Updates from: 05/20/2021 03:08:01
Category Microsoft Docs article Related commit history on GitHub Change details
admin Assign Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md
You can check admin role permissions in 2 different ways:
::: moniker-end
-## Related articles
+## Related content
-[About Microsoft 365 admin roles](about-admin-roles.md)
+[About Microsoft 365 admin roles](about-admin-roles.md) (article)
-[Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles)
+[Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles) (article)
-[Assign roles to user accounts with PowerShell](../../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md)
+[Assign roles to user accounts with PowerShell](../../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md) (article)
-[Authorize or remove partner relationships](../misc/add-partner.md)
+[Authorize or remove partner relationships](../misc/add-partner.md) (article)
admin Let Users Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
search.appverid:
- MET150 - MOE150 ms.assetid: 5bc3f460-13cc-48c0-abd6-b80bae72d04a
-description: "Learn how you can reset your passwords using the self-service password reset tool."
+description: "Learn how you can set a policy to allow users to reset their own passwords using the self-service password reset tool."
# Let users reset their own passwords
As the Microsoft 365 admin, you can let people use the [self-service password re
- **If you're using an on-premises Active Directory**, the above two points don't apply. Rather, you can set this up but **it requires a paid subscription to Azure AD Premium**.
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview)
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../../business-video/admin-center-overview.md)
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
These steps turn on self-service password reset for everyone in your business.
## Related content
-[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md)
+[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)
-[Set an individual user's password to never expire](set-password-to-never-expire.md)
+[Set an individual user's password to never expire](set-password-to-never-expire.md) (article)
-[Microsoft 365 Business training videos](../../business-video/index.yml)
+[Microsoft 365 Business training videos](../../business-video/index.yml) (link page)
admin Remove Former Employee Step 4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-4.md
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Follow these steps to give another employee access to the former employee's OneDrive and Outlook data."
+description: "Follow the steps in this article to give another employee access to the former employee's OneDrive and Outlook data."
# Step 4 - Give another employee access to OneDrive and Outlook data
To give access to the email messages, calendar, tasks, and contacts of the forme
> [!TIP] > If you want to import or restore only a few items from an Outlook Data File (.pst), you can open the Outlook Data File. Then, in the navigation pane, drag the items from Outlook Data File folders to your existing Outlook folders.
-## Related articles
+## Related content
-[Add and remove admins on a OneDrive account](/sharepoint/manage-user-profiles#add-and-remove-admins-for-a-users-onedrive)
+[Add and remove admins on a OneDrive account](/sharepoint/manage-user-profiles#add-and-remove-admins-for-a-users-onedrive) (article)
-[Restore a deleted OneDrive](/onedrive/restore-deleted-onedrive)
+[Restore a deleted OneDrive](/onedrive/restore-deleted-onedrive) (article)
-[OneDrive retention and deletion](/onedrive/retention-and-deletion)
+[OneDrive retention and deletion](/onedrive/retention-and-deletion) (article)
admin Remove Former Employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee.md
You need to be a global administrator to complete the steps in this solution.
|[Step 6 - Remove and delete the Microsoft 365 license from a former employee](remove-former-employee-step-7.md) <br/> |When you remove a license, you can assign it to someone else. Or, you can delete the license so you don't pay for it until you hire another person. <br/><br/> When you remove or delete a license, the user's old email, contacts, and calendar are retained for **30 days**, then permanently deleted. If you remove or delete a license but don't delete the account, the content in the user's OneDrive will remain accessible to you even after 30 days. <br/> | |[Step 7 - Delete a former employee's user account](remove-former-employee-step-7.md) <br/> |This removes the account from your admin center. Keeps things clean. <br/> |
-## Related articles
+## Related content
-[Restore a user](restore-user.md)
+[Restore a user](restore-user.md) (article)
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
search.appverid:
- BEA160 - GEA150 ms.assetid: 7a5d073b-7fae-4aa5-8f96-9ecd041aba9c
-description: "Learn how to reset password for a user in Microsoft 365 for business subscription."
+description: "Sign in with your Microsoft 365 admin account to reset passwords for users in Microsoft 365 for business subscription."
# Reset passwords
This article explains how to reset passwords for yourself and for your users whe
## Before you begin
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../../business-video/admin-center-overview.md).
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
Try this article: [I forgot the username or password for the account I use with
## Related content
-[Let users reset their own passwords](../add-users/let-users-reset-passwords.md)
+[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)
-[Reset passwords](../add-users/reset-passwords.md)
+[Reset passwords](../add-users/reset-passwords.md) (article)
-[Set an individual user's password to never expire](set-password-to-never-expire.md)
+[Set an individual user's password to never expire](set-password-to-never-expire.md) (article)
-[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md)
+[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)
-[Restore a user](restore-user.md)
-
-[Remove a former employee](remove-former-employee.md)
-
-[Microsoft 365 for business training videos](../../business-video/index.yml)
+[Microsoft 365 for business training videos](../../business-video/index.yml) (link page)
admin Set Password To Never Expire https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md
search.appverid:
- MET150 - MOE150 ms.assetid: f493e3af-e1d8-4668-9211-230c245a0466
-description: "Learn how to set some individual user passwords to never expire, using Windows PowerShell."
+description: "Sign in to your Microsoft 365 admin account to set some individual user passwords to never expire by using Windows PowerShell."
# Set an individual user's password to never expire
This article explains how to set a password for an individual user to not expire
## Before you begin
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../../business-video/admin-center-overview.md).
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
Run one of the following commands:
## Related content
-[Let users reset their own passwords](../add-users/let-users-reset-passwords.md)
+[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)
-[Reset passwords](../add-users/reset-passwords.md)
+[Reset passwords](../add-users/reset-passwords.md) (article)
admin About The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/about-the-admin-center.md
search.appverid:
- MOE150 - GEA150 ms.assetid: 758befc4-0888-4009-9f14-0d147402fd23
-description: "Use the admin center to set up your organization in the cloud, and manage users and subscriptions. Get started by signing in to the account with admin permissions."
+description: "Sign in with admin permissions to the Microsoft 365 admin center to set up your organization in the cloud, and manage users and subscriptions."
# About the Microsoft 365 admin center
If you found this video helpful, check out the [complete training series for sma
## Admin center features and settings
-Here are the features and settings you'll find in the left-hand navigation of the admin center. Learn more about admin tasks in [admin help](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
+Here are the features and settings you'll find in the left-hand navigation of the admin center. Learn more about admin tasks in [admin help](../../business-video/admin-center-overview.md).
