) and [Anti-Phishing](../security/office-365-security/anti-phishing-protection-about.md) policies that are scoped to the entire tenant or the subset of users you may have chosen during the trial setup process. (Your trial subscription is for up to 25 users.)
- - Protection for productivity apps, such as [SharePoint](/sharepoint/introduction), [OneDrive](/onedrive/one-drive-quickstart-small-business), [Microsoft 365 apps](/deployoffice/about-microsoft-365-apps), and [Microsoft Teams](/microsoftteams/teams-overview).
+ - Protection for productivity apps, such as [SharePoint](/sharepoint/introduction), [OneDrive](/onedrive/one-drive-quickstart-small-business), [Microsoft 365 Apps](/deployoffice/about-microsoft-365-apps), and [Microsoft Teams](/microsoftteams/teams-overview).
## Add a domain
business-premium Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/secure-your-business-data.md
Title: Secure your business data with Microsoft 365 for business
+ Title: Top 10 ways to secure your business data with Microsoft 365 for business
f1.keywords: - CSH
audience: Admin
Previously updated : 04/28/2023 Last updated : 05/01/2023 ms.localizationpriority: medium - highpri
search.appverid:
description: "Learn best practices to protect your business from ransomware, phishing, and malicious URLs or attachments with Microsoft 365 for business."
-# Secure your business data with Microsoft 365
+# Secure your data with Microsoft 365 for business
> [!TIP]
-> This article is for small and medium-sized businesses who have up to 300 users.
+> **This article is for small and medium-sized businesses who have up to 300 users**.
> > If you're looking for information for enterprise organizations, see [Deploy ransomware protection for your Microsoft 365 tenant](../solutions/ransomware-protection-microsoft-365.md). > > If you're a Microsoft partner, see [Resources for Microsoft partners working with small and medium-sized businesses](../security/defender-business/mdb-partners.md).
-This article lists the top 10 ways to secure your data with Microsoft 365 for business, with links for more information. Microsoft 365 for business plans include security capabilities, such as antiphishing, antispam, and antimalware protection. Microsoft 365 Business Premium includes even more capabilities, such as device security, advanced threat protection, and information protection.
+This article lists the top 10 ways to secure your business data with Microsoft 365 for business.
+
+Microsoft 365 Business Basic, Standard, and Premium include antiphishing, antispam, and antimalware protection. Microsoft 365 Business Premium includes even more security capabilities, such as advanced threat protection for devices (also referred to as endpoints), email, and collaboration, and information protection.
+
+For more information about what each plan includes, see [Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWR6bM).
## Top 10 ways to secure your business data
-The following table lists the top 10 ways to secure business data and includes capabilities that are included in Microsoft 365 for business plans. It's not intended to be an exhaustive list of all capabilities in each plan. For more details about what each plan includes, see [Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWR6bM).
-
-| What to do | [Microsoft 365 Business Premium](index.md) | [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) | [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) |
-|||||
-| 1. **[Use multi-factor authentication](../admin/security-and-compliance/multi-factor-authentication-microsoft-365.md)**.<br/><br/>[Multi-factor authentication](../admin/security-and-compliance/multi-factor-authentication-microsoft-365.md) (MFA), also known as two-step verification, requires people to use a code or authentication app on their phone to sign into Microsoft 365, and is a critical first step to protecting your business data. Using MFA can prevent bad actors from taking over your account if they know your password. <br/><br/>See [security defaults and MFA](m365bp-conditional-access.md). |*Use security defaults or Conditional Access in [Azure Active Directory (Azure AD) Premium P1](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses).* | *Use [security defaults in Azure AD](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults).* | *Use [security defaults in Azure AD](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults).* |
-| 2. **[Protect your administrator accounts](m365bp-protect-admin-accounts.md)**.<br/><br/>Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. You'll need to set up and manage the right number of admin and user accounts for your business. <br/><br/>We also recommend adhering to the information security principle of least privilege, which means that users and applications should be granted access only to the data and operations they require to perform their jobs.<br/><br/>See [Protect your administrator accounts](m365bp-protect-admin-accounts.md). |*Use the [Azure AD portal](https://entra.microsoft.com) or the [Microsoft 365 admin center](https://admin.microsoft.com) to manage user accounts.* | *Use the [Azure AD portal](https://entra.microsoft.com) or the [Microsoft 365 admin center](https://admin.microsoft.com) to manage user accounts.* | *Use the [Azure AD portal](https://entra.microsoft.com) or the [Microsoft 365 admin center](https://admin.microsoft.com) to manage user accounts.* |
-| 3. **[Use preset security policies](m365bp-increase-protection.md)**.<br/><br/>Preset security policies save time by applying recommended spam, anti-malware, and anti-phishing policies to users all at once.<br/><br/>See: <br/>- [Preset security policies](../security/office-365-security/preset-security-policies.md)<br/>- [Protect against malware and other cyberthreats](m365bp-increase-protection.md) | *Use preset security policies for anti-spam, anti-malware, and anti-phishing in [Exchange Online Protection](../security/office-365-security/eop-about.md) (EOP). And, use preset security policies for advanced anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments in [Microsoft Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet).* | *Use [preset security policies in EOP](../security/office-365-security/preset-security-policies.md).* | *Use [preset security policies in EOP](../security/office-365-security/preset-security-policies.md).* |
-| 4. **[Protect all devices](m365bp-devices-overview.md)**.<br/><br/>Every device is a possible attack avenue into your network and must be configured properly, even those devices that are personally owned but used for work. Your security team and employees can all take steps to protect devices. For example, all users can use MFA on their devices.<br/><br/>See:<br/>- [Secure managed and unmanaged devices](m365bp-managed-unmanaged-devices.md) <br/>- [Set up unmanaged (BYOD) devices](m365bp-devices-overview.md)<br/>- [Set up and secure managed devices](m365bp-protect-devices.md) | *Use MFA, Microsoft 365 Apps on devices, and advanced device security with [Microsoft Defender for Business](../security/defender-business/mdb-overview.md) and [Microsoft Intune](/mem/intune/fundamentals/what-is-intune).* | *Use MFA and Microsoft 365 Apps on devices.*<br/>(*Defender for Business can be added on*) | *Use MFA.*<br/>(*Defender for Business can be added on*) |
-| 5. **[Train everyone on email best practices](m365bp-avoid-phishing-and-attacks.md)**.<br/><br/>Email can contain malicious attacks cloaked as harmless communications. Email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on humans making consistently good decisions with those communications. Train everyone to know what to watch for spam or junk mail, phishing attempts, spoofing, and malware in their email. <br/><br/>See: <br/>- [Protect yourself against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md)<br/>- [Anti-phishing protection in Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-protection-about#additional-anti-phishing-protection-in-microsoft-defender-for-office-365)<br/>- [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-about) <br/>- [Safe Links](/microsoft-365/security/office-365-security/safe-links-about) | *Use EOP and advanced protection for email with [Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet).* | *Use EOP.* <br/>(*Defender for Office 365 can be added on*) | *Use EOP.*<br/>(*Defender for Office 365 can be added on*) |
-| 6. **[Use Microsoft Teams for collaboration and sharing](m365bp-collaborate-share-securely.md)**.<br/><br/>The best way to collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all your files and communications are in a protected environment and aren't being stored in unsafe ways outside of it.<br/><br/>See: <br/>- [Use Microsoft Teams for collaboration](create-teams-for-collaboration.md) <br/>- [Set up meetings with Microsoft Teams](set-up-meetings.md) <br/>- [Share files and videos in a safe environment](share-files-and-videos.md)<br/>- [Defender for Office 365 support for Microsoft Teams](/microsoft-365/security/office-365-security/mdo-support-teams-about)<br/>- [Data Loss Prevention (DLP) in Microsoft Teams](/microsoft-365/compliance/dlp-teams-default-policy)<br/>- [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings) | *Use Microsoft Teams with [Safe Links & Safe Attachments](/microsoft-365/security/office-365-security/mdo-support-teams-about), [sensitivity labels](/microsoft-365/compliance/sensitivity-labels-meetings), and [DLP](/microsoft-365/compliance/dlp-teams-default-policy).* | *Use Microsoft Teams.*<br/>(*Defender for Office 365 can be added on*) | *Use Microsoft Teams.*<br/>(*Defender for Office 365 can be added on*) |
-| 7. **[Set sharing settings for SharePoint and OneDrive files and folders](m365bp-increase-protection.md)**.<br/><br/>Your default sharing levels for SharePoint and OneDrive might be set to a more permissive level than you should use. We recommend reviewing and if necessary, changing the default settings to better protect your business. Grant people only the access they need to do their jobs. <br/><br/>See: <br/>- [Set sharing settings for SharePoint and OneDrive](m365bp-increase-protection.md#set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders)<br/>- [Sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files) | *Use SharePoint and OneDrive, with Safe Links, Safe Attachments, sensitivity labels, and DLP.* | *Use SharePoint and OneDrive.* | *Use SharePoint and OneDrive.* |
-| 8. **[Use Microsoft 365 Apps on devices](https://support.microsoft.com/topic/train-your-users-on-office-and-microsoft-365-7cba3c97-7f19-46ed-a1c6-763971a26c27)**.<br/><br/>Outlook and Microsoft 365 Apps (also referred to as Office apps) enable people to work productively and more securely across devices. Start a document on one device, and pick it up later on another device. Instead of sending files as email attachments, you can share links to documents that are stored in SharePoint or OneDrive.<br/><br/>See: <br/>- [Install Microsoft 365 Apps on all devices](m365bp-install-office-apps.md).<br/>- [Train your users on Microsoft 365](https://support.microsoft.com/topic/train-your-users-on-office-and-microsoft-365-7cba3c97-7f19-46ed-a1c6-763971a26c27)<br/>- [How Safe Links works in Microsoft 365 Apps](/microsoft-365/security/office-365-security/safe-links-about#how-safe-links-works-in-office-apps)<br/>- [Sensitivity bar in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-office-apps#sensitivity-bar)| *Use Outlook and Web, mobile, and desktop versions of Microsoft 365 Apps, with [Safe Links](/microsoft-365/security/office-365-security/safe-links-about#how-safe-links-works-in-office-apps) and [sensitivity labels](/microsoft-365/compliance/sensitivity-labels-office-apps).* | *Use Outlook and Web/mobile/desktop versions of Microsoft 365 Apps.* | *Use Outlook and Web/mobile versions of Microsoft 365 Apps.* |
-| 9. **[Manage calendar sharing for your business](m365bp-increase-protection.md#manage-calendar-sharing)**.<br/><br/>You can help people in your organization share their calendars appropriately for better collaboration. You can manage what level of detail they can share, such as by limiting the details that are shared to free/busy times only.<br/><br/>See: <br/>- [Manage calendar sharing](m365bp-increase-protection.md#manage-calendar-sharing) <br/>- [Get started with the default DLP policy](/microsoft-365/compliance/get-started-with-the-default-dlp-policy) | *Use Outlook, Exchange Online, and [DLP](/microsoft-365/compliance/get-started-with-the-default-dlp-policy).* | *Use Outlook and Exchange Online.* | *Use Outlook and Exchange Online.* |
-| 10. **[Maintain your environment](m365bp-maintain-environment.md)**.<br/><br/>After your initial setup and configuration of Microsoft 365 for business is complete, your organization needs a maintenance and operations plan. As employees come and go, you'll need to add or remove users, reset passwords, and maybe even reset devices to factory settings. You'll also want to make sure people have only the access they need to do their jobs.<br/><br/>See: <br/>- [Maintain your environment](m365bp-maintain-environment.md) <br/>- [Security incident management in Microsoft 365 Business Premium](m365bp-security-incident-management.md)<br/>- [Microsoft 365 Business Premium security operations guide](m365bp-security-incident-quick-start.md) | *Use the [Azure AD portal](https://entra.microsoft.com) and the [Microsoft 365 admin center](https://admin.microsoft.com) for managing user accounts.<br/>Use the [Microsoft 365 Defender portal](https://security.microsoft.com) and the [Microsoft 365 Purview compliance portal](https://compliance.microsoft.com/) for viewing and managing security & compliance capabilities. <br/>You can also use the [Intune admin center](https://intune.microsoft.com) to view or manage devices.* | *Use the [Microsoft 365 admin center](https://admin.microsoft.com) and the [Azure AD portal](https://entra.microsoft.com). to view or manage user accounts.* | *Use the [Microsoft 365 admin center](https://admin.microsoft.com) and the [Azure AD portal](https://entra.microsoft.com) to view or manage user accounts.* |
+1. [Use multi-factor authentication](#1-use-multi-factor-authentication).
+2. [Protect your administrator accounts](#2-protect-your-administrator-accounts).
+3. [Use preset security policies](#3-use-preset-security-policies).
+4. [Protect all devices](#4-protect-all-devices).
+5. [Train everyone on email best practices](#5-train-everyone-on-email-best-practices).
+6. [Use Microsoft Teams for collaboration and sharing](#6-use-microsoft-teams-for-collaboration-and-sharing).
+7. [Set sharing settings for SharePoint and OneDrive files and folders](#7-set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders).
+8. [Use Microsoft 365 Apps on devices](#8-use-microsoft-365-apps-on-devices).
+9. [Manage calendar sharing for your business](#9-manage-calendar-sharing-for-your-business).
+10. [Maintain your environment](#10-maintain-your-environment).
+
+The following sections describe these methods in more detail and include links to additional information.
+
+## 1. Use multi-factor authentication
+
+[Multi-factor authentication](../admin/security-and-compliance/multi-factor-authentication-microsoft-365.md) (MFA), also known as two-step verification, requires people to use a code or authentication app on their phone to sign into Microsoft 365, and is a critical first step to protecting your business data. Using MFA can prevent bad actors from taking over your account if they know your password.
+
+To help simplify the process of enabling MFA, [security defaults in Azure Active Directory (Azure AD)](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) are available in Microsoft 365 Business Basic, Standard, and Premium.
+
+Microsoft 365 Business Premium also includes [Azure AD Premium P1](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) for advanced administration. It enables you to set up and configure [Conditional Access](/azure/active-directory/conditional-access/overview) policies instead of security defaults, for more stringent requirements.
+
+See [Turn on multi-factor authentication](m365bp-conditional-access.md).
+
+| Subscription | Recommendation |
+|||
+| [Microsoft 365 Business Premium](index.md) | [Use either security defaults or Conditional Access](m365bp-conditional-access.md). |
+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Use security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#enabling-security-defaults). |
+
+## 2. Protect your administrator accounts
+
+Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. Make sure to set up and manage the right number of admin and user accounts for your business.
+
+We also recommend adhering to the information security principle of least privilege, which means that users and applications should be granted access only to the data and operations they require to perform their jobs.
+
+Microsoft 365 Business Basic, Standard, and Premium include the [Microsoft 365 admin center](https://admin.microsoft.com) and the [Azure AD portal](https://entra.microsoft.com) to set up and manage your admin accounts.
+
+See [Protect your administrator accounts](m365bp-protect-admin-accounts.md).
+
+| Subscription | Recommendation |
+|||
+| [Microsoft 365 Business Premium](index.md) <br/>[Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) <br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Assign admin roles](/microsoft-365/admin/add-users/assign-admin-roles). |
+
+## 3. Use preset security policies
+
+[Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies) save time by applying recommended spam, anti-malware, and anti-phishing policies to users all at once.
+
+Microsoft 365 Business Basic, Standard, and Premium include [Exchange Online Protection](../security/office-365-security/eop-about.md) (EOP). It includes preset security policies for anti-spam, anti-malware, and anti-phishing.
+
+Microsoft 365 Business Premium also includes [Microsoft Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet). It includes preset security policies for advanced anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments.
+
+See the following articles:
+
+- [Policies in preset security policies](../security/office-365-security/preset-security-policies.md#policies-in-preset-security-policies)
+- [Protect against malware and other cyberthreats](m365bp-increase-protection.md)
+
+| Subscription | Recommendation |
+|||
+| [Microsoft 365 Business Premium](index.md)<br/>[Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Assign Standard or Strict preset security policies to users](/microsoft-365/security/office-365-security/preset-security-policies#use-the-microsoft-365-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users). |
+
+## 4. Protect all devices
+
+Every device is a possible attack avenue into your network and must be configured properly, even devices that are personally owned but used for work. Your security team and all employees can all take steps to protect devices. For example, all users can use MFA on their devices.
+
+Microsoft 365 Business Basic, Standard, and Premium enable users to use MFA on their devices.
+
+Microsoft 365 Business Premium also includes advanced device protection with [Microsoft Defender for Business](../security/defender-business/mdb-overview.md). Defender for Business includes threat and vulnerability management, attack surface reduction, next-generation protection, endpoint detection and response, and automated investigation capabilities.
+
+Microsoft 365 Business Premium also includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) for managing devices.
+
+See the following articles:
+
+- [Secure managed and unmanaged devices](m365bp-managed-unmanaged-devices.md)
+- [Set up unmanaged (BYOD) devices](m365bp-devices-overview.md)
+- [Set up and secure managed devices](m365bp-protect-devices.md)
+
+| Subscription | Recommendations |
+|||
+| [Microsoft 365 Business Premium](index.md) | [Turn on MFA](m365bp-conditional-access.md).<br/>[Install Microsoft 365 Apps on devices](m365bp-install-office-apps.md).<br/>[Secure managed and unmanaged devices](m365bp-managed-unmanaged-devices.md). |
+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) | [Turn on MFA](m365bp-conditional-access.md).<br/>[Install Microsoft 365 Apps on devices](m365bp-install-office-apps.md).<br/>(*Defender for Business can be added on*) |
+| [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | [Turn on MFA](m365bp-conditional-access.md).<br/>(*Defender for Business can be added on*) |
+
+## 5. Train everyone on email best practices
+
+Email can contain malicious attacks cloaked as harmless communications. Email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on humans making consistently good decisions with those communications.
+
+Train everyone to know what to watch for spam or junk mail, phishing attempts, spoofing, and malware in their email.
+
+Microsoft 365 Basic, Standard, and Premium include [EOP](../security/office-365-security/eop-about.md), which provides anti-spam, anti-malware, and anti-phishing protection for email hosted in Exchange Online.
+
+Microsoft 365 Business Premium also includes [Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet), which provides more advanced protection for email and collaboration, with advanced anti-phishing, anti-spam, and anti-malware protection, Safe Attachments, and Safe Links.
+
+See the following articles:
+
+- [Protect yourself against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md)
+- [Anti-phishing protection in Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-protection-about#additional-anti-phishing-protection-in-microsoft-defender-for-office-365)
+- [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-about)
+- [Safe Links](/microsoft-365/security/office-365-security/safe-links-about)
+- [Protect against threats](../security/office-365-security/protect-against-threats.md)
+
+| Subscription | Recommendations |
+|||
+| [Microsoft 365 Business Premium](index.md)<br/>[Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) <br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Follow the guidance in [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats).<br/>Share [Protect yourself against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md) with everyone. |
+
+## 6. Use Microsoft Teams for collaboration and sharing
+
+The best way to collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all your files and communications are in a protected environment and aren't being stored in unsafe ways outside of it.
+
+Microsoft 365 Business Basic, Standard, and Premium include Microsoft Teams.
+
+Microsoft 365 Business Premium also includes:
+
+- [Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet), with [Safe Links](/microsoft-365/security/office-365-security/safe-links-about#safe-links-settings-for-microsoft-teams) and [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about) for Microsoft Teams.
+- [Azure Information Protection Plan 1](/azure/information-protection/what-is-information-protection), with [sensitivity labels](/microsoft-365/compliance/sensitivity-labels-meetings) and [DLP](/microsoft-365/compliance/dlp-teams-default-policy) to discover, classify, protect, and govern sensitive information.
+
+See the following articles:
+
+- [Use Microsoft Teams for collaboration](create-teams-for-collaboration.md)
+- [Set up meetings with Microsoft Teams](set-up-meetings.md)
+- [Share files and videos in a safe environment](share-files-and-videos.md)
+- [Defender for Office 365 support for Microsoft Teams](/microsoft-365/security/office-365-security/mdo-support-teams-about)
+- [Data Loss Prevention (DLP) in Microsoft Teams](/microsoft-365/compliance/dlp-teams-default-policy)
+- [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings)
+
+| Subscription | Recommendations |
+|||
+| [Microsoft 365 Business Premium](index.md) | Use Microsoft Teams for meetings and information sharing. <br/>Use [Safe Links & Safe Attachments](/microsoft-365/security/office-365-security/mdo-support-teams-about) with Microsoft Teams. <br/>Use [sensitivity labels](/microsoft-365/compliance/sensitivity-labels-meetings) to protect calendar items, Microsoft Teams meetings, and chat. <br/>Use the default [DLP policy](/microsoft-365/compliance/dlp-teams-default-policy) in Microsoft Teams. |
+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use Microsoft Teams.<br/>(*Defender for Office 365 can be added on*) |
+
+## 7. Set sharing settings for SharePoint and OneDrive files and folders
+
+Your default sharing levels for SharePoint and OneDrive might be set to a more permissive level than you should use. We recommend reviewing and if necessary, changing the default settings to better protect your business. Grant people only the access they need to do their jobs.
+
+Microsoft 365 Business Basic, Standard, and Premium include OneDrive and SharePoint.
+
+Microsoft 365 Business Premium also includes:
+
+- [Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet), with [Safe Links](/microsoft-365/security/office-365-security/safe-links-about) and [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about) for Microsoft Teams, SharePoint, and OneDrive.
+- [Azure Information Protection Plan 1](/azure/information-protection/what-is-information-protection), with capabilities to discover, classify, protect, and govern sensitive information.
+
+See the following articles:
+
+- [Set sharing settings for SharePoint and OneDrive](m365bp-increase-protection.md#set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders)
+- [Sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files)
+
+| Subscription | Recommendations |
+|||
+| [Microsoft 365 Business Premium](index.md) | Use SharePoint and OneDrive for storing and sharing files. <br/>[Set sharing settings for SharePoint and OneDrive](m365bp-increase-protection.md#set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders). <br/>Use [Safe Links](/microsoft-365/security/office-365-security/safe-links-about) and [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about) with SharePoint and OneDrive. <br/>Use [sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels) and [DLP](/microsoft-365/compliance/get-started-with-the-default-dlp-policy). |
+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) <br/> [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use SharePoint and OneDrive.<br/>(*Defender for Office 365 can be added on*) |
+
+## 8. Use Microsoft 365 Apps on devices
+
+Outlook and Microsoft 365 Apps (also referred to as Office apps) enable people to work productively and more securely across devices. Start a document on one device, and pick it up later on another device. Instead of sending files as email attachments, you can share links to documents that are stored in SharePoint or OneDrive.
+
+Microsoft 365 Business Basic, Standard, and Premium include Outlook and Web/mobile versions of [Microsoft 365 Apps](/deployoffice/about-microsoft-365-apps) (such as Word, PowerPoint, and Excel).
+
+Microsoft 365 Business Standard and Premium include desktop versions of Microsoft 365 Apps that can be installed on computers, tablets, and phones. Installing the Microsoft 365 Apps helps ensure users get the latest features, new tools, security updates, and bug fixes. (PC users also get Access and Publisher.)
+
+Microsoft 365 Business Premium also includes:
+- [Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet) (with Safe Links and Safe Attachments)
+- [Azure Information Protection Plan 1](/azure/information-protection/what-is-information-protection) (with sensitivity labels)
+
+See the following articles:
+
+- [Install Microsoft 365 Apps on all devices](m365bp-install-office-apps.md).
+- [Train your users on Microsoft 365](https://support.microsoft.com/topic/train-your-users-on-office-and-microsoft-365-7cba3c97-7f19-46ed-a1c6-763971a26c27)
+- [How Safe Links works in Microsoft 365 Apps](/microsoft-365/security/office-365-security/safe-links-about#how-safe-links-works-in-office-apps)
+- [Sensitivity bar in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-office-apps#sensitivity-bar)
+
+| Subscription | Recommendations |
+|||
+| [Microsoft 365 Business Premium](index.md)<br/> [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md) | [Install Microsoft 365 Apps on all devices](m365bp-install-office-apps.md). <br/>Share the [Employee quick setup guide with users](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). |
+| [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use Outlook and Web/mobile versions of Microsoft 365 Apps. |
+
+## 9. Manage calendar sharing for your business
+
+You can help people in your organization share their calendars appropriately for better collaboration. You can manage what level of detail they can share, such as by limiting the details that are shared to free/busy times only.
+
+Microsoft 365 Business Basic, Standard, and Premium include Outlook and Exchange Online.
+
+Microsoft 365 Business Premium also includes [Azure Information Protection Plan 1](/azure/information-protection/what-is-information-protection), and that includes DLP policies to protect sensitive information.
+
+See the following articles:
+
+- [Manage calendar sharing](m365bp-increase-protection.md#manage-calendar-sharing)
+- [Get started with the default DLP policy](/microsoft-365/compliance/get-started-with-the-default-dlp-policy)
+
+| Subscription | Recommendations |
+|||
+| [Microsoft 365 Business Premium](index.md) | Use Outlook and Exchange Online for email and calendars.<br/>[Get started using your default DLP policy](/microsoft-365/compliance/get-started-with-the-default-dlp-policy). |
+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/>[Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use Outlook and Exchange Online for email and calendars. |
+
+## 10. Maintain your environment
+
+After your initial setup and configuration of Microsoft 365 for business is complete, your organization needs a maintenance and operations plan. As employees come and go, you'll need to add or remove users, reset passwords, and maybe even reset devices to factory settings. You'll also want to make sure people have only the access they need to do their jobs.
+
+Microsoft 365 Business Basic, Standard, and Premium include the [Microsoft 365 admin center](https://admin.microsoft.com) and the [Azure AD portal](https://entra.microsoft.com) for managing user accounts.