|**Menu**|**What it's for**| |--|--|
Here are the features and settings you'll find in the left-hand navigation of th
|**Settings** <br/> |Manage global settings for apps like email, sites, and the Office suite. Change your password policy and expiration date. Add and update domain names like contoso.com. Change your organization profile and release preferences. And choose whether partners can access your admin center. <br/> | |**Setup** <br/> |Manage existing domains, turn on and manage multi-factor authentication, manage admin access, migrate user mailboxes to Office 365, manage feature updates, and help users install their Office apps. | |**Reports** <br/> |See at a glance how your organization is using Microsoft 365 with detailed reports on email use, Office activations, and more. Learn how to use the new [activity reports](../activity-reports/activity-reports.md). <br/> |
-|**Health** <br/> |View health at a glance. You can also check out more details and the health history. See [How to check service health](https://docs.microsoft.com/microsoft-365/enterprise/view-service-health) and [How to check Windows release health](https://docs.microsoft.com/windows/deployment/update/check-release-health) for more information. ΓÇï <br/><br/>Use Message center to keep track of upcoming changes to features and services. We post announcements there with information that helps you plan for change and understand how it may affect users. Get more details in [Message center](../manage/message-center.md). <br/> |
+|**Health** <br/> |View health at a glance. You can also check out more details and the health history. See [How to check service health](../../enterprise/view-service-health.md) and [How to check Windows release health](/windows/deployment/update/check-release-health) for more information. ΓÇï <br/><br/>Use Message center to keep track of upcoming changes to features and services. We post announcements there with information that helps you plan for change and understand how it may affect users. Get more details in [Message center](../manage/message-center.md). <br/> |
|**Admin centers** <br/> |Open separate admin centers for Exchange, Skype for Business, SharePoint, Yammer, and Azure AD. Each admin center includes all available settings for that service. <br/> For example, in the Exchange admin center, set up and manage email, calendars, distribution groups, and more. In the SharePoint admin center, create and manage site collections, site settings, and OneDrive for Business. In the Skype for Business admin center, set up instant messaging notifications, dial-in conferencing, and online presence. <br/> Learn more about the [Exchange admin center](/exchange/exchange-admin-center) and [SharePoint Admin Center](/sharepoint/sharepoint-online).<br/> **Note:** The admin centers available to you depend on your plan and region. | ## Common tasks in the admin center
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
If you want to add a guest to the directory directly, you can [Add Azure Active
If you want to edit any of a guest's information, you can [Add or update a user's profile information using Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal).
-## See also
+## Related content
-[Block guest users from a specific group](../../solutions/per-group-guest-access.md)
+[Block guest users from a specific group](../../solutions/per-group-guest-access.md) (article)
-[Manage group membership in the Microsoft 365 admin center](add-or-remove-members-from-groups.md)
+[Manage group membership in the Microsoft 365 admin center](add-or-remove-members-from-groups.md) (article)
-[Azure Active Directory access reviews](/azure/active-directory/active-directory-azure-ad-controls-perform-access-review)
+[Azure Active Directory access reviews](/azure/active-directory/active-directory-azure-ad-controls-perform-access-review) (article)
-[Set-AzureADUser](/powershell/module/azuread/set-azureaduser)
+[Set-AzureADUser](/powershell/module/azuread/set-azureaduser) (article)
admin Office 365 Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn about Microsoft 365 Groups."
+description: "With Microsoft 365 Groups, you can drive teamwork across Microsoft 365 by giving a group of people access to a collection of shared resources."
# Overview of Microsoft 365 Groups for administrators
Microsoft 365 groups work with Azure Active Directory. The groups features you g
> For all the groups features, if you have an Azure AD Premium subscription, users can join the group whether or not they have an AAD P1 license assigned to them. Licensing isn't enforced. > Periodically we will generate usage reports that tell you which users are missing a license, and need one assigned to them to be compliant with the licensing requirements. For example, let's say a user doesn't have a license and they are added to a group where the naming policy is enforced. The report will flag for you that they need a license.
-## Related articles
+## Related content
-[Learn about Microsoft 365 Groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2)
+[Learn about Microsoft 365 Groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2) (article)
-[Upgrade distribution lists to Microsoft 365 Groups](../manage/upgrade-distribution-lists.md)
+[Upgrade distribution lists to Microsoft 365 Groups](../manage/upgrade-distribution-lists.md) (article)
-[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md)
+[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md) (article)
-[SharePoint Online Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits)
+[SharePoint Online Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits) (article)
-[Organize groups and channels in Microsoft Stream](/stream/groups-channels-organization)
+[Organize groups and channels in Microsoft Stream](/stream/groups-channels-organization) (article)
admin Restore Deleted Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/restore-deleted-group.md
search.appverid:
- MET150 - MOE150 ms.assetid: b7c66b59-657a-4e1a-8aa0-8163b1f4eb54
-description: "Learn how to restore a deleted Microsoft 365 group."
+description: "A deleted group is retained for 30 days and you can still restore the group. After 30 days, the group and its content is permanently deleted."
# Restore a deleted Microsoft 365 group
If you are a global administrator or a groups administrator, you can restore a d
Visit the [Microsoft Tech Community](https://techcommunity.microsoft.com/t5/Office-365-Groups/ct-p/Office365Groups) to post questions and participate in conversations about Microsoft 365 groups.
-## Related articles
+## Related content
-[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md)
+[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md) (article)
-[Delete groups using the Remove-UnifiedGroup cmdlet](/powershell/module/exchange/remove-unifiedgroup)
+[Delete groups using the Remove-UnifiedGroup cmdlet](/powershell/module/exchange/remove-unifiedgroup) (article)
-[Manage your group-connected team site settings](https://support.microsoft.com/office/8376034d-d0c7-446e-9178-6ab51c58df42)
+[Manage your group-connected team site settings](https://support.microsoft.com/office/8376034d-d0c7-446e-9178-6ab51c58df42) (article)
-[Delete a group in Outlook](https://support.microsoft.com/office/ca7f5a9e-ae4f-4cbe-a4bc-89c469d1726f)
+[Delete a group in Outlook](https://support.microsoft.com/office/ca7f5a9e-ae4f-4cbe-a4bc-89c469d1726f) (article)
admin Update Dns Records To Retain Current Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/update-dns-records-to-retain-current-hosting-provider.md
description: "Learn how to route traffic to an existing public website hosted ou
## Update DNS records in the Microsoft 365 admin center 1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">Domains</a> page.
-2. On the **Domains** page, select the domain and then choose **DNS Records**.
+1. On the **Domains** page, select the domain and then choose **DNS Records**.
-3. Under **DNS settings**, select **Custom Records**.
-
-4. Select **+ New custom record** and enter the following:
+1. Select **+ Add record** and enter the following:
- - For **DNS type** enter: **A (Address)**
+ - For **type** enter: **A (Address)**
- For **Host name or Alias**, type the following: **@**
description: "Learn how to route traffic to an existing public website hosted ou
This must be a *static* IP address for the website, not a *dynamic* IP address. Check with site where your website is hosted to make sure you can get a static IP address for your public website.
-5. Select **Save**.
+1. Select **Save**.
In addition, you can create a CNAME record to help customers find your website.
-1. Select **+ New custom record** and enter the following:
+1. Select **+ Add record** and enter the following:
- - For **DNS type** enter: **CNAME (Alias)**
+ - For **type** enter: **CNAME (Alias)**
- For **Host name or Alias**, type the following: **www**
admin Add Another Email Alias For A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-another-email-alias-for-a-user.md
search.appverid:
- MET150 - MOE150 ms.assetid: 0b0bd900-68b1-4bf5-808b-5d240a7739f4
-description: "Learn how you can have more than one email address, called email alias, associated with your Microsoft 365 for business account. "
+description: "Learn how you can have more than one email address, called an email alias, associated with your Microsoft 365 for business account. "
# Add another email alias for a user
This article is for Microsoft 365 administrators who have business subscriptions
A primary email address in Microsoft 365 is usually the email address a user was assigned when their account was created. When the user sends email to someone else, their primary email address is what typically appears in the *From* field in email apps. They can also have more than one email address associated with their Microsoft 365 for business account. These additional addresses are called aliases. For example, let's say Jenna has the email address jenna@contosoco.com, but she also wants to receive email at jen@contosoco.com because some people refer to her by that name. You can create aliases for her so that both email addresses go to Jenna's inbox.
-<br><br>
You can create up to 400 aliases for a user. No additional fees or licenses are required.
If you purchased your subscription from GoDaddy or another Partner, to set the n
A new feature is rolling out in April 2021 that allows users to send from their aliases easily when using Outlook on the web. When the feature rolls out to a tenancy where the tenant admin uses the `Set-OrganizationConfig -SendFromAliasEnabled $true` cmdlet, users within the tenancy will get access to a list of checkboxes where each entry corresponds to an alias in their Outlook settings. Selecting an alias will make it appear in the From dropdown in the Compose form.
-## Related articles
+## Related content
-[Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e)
+[Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e) (article)
-[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md)
+[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (article)
+
+[Configure email forwarding in Microsoft 365](configure-email-forwarding.md) (article)
admin Change Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/change-email-address.md
search.appverid:
- BEA160 - GEA150 ms.assetid: f4d8cae9-6d06-4c4b-b4e5-6581fd05ea82
-description: "Change your initial email address to a friendly email address like tom@fourthcoffee.com. To do this, you need to buy a domain name, and add it to Microsoft 365. "
+description: "Change your email address to a friendly email address like tom@fourthcoffee.com by buying a domain name and adding it to Microsoft 365."
# Change your email address to use your custom domain
Your initial email address in Office 365 operated by 21Vianet includes partner.o
::: moniker-end
-When you change your domain's email to come to Microsoft 365, by updating your domain's MX record during setup, ALL email sent to that domain will start coming to Microsoft 365. Make sure you've added users and created mailboxes in Microsoft 365 for everyone who has email on your domain BEFORE you change the MX record. Don't want to move email for everyone on your domain to Microsoft 365? You can take steps to [pilot Microsoft 365 with just a few email addresses instead](../misc/pilot-microsoft-365-from-my-custom-domain.md?view=o365-worldwide).
+When you change your domain's email to come to Microsoft 365, by updating your domain's MX record during setup, ALL email sent to that domain will start coming to Microsoft 365. Make sure you've added users and created mailboxes in Microsoft 365 for everyone who has email on your domain BEFORE you change the MX record. Don't want to move email for everyone on your domain to Microsoft 365? You can take steps to [pilot Microsoft 365 with just a few email addresses instead](../misc/pilot-microsoft-365-from-my-custom-domain.md).
## Change your email address to use your custom domain using the Microsoft 365 admin center
You'll be guided to get everything set up correctly with your domain in Microsof
> [!NOTE] > If you are not using an Exchange license, you cannot use the domain to send or receive emails from the Microsoft 365 tenant.
-## Related articles
+## Related content
-[Buy a custom domain using Microsoft 365](../get-help-with-domains/buy-a-domain-name.md)
+[Buy a custom domain using Microsoft 365](../get-help-with-domains/buy-a-domain-name.md) (article)
admin Configure A Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md
search.appverid:
- BCS160 - MET150 - MOE150
-description: "After you have created a shared mailbox, you'll want to configure some settings for its users, such as email forwarding and automatic replies. Later, you might want to change other settings, such as the mailbox name or members."
+description: "Create a shared mailbox and configure some settings for its users, such as email forwarding and automatic replies."
# Configure shared mailbox settings
admin Change Nameservers At Any Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/change-nameservers-at-any-domain-registrar.md
After the nameserver records are updated to point to Microsoft, your domain setu
> [!NOTE] > Your nameserver record updates may take up to several hours to update across the Internet's DNS system. Then your Microsoft email and other services will be all set to work with your domain.
+## Related content
+
+[Add DNS records to connect your domain](create-dns-records-at-any-dns-hosting-provider.md) (article)
+
+[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)
+
+[Manage domains](index.yml) (link page)
admin Dns Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/dns-basics.md
search.appverid:
- BSA160 ms.assetid: 854b6b2b-0255-4089-8019-b765cff70377
-description: "Learn about domains and their associated DNS records to help you manage your domains."
+description: "The domain name system maps computer hostnames to IP addresses and understanding DNS and domain registrar basics can help you manage domains."
# DNS basics
Or, if you're planning a deployment, you may want to review a list of all the DN
Check out one of the following: - Not sure where your domain is registered? [Get help finding your domain registrar.](find-your-domain-registrar.md)-- Find out [why you have to complete the wizard steps](../setup/add-domain.md) before you can use your domain with Microsoft 365.
+- Find out [why you have to complete the wizard steps](../setup/add-domain.md) before you can use your domain with Microsoft 365.
+
+## Related content
+
+[Domains FAQ](../setup/domains-faq.yml) (article)
+
+[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)
+
+[Manage domains](index.yml) (link page)
admin Information For Dns Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/information-for-dns-records.md
search.appverid:
- MOE150 - GEA150 ms.assetid: 77f90d4a-dc7f-4f09-8972-c1b03ea85a67
-description: "Learn to find the values/information you need to create DNS records for Microsoft 365. "
+description: "Gather the values/information you need to create DNS records to connect your domain to your Microsoft 365 subscription."
# Gather the information you need to create DNS records
description: "Learn to find the values/information you need to create DNS record
4. Go to [Create DNS records at any DNS hosting provider](create-dns-records-at-any-dns-hosting-provider.md), and then select your DNS host from the list of registrars to see step-by-step instructions for adding records at that DNS host's website. 5. Follow the steps for creating the records at your DNS host.+
+## Related content
+
+[Domains FAQ](../setup/domains-faq.yml) (article)
+
+[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)
+
+[Manage domains](index.yml) (link page)
admin Remove A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/remove-a-domain.md
search.appverid:
- MOE150 - GEA150 ms.assetid: f09696b2-8c29-4588-a08b-b333da19810c
-description: "Learn how to remove an old domain from Microsoft 365 and move users and groups to another domain."
+description: "Learn how to remove an old domain from Microsoft 365 and move users and groups to another domain or cancel your subscription."
# Remove a domain
Are you removing your domain because you want to add it to a different Microsoft
3. Select the boxes next to the names of all the users you want to move.
-4. Select **More options** (**…**), at the top of the page, and then choose **Change domains**.
+4. At the top of the page, and then choose **Change domains**.
5. In the **Change domains** pane, select a different domain.
Still not working? Your domain might need to be manually removed. [Give us a cal
::: moniker-end
-## Related articles
+## Related content
-[Domains FAQ](../setup/domains-faq.yml)
+[Domains FAQ](../setup/domains-faq.yml) (article)
-[Switch to a different Microsoft 365 for business plan](../../commerce/subscriptions/switch-to-a-different-plan.md)
+[Switch to a different Microsoft 365 for business plan](../../commerce/subscriptions/switch-to-a-different-plan.md) (article)
-[Cancel your subscription](../../commerce/subscriptions/cancel-your-subscription.md)
+[Cancel your subscription](../../commerce/subscriptions/cancel-your-subscription.md) (article)
admin What Is A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/what-is-a-domain.md
search.appverid:
- MET150 - MOE150 ms.assetid: c33d1ba6-077c-4cea-be04-cfffbe3f3ed8
-description: "Understand what a domain is and how you can buy a domain or use the default domain of your business."