+
+Microsoft 365 Business Premium also includes advanced security and compliance capabilities. You can use the [Microsoft 365 Defender portal](https://security.microsoft.com) or the [Microsoft 365 Purview compliance portal](https://compliance.microsoft.com/) for viewing and managing security & compliance capabilities.
+
+See the following articles:
+
+- [Maintain your environment](m365bp-maintain-environment.md)
+- [Security incident management in Microsoft 365 Business Premium](m365bp-security-incident-management.md)
+- [Microsoft 365 Business Premium security operations guide](m365bp-security-incident-quick-start.md)
+| Subscription | Recommendations |
+|||
+| [Microsoft 365 Business Premium](index.md) | Use the [Microsoft 365 admin center](https://admin.microsoft.com) or the [Azure AD portal](https://entra.microsoft.com) for managing user accounts.<br/>Use the [Microsoft 365 Defender portal](https://security.microsoft.com) and the [Microsoft 365 Purview compliance portal](https://compliance.microsoft.com/) for viewing and managing security & compliance capabilities. <br/>If preferred, you can use the [Intune admin center](https://intune.microsoft.com) to view or manage devices. |
+| [Microsoft 365 Business Standard](../admin/setup/setup-business-standard.md)<br/> [Microsoft 365 Business Basic](../admin/setup/setup-business-basic.md) | Use the [Microsoft 365 admin center](https://admin.microsoft.com) or the [Azure AD portal](https://entra.microsoft.com) to view or manage user accounts. |
## See also
compliance Communication Compliance Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-teams.md
+
+ Title: Microsoft Teams and Microsoft Purview Communication Compliance
+description: Learning about communication compliance, part of the insider risk solution set, from the Microsoft Teams perspective (this is part of the Microsoft 365 communication compliance functionality).
+++++
+audience: admin
+ Last updated : 04/17/2023
+ms.localizationpriority: medium
+search.appverid: MET150
+f1.keywords:
+- NOCSH
+
+- tier1
+- purview-compliance
+- M365-collaboration
+appliesto:
+ - Microsoft Teams
++
+# Microsoft Teams and Microsoft Purview Communication Compliance
+
+Microsoft Purview Communication Compliance is an insider risk solution in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization.
+
+For Microsoft Teams, communication compliance helps identify the following types of inappropriate content in Teams channels, Private Teams channels, or in 1:1 and group chats:
+
+- Offensive, profane, and harassing language
+- Adult, racy, and gory images
+- Sharing of sensitive information
+
+Watch the video below to learn how to detect communication risks in Microsoft Teams with communication compliance:
+ <br>
+ <br>
+ >[!VIDEO https://www.microsoft.com/videoplayer/embed/RW11p2Z]
+
+For more information on communication compliance and how to configure policies for your organization, see [Learn about communication compliance](communication-compliance.md).
+
+## How to use communication compliance in Microsoft Teams
+
+Communication compliance and Microsoft Teams are tightly integrated and can help minimize communication risks in your organization. After you've configured your first communication compliance policies, you can actively manage inappropriate Microsoft Teams messages and content that is automatically flagged in alerts.
+
+### Getting started
+
+Getting started with communication compliance in Microsoft Teams begins with [planning](communication-compliance-plan.md) and creating pre-defined or custom policies to identify inappropriate user activities in Teams channels or in 1:1 and groups. Keep in mind that you'll need to [configure](communication-compliance-configure.md) some permissions and basic prerequisites as part of the configuration process.
+
+Teams administrators can configure communication compliance policies at the following levels:
+
+- **User level**: Policies at this level apply to an individual Teams user or may be applied to all Teams users in your organization. These policies cover messages that these users may send in 1:1 or group chats. Chat communications for the users are automatically monitored across all Microsoft Teams where the users are a member.
+- **Teams level**: Policies at this level apply to a Microsoft Teams channel, including a Private channel. These policies cover messages sent in the Teams channel only.
+
+### Report a message in Microsoft Teams
+
+> [!NOTE]
+> The *User-reported messages* policy is implemented for your organization after you create your first communication compliance policy. It can take up to thirty days for this feature to be available after you create your first policy.
+
+The *Report inappropriate content* option for Teams personal and group chat messages is enabled by default and can be controlled via Teams messaging policies in the [Teams admin center](/microsoftteams/manage-teams-in-modern-portal). This allows users in your organization to submit inappropriate internal chat messages for review by communication compliance reviewers for the policy. For more information about user-reported messages in communication compliance, see [Communication compliance policies](communication-compliance-policies.md#user-reported-messages-policy).
+
+To access the feature, from a Teams chat, a user selects **More options** (...) > **More actions** > **Report this message**.
+
+![Report this message menu.](../media/communication-compliance-report-message.png)
+
+In the next dialog box, the user selects the **Inappropriate - Harassment, violence, nudity, and disturbing content** option from the **Select a problem** list.
+
+![Report a message choices.](../media/communication-compliance-report-message-choices.png)
+
+> [!NOTE]
+> The other choice in the list (**Security risk- Spam, phishing, malicious content**), if available, is managed by Microsoft Defender for Office 365. The user might also be presented with just the **Inappropriate - Harassment, violence, nudity, and disturbing content** option, depending on which policy options are turned on in the Microsoft Teams admin center.
+
+After submitting the message for review, the user receives a confirmation of the submittal in Microsoft Teams. Other participants in the chat do not see this notification.
+
+Users in your organization automatically get the global policy unless you create and assign a custom policy. Edit the settings in the global policy or create and assign one or more custom policies to turn on or turn off this feature. For more information, see [Manage messaging policies in Teams](/microsoftteams/messaging-policies-in-teams).
+
+### Act on inappropriate messages in Microsoft Teams
+
+After you have configured your policies and have received communication compliance alerts for Microsoft Teams messages, it's time for compliance reviewers in your organization to act on these messages. This will also include user-reported messages if enabled for your organization. Reviewers can help safeguard your organization by reviewing communication compliance alerts and removing flagged messages from view in Microsoft Teams.
+
+![Remove a message in Teams.](../media/communication-compliance-remove-teams-message.png)
+
+Removed messages and content are replaced with notifications for viewers explaining that the message or content has been removed and what policy is applicable to the removal. The sender of the removed message or content is also notified of the removal status and provided with original message content for context relating to its removal. The sender can also view the specific policy condition that applies to the message removal.
+
+Example of policy tip seen by sender:
+
+![Policy tip for sender.](../media/communication-compliance-warning-1.png)
+
+Example of policy notification seen by the sender:
+
+![Policy condition info for sender.](../media/communication-compliance-warning-2.png)
+
+Example of policy tip seen by recipient:
+
+![Policy tip for recipient.](../media/communication-compliance-warning-3.png)
compliance Device Onboarding Macos Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-macos-overview.md
Endpoint DLP supports these browsers on macOS (three latest released versions):
See, [Microsoft 365 licensing guidance for information protection](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection-data-loss-prevention-for-exchange-online-sharepoint-online-and-onedrive-for-business).
+## Conditions supported on macOS
+
+Once a macOS device is onboarded into Microsoft Purview solutions, you can use the following condition with data loss prevention (DLP) policies:
+
+**Content Contains** ΓÇô Applies to documents that contain sensitive information types and sensitivity labels.
+ ## Activities that can be audited and restricted on macOS Once a macOS device is onboarded into Microsoft Purview solutions, you can monitor and restrict the following actions using data loss prevention (DLP) policies.
compliance Device Onboarding Script https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-script.md
You can also manually onboard individual devices to Microsoft 365. You might wan
![Window Start menu pointing to Run as administrator.](../media/dlp-run-as-admin.png)
-9. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd*
+9. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\DeviceOnboardingScript.cmd*
10. Press the **Enter** key or click **OK**.
compliance Ediscovery Managing Jobs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-managing-jobs.md
f1.keywords:
Previously updated : 03/31/2023 Last updated : 05/02/2023 audience: Admin
search.appverid:
# Manage jobs in eDiscovery (Premium)
-Here's a list of the jobs (which are typically long-running processes) that are tracked on the **Jobs** tab of a case in Microsoft Purview eDiscovery (Premium). These jobs are triggered by user actions when using and managing cases.
+## Jobs report (preview)
+
+eDiscovery (Premium) includes a jobs report tool that lists all jobs that count towards the jobs concurrency and daily limits in eDiscovery for a defined time period. eDiscovery administrators can access this report and can use this report to see the job activities across Content Search activities and eDiscovery (Standard and Premium) cases.
+
+The job report summarizes the following key information for jobs up to the last 30 days:
+
+- All jobs that are in progress or completed (successfully or with error) in a specified time range across eDiscovery Standard and Premium.
+- Insights into how far away your organization is from reaching job-related organization-wide limits.
+- Creates a .csv report for the list of jobs.
+- Filters for job types, statuses, and for hours/days.
+- Quick access to case/job pages by selecting case name links.
+
+The following eDiscovery (Premium) job types currently don't count towards the concurrency/daily limits and aren't shown in the report:
+
+- Prepare for export
+- Run analytics
+- Tag Items
+- Compare load sets
+- Convert redacted items to PDF
+- Relevance train and Relevance load
+- Prepare remediation
+
+>[!NOTE]
+>Any jobs included in the list view of the report and that have run for more than 24 hours do not contribute towards the concurrency/daily limits for your organization.
+
+The following eDiscovery (Premium) jobs started in classic cases don't contribute to throttling limits and aren't reflected in the report. However, these jobs started for cases in the New case format are included in the report:
+
+- Adding non-Microsoft 365 data to a review set
+- Adding remediated data to a review set
+- Re-indexing custodian data
+- Adding data to a review set
+- Adding data to another review set
+
+## Job types and descriptions
+
+Long-running processes are associated with specific jobs that support cases, collections, and reporting in Microsoft Purview eDiscovery (Premium). These jobs are triggered by user actions when using and managing cases and collections.
|Job type|Description| |||
-|Adding data to a review set|A user adds a collection to a review set. This job consists of two sub jobs: <ul><li>**Export** - A list of items in the collection is generated.</li><li>**Ingestion & Indexing** - The items in the collection that match the search query are copied to an Azure Storage location (in a process called *ingestion*) and then those items in the Azure Storage location are reindexed. This new index is used when querying and analyzing items in the data set.</li><ul> <p> For more information, see [Add search results to a review set](ediscovery-add-data-to-review-set.md).|
-|Adding data to another review set|A user adds documents from one review set to a different review set in the same case. For more information, see [Add data to a review set from another review set](ediscovery-add-data-to-review-set-from-another-review-set.md).|
-|Adding non-Microsoft 365 data to a review set|A user uploads non-Microsoft 365 data to a review set. The data is also indexed during this process. For example, files from an on-premises file server or a client computer are uploaded to a review set. For more information, see [Load non-Microsoft 365 data into a review set](ediscovery-load-non-office-365-data-into-a-review-set.md).|
-|Adding remediated data to a review set|Data with processing errors is remediated and loaded back into a review set. For more information, see: <ul><li>[Error remediation when processing data](ediscovery-error-remediation-when-processing-data.md)</li><li>[Single item error remediation](ediscovery-single-item-error-remediation.md)</li></ul>|
-|Comparing load sets|A user looks at the differences between different load sets in a review set. A load set is an instance of adding data to a review set. For example, if you add the results of two different searches to the same review set, each would represent a load set.|
-|Conversation reconstruction|When a user adds the results of a search to a conversation review set, instant message conversations (also called *threaded conversations*) in services like Microsoft Teams are reconstructed in a PDF file. This job is also triggered when a user selects **Action > Create conversation PDFs** in a review set. For more information, see [Review conversations in eDiscovery (Premium)](ediscovery-conversation-review-sets.md).
-|Converting redacted documents to PDF|After a user annotates a document in a review set and redacts a portion of it, they can choose to convert the redacted document to a PDF file. This ensures that the redacted portion won't be visible if the document is exported for presentation. For more information, see [View documents in a review set](ediscovery-view-documents-in-review-set.md).|
-|Estimating search results|After a user creates and runs or reruns a collection estimate, the search tool searches the index for items that match the search query and prepares an estimate that includes the number and total size of all items by the search, and the number of data sources searched. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md).|
-|Preparing data for export|A user exports documents from a review set. When the export process is complete, they can download the exported data to a local computer. For more information, see [Export case data](ediscovery-exporting-data.md).|
-|Preparing for error resolution|When a user selects a file and creates a new error remediation in the Error view on the **Processing** tab of a case, the first step in the process is to upload the file that has the processing error to an Azure Storage location in the Microsoft cloud. This job tracks the progress of the upload process. For more information about the error remediation workflow, see [Error remediation when processing data](ediscovery-error-remediation-when-processing-data.md).|
-|Preparing search preview|After a user creates and runs a new collection estimate (or reruns an existing collection estimate), the search tool prepares a sample subset of items (that match the search query) that can be previewed. Previewing search results help you determine the effectiveness of the search. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md#view-search-results-and-statistics).|
-|Re-indexing custodian data|When you add a custodian to a case, all partially indexed items in the custodian's selected data sources are reindexed by a process called *Advanced indexing*. This job is also triggered when you select **Update index** on the **Processing** tab of a case, and when you update the index for a specific custodian on the custodian properties flyout page. For more information, see [Advanced indexing of custodian data](ediscovery-indexing-custodian-data.md).
-|Running analytics|A user analyzes data in a review set by running eDiscovery (Premium) analytics tools such as near duplicate detection, email threading analysis, and themes analysis. For more information, see [Analyze data in a review set](ediscovery-analyzing-data-in-review-set.md).|
-|Tagging documents|This job is triggered when a user selects **Start tagging job** in the **Tagging panel** when reviewing documents in a review set. A user can start this job after tagging documents in a review set and then bulk-selecting them in the view document panel. For more information, see [Tag documents in a review set](ediscovery-tagging-documents.md).|
+| Add external data | A user uploads non-Microsoft 365 data to a review set. The data is also indexed during this process. For example, files from an on-premises file server or a client computer are uploaded to a review set. For more information, seeΓÇ»[Load non-Microsoft 365 data into a review set](ediscovery-load-non-office-365-data-into-a-review-set.md). |
+| Add items to another review set | A user adds documents from one review set to a different review set in the same case. For more information, see [Add data to a review set from another review set](ediscovery-add-data-to-review-set-from-another-review-set.md). |
+| Add items to review set | A user adds a collection to a review set. This job consists of two sub jobs: <br> - **Export** - A list of items in the collection is generated. <br> - **Ingestion & Indexing** - The items in the collection that match the search query are copied to an Azure Storage location (in a process called *ingestion*) and then those items in the Azure Storage location are reindexed. This new index is used when querying and analyzing items in the data set. <br><br> For more information, see [Add search results to a review set](ediscovery-add-data-to-review-set.md). |
+|Adding remediated items to a review set|Data with processing errors is remediated and loaded back into a review set. For more information, see: <ul><li>[Error remediation when processing data](ediscovery-error-remediation-when-processing-data.md)</li><li>[Single item error remediation](ediscovery-single-item-error-remediation.md)</li></ul>|
+| Apply holds | A user adds custodial and non-custodial sources on the Data sources page and places them on hold. This triggers an Apply holds job. For more information, see, [Work with custodians in eDiscovery (Premium)](ediscovery-managing-custodians.md). |
+|Compare load sets|A user looks at the differences between different load sets in a review set. A load set is an instance of adding data to a review set. For example, if you add the results of two different searches to the same review set, each would represent a load set.|
+|Converting redacted items to PDF|After a user annotates a document in a review set and redacts a portion of it, they can choose to convert the redacted document to a PDF file. This ensures that the redacted portion won't be visible if the document is exported for presentation. For more information, see [View documents in a review set](ediscovery-view-documents-in-review-set.md).|
+| Create conversation PDFs | When a user adds the results of a search to a conversation review set, instant message conversations (also called threaded conversations) in services like Microsoft Teams are reconstructed in a PDF file. This job is also triggered when a user selects **Action** > **Create conversation PDFs in a review set**. For more information, see [Review conversations in eDiscovery (Premium)](ediscovery-conversation-review-sets.md). |
+|Prepare search estimates|After a user creates and runs or reruns a collection estimate, the search tool searches the index for items that match the search query and prepares an estimate that includes the number and total size of all items by the search, and the number of data sources searched. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md).|
+| Import custodians | User imports multiple custodians at once by uploading a CSV file that contains the information necessary to add them to a case. For more information, see [Import custodians to an eDiscovery (Premium) case](ediscovery-bulk-add-custodians.md). |
+|Preparing for export|A user exports documents from a review set. When the export process is complete, they can download the exported data to a local computer. For more information, see [Export case data](ediscovery-exporting-data.md).|
+| Prepare remediation | When a user selects a file and creates a new error remediation in the Error view on the Processing tab of a case, the first step in the process is to upload the file that has the processing error to an Azure Storage location in the Microsoft cloud. This job tracks the progress of the upload process. For more information about the error remediation workflow, see [Error remediation when processing data](ediscovery-error-remediation-when-processing-data.md). |
+|Prepare search preview|After a user creates and runs a new collection estimate (or reruns an existing collection estimate), the search tool prepares a sample subset of items (that match the search query) that can be previewed. Previewing search results help you determine the effectiveness of the search. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md#view-search-results-and-statistics).|
+| Purge data | Use eDiscovery (Premium) and the Microsoft Graph Explorer to search for and delete chat messages in Microsoft Teams. This feature can help you find and remove sensitive information or inappropriate content. This search and purge workflow will also help you respond to a data spillage incident, when content containing confidential or malicious information is released through Teams chat messages. |
+|Reindex data sources|When you add custodial or non-custodial data sources to a case, all partially indexed items in the selected data source locations are reindexed by a process called *Advanced indexing*. This job is also triggered when you select **Update index** on the **Processing** tab of a case, and when you update the index for a specific data source on the properties flyout page. For more information, see [Advanced indexing of custodian data](ediscovery-indexing-custodian-data.md).|
+| Relevance load | This job is triggered when user starts a "new model" - Review set > Manage predictive coding models (preview). It sets up the machine learning model. After you create a model, the following things occur in the background during the creation and preparation of the model: <br><br> - The system calculates the number of items for the control set. This size is based on the number of items in the review set and the settings for the confidence level and the margin of error. Items for the control set are randomly selected and designated as control set items. The system includes 10 items from the control set in the first round of training. <br><br> - The system randomly selects 40 items from the review set to be included in the training set for the first round of training. Therefore, the first round of training includes 50 items for labeling: 40 items from the training set and 10 items from the control set.|
+|Run analytics|A user analyzes data in a review set by running eDiscovery (Premium) analytics tools such as near duplicate detection, email threading analysis, and themes analysis. For more information, see [Analyze data in a review set](ediscovery-analyzing-data-in-review-set.md).|
+|Tag items|This job is triggered when a user selects **Start tagging job** in the **Tagging panel** when reviewing documents in a review set. A user can start this job after tagging documents in a review set and then bulk-selecting them in the view document panel. For more information, see [Tag documents in a review set](ediscovery-tagging-documents.md).|
[!INCLUDE [purview-preview](../includes/purview-preview.md)] ## Job status
-The following table describes the different status states for jobs.
-
-|Status|Description|
-|||
-|Submitted|A new job was created. The date and time that the job was submitted is displayed in the **Created** column on the **Jobs** tab.|
-|Submission failed|The job submission failed. You should attempt to rerun the action that triggered the job.|
-|In progress|The job is in progress, you can monitor the progress of the job in the **Jobs** tab.|
-|Successful|The job was successfully completed. The date and time that the job completed is displayed in the **Completed** column on the **Jobs** tab.|
-|Partially successful|The job was successful. This status is typically returned when the job didn't find any partially indexed data (also called *unindexed data*) in some of the custodian data sources.|
-|Failed|The job failed. You should attempt to rerun the action that triggered the job. If the job fails a second time, we recommend that you contact Microsoft Support and provide the support information from the job.|
-
-## Job data retention
+The following table describes the different status states for jobs:
-Data retention for log information for all jobs is retained for up to 29 days by default.
+|**Status**|**Description**|
+|:|:--|
+| Submitted | A new job was created. The date and time that the job was submitted is displayed in the **Created** column on the **Jobs** tab.|
+| Submission failed | The job submission failed. You should attempt to rerun the action that triggered the job.|
+| In progress |The job is in progress, you can monitor the progress of the job in the **Jobs** tab.|
+|Successful/Completed|The job was successfully completed. The date and time that the job completed is displayed in the **Completed** column on the **Jobs** tab.|
+| Partially successful | The job was successful. This status is typically returned when the job didn't find any partially indexed data (also called *unindexed data*) in some of the custodian data sources.|
+| Failed/Completed with errors| The job failed. You should attempt to rerun the action that triggered the job. If the job fails a second time, we recommend that you contact Microsoft Support and provide the support information from the job.|
enterprise Microsoft 365 Multi Geo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-multi-geo.md
description: In this article, learn how to expand your Microsoft 365 presence to
# Microsoft 365 Multi-Geo
-The Microsoft 365 Multi-Geo Capabilities add-on provides customers with the ability to expand their Microsoft 365 presence to multiple geographic regions or countries within a single existing Microsoft 365 _Tenant_. Multi-Geo enables customers to manage data-at-rest locations at a granular level for their users, SharePoint sites, Microsoft 365 Groups, and Microsoft Teams teams level. Multi-Geo is targeted to customers who have a need to store customer data in multiple geographies at the same time to satisfy their data residency requirements and whose needs may change over time.
+The Microsoft 365 Multi-Geo Capabilities add-on provides Enterprise Agreement customers with the ability to expand their Microsoft 365 presence to multiple geographic regions within a single existing Microsoft 365 _Tenant_. Multi-Geo enables customers to manage data-at-rest locations at a granular level for their users, SharePoint sites, Microsoft 365 Groups, and Microsoft Teams teams level. Multi-Geo is targeted to customers who have a need to store data in multiple geographies to satisfy their data residency requirements.
-Microsoft 365 Multi-Geo is designed to meet customers' data residency requirements and allow for collaboration between and amongst the customers satellite location and preferred data locations. If customer requires performance optimization functionalities for Microsoft 365, see <a href="https://support.office.com/article/e5f1228c-da3c-4654-bf16-d163daee8848" target="_blank">Network planning and performance tuning for Microsoft 365</a> or contact your support group.
+Starting June 1, 2023, CSP partners can purchase Multi-Geo Capabilities for their customers who are using Microsoft 365, Office 365, Exchange, OneDrive and SharePoint subscriptions. With Microsoft 365 Multi-Geo, CSP partners will be able to ensure their customers meet their data residency requirements.
+
+Microsoft 365 Multi-Geo is designed to meet your data residency requirements while retaining single-tenant administration and full-fidelity collaboration experiences between users as necessary.
+
+If a customer requires performance optimization functionalities for Microsoft 365, see <a href="https://support.office.com/article/e5f1228c-da3c-4654-bf16-d163daee8848" target="_blank">Network planning and performance tuning for Microsoft 365</a> or contact your support group.
>[!NOTE]
->Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams are available for Multi-Geo configuration. See the data residency commitment sections for [Exchange Online](m365-dr-workload-exo.md), [SharePoint Online and OneDrive for Business](m365-dr-workload-spo.md), and [Microsoft Teams](m365-dr-workload-teams.md#data-residency-commitments-available) for more details.
+>Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams are available for Multi-Geo configuration. For more information about data residency commitments, see [Exchange Online](m365-dr-workload-exo.md), [SharePoint Online and OneDrive for Business](m365-dr-workload-spo.md), and [Microsoft Teams](m365-dr-workload-teams.md#data-residency-commitments-available) for more details.
For a video introduction to Microsoft 365 Multi-Geo, see [SharePoint Online and OneDrive Multi-Geo to control where your data resides](https://www.youtube.com/watch?v=Do9U3JuROhk).
In a Multi-Geo environment, your Microsoft 365 _Tenant_ consists of a central lo
## Licensing
-Microsoft 365 Multi-Geo is available as an add-on to the following Microsoft 365 subscription plans for Enterprise Agreement customers. Customers must purchase a number of Multi-Geo licenses equal to or greater than 5% of their total eligible seats. User subscription licenses must be on the same Enterprise Agreement as the Multi-Geo Services licenses. Please contact your Microsoft account team for details.
+Microsoft 365 Multi-Geo is available as an add-on to the following Microsoft 365 subscription plans.
+
+Enterprise Agreement customers must purchase a quantity of Multi-Geo licenses equal to or greater than 5% of their total eligible seats. Similarly, CSP partners must purchase a quantity of Multi-Geo licenses equal to or greater than 5% of their customer's total eligible Microsoft 365 seats. For Enterprise customers, user subscription licenses must be on the same Enterprise Agreement as the Multi-Geo Services licenses. Contact your Microsoft account team for details.
- Microsoft 365 F1, F3, E3, or E5 - Office 365 F3, E1, E3, or E5
Microsoft 365 Multi-Geo is available as an add-on to the following Microsoft 365
- OneDrive for Business Plan 1 or Plan 2 - SharePoint Online Plan 1 or Plan 2
-Note that the _Multi-Geo Capabilities in Microsoft 365_ plan are a user-level add-on license. You need a license for each user that you want to host in a _Satellite Geography_ location. You can add additional licenses over time as you add users in _Satellite Geography_ locations.
+Note that _Multi-Geo Capabilities in Microsoft 365_ is a user-level add-on license. You need a license for each user that you want to host in a _Satellite Geography_ location. You can add more licenses over time as you add users in _Satellite Geography_ locations.