+description: "Learn what a domain is and how you can buy a domain or use the default domain of your business to get started with OneDrive and Microsoft apps."
- okr_smb - AdminSurgePortfolio
admin Change Address Contact And More https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/change-address-contact-and-more.md
- AdminSurgePortfolio - commcerce_billing search.appverid: MET150
-description: "Learn how to make changes to your organization profile, such as organization name, address, phone, technical contact, and email."
+description: "Make changes to your organization profile, such as organization name, address, phone, technical contact, and email."
Last updated 03/30/2021
To learn about changing other profile information, see [Change your contact pref
### Email signatures You can change your email signature in Outlook Web App. For more information, see [Mail settings](https://support.microsoft.com/office/30c69a79-efc6-42d2-b740-4bf1c1f8a01c).+
+## Related content
+
+[Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e) (article)
+
+[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (article)
+
+[Configure email forwarding in Microsoft 365](../email/configure-email-forwarding.md) (article)
admin Language Translation For Message Center Posts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/language-translation-for-message-center-posts.md
search.appverid:
- MET150 - MOE150 ms.assetid: 9f7c2ff2-af65-4557-8840-0b84ce96d9bc
-description: "Learn to set your preferred launguage in Message center to automatically translate posts."
+description: "Message center posts are in English only but can be displayed automatically in the language you specify for Microsoft 365."
# Language translation for Message center posts
-Message center posts are written in English-only due to the timeliness of the information we are posting, but can be automatically displayed in the language specified by your personal language settings for Microsoft 365. If you set your preferred language to anything other than English, you'll see an option in Message center to automatically translate posts. The messages will be machine translated to your preferred language, meaning that a computer did the translation. This option controls the default view, but you can also use the drop-down menu to translate and display posts in any of the languages we support for translation. If you select English, we'll revert the message to the original English version.
+Message center posts are written in English-only due to the timeliness of the information we are posting, but can be automatically displayed in the language specified by your personal language settings for Microsoft 365. If you set your preferred language to anything other than English, you'll see an option in Message center to automatically translate posts. The messages is machine translated to your preferred language, meaning that a computer did the translation. This option controls the default view, but you can also use the drop-down menu to translate and display posts in any of the languages we support for translation. If you select English, we'll revert the message to the original English version.
+
+## Before you begin
> [!IMPORTANT] > Before you can choose your language settings for Message center, you have to set your preferred language. No translation options are shown when your language is set to English. You can't specify a preferred language for others, each person has to change this setting for themselves.
When your preferred language is not set to English, the translation options in M
To set Message center posts to automatically machine-translate and display in your preferred language, go to **Health** \> **Message center**. You'll see a switch at the top of the message list view to toggle automatic translation on or off. When this setting is off, posts are shown in English. When this setting is on, messages display in your preferred language. The setting you choose will persist for each visit to Message center.
+## Related content
+
+[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)
+
+[What subscription do I have?](../admin-overview/what-subscription-do-i-have.md) (article)
+
+[Stay on top of changes](../manage/stay-on-top-of-updates.md) (article)
+++
admin Manage Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
Updates for add-ins happen as follows:
- **Office Store add-in:** When an admin selected an add-in from the Office Store, if an add-in updates in the Office Store, the add-in will update later in Centralized Deployment. The next time the relevant Office applications start, the add-in will update. The web application can change at any time.
-## Learn more
+## Related content
-[Manage add-ins in the admin center](manage-addins-in-the-admin-center.md)
+[Manage add-ins in the admin center](manage-addins-in-the-admin-center.md) (article)
-[Build your first Word task pane add-in](/office/dev/add-ins/quickstarts/word-quickstart?tabs=yeomangenerator).
+[Build your first Word task pane add-in](/office/dev/add-ins/quickstarts/word-quickstart?tabs=yeomangenerator) (article)
-[Minors and acquiring add-ins from the store](minors-and-acquiring-addins-from-the-store.md)
+[Minors and acquiring add-ins from the store](minors-and-acquiring-addins-from-the-store.md) (article)
-[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md)
+[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md) (article)
-[Troubleshoot: User not seeing add-ins](/office365/troubleshoot/access-management/user-not-seeing-add-ins)
+[Troubleshoot: User not seeing add-ins](/office365/troubleshoot/access-management/user-not-seeing-add-ins) (article)
admin Remove Licenses From Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/remove-licenses-from-users.md
When you use the **Active users** page to unassign licenses, you unassign produc
## What happens to a user's data when you remove their license? -- When a license is removed from a user, data that is associated with that account is held for 30 days. After the 30-day grace period, the data is deleted and can't be recovered.
+- When a license is removed from a user, Exchange online data that is associated with that account is held for 30 days. After the 30-day grace period, the data is deleted and can't be recovered.
- Files saved in OneDrive for Business aren't deleted unless the user is deleted from the Microsoft 365 admin center or is removed through Active Directory synchronization. For more information, see [OneDrive retention and deletion](/onedrive/retention-and-deletion). - When the license is removed, the user's mailbox is no longer searchable by using an eDiscovery tool such as Content Search or Advanced eDiscovery. For more information, see "Searching disconnected or de-licensed mailboxes" in [Content Search in Microsoft 365](../../compliance/content-search.md). - If you have an Enterprise subscription, like Office 365 Enterprise E3, Exchange Online lets you preserve the mailbox data of a deleted user account by using [inactive mailboxes](../../compliance/inactive-mailboxes-in-office-365.md). For more information, see [Create and manage inactive mailboxes in Exchange Online](../../compliance/create-and-manage-inactive-mailboxes.md).
admin Share Calendars With External Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/share-calendars-with-external-users.md
search.appverid:
- MET150 - MOE150 ms.assetid: fb00dd4e-2d5f-4e8d-8ff4-94b2cf002bdd
-description: "Learn how to let your users share their calendars with external users for meetings and appointments."
+description: "Enable calendar sharing in the Microsoft 365 admin center so users can share their calendars with anyone inside or outside the organization."
# Share calendars with external users
You can enable calendar sharing for all users in your organization in the Micros
## Invite people to access calendars
-Once sharing is enabled, calendar owners can extend invitations to specific users. See [Sharing your calendar in Outlook Web App](https://support.microsoft.com/office/7ecef8ae-139c-40d9-bae2-a23977ee58d5) for instructions.
+Once sharing is enabled, calendar owners can extend invitations to specific users. See [Sharing your calendar in Outlook Web App](https://support.microsoft.com/office/7ecef8ae-139c-40d9-bae2-a23977ee58d5) for instructions.
+
+## Related content
+
+[Turn external sharing on or off for a site](/sharepoint/change-external-sharing-site) (article)
+
+[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)
+
+[Manage email and calendars](../email/index.yml) (link page)
admin Cortana Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
search.appverid:
- MET150 - MOE150 ms.assetid: 7257cb50-0d5c-4f7a-ac2e-9fe5d13bb5cb
-description: "When signed in with valid work or school accounts, users can get cloud-based assistance services with Cortana in Microsoft 365 experiences that meet Office 365ΓÇÖs enterprise-level privacy, security, and compliance promises."
+description: "Users with valid work or school accounts can get Cortana in Microsoft 365 experiences that meet Office 365 enterprise-level security promises."