-There are no Multi-Geo licenses specific to shared resources such as SharePoint Sites, Microsoft 365 Groups, or Microsoft Teams teams. If enough Multi-Geo user licenses have been acquired, then customers are eligible to use Multi-Geo with SharePoint Sites, Microsoft 365 Groups, and Microsoft Teams teams without limitation.
+There are no Multi-Geo licenses specific to shared resources such as SharePoint Sites, Microsoft 365 Groups, or Microsoft Teams teams. If enough Multi-Geo user licenses have been acquired, then customers are eligible to use Multi-Geo with shared resources without limitation.
## Microsoft 365 Multi-Geo availability
-Microsoft 365 Multi-Geo is currently offered in these regions and countries:
+Microsoft 365 Multi-Geo is currently offered in these regions:
[!INCLUDE [Microsoft 365 Multi-Geo locations](../includes/microsoft-365-multi-geo-locations.md)] ## Getting started
-Follow these steps to get started with Multi-Geo:
+Whether you're a CSP partner managing your customerΓÇÖs Microsoft 365 subscriptions or an Enterprise Agreement customer managing your own subscriptions, you can follow these steps to get started with Multi-Geo:
-1. Work with your account team to add the _Multi-Geo Capabilities in Microsoft 365_ service plan. They will guide you to add the number of licenses needed. Multi-Geo feature is available to Enterprise Agreement customers.
+1. Ensure that you purchase Multi-Geo for at least 5% of the total eligible seats in your Microsoft 365 subscription. Remember that you'll need a license for each user you want to host in a _Satellite Geography_ location.
-2. Before you can start using Microsoft 365 Multi-Geo, Microsoft needs to configure your Exchange Online _Tenant_ for Multi-Geo support. This one-time configuration process is triggered after you order the _Multi-Geo Capabilities in Microsoft 365_ service plan and the licenses show up in your _Tenant_. You will receive workload-specific notifications in the [Microsoft 365 message center](https://support.office.com/article/38FB3333-BFCC-4340-A37B-DEDA509C2093) once your _Tenant_ has completed the configuration process for each workload, and you then may begin configuring and using your Microsoft 365 Multi-Geo capabilities. The time required to configure a _Tenant_ for Multi-Geo support varies from _Tenant_ to _Tenant_, but most _Tenants_ finish within a month after receipt of the feature licenses. Larger or more complex _Tenants_ may require more time to complete the configuration process. Please contact your account team for details on your specific _Tenant_ should you require it.
+2. Before you can start using Microsoft 365 Multi-Geo, Microsoft needs to configure your _Tenant_ for Multi-Geo support. This one-time automatic configuration process is triggered after you order the _Multi-Geo Capabilities in Microsoft 365_ and the licenses show up in your _Tenant_. You'll receive workload-specific notifications in the [Microsoft 365 message center](https://support.office.com/article/38FB3333-BFCC-4340-A37B-DEDA509C2093) once the _Tenant_ has completed the configuration process for each workload, and then you may begin configuring and using your Microsoft 365 Multi-Geo capabilities. The time required to configure a _Tenant_ for Multi-Geo support varies from _Tenant_ to _Tenant_, but most _Tenants_ finish within a month after receipt of the feature licenses. Larger or more complex _Tenants_ may require more time to complete the configuration process.
3. Read [Plan your multi-geo environment](plan-for-multi-geo.md). 4. Learn about [administering a multi-geo environment](administering-a-multi-geo-environment.md) and [how your users will experience the environment](multi-geo-user-experience.md).
-5. When you are ready to set up Microsoft 365 Multi-Geo, [configure your tenant for multi-geo](multi-geo-tenant-configuration.md).
+5. When you're ready to set up Microsoft 365 Multi-Geo, [configure your tenant for multi-geo](multi-geo-tenant-configuration.md).
6. [Set up search](configure-search-for-multi-geo.md). > [!NOTE]
-> For more information on the Microsoft 365 services that support Multi-Geo please see the [EXO](m365-dr-workload-exo.md), [ODSP](m365-dr-workload-spo.md) and [Teams](m365-dr-workload-teams.md) workload data residency pages for more details.
+> For more information on the Microsoft 365 services that support Multi-Geo, see the [EXO](m365-dr-workload-exo.md), [ODSP](m365-dr-workload-spo.md) and [Teams](m365-dr-workload-teams.md) workload data residency pages for more details.
## See also
enterprise Plan For Multi Geo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/plan-for-multi-geo.md
description: "Learn about Microsoft 365 Multi-Geo, how multi-geo works, and what
# Plan for Microsoft 365 Multi-Geo
-This guidance is designed for administrators of _Tenants_ preparing their Microsoft 365 _Tenant_ to be expanded to additional Geographies in accordance with the company's need to meet data residency requirements.
+This guidance is for administrators of _Tenants_ preparing their Microsoft 365 _Tenant_ to meet their data residency requirements.
-In a Multi-Geo configuration, your Microsoft 365 _Tenant_ consists of a _Primary Provisioned Geography_ location and one or more _Satellite Geography_ locations. This is a single _Tenant_ that spans across multiple _Geography_ locations.
+In a Multi-Geo configuration, your Microsoft 365 _Tenant_ consists of a _Primary Provisioned Geography_ location and multiple _Satellite Geography_ locations. You retain a single _Tenant_ that spans across multiple _Geography_ locations retaining single-tenant administration and full-fidelity collaboration experiences across _Geographies_.
-To help you understand the basic concepts of the Multi-Geo configuration, please review terms in the Definitions section of the [Overview and Definitions page](m365-dr-overview.md).
+To help you understand the basic concepts of the Multi-Geo configuration, review terms in the Definitions section of the [Overview and Definitions page](m365-dr-overview.md).
Enabling Multi-Geo requires four key steps:
-1. Work with your account team to add the _Multi-Geo Capabilities in Microsoft 365_ service plan.
+1. Purchase the _Multi-Geo Capabilities in Microsoft 365_ add-on SKU for your Microsoft 365 subscription.
-2. Choose your desired _Satellite Geography_ location(s) and add them to your _Tenant_.
+2. Configure any workloads that require customer specific settings for Multi-Geo.
-3. Set your users' Preferred Data Location to the desired _Satellite Geography_ location. When a new OneDrive for Business site or Exchange Online mailbox is provisioned for a user, it is provisioned to their PDL.
+3. Set your users' Preferred Data Location (PDL) to the desired _Satellite Geography_ location. A new userΓÇÖs OneDrive for Business site, Exchange Online mailbox, and Teams chat store is provisioned in the _Geography_ defined by their PDL value if the value is configured prior to assigning them a Microsoft 365 license. When an existing user's PDL value is set to a new value, then their existing Exchange Online mailbox and Teams chat store will automatically be migrated to the new geography.
-4. Migrate your users' existing OneDrive for Business sites from the _Primary Provisioned Geography_ location to their _Satellite Geography_ data location as needed. (Exchange Online mailboxes are migrated automatically when you set a user's PDL.)
+4. Migrate your users' existing OneDrive for Business sites from the _Primary Provisioned Geography_ location to their _Satellite Geography_ data location as needed. OneDrive for Business sites don't migrate automatically like Exchange Online mailboxes or Teams chat stores.
See [Configure Microsoft 365 Multi-Geo](multi-geo-tenant-configuration.md) for details on each of these steps.
-Please see the [Availability section](microsoft-365-multi-geo.md#microsoft-365-multi-geo-availability) of the M365 Multi-Geo Overview page for the _Geographies_ that can be a _Satellite Geography_ location where you can host OneDrive for Business and SharePoint Online sites, Exchange Online mailboxes, and Microsoft Teams. As you plan for Multi-Geo, make a list of the locations that you want to add to your Microsoft 365 _Tenant_. We recommend starting with one or two satellite locations and then gradually expanding to more geo locations, if needed.
+See the [Availability section](microsoft-365-multi-geo.md#microsoft-365-multi-geo-availability) of the Microsoft 365 Multi-Geo Overview page for the _Geographies_ that can be a _Satellite Geography_.
## Best practices We recommend that you create a test user in Microsoft 365 to do some initial testing. We'll walk through some testing and verification steps with this user before you proceed to onboard production users into Microsoft 365 Multi-Geo.
-Once you've completed testing with the test user, select a pilot group ΓÇô perhaps from your IT department ΓÇô to be the first to use OneDrive for Business and Exchange Online in a new geo location. For this first group, select users who do not yet have a OneDrive for Business. We recommend no more than five people in this initial group and gradually expand following a batched rollout approach.
+Once you've completed testing with the test user, select a pilot group ΓÇô perhaps from your IT department ΓÇô to be the first to use the Multi-Geo supporting workloads in _Satellite Geographies_.
-Each user should have a _preferred data location_ (PDL) set so that Microsoft 365 can determine in which _Geography_ location to provision their OneDrive. The user's preferred data location must match one of your chosen _Satellite Geography_ locations or your _Primary Provisioned Geography_. While the PDL field is not mandatory, we recommend that a PDL be set for all users. Workloads of a user without a PDL will be provisioned in the _Primary Provisioned Geography_.
+Each user should have a _preferred data location_ (PDL) set so that Microsoft 365 can determine in which _Geography_ location to provision or relocate their data to. The user's preferred data location must match one of the available _Geographies_. While the PDL field isn't mandatory, we do recommend that a PDL value is set for all users. Users without a PDL value set will be provisioned in the _Primary Provisioned Geography_. If the PDL value isn't a valid value, then a user's data will be provisioned in the _Primary Provisioned Geography_.
-Create a list of your users and include their user principal name (UPN) and the location code for the appropriate preferred data location. Include your test user and your initial pilot group to start with. You'll need this list for the configuration procedures.
+Create a list of your users and include their user principal name (UPN) and the Preferred Data Location code. Include your test user and your initial pilot group to start with. You'll need this list for the configuration procedures.
-If your users are synchronized from an on-premises Active Directory system to Azure Active Directory, you must set the preferred data location as an Active Directory attribute and synchronize it by using Azure Active Directory Connect. You cannot directly configure the preferred data location for synchronized users using Azure AD PowerShell. The steps to set up PDL in Active Directory and Synchronize it are covered in [Azure Active Directory Connect sync: Configure preferred data location for Microsoft 365 resources](/azure/active-directory/connect/active-directory-aadconnectsync-feature-preferreddatalocation).
+If your users are synchronized from an on-premises Active Directory system to Azure Active Directory, then you must set the preferred data location as an Active Directory attribute and synchronize it by using Azure Active Directory Connect. You can't directly configure the preferred data location for synchronized users using Azure AD PowerShell. The steps to set up PDL in Active Directory and Synchronize it are covered in [Azure Active Directory Connect sync: Configure preferred data location for Microsoft 365 resources](/azure/active-directory/connect/active-directory-aadconnectsync-feature-preferreddatalocation).
-The administration of a Multi-Geo _Tenant_ can differ from a non-multi-geo _Tenant_, as many of the SharePoint Online and OneDrive for Business settings and services are multi-geo aware. We recommend that you review [Administering a multi-geo environment](administering-a-multi-geo-environment.md) before you proceed with your configuration.
+The administration of a Multi-Geo _Tenant_ can differ from a non-multi-geo _Tenant_ in some scenarios. For example, many SharePoint Online and OneDrive for Business settings and services are multi-geo aware. We recommend that you review [Administering a multi-geo environment](administering-a-multi-geo-environment.md) before you proceed with your configuration.
Read [User experience in a multi-geo environment](multi-geo-user-experience.md) for details about your end users' experience in a Multi-Geo environment.
frontline Ehr Admin Oracle Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/ehr-admin-oracle-health.md
Before you integrate the Teams EHR connector in your healthcare organization, yo
- Identified a person in your organization who is a Microsoft 365 global admin with access to the [Teams admin center](https://admin.teams.microsoft.com). - Your systems meet all [software and browser requirements](/microsoftteams/hardware-requirements-for-the-teams-app) for Teams. - Oracle Health version November 2018 or later
+- Contact Microsoft at teamsforhealthcare@service.microsoft.com to get enrolled in the Oracle Cerner Code program.
> [!IMPORTANT] > PowerChart is only available in Microsoft Edge. Internet Explorer is no longer supported.