# Cortana in Microsoft 365
Turn off Cortana access to your organization's Microsoft hosted data
3. Select **Save changes**. For services governed by the [Microsoft Services Agreement](https://go.microsoft.com/fwlink/p/?LinkId=2109174) andΓÇ»[Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement), Microsoft is the data controller. As the data controller, Microsoft uses data to improve products and services in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).++
+## Related content
+
+[Cortana voice assistance in Teams](/microsoftteams/cortana-in-teams) (article)
+
+[Configure Cortana in Windows 10](/windows/configuration/cortana-at-work/cortana-at-work-overview) (article)
+
+[What can you do with Play My Emails from Cortana?](https://support.microsoft.com/help/4558256)
admin Password Policy Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md
search.appverid:
- MET150 - MOE150 ms.assetid: 9fa2539a-2211-41fd-85a0-bc37b9619ca4
-description: "Learn how to make your organization more secure against password attacks, and why you should ban common passwords and enable risk-based multi-factor authentication."
+description: "Make your organization more secure against password attacks, and ban common passwords and enable risk-based multi-factor authentication."
# Password policy recommendations
admin Enable Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/enable-modern-authentication.md
To disable modern authentication on a device, set the following registry keys on
|:-|::|--:| |HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL |REG_DWORD|0|
-## Related articles
-[Sign in to Office 2013 with a second verification method](https://support.microsoft.com/office/2b856342-170a-438e-9a4f-3c092394d3cb)
+## Related content
-[Outlook prompts for password and doesn't use Modern Authentication to connect to Office 365](/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled)
+[Sign in to Office 2013 with a second verification method](https://support.microsoft.com/office/2b856342-170a-438e-9a4f-3c092394d3cb) (article)
+
+[Outlook prompts for password and doesn't use Modern Authentication to connect to Office 365](/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled) (article)
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
search.appverid:
- MET150 - MOE150 ms.assetid: de2da300-dbb6-4725-bb12-b85a9d296e75
-description: "Protect your business email and data from cyber threats, including ransomware, phishing, and malicious attachments. "
+description: "Protect your business email and data from cyber threats, including ransomware, phishing, and malicious attachments."
# Top 10 ways to secure Microsoft 365 for business plans
To create a new policy targeted to all recipients in your domain:
| For more information, see [Safe Links in Microsoft Defender for Office 365](../../security/office-365-security/atp-safe-links.md).+
+## Related content
+
+[Multi-factor authentication for Microsoft 365](multi-factor-authentication-microsoft-365.md) (article)
+
+[Manage and monitor priority accounts](../setup/priority-accounts.md) (article)
+
+[Microsoft 365 Reports in the admin center](../activity-reports/activity-reports.md) (video)
admin Create Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
-description: Learn how to create distribution groups or lists in the Microsoft 365 admin center so you can send emails to a group without having to type each recipient's name.
+description: "Create distribution groups or lists in the Microsoft 365 admin center so you can send emails to a group without typing each recipient's name."
# Create distribution groups in the Microsoft 365 admin center
Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=850
Check out how to use group in Outlook 2016 and Outlook on the web in [Use contact groups (formerly distribution lists) in Outlook](https://support.microsoft.com/office/1c97fcb2-0ed4-41e6-b401-58f9d7d40e39). Check out [Distribution group issues](/office365/troubleshoot/groups/distribution-list-issues) for help with distribution list issues. +
+## Related content
+
+[User email settings](../email/office-365-user-email-settings.md) (article)
+
+[Create, edit, or delete a security group in the Microsoft 365 admin center](../email/create-edit-or-delete-a-security-group.md) (article)
+
+[Create a shared mailbox](../email/create-a-shared-mailbox.md) (article)
admin Create Signatures And Disclaimers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md
search.appverid:
- MET150 - MOE150 ms.assetid: 2d75860f-c527-4352-a7f6-73eba54c0c72
-description: Learn to manage email signatures, including legal disclaimers or disclosure statements for all email messages that enter or leave your organization.
+description: "Manage email signatures, including legal disclaimers or disclosure statements for all email messages that enter or leave your organization."
# Create organization-wide signatures and disclaimers
To gain these and other capabilities to manage email signatures, use a third-par
## More resources -- See [Organization-wide message disclaimers, signatures, footers, or headers in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/disclaimers-signatures-footers-or-headers) for information about using PowerShell.
+For information about using PowerShell, see [Organization-wide message disclaimers, signatures, footers, or headers in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/disclaimers-signatures-footers-or-headers).
+
+## Related content
+
+[Migrate email and contacts to Microsoft 365](migrate-email-and-contacts-admin.md) (video)
+
+[User email settings](../email/office-365-user-email-settings.md) (article)
+
+[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)
+
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
Watch a short video about storing files in the Microsoft 365 cloud.<br><br>
If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).
-## "Microsoft 365 document storage and management"
+## Microsoft 365 document storage and management
- OneDrive is designed for individual use, with the occasional sharing of files.
admin Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/usage-analytics.md
description: "Get an overview of how your organization is adopting Microsoft 365
# Microsoft 365 usage analytics
-## Overview of Microsoft 365 usage analytics
- Use Microsoft 365 usage analytics within Power BI to gain insights on how your organization is adopting the various services within Microsoft 365. You can visualize and analyze Microsoft 365 usage data, create custom reports and share the insights within your organization. You can also gain insights into how specific regions or departments are using Microsoft 365. Microsoft 365 usage analytics gives you access to a pre-built dashboard that provides a cross-product view of the last 12 months and contains a number of pre-built reports. Each report provides you with specific usage insights. User-specific information is available for the last full calendar month.
If a partner has delegated admin rights, he or she can connect to the template a
### Can I hide identifiable information such as user, group, and site names in reports? Yes, see [Make the collected data anonymous](enable-usage-analytics.md#make-the-collected-data-anonymous).+
+## Related content
+
+[Enable Microsoft 365 usage analytics](enable-usage-analytics.md) (article)
+
+[Navigate and utilize the reports in Microsoft 365 usage analytics](navigate-and-utilize-reports.md) (article)
+
+[Review usage reports in Microsoft 365](../../business-video/act-on-report.md) (video)
commerce Add Storage Space https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/add-storage-space.md
- AdminSurgePortfolio - commerce_purchase search.appverid: MET150
-description: "Learn to add and reduce file storage in your Microsoft 365 subscription. With extra file storage, you can store more content in SharePoint Online and OneDrive."
+description: "Add file storage in your Microsoft 365 subscription. With extra file storage, you can store more content in SharePoint Online and OneDrive."
Last updated 04/02/2021
commerce Buy Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/buy-licenses.md
- manage_licenses - commerce_licensing search.appverid: MET150
-description: "Learn how to buy more licenses or reduce the number of licenses for your Microsoft 365 for business subscription."
+description: "Use these steps to buy more licenses or reduce the number of licenses for your Microsoft 365 for business subscription."
Last updated 04/07/2021
commerce Subscriptions And Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/subscriptions-and-licenses.md
- manage_licenses - commerce_licensing search.appverid: MET150
-description: "Learn about subscriptions and licenses in Microsoft 365 for business."
+description: "The applications and services that you receive depend on which Microsoft 365 product you purchased, such as Microsoft 365 Apps for business."
Last updated 07/01/2020
commerce Reactivate Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/reactivate-your-subscription.md
- AdminSurgePortfolio - commerce_subscriptions search.appverid: MET150
-description: "Learn how to reactivate your subscription when it expires, is disabled, or canceled."