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of April 24, 2023
++
+| Published On |Topic title | Change |
+|||--|
+| 4/24/2023 | [Overview of Delegated Access in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-delegated-access-overview?view=o365-worldwide) | added |
+| 4/24/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified |
+| 4/24/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified |
+| 4/24/2023 | [Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) | modified |
+| 4/24/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |
+| 4/24/2023 | [Identify internet-facing devices in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/internet-facing-devices?view=o365-worldwide) | modified |
+| 4/24/2023 | [Live response command examples](/microsoft-365/security/defender-endpoint/live-response-command-examples?view=o365-worldwide) | modified |
+| 4/24/2023 | [Detecting human-operated ransomware attacks with Microsoft 365 Defender](/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide) | modified |
+| 4/25/2023 | [Onboard macOS devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-macos-overview?view=o365-worldwide) | modified |
+| 4/25/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified |
+| 4/25/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified |
+| 4/25/2023 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) | modified |
+| 4/25/2023 | [Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc?view=o365-worldwide) | modified |
+| 4/25/2023 | [Manage the workflow with the insider risk management users dashboard](/microsoft-365/compliance/insider-risk-management-users?view=o365-worldwide) | modified |
+| 4/26/2023 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide) | modified |
+| 4/26/2023 | [Download perpetual software and product license keys bought through the Cloud Solution Provider (CSP) program](/microsoft-365/admin/setup/download-software-licenses-csp?view=o365-worldwide) | modified |
+| 4/26/2023 | [How to secure your business data with Microsoft 365](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified |
+| 4/26/2023 | [Manage auto-claim policies](/microsoft-365/commerce/licenses/manage-auto-claim-policies?view=o365-worldwide) | modified |
+| 4/26/2023 | [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) | modified |
+| 4/26/2023 | [Error remediation when processing data](/microsoft-365/compliance/ediscovery-error-remediation-when-processing-data?view=o365-worldwide) | modified |
+| 4/26/2023 | [Learn about the default labels and policies to protect your data](/microsoft-365/compliance/mip-easy-trials?view=o365-worldwide) | modified |
+| 4/26/2023 | [Learn about sensitive information types](/microsoft-365/compliance/sensitive-information-type-learn-about?view=o365-worldwide) | modified |
+| 4/26/2023 | [Overview and Definitions](/microsoft-365/enterprise/m365-dr-overview?view=o365-worldwide) | modified |
+| 4/26/2023 | [Microsoft 365 Network Insights](/microsoft-365/enterprise/office-365-network-mac-perf-insights?view=o365-worldwide) | modified |
+| 4/26/2023 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-worldwide) | modified |
+| 4/26/2023 | [Use a prebuilt model to extract information from contracts in Microsoft Syntex](/microsoft-365/syntex/prebuilt-model-contract) | added |
+| 4/26/2023 | [Microsoft 365 Group mailbox size management](/microsoft-365/admin/create-groups/group-mailbox-size-management?view=o365-worldwide) | modified |
+| 4/26/2023 | [Microsoft 365 Health Dashboard](/microsoft-365/admin/manage/health-dashboard-overview?view=o365-worldwide) | modified |
+| 4/26/2023 | [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-worldwide) | modified |
+| 4/26/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified |
+| 4/26/2023 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-worldwide) | modified |
+| 4/26/2023 | [Create an enterprise model in Microsoft Syntex](/microsoft-365/syntex/create-syntex-model) | modified |
+| 4/26/2023 | [Overview of model types in Microsoft Syntex](/microsoft-365/syntex/model-types-overview) | modified |
+| 4/26/2023 | [Overview of prebuilt models in Microsoft Syntex](/microsoft-365/syntex/prebuilt-overview) | modified |
+| 4/26/2023 | [Requirements and limitations for models in Microsoft Syntex](/microsoft-365/syntex/requirements-and-limitations) | modified |
+| 4/26/2023 | [Step 5. Device and app management for your Microsoft 365 for enterprise tenants](/microsoft-365/solutions/tenant-management-device-management?view=o365-worldwide) | added |
+| 4/26/2023 | [Step 3. Identity for your Microsoft 365 for enterprise tenants](/microsoft-365/solutions/tenant-management-identity?view=o365-worldwide) | added |
+| 4/26/2023 | [Step 4. Migration for your Microsoft 365 for enterprise tenants](/microsoft-365/solutions/tenant-management-migration?view=o365-worldwide) | added |
+| 4/26/2023 | [Step 2. Optimal networking for your Microsoft 365 for enterprise tenants](/microsoft-365/solutions/tenant-management-networking?view=o365-worldwide) | added |
+| 4/26/2023 | [Tenant management for Microsoft 365 for enterprise](/microsoft-365/solutions/tenant-management-overview?view=o365-worldwide) | added |
+| 4/26/2023 | [Step 1. Your Microsoft 365 for enterprise tenants](/microsoft-365/solutions/tenant-management-tenants?view=o365-worldwide) | added |
+| 4/26/2023 | [Overview of inactive mailboxes](/microsoft-365/compliance/inactive-mailboxes-in-office-365?view=o365-worldwide) | modified |
+| 4/26/2023 | [Recover an inactive mailbox](/microsoft-365/compliance/recover-an-inactive-mailbox?view=o365-worldwide) | modified |
+| 4/26/2023 | [Restore an inactive mailbox](/microsoft-365/compliance/restore-an-inactive-mailbox?view=o365-worldwide) | modified |
+| 4/26/2023 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-worldwide) | modified |
+| 4/26/2023 | [Assign roles to Microsoft 365 user accounts with PowerShell](/microsoft-365/enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell?view=o365-worldwide) | modified |
+| 4/26/2023 | [Manage Microsoft 365 with PowerShell](/microsoft-365/enterprise/manage-microsoft-365-with-microsoft-365-powershell?view=o365-worldwide) | modified |
+| 4/26/2023 | [Tenant roadmap for Microsoft 365](/microsoft-365/enterprise/tenant-roadmap-microsoft-365?view=o365-worldwide) | modified |
+| 4/27/2023 | [Welcome to Business Assist](/microsoft-365/admin/misc/welcome-business-assist?view=o365-worldwide) | added |
+| 4/27/2023 | [Troubleshoot Microsoft Teams EHR connector setup and configuration](/microsoft-365/frontline/ehr-connector-troubleshoot-setup-configuration?view=o365-worldwide) | modified |
+| 4/27/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified |
+| 4/27/2023 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide) | modified |
+| 4/27/2023 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide) | modified |
+| 4/27/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified |
+| 4/27/2023 | [Get started with collecting files that match data loss prevention policies from devices (preview)](/microsoft-365/compliance/dlp-copy-matched-items-get-started?view=o365-worldwide) | added |
+| 4/27/2023 | [Learn about collecting files that match DLP policies from devices (preview)](/microsoft-365/compliance/dlp-copy-matched-items-learn?view=o365-worldwide) | added |
+| 4/27/2023 | [Why do I need Microsoft Defender for Office 365?](/microsoft-365/security/office-365-security/why-do-i-need-microsoft-defender-for-office-365?view=o365-worldwide) | renamed |
+| 4/27/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified |
+| 4/27/2023 | [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) | modified |
+| 4/27/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified |
+| 4/27/2023 | [Why do I need Microsoft Defender for Office 365?](/microsoft-365/security/office-365-security/why-do-i-need-microsoft-defender-for-office-365?view=o365-worldwide) | modified |
+| 4/27/2023 | Change Microsoft 365 for business plans manually | removed |
+| 4/27/2023 | [Upgrade or change to a different Microsoft 365 for business plan](/microsoft-365/commerce/subscriptions/upgrade-to-different-plan?view=o365-worldwide) | modified |
+| 4/27/2023 | [Get started with eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-premium-get-started?view=o365-worldwide) | modified |
+| 4/27/2023 | [Get started with eDiscovery (Standard)](/microsoft-365/compliance/ediscovery-standard-get-started?view=o365-worldwide) | modified |
+| 4/27/2023 | [Changing from a Microsoft 365 E plan to a Microsoft 365 F plan](/microsoft-365/frontline/switch-from-enterprise-to-frontline?view=o365-worldwide) | modified |
+| 4/28/2023 | [Configure review set grouping settings for eDiscovery (Premium) cases](/microsoft-365/compliance/ediscovery-configure-review-set-settings?view=o365-worldwide) | added |
+| 4/28/2023 | [Performing Bulk SharePoint site Cross-tenant migrations (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-bulk-site-migration?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint Cross-tenant SharePoint migration FAQs (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-faqs?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint Cross-tenant SharePoint migration Step 1 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step1?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint Cross-tenant SharePoint migration Step 2 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step2?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint Cross-tenant SharePoint migration Step 3 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step3?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint Cross-tenant SharePoint migration Step 4 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step4?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint Cross-tenant SharePoint migration Step 5 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step5?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint site Cross-tenant SharePoint migration Step 6 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step6?view=o365-worldwide) | added |
+| 4/28/2023 | [SharePoint Cross-Tenant User Data Migration Step 7 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step7?view=o365-worldwide) | added |
+| 4/28/2023 | [Cross-tenant SharePoint site migration overview (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration?view=o365-worldwide) | added |
+| 4/28/2023 | [Secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified |
+| 4/28/2023 | [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) | modified |
+| 4/28/2023 | [Publish and apply retention labels](/microsoft-365/compliance/create-apply-retention-labels?view=o365-worldwide) | modified |
+| 4/28/2023 | [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) | modified |
+| 4/28/2023 | [Disposition of content](/microsoft-365/compliance/disposition?view=o365-worldwide) | modified |
+| 4/28/2023 | [Add or remove members from an eEdiscovery (Premium) case](/microsoft-365/compliance/ediscovery-add-or-remove-members-from-a-case?view=o365-worldwide) | modified |
+| 4/28/2023 | [Close or delete an eDiscovery (Premium) case](/microsoft-365/compliance/ediscovery-close-or-delete-case?view=o365-worldwide) | modified |
+| 4/28/2023 | [Configure search and analytics settings for eDiscovery (Premium) cases](/microsoft-365/compliance/ediscovery-configure-search-and-analytics-settings?view=o365-worldwide) | modified |
+| 4/28/2023 | [Create and manage an eDiscovery (Premium) case](/microsoft-365/compliance/ediscovery-create-and-manage-cases?view=o365-worldwide) | modified |
+| 4/28/2023 | [Document metadata fields in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-document-metadata-fields?view=o365-worldwide) | modified |
+| 4/28/2023 | [Tag documents in a review set](/microsoft-365/compliance/ediscovery-tagging-documents?view=o365-worldwide) | modified |
+| 4/28/2023 | [Group and view documents in a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-view-documents-in-review-set?view=o365-worldwide) | modified |
+| 4/28/2023 | [Get started with data lifecycle management](/microsoft-365/compliance/get-started-with-data-lifecycle-management?view=o365-worldwide) | modified |
+| 4/28/2023 | [Get started with records management in Microsoft 365](/microsoft-365/compliance/get-started-with-records-management?view=o365-worldwide) | modified |
+| 4/28/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified |
+| 4/28/2023 | [Onboard macOS devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-macos-overview?view=o365-worldwide) | modified |
+| 4/28/2023 | [Onboard Windows 10 and Windows 11 devices using Mobile Device Management tools](/microsoft-365/compliance/device-onboarding-mdm?view=o365-worldwide) | modified |
+| 4/28/2023 | [Onboard and offboard macOS devices into Compliance solutions using Microsoft Intune for Microsoft Defender for Endpoint customers](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune-mde?view=o365-worldwide) | modified |
+| 4/28/2023 | [Onboard and offboard macOS devices into Microsoft Purview solutions using Microsoft Intune](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-worldwide) | modified |
+| 4/28/2023 | [Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro-mde?view=o365-worldwide) | modified |
+| 4/28/2023 | [Onboard and offboard macOS devices into Microsoft Purview solutions using JAMF Pro](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro?view=o365-worldwide) | modified |
+| 4/28/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |
++ ## Week of April 17, 2023
| 3/31/2023 | [Service advisories for auto-expanding archive utilization in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-exo-archive-advisory?view=o365-worldwide) | modified | | 3/31/2023 | [Printer Protection frequently asked questions](/microsoft-365/security/defender-endpoint/printer-protection-frequently-asked-questions?view=o365-worldwide) | modified | | 3/31/2023 | [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/schedule-antivirus-scans?view=o365-worldwide) | modified |--
-## Week of March 20, 2023
--
-| Published On |Topic title | Change |
-|||--|
-| 3/21/2023 | [Connect your DNS records at GoDaddy to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-godaddy?view=o365-worldwide) | modified |
-| 3/21/2023 | [Detailed properties in the audit log](/microsoft-365/compliance/audit-log-detailed-properties?view=o365-worldwide) | modified |
-| 3/21/2023 | [View documents in a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-view-documents-in-review-set?view=o365-worldwide) | modified |
-| 3/21/2023 | [Overview of Copilot in Microsoft Syntex](/microsoft-365/syntex/syntex-copilot) | added |
-| 3/20/2023 | [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) | modified |
-| 3/20/2023 | [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide) | modified |
-| 3/20/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified |
-| 3/20/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | modified |
-| 3/20/2023 | [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) | modified |
-| 3/22/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified |
-| 3/22/2023 | [Learn about importing organization PST files](/microsoft-365/compliance/importing-pst-files-to-office-365?view=o365-worldwide) | modified |
-| 3/22/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |
-| 3/22/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified |
-| 3/22/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified |
-| 3/22/2023 | [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform?view=o365-worldwide) | modified |
-| 3/21/2023 | [Plan for insider risk management](/microsoft-365/compliance/insider-risk-management-plan?view=o365-worldwide) | modified |
-| 3/21/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | modified |
-| 3/22/2023 | [Turn the profile video feature on or off for all users in your Microsoft 365 organization](/microsoft-365/admin/misc/admin-controls-profile-videos?view=o365-worldwide) | added |
-| 3/22/2023 | [Microsoft Secure Score for Devices](/microsoft-365/security/defender-vulnerability-management/tvm-microsoft-secure-score-devices?view=o365-worldwide) | modified |
-| 3/22/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified |
-| 3/22/2023 | [Select the domain to use for email from Microsoft 365 products](/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products?view=o365-worldwide) | modified |
-| 3/22/2023 | [Use data connectors to import and archive third-party data in Microsoft 365](/microsoft-365/compliance/archiving-third-party-data?view=o365-worldwide) | modified |
-| 3/22/2023 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) | modified |
-| 3/24/2023 | [What's new in Microsoft 365 Business Premium and Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-mdb-whats-new?view=o365-worldwide) | modified |
-| 3/24/2023 | [Onboard your organization's devices to Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-onboard-devices-mdb?view=o365-worldwide) | modified |
-| 3/24/2023 | [Use retention labels to manage SharePoint document lifecycle](/microsoft-365/compliance/auto-apply-retention-labels-scenario?view=o365-worldwide) | modified |
-| 3/24/2023 | [Mobile threat defense capabilities in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-mtd?view=o365-worldwide) | added |
-| 3/24/2023 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified |
-| 3/24/2023 | [Reports in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-reports?view=o365-worldwide) | modified |
-| 3/24/2023 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) | modified |
-| 3/24/2023 | [Add or remove a tag for multiple machines](/microsoft-365/security/defender-endpoint/add-or-remove-multiple-machine-tags?view=o365-worldwide) | added |
-| 3/23/2023 | [Microsoft Teams SMS notifications usage report](/microsoft-365/frontline/sms-notifications-usage-report?view=o365-worldwide) | added |
-| 3/23/2023 | [Overview of the Vulnerability management page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-vulnerability-management-page-overview?view=o365-worldwide) | added |
-| 3/23/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified |
-| 3/23/2023 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-worldwide) | modified |
-| 3/23/2023 | [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-worldwide) | modified |
-| 3/23/2023 | Deploy and enable Microsoft Defender Antivirus | removed |
-| 3/23/2023 | Monitor and report on Microsoft Defender Antivirus protection | removed |
-| 3/24/2023 | [Add a new employee to Microsoft 365](/microsoft-365/admin/add-users/add-new-employee?view=o365-worldwide) | modified |
-| 3/24/2023 | [Delete a user from your organization](/microsoft-365/admin/add-users/delete-a-user?view=o365-worldwide) | modified |
-| 3/24/2023 | [Microsoft 365 admin center - Overview](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) | modified |
-| 3/24/2023 | [Microsoft Adoption Score - Content collaboration](/microsoft-365/admin/adoption/content-collaboration?view=o365-worldwide) | modified |
-| 3/24/2023 | [Idle session timeout for Microsoft 365](/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide) | modified |
-| 3/24/2023 | [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) | modified |
-| 3/24/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |
-| 3/24/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified |
-| 3/24/2023 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) | modified |
-| 3/24/2023 | Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution | removed |
-| 3/24/2023 | [Configure a default sensitivity label for a SharePoint document library](/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label?view=o365-worldwide) | modified |
security Get Defender Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/get-defender-business.md
ms.localizationpriority: medium Previously updated : 04/19/2023 Last updated : 05/01/2023 f1.keywords: NOCSH
[Defender for Business](mdb-overview.md) is a new endpoint security solution designed especially for small and medium-sized businesses (up to 300 employees). This article describes how to get and provision Defender for Business. + > [!IMPORTANT] > You should be a global administrator to complete the tasks described in this article. The person who signs your company up for Microsoft 365 is a global administrator. [Learn more about admin roles in the Microsoft 365 admin center](../../admin/add-users/about-admin-roles.md).