+description: "Admins can reactivate a subscription when it expires, is disabled, or canceled, or if you canceled in the middle of a subscription term."
Last updated 04/07/2021
commerce Try Or Buy Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/try-or-buy-microsoft-365.md
- AdminSurgePortfolio - commerce_purchase search.appverid: MET150
-description: "Learn how to get a free trial or buy a subscription for Microsoft 365 for business."
+description: "Sign up for a free 30-day trial for Microsoft 365 Business Standard, Microsoft 365 Business Premium, or Microsoft 365 Apps for business."
Last updated 08/07/2020
you can move users to it. To learn how, see [Move users to a different subscript
## Related content
-[Microsoft 365 for business training videos](https://support.office.com/article/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816) (training
-videos)\
+[Microsoft 365 for business training videos](https://support.office.com/article/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816) (video)\
[Add users and assign licenses at the same time](../admin/add-users/add-users.md) (article)\ [Assign licenses to users](../admin/manage/assign-licenses-to-users.md) (article)\ [Upgrade to a different plan](subscriptions/upgrade-to-different-plan.md) (article)\ [Buy or edit an add-on for Microsoft 365 for business](buy-or-edit-an-add-on.md) (article)\
-[Add storage space for your subscription](add-storage-space.md)
+[Add storage space for your subscription](add-storage-space.md) (article)
compliance Create Test Tune Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-test-tune-dlp-policy.md
At the first **Policy Settings** step, just accept the defaults for now. You can
![Options to customize the type of content to protect](../media/DLP-create-test-tune-default-customization-settings.png)
-After clicking Next,** you'll be presented with an additional **Policy Settings** page with more customization options. For a policy that you are just testing, here's where you can start to make some adjustments.
+After clicking Next,** you'll be presented with an more **Policy Settings** page with more customization options. For a policy that you are just testing, here's where you can start to make some adjustments.
-- I've turned off policy tips for now, which is a reasonable step to take if you're just testing things out and don't want to display anything to users yet. Policy tips display warnings to users that they're about to violate a DLP policy. For example, an Outlook user will see a warning that the file they've attached contains credit card numbers and will cause their email to be rejected. The goal of policy tips is to stop the non-compliant behaviour before it happens.
+- I've turned off policy tips for now, which is a reasonable step to take if you're just testing things out and don't want to display anything to users yet. Policy tips display warnings to users that they're about to violate a DLP policy. For example, an Outlook user will see a warning that the file they've attached contains credit card numbers and will cause their email to be rejected. The goal of policy tips is to stop the non-compliant behavior before it happens.
- I've also decreased the number of instances from 10 to 1, so that this policy will detect any sharing of Australian PII data, not just bulk sharing of the data. - I've also added another recipient to the incident report email.
Finally, I've configured this policy to run in test mode initially. Notice there
![Option to test out policy first](../media/DLP-create-test-tune-test-mode.png)
-On the final review screen click **Create** to finish creating the policy.
+On the final review screen, click **Create** to finish creating the policy.
## Test a DLP policy
As an example, the DLP policy I created for this article will detect Australian
![Documentation on Australia Tax File Number](../media/DLP-create-test-tune-Australia-Tax-File-Number-doc.png)
-To demonstrate TFN detection in a rather blunt manner, an email with the words "Tax file number" and a 9 digit string in close proximity will sail through without any issues. The reason it does not trigger the DLP policy is that the 9-digit string must pass the checksum that indicates it is a valid TFN and not just a harmless string of numbers.
+To demonstrate TFN detection in a rather blunt manner, an email with the words "Tax file number" and a nine digit string in close proximity will sail through without any issues. The reason it does not trigger the DLP policy is that the nine digit string must pass the checksum that indicates it is a valid TFN and not just a harmless string of numbers.
![Australia tax file number that does not pass checksum](../media/DLP-create-test-tune-email-test1.png)
-In comparison, an email with the words "Tax file number" and a valid TFN that passes the checksum will trigger the policy. For the record here, the TFN I'm using was taken from a website that generates valid, but not genuine, TFNs. Such sites are very useful because one of the most common mistakes when testing a DLP policy is using a fake number that's not valid and won't pass the checksum (and therefore won't trigger the policy).
+In comparison, an email with the words "Tax file number" and a valid TFN that passes the checksum will trigger the policy. For the record here, the TFN I'm using was taken from a website that generates valid, but not genuine, TFNs. Such sites are useful because one of the most common mistakes when testing a DLP policy is using a fake number that's not valid and won't pass the checksum (and therefore won't trigger the policy).
![Australia tax file number that passes the checksum](../media/DLP-create-test-tune-email-test2.png)
If you leave your DLP policy in test mode and analyze the incident report emails
## Tune a DLP policy
-As you analyze your policy hits you might want to make some adjustments to how the policies behave. As a simple example, you might determine that one TFN in email is not a problem (I think it still is, but let's go with it for the sake of demonstration), but two or more instances is a problem. Multiple instances could be a risky scenario such as an employee emailing a CSV export from the HR database to an external party, for example an external accounting service. Definitely something you would prefer to detect and block.
+As you analyze your policy hits, you might want to make some adjustments to how the policies behave. As a simple example, you might determine that one TFN in an email is not a problem (I think it still is, but let's go with it for the sake of demonstration), but two or more instances are a problem. Multiple instances could be a risky scenario such as an employee emailing a CSV export from the HR database to an external party, for example an external accounting service. Definitely something you would prefer to detect and block.
-In the Security & Compliance Center you can edit an existing policy to adjust the behaviour.
+In the Compliance Center you can edit an existing policy to adjust the behavior.
![Option to edit policy](../media/DLP-create-test-tune-edit-policy.png)
You can also adjust the policy settings and edit the rules to better suit your n
![Option to edit rule](../media/DLP-create-test-tune-edit-rule.png)
-When editing a rule within a DLP policy you can change:
+When editing a rule within a DLP policy, you can change:
- The conditions, including the type and number of instances of sensitive data that will trigger the rule. - The actions that are taken, such as restricting access to the content.
When editing a rule within a DLP policy you can change:
![Options to edit parts of a rule](../media/DLP-create-test-tune-editing-options.png)
-For this demonstration I've added user notifications to the policy (be careful of doing this without adequate user awareness training), and allowed users to override the policy with a business justification or by flagging it as a false positive. Note that you can also customize the email and policy tip text if you want to include any additional information about your organization's policies, or prompt users to contact support if they have questions.
+For this demonstration I've added user notifications to the policy (be careful of doing this without adequate user awareness training), and allowed users to override the policy with a business justification or by flagging it as a false positive. You can also customize the email and policy tip text if you want to include any additional information about your organization's policies, or prompt users to contact support if they have questions.
![Options for user notifications and overrides](../media/DLP-create-test-tune-user-notifications.png)
The user can report the false positive, and the administrator can look into why
![Incident report showing false positive](../media/DLP-create-test-tune-false-positive-incident-report.png)
-This driver's license case is a good example to dig into. The reason this false positive has occurred is that the "Australian Driver's License" type will be triggered by any 9-digit string (even one that is part of a 10-digit string), within 300 characters proximity to the keywords "sydney nsw" (not case sensitive). So it's triggered by the phone number and email signature, only because the user happens to be in Sydney.
+This driver's license case is a good example to dig into. The reason this false positive has occurred is that the "Australian Driver's License" type will be triggered by any 9-digit string (even one that is part of a 10-digit string), within 300 characters proximity to the keywords "Sydney nsw" (not case sensitive). So it's triggered by the phone number and email signature, only because the user happens to be in Sydney.
One option is to remove the Australian driver's license information type from the policy. It's in there because it's part of the DLP policy template, but we're not forced to use it. If you're only interested in Tax File Numbers and not driver's licenses, you can just remove it. For example, you can remove it from the low volume rule in the policy, but leave it in the high volume rule so that lists of multiple drivers licenses are still detected.
Policies that restrict content will present the warning to the user as part of t
## Summary
-Data loss prevention policies are useful for organizations of all types. Testing some DLP policies is a low risk exercise due to the control you have over things like policy tips, end user overrides, and incident reports. You can quietly test some DLP policies to see what type of violations are already occurring in your organization, and then craft policies with low false positive rates, educate your users on what is allowed and not allowed, and then roll out your DLP policies to the organization.
+Data loss prevention policies are useful for organizations of all types. Testing some DLP policies is a low risk exercise due to the control you have over things like policy tips, end-user overrides, and incident reports. You can quietly test some DLP policies to see what type of violations are already occurring in your organization, and then craft policies with low false positive rates, educate your users on what is allowed and not allowed, and then roll out your DLP policies to the organization.
compliance Data Loss Prevention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-loss-prevention-policies.md
A preconfigured DLP policy template can help you detect specific types of sensit
Your organization may also have its own specific requirements, in which case you can create a DLP policy from scratch by choosing the **Custom policy** option. A custom policy is empty and contains no premade rules.
-## Roll out DLP policies gradually with test mode
+<!-- ## Roll out DLP policies gradually with test mode
+
+rehomed to Plan for DLP
When you create your DLP policies, you should consider rolling them out gradually to assess their impact and test their effectiveness before fully enforcing them. For example, you don't want a new DLP policy to unintentionally block access to thousands of documents that people require access to in order to get their work done.
If you're creating DLP policies with a large potential impact, we recommend foll
You can also change the priority of multiple rules in a policy. To do that, open a policy for editing. In a row for a rule, choose the ellipses (**...**), and then choose an option, such as **Move down** or **Bring to last**. > [!div class="mx-imgBorder"]
- > ![Set rule priority](../media/dlp-set-rule-priority.png)
+ > ![Set rule priority](../media/dlp-set-rule-priority.png)-->
## DLP reports
compliance Dlp Microsoft Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-microsoft-teams.md
- M365-security-compliance search.appverid: - MET150
-description: "You can now apply DLP policies to Microsoft Teams chats and channels. Read this article to learn more about how it works."
+description: "Microsoft Teams chats and channels supports Data Loss Prevention (DLP) policies."
# Data loss prevention and Microsoft Teams
-> [!NOTE]
-> Data loss prevention capabilities were recently added to Microsoft Teams chat and channel messages for users licensed for Office 365 E5/A5, Microsoft 365 E5/A5, Microsoft 365 Information Protection and Governance or Office 365 Advanced Compliance. Office 365 and Microsoft 365 E3 include DLP protection for SharePoint Online, OneDrive, and Exchange Online. This also includes files that are shared through Teams because Teams uses SharePoint Online and OneDrive to share files.
-Support for DLP protection in Teams Chat requires E5.
-To learn more about licensing requirements, see [Microsoft 365 Tenant-Level Services Licensing Guidance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance).
+If your organization has data loss prevention (DLP), you can define policies that prevent people from sharing sensitive information in a Microsoft Teams channel or chat session. Here are some examples of how this protection works:
+
+- **Example 1: Protecting sensitive information in messages**. Suppose that someone attempts to share sensitive information in a Teams chat or channel with guests (external users). If you have a DLP policy defined to prevent this, messages with sensitive information that are sent to external users are deleted. This happens automatically, and within seconds, according to how your DLP policy is configured.
+
+ > [!NOTE]
+ > DLP for Microsoft Teams blocks sensitive content when shared with Microsoft Teams users who have:<br/>- [guest access](/MicrosoftTeams/guest-access) in teams and channels; or<br/>- [external access](/MicrosoftTeams/manage-external-access) in meetings and chat sessions. <p>DLP for external chat sessions will only work if both the sender and the receiver are in Teams Only mode and using [Microsoft Teams native federation](/microsoftteams/manage-external-access). DLP for Teams does not block messages in [interop](/microsoftteams/teams-and-skypeforbusiness-coexistence-and-interoperability#interoperability-of-teams-and-skype-for-business) with Skype for Business or non-native federated chat sessions.
+
+- **Example 2: Protecting sensitive information in documents**. Suppose that someone attempts to share a document with guests in a Microsoft Teams channel or chat, and the document contains sensitive information. If you have a DLP policy defined to prevent this, the document won't open for those users. Your DLP policy must include SharePoint and OneDrive in order for protection to be in place. This is an example of DLP for SharePoint that shows up in Microsoft Teams, and therefore requires that users are licensed for Office 365 DLP (included in Office 365 E3), but does not require users to be licensed for Office 365 Advanced Compliance.)
+
+## DLP Licensing for Microsoft Teams
-## Overview of DLP for Microsoft Teams
+[Data loss prevention](dlp-learn-about-dlp.md) capabilities were extended to include Microsoft Teams chat and channel messages, **including private channel messages** for:
-Recently, [data loss prevention](dlp-learn-about-dlp.md) capabilities were extended to include Microsoft Teams chat and channel messages, **including private channel messages**.
+- Office 365 E5/A5
+- Microsoft 365 E5/A5
+- Microsoft 365 Information Protection and Governance
+- Office 365 Advanced Compliance
+
+Office 365 and Microsoft 365 E3 include DLP protection for SharePoint Online, OneDrive, and Exchange Online. This also includes files that are shared through Teams because Teams uses SharePoint Online and OneDrive to share files.
+
+Support for DLP protection in Teams Chat requires E5.
+
+To learn more about licensing requirements, see [Microsoft 365 Tenant-Level Services Licensing Guidance](https://docs.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
> [!IMPORTANT]
-> DLP currently applies only to the actual messages in the chat or channel thread. Activity notifications -- which include a short message preview and appear based on a user's notification settings -- are **not** included in Teams DLP at this time. Any sensitive information present in the part of the message that appears in the preview will remain visible in the notification even after the DLP policy has been applied and removed sensitive information the message itself.
+> DLP applies only to the actual messages in the chat or channel thread. Activity notifications -- which include a short message preview and appear based on a user's notification settings -- are **not** included in Teams DLP. Any sensitive information present in the part of the message that appears in the preview will remain visible in the notification even after the DLP policy has been applied and removed sensitive information the message itself.
-If your organization has DLP, you can now define policies that prevent people from sharing sensitive information in a Microsoft Teams channel or chat session. Here are some examples of how this protection works:
+## Scope of DLP protection
-- **Example 1: Protecting sensitive information in messages**. Suppose that someone attempts to share sensitive information in a Teams chat or channel with guests (external users). If you have a DLP policy defined to prevent this, messages with sensitive information that are sent to external users are deleted. This happens automatically, and within seconds, according to how your DLP policy is configured.
+DLP protection are applied differently to Teams entities.