security Mdb Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-add-users.md
ms.localizationpriority: medium Previously updated : 02/15/2023 Last updated : 05/01/2023 - m365-security - tier1
f1.keywords: NOCSH
As soon as you have signed up for Defender for Business, your first step is to add users and assign licenses. This article describes how to add users and assign licenses, and how to make sure multifactor authentication (MFA) is enabled. + ## Add users and assign licenses > [!IMPORTANT]
security Mdb Configure Security Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-configure-security-settings.md
ms.localizationpriority: medium Previously updated : 02/07/2023 Last updated : 05/01/2023 f1.keywords: NOCSH
# View and edit security policies and settings in Microsoft Defender for Business
+This article describes how to review, create, or edit your security policies.
++ After you've onboarded your company's devices to Defender for Business, the next step is to review your security policies. > [!TIP]
security Mdb Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-email-notifications.md
ms.localizationpriority: medium Previously updated : 04/19/2023 Last updated : 05/01/2023 f1.keywords: NOCSH - m365-security
# Set up email notifications
-You can set up email notifications for your security team. Then, as alerts are generated, or new vulnerabilities are discovered, people on your security team will be notified automatically.
+This article describes how to set up email notifications for your security team.
++
+When you can set up email notifications for your security team, they can be notified via email whenever any alerts are generated, or new vulnerabilities are discovered.
## What to do
security Mdb Onboard Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-onboard-devices.md
ms.localizationpriority: medium Previously updated : 03/23/2023 Last updated : 05/01/2023 f1.keywords: NOCSH
# Onboard devices to Microsoft Defender for Business
+This article describes how to onboard devices to Defender for Business.
++ Onboard your business devices to protect them right away. You can choose from several options to onboard your company's devices. This article walks you through your options and describes how onboarding works. ## What to do
security Mdb Roles Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-roles-permissions.md
ms.localizationpriority: medium Previously updated : 02/14/2023 Last updated : 05/01/2023 f1.keywords: NOCSH
# Assign security roles and permissions in Microsoft Defender for Business
+This article describes how to assign security roles and permissions in Defender for Business.
++ To perform tasks in the Microsoft 365 Defender portal, such as configuring Defender for Business, viewing reports, or taking response actions on detected threats, appropriate permissions must be assigned to your security team. Permissions are granted through roles that are assigned in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or in [Azure Active Directory](/azure/active-directory/roles/manage-roles-portal). ## What to do
security Mdb Setup Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-setup-configuration.md
ms.localizationpriority: medium Previously updated : 04/26/2023 Last updated : 05/01/2023 f1.keywords: NOCSH
# Set up and configure Microsoft Defender for Business
-This article describes the overall setup process for Defender for Business. The process includes:
-- Getting Defender for Business and assigning licenses to users.-- Assigning permissions to your security team and configuring email notifications about new alerts or vulnerabilities.-- Onboarding devices and configuring your security policies and settings.
+This article describes the overall setup process for Defender for Business.
++
+The process includes:
+
+1. [Getting Defender for Business](get-defender-business.md).
+2. [Adding users and assigning licenses](mdb-add-users.md).
+3. [Assigning security roles and permissions for your security team](mdb-roles-permissions.md).
+4. [Setting up email notifications for your security team](mdb-email-notifications.md).
+5. [Onboarding devices so they're protected as soon as possible](mdb-onboard-devices.md).
+6. [Setting up and reviewing your security policies and settings](mdb-configure-security-settings.md).
## Setup options
When you're ready to set up and configure Defender for Business, you can choose
1. **Get Defender for Business**. Start a trial or paid subscription today. You can choose from the standalone version of Defender for Business, or get it as part of Microsoft 365 Business Premium. See [Get Microsoft Defender for Business](get-defender-business.md). And, if you're planning to onboard servers, see [How to get Microsoft Defender for Business servers](get-defender-business-servers.md).
-2. **Add users and assign Defender for Business licenses**. You'll want to do this task before you run the setup wizard. See [Add users and assign licenses in Microsoft Defender for Business](mdb-add-users.md).
+ In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Assets** > **Devices**. If Defender for Business isn't provisioned yet, that process begins now.
-3. **Create a list of your security team's email addresses**. Set up a list of your security team's names and email addresses. This list will come in handy while you are using the setup wizard. To view a list of users, in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)), go to **Users** > **Active users**.
+2. **Add users and assign Defender for Business licenses**. You'll want to do this task before you run the setup wizard. See [Add users and assign licenses in Microsoft Defender for Business](mdb-add-users.md).
-4. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Assets** > **Devices**.
+ While you're adding users, make sure to create a list of your security team's names and email addresses. This list will come in handy while you are using the setup wizard. To view a list of users, in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)), go to **Users** > **Active users**.
- If Defender for Business isn't provisioned yet, that process begins now. When Defender for Business has finished provisioning, you're prompted to use the setup wizard, as shown in the following image:
+3. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Assets** > **Devices**. You should see the setup wizard home screen, as shown in the following image:
:::image type="content" source="medib-wizard-start.png":::
-5. **Assign user permissions**. In this first step of the setup wizard, you grant your security team access to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). This portal is where you and your security team will manage your security capabilities, view alerts, and take any needed actions on detected threats. Portal access is granted through roles that imply certain permissions. [Learn more about roles and permissions](mdb-roles-permissions.md).
+ Select **Get started** to begin using the wizard.
+
+4. **Assign user permissions**. In this first step of the setup wizard, you grant your security team access to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). This portal is where you and your security team will manage your security capabilities, view alerts, and take any needed actions on detected threats. Portal access is granted through roles that imply certain permissions. [Learn more about roles and permissions](mdb-roles-permissions.md).
In Defender for Business, members of your security team can be assigned one of the following three roles:<br/>
When you're ready to set up and configure Defender for Business, you can choose
- **Security Administrator**: A security administrator can view and edit security settings, and take action when threats are detected. - **Security Reader**: A security reader can view information in reports, but can't change any security settings.
-6. **Set up email notifications**. In this step of the setup wizard, you can set up email notifications for your security team using the list you created in step 3. Then, when an alert is generated or a new vulnerability is discovered, your security team won't miss it even if they're away from their desk. [Learn more about email notifications](mdb-email-notifications.md).
+5. **Set up email notifications**. In this step of the setup wizard, you can set up email notifications for your security team using the list you created in step 2. Then, when an alert is generated or a new vulnerability is discovered, your security team won't miss it even if they're away from their desk. [Learn more about email notifications](mdb-email-notifications.md).
-7. **Onboard and configure Windows devices**. In this step of the setup wizard, you can onboard Windows devices to Defender for Business. Onboarding devices right away helps to protect those devices from day one. Note that this step of the wizard applies to Windows devices only. You can onboard other devices later. See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md).
+6. **Onboard and configure Windows devices**. In this step of the setup wizard, you can onboard Windows devices to Defender for Business. Onboarding devices right away helps to protect those devices from day one. Note that this step of the wizard applies to Windows devices only. You can onboard other devices later. See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md).
> [!NOTE] > If your organization is using Microsoft Intune, and devices are already enrolled in Intune, Defender for Business prompts you to either continue using Intune, or switch to using the simplified configuration process in the Microsoft 365 Defender portal. See [Choose where to manage security policies and devices](mdb-configure-security-settings.md#choose-where-to-manage-security-policies-and-devices). > > Defender for Business also offers automatic onboarding for Windows devices enrolled in Intune. Automatic onboarding is a simplified way to onboard Windows devices to Defender for Business. We recommend selecting the "all devices enrolled" option so that as Windows devices are enrolled in Intune, they're onboarded to Defender for Business automatically.
-8. **Configure your security policies**. Defender for Business includes default security policies for next-generation protection and firewall protection that can be applied to your company's devices. These default policies use recommended settings and are designed to provide strong protection for your devices. You can start with your default policies, and add more later. See [View and edit your security policies and settings](mdb-configure-security-settings.md).
+7. **Configure your security policies**. Defender for Business includes default security policies for next-generation protection and firewall protection that can be applied to your company's devices. These default policies use recommended settings and are designed to provide strong protection for your devices. You can start with your default policies, and add more later. See [View and edit your security policies and settings](mdb-configure-security-settings.md).
-9. **Select your next step**. Afer the setup wizard has completed, you're prompted to choose a next step. For example, you can onboard devices, view your security dashboard, or view your security policies.
+8. **Select your next step**. After the setup wizard has completed, you're prompted to choose a next step. For example, you can onboard devices, view your security dashboard, or view your security policies.
## [**Manual setup**](#tab/Manual)
security Supported Response Apis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/supported-response-apis.md
- Title: Supported Microsoft Defender for Endpoint response APIs
-description: Learn about the specific response-related Microsoft Defender for Endpoint API calls.
-keywords: response apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file
-search.product: eADQiWindows 10XVcnh
-
-ms.sitesec: library
-ms.pagetype: security
------ m365-security-- tier3--- Previously updated : 12/18/2020--
-# Supported Microsoft Defender for Endpoint query APIs
---
-**Applies to:**
-- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037)-- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)-
-> [!TIP]
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-supported-response-apis-abovefoldlink)
-
-Learn about the supported response-related API calls you can run and details such as the required request headers, and expected response from the calls.
-
-## In this section
-
-<br>
-
-****
-
-|Topic|Description|
-|||
-|Collect investigation package|Run this API to collect an investigation package from a device.|
-|Isolate device|Run this API to isolate a device from the network.|
-|Unisolate device|Remove a device from isolation.|
-|Restrict code execution|Run this API to contain an attack by stopping malicious processes. You can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.|
-|Unrestrict code execution|Run this to reverse the restriction of applications policy after you have verified that the compromised device has been remediated.|
-|Run antivirus scan|Remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised device.|
-|Stop and quarantine file|Run this call to stop running processes, quarantine files, and delete persistency such as registry keys.|
-|Request sample|Run this call to request a sample of a file from a specific device. The file will be collected from the device and uploaded to a secure storage.|
-|Block file|Run this API to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware.|
-|Unblock file|Allow a file run in the organization using Microsoft Defender Antivirus.|
-|Get package SAS URI|Run this API to get a URI that allows downloading an investigation package.|
-|Get MachineAction object|Run this API to get MachineAction object.|
-|Get MachineActions collection|Run this to get MachineAction collection.|
-|Get FileActions collection|Run this API to get FileActions collection.|
-|Get FileMachineAction object|Run this API to get FileMachineAction object.|
-|Get FileMachineActions collection|Run this API to get FileMachineAction collection.|
-|
security Directory Service Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/directory-service-accounts.md
Title: Configure Directory Services account in Microsoft Defender for Identity
description: Learn how to configure the Microsoft Defender for Identity Directory Services account in Microsoft 365 Defender Last updated 08/15/2021 --++
To connect the [sensor](sensor-health.md#add-a-sensor) with your Active Director
:::image type="content" source="../../media/defender-identity/settings-identities.png" alt-text="The Identities option in the Settings page" lightbox="../../media/defender-identity/settings-identities.png"::: - 1. Select **Directory Service accounts**. You'll see which accounts are associated with which domains. :::image type="content" source="../../media/defender-identity/directory-service-accounts.png" alt-text="The Directory Service accounts menu item" lightbox="../../media/defender-identity/directory-service-accounts.png":::
security Entity Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/entity-tags.md
Title: Microsoft Defender for Identity entity tags in Microsoft 365 Defender
description: Learn how to apply Microsoft Defender for Identity entity tags in Microsoft 365 Defender Last updated 06/08/2021 --++
security Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/exclusions.md
Title: Microsoft Defender for Identity detection exclusions in Microsoft 365 Def
description: Learn how to configure Microsoft Defender for Identity detection exclusions in Microsoft 365 Defender. Last updated 11/02/2021 --++
security Manage Security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/manage-security-alerts.md
Title: Microsoft Defender for Identity security alerts in Microsoft 365 Defender
description: Learn how to manage and review security alerts issued by Microsoft Defender for Identity in Microsoft 365 Defender Last updated 05/20/2021 --++
security Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/notifications.md
Title: Microsoft Defender for Identity notifications in Microsoft 365 Defender
description: Learn how to set Microsoft Defender for Identity notifications in Microsoft 365 Defender. Last updated 05/20/2021 --++
security Sensor Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/sensor-health.md
Title: Microsoft Defender for Identity sensor health and settings in Microsoft 3
description: Learn how to configure Microsoft Defender for Identity sensors and monitor their health in Microsoft 365 Defender Last updated 06/07/2021 --++
security Vpn Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/vpn-integration.md
Title: Microsoft Defender for Identity VPN integration in Microsoft 365 Defender
description: Learn how to collect accounting information by integrating a VPN for Microsoft Defender for Identity in Microsoft 365 Defender Last updated 06/07/2021 --++
security Microsoft 365 Security Center Defender Cloud Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps.md
ms.mktglfcycl: deploy
ms.localizationpriority: medium f1.keywords: - NOCSH--++ Last updated 08/04/2022 audience: ITPro
The images and the tables below list the changes in navigation between Microsoft
| IP address ranges | Settings -> Cloud apps | | User groups | Settings -> Cloud apps |
+The capabilities on the following pages are fully integrated into Microsoft 365 Defender, and therefore don't have their own standalone experience in Microsoft 365 Defender:
+
+- [Settings > Azure AD Identity Protection](investigate-alerts.md)
+- [Settings > App Governance](/defender-cloud-apps/app-governance-get-started)
+- [Settings > Microsoft Defender for Identity](/defender-for-identity/deploy-defender-identity)
+ ## Limitations - The new Defender for Cloud Apps experience in the Microsoft 365 Defender portal is currently available for all users detailed in [Manage admin access](/defender-cloud-apps/manage-admins), except for:
security Microsoft 365 Security Mda Redirection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-mda-redirection.md
Title: Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender (Preview)
+ Title: Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender
description: How to redirect accounts and sessions from Defender for Cloud Apps to Microsoft 365 Defender. keywords: Microsoft 365 Defender, Getting started with Microsoft 365 Defender, security center redirection search.product: eADQiWindows 10XVcnh
ms.sitesec: library
ms.pagetype: security f1.keywords: - NOCSH--++ ms.localizationpriority: medium audience: ITPro
-# Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender (Preview)
+# Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)]
Once disabled, accounts will no longer be routed to security.microsoft.com.
- [Microsoft 365 Defender overview](microsoft-365-defender.md) - [About Microsoft 365 Defender](https://www.microsoft.com/microsoft-365/security/microsoft-365-defender) - [Microsoft security portals and admin centers](portals.md)-- [Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)](microsoft-365-security-center-defender-cloud-apps.md)
+- [Microsoft Defender for Cloud Apps in Microsoft 365 Defender](microsoft-365-security-center-defender-cloud-apps.md)
security Anti Phishing Policies Mdo Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure.md
Select **Yes** in the warning dialog that opens.
On the **Anti-phishing** page, the deleted policy is no longer listed.
+## DMARC Reject (OReject) for phishing emails
+
+DMARC is an important tool for domain owners to protect their email from malicious actors. Microsoft currently uses a policy of **DMARC = Oreject**, which sends rejected emails to *quarantine in enterprise* and the *Junk folder in consumer*.
+
+To address customer needs for more control over DMARC policies, three new properties were added to the AntiPhishPolicy. These three policies will allow tenants to choose to honour the sender's DMARC policy, and set the DMARC reject, and the DMARC quarantine actions. All three properties can also be set by **command line** as well as **in the user interface**.
+
+### DMARC policies
+
+**HonorDmarcPolicy**:  
+**Type**: Boolean
+**Values**: False (default), true
+
+When the `DmarcRejectAction` and `DmarcQuarantineAction` settings are enabled, emails detected as spoofs will be rejected or moved to the junk folder depending on the sender's DMARC policy. If these settings are disabled, the existing spoof action will be followed.
+
+**DmarcRejectAction**
+**Type**: Enum
+**Values**: Quarantine (default), Reject
+
+When 'HonorDmarcPolicy' is set to 'True', emails that fail DMARC and have a sender's DMARC policy of 'p=reject', will be rejected.
+
+**DmarcQuarantineAction**
+**Type**: Enum
+**Values**: Quarantine (default), MoveToJmf
+
+When 'HonorDmarcPolicy' is set to 'True', if an email fails DMARC and the sender's DMARC policy is 'p=quarantine', the quarantine action will be taken and the mail moved to Junk.
+
+In this example for a test policy *TestPolicy1* in tenant *o365e5test017.onmicrosoft.com* we use this Powershell syntax:
+
+```PowerShell
+Get-AntiPhishPolicy -Organization o365e5test017.onmicrosoft.com -Identity TestPolicy1 | Set-AntiPhishPolicy -HonorDmarcPolicy $true -DmarcRejectAction Reject -DmarcQuarantineAction Quarantine
+```
+
+| Honour DMARC | Spoof Intelligence |
+| - | |
+| ON | ON |
+| Separate actions for implicit (p=None/NA) versus explicit email authentication failures. Implicit failures use the *If the message is detected as spoof* action in anti-phishing policies, while explicit email authentication failures use the *p=reject* and *p=quarantine* actions specified in anti-phishing policies. |
+| OFF | ON |
+| One action is taken for implicit (p=None/NA) and explicit email authentication failures, which is the *If the message is detected as spoof* action. In other words, explicit email authentication failures ignore p=reject and p=quarantine and use the *If the message is detected as spoof* action instead. |
+| ON | OFF |
+| Explicit email authentication failures only, but p=reject and p=quarantine actions selectable in anti-phishing policies. |
+| OFF | OFF |
+| Explicit email authentication failures only, p=reject and p=quarantine in DMARC records used as actions. Failing emails are handled with **p=oreject and p=oquaratine**. |
++ ## Use Exchange Online PowerShell to configure anti-phishing policies In PowerShell, the basic elements of an anti-phishing policy are:
security Email Authentication Dmarc Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-authentication-dmarc-configure.md
ms.assetid: 4a05898c-b8e4-4eab-bd70-ee912e349737
- m365-security - tier1
-description: Learn how to configure Domain-based Message Authentication, Reporting, and Conformance (DMARC) to validate messages sent from your organization.
+description: Learn how to configure Domain-based Message Authentication, Reporting, and Conformance (DMARC) to validate messages sent from your organization, contains information on DMARC reject or OReject.
You can implement DMARC gradually without impacting the rest of your mail flow.
_dmarc.contoso.com. TXT "v=DMARC1; p=reject; sp=reject; ruf=mailto:authfail@contoso.com; rua=mailto:aggrep@contoso.com" ```
+## DMARC Reject
+
+DMARC p = reject is a DMARC policy set by domain owners in their DNS to notify service providers to *reject* emails.
+
+It came about because, with OReject set as the default for reject, any rejected emails were sent to quarantine in Enterprise, and Junk folder in Consumer (due to lack of quarantine there). However, with DMARC Reject the mails will simply be rejected.
+
+Configuration can be done in the User Interface, or by PowerShell commandlet.
+
+> [!IMPORTANT]
+> For *details* on three new properties in the *AntiPhishPolicy* that impact DMARC policy, as well as a sample PowerShell command to set up the DMARC Reject policy see [**Configure >anti-phishing policies in Microsoft Defender for Office 365**](anti-phishing-policies-mdo-configure.md).
+>
+>**This feature can also be set in the UX on the https://security.microsoft.com/antiphishing page**. Navigate to *Policies & Rules* > *Threat Policies* > *Create a new anti phishing policy*, where you will see "Honour DMARC record policy when >the message is detected as spoof" listed as an *Action*.
++ ## How Microsoft 365 handles outbound email that fails DMARC If a message is outbound from Microsoft 365 and fails DMARC, and you have set the policy to p=quarantine or p=reject, the message is routed through the [High-risk delivery pool for outbound messages](outbound-spam-high-risk-delivery-pool-about.md). There's no override for outbound email.
security Priority Accounts Turn On Priority Account Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/priority-accounts-turn-on-priority-account-protection.md
f1.keywords:
Previously updated : 1/31/2023 Last updated : 5/1/2023 audience: ITPro ms.localizationpriority: medium
Priority accounts are targeted by attackers more often and are generally attacke
## Configure Priority account protection
-Priority account protection is turned on by default for pre-identified critical users. However, the security administrator of your organization can also turn on priority account protection by following these steps:
+Priority account protection is turned on by default for pre-identified critical users.
+
+You need to be assigned permissions before you can do the procedures in this article. You have the following options:
+
+- [Exchange Online RBAC](/exchange/permissions-exo/permissions-exo): Membership in the **Organization Management** or **Security Administrator** role groups.
+- [Azure AD RBAC](../../admin/add-users/about-admin-roles.md): Membership in the **Global Administrator** or **Security Administrator** roles gives users the required permissions _and_ permissions for other features in Microsoft 365.
1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Settings** \> **Email & collaboration** \> **Priority account protection**. To go directly to the **Priority account protection** page, use <https://security.microsoft.com/securitysettings/priorityAccountProtection>.
For more information, see [User tags in Microsoft Defender for Office 365](user-
> [!NOTE] > Currently, you can only apply user tags to mailbox users.
+>
> Your organization can tag a maximum of 250 users using the Priority account tag.
+>
> Each custom tag has a maximum of 10,000 users per tag and your organization can create up to 500 custom tags. ## Review differentiated protection from priority account protection
security Reports Email Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md
- seo-marvel-apr2020 Previously updated : 04/27/2023 Last updated : 5/1/2023 # View email security reports in the Microsoft 365 Defender portal
On the **Submissions** page, the **[Export](#export-report)** button is availabl
:::image type="content" source="../../media/submissions-report-page.png" alt-text="The Submissions report page in the Microsoft 365 Defender portal." lightbox="../../media/submissions-report-page.png":::
-## What is the The Threat protection status report in Microsoft Defender for Office 365?
+## Threat protection status report
The **Threat protection status** report is available in both EOP and Defender for Office 365. However, the reports contain different data. For example, EOP customers can view information about malware detected in email, but not information about malicious files detected by [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-about.md).