- > [!NOTE]
- > DLP for Microsoft Teams blocks sensitive content when shared with Microsoft Teams users who have:<br/>- [guest access](/MicrosoftTeams/guest-access) in teams and channels; or<br/>- [external access](/MicrosoftTeams/manage-external-access) in meetings and chat sessions. <p>DLP for external chat sessions will only work if both the sender and the receiver are in Teams Only mode and using [Microsoft Teams native federation](/microsoftteams/manage-external-access). DLP for Teams does not block messages in [interop](/microsoftteams/teams-and-skypeforbusiness-coexistence-and-interoperability#interoperability-of-teams-and-skype-for-business) with Skype for Business or non-native federated chat sessions.
+|User Accounts/Groups/List |Teams Entity |DLP protection available|
+||||
+|individual user accounts |1:1/n chats |yes |
+| |general chats |no |
+| |shared channels |no |
+| |private channels |yes |
+|security groups/distribution lists | 1:1/n chats |yes |
+| |general chats |no |
+| |shared channels |no |
+| |private channels |yes |
+|Microsoft 365 group |1:1/n chats |no |
+| |general chats |yes |
+| |shared channels|yes |
+| |private channels|no|
-- **Example 2: Protecting sensitive information in documents**. Suppose that someone attempts to share a document with guests in a Microsoft Teams channel or chat, and the document contains sensitive information. If you have a DLP policy defined to prevent this, the document won't open for those users. Note that in this case, your DLP policy must include SharePoint and OneDrive in order for protection to be in place. (This is an example of DLP for SharePoint that shows up in Microsoft Teams, and therefore requires that users are licensed for Office 365 DLP (included in Office 365 E3), but does not require users to be licensed for Office 365 Advanced Compliance.) ## Policy tips help educate users
-Similar to how DLP works in [Exchange, Outlook, Outlook on the web](data-loss-prevention-policies.md#policy-evaluation-in-exchange-online-outlook-and-outlook-on-the-web), [SharePoint Online, OneDrive for Business sites](data-loss-prevention-policies.md#policy-evaluation-in-onedrive-for-business-and-sharepoint-online-sites), and [Office desktop clients](data-loss-prevention-policies.md#policy-evaluation-in-the-office-desktop-programs), policy tips appear when an action conflicts with a DLP policy. Here's an example of a policy tip:
+Similar to how DLP works in [Exchange, Outlook, Outlook on the web](data-loss-prevention-policies.md#policy-evaluation-in-exchange-online-outlook-and-outlook-on-the-web), [SharePoint Online, OneDrive for Business sites](data-loss-prevention-policies.md#policy-evaluation-in-onedrive-for-business-and-sharepoint-online-sites), and [Office desktop clients](data-loss-prevention-policies.md#policy-evaluation-in-the-office-desktop-programs), policy tips appear when an action triggers with a DLP policy. Here's an example of a policy tip:
![Blocked message notification in Teams](../media/dlp-teams-blockedmessage-notification.png)
-In this case, the sender attempted to share a social security number in a Microsoft Teams channel. The **What can I do?** link opens a dialog box that provides options for the sender to resolve the issue. Notice that in this case, the sender can opt to override the policy, or notify an admin to review and resolve it.
+Here, the sender attempted to share a social security number in a Microsoft Teams channel. The **What can I do?** link opens a dialog box that provides options for the sender to resolve the issue. Notice that, the sender can opt to override the policy, or notify an admin to review and resolve it.
![Options to resolve blocked message](../media/dlp-teams-blockedmessage-possibleactions.png)
-In your organization, you can choose to allow users to override a DLP policy. And, when you configure your DLP policies, you can use the default policy tips, or [customize policy tips](#to-customize-policy-tips) for your organization.
+In your organization, you can choose to allow users to override a DLP policy. When you configure your DLP policies, you can use the default policy tips, or [customize policy tips](#to-customize-policy-tips) for your organization.
Returning to our example, where a sender shared a social security number in a Teams channel, here's what the recipient saw:
Returning to our example, where a sender shared a social security number in a Te
To perform this task, you must be assigned a role that has permissions to edit DLP policies. To learn more, see [Permissions](data-loss-prevention-policies.md#permissions).
-1. Go to the Security & Compliance Center ([https://protection.office.com](https://protection.office.com)) and sign in.
+1. Go to the Compliance Center ([https://compliance.microsoft.com](https://compliance.microsoft.com)) and sign in.
2. Choose **Data loss prevention** > **Policy**.
Allow approximately one hour for your changes to work their way through your dat
To perform this task, you must be assigned a role that has permissions to edit DLP policies. To learn more, see [Permissions](data-loss-prevention-policies.md#permissions).
-1. Go to the Security & Compliance Center ([https://protection.office.com](https://protection.office.com)) and sign in.
+1. Go to the Compliance Center ([https://compliance.microsoft.com](https://compliance.microsoft.com)) and sign in.
2. Choose **Data loss prevention** > **Policy**.
Allow approximately one hour for your changes to work their way through your dat
To perform this task, you must be assigned a role that has permissions to edit DLP policies. To learn more, see [Permissions](data-loss-prevention-policies.md#permissions).
-1. Go to the Security & Compliance Center ([https://protection.office.com](https://protection.office.com)) and sign in.
+1. Go to the Compliance Center ([https://compliance.microsoft.com](https://compliance.microsoft.com)) and sign in.
2. Choose **Data loss prevention** > **Policy** > **+ Create a policy**.
To perform this task, you must be assigned a role that has permissions to edit D
> [!NOTE] > If you want to make sure documents that contain sensitive information are not shared inappropriately in Teams, make sure **SharePoint sites** and **OneDrive accounts** are turned on, along with **Teams chat and channel messages**.
-6. On the **Policy settings** tab, under **Customize the type of content you want to protect**, keep the default simple settings, or choose **Use advanced settings**, and then choose **Next**. If you choose advanced settings, you can create or edit rules for your policy. (To get help with this, see [Simple settings vs. advanced settings](data-loss-prevention-policies.md#simple-settings-vs-advanced-settings).)
+6. On the **Policy settings** tab, under **Customize the type of content you want to protect**, keep the default simple settings, or choose **Use advanced settings**, and then choose **Next**. If you choose advanced settings, you can create or edit rules for your policy. To get help with this, see [Simple settings vs. advanced settings](data-loss-prevention-policies.md#simple-settings-vs-advanced-settings).
-7. On the **Policy settings** tab, under **What do you want to do if we detect sensitive info?**, review the settings. (Here's where you can choose to keep default [policy tips and email notifications](use-notifications-and-policy-tips.md), or customize them.)
+7. On the **Policy settings** tab, under **What do you want to do if we detect sensitive info?**, review the settings. Here's where you can choose to keep default [policy tips and email notifications](use-notifications-and-policy-tips.md), or customize them.
> [!div class="mx-imgBorder"] > ![DLP policy settings with tips and notifications](../media/dlp-teams-policysettings-tipsemails.png) When you're finished reviewing or editing settings, choose **Next**.
-8. On the **Policy settings** tab, under **Do you want to turn on the policy or test things out first?**, choose whether to turn the policy on, [test it first](data-loss-prevention-policies.md#roll-out-dlp-policies-gradually-with-test-mode), or keep it turned off for now, and then choose **Next**.
+8. On the **Policy settings** tab, under **Do you want to turn on the policy or test things out first?**, choose whether to turn the policy on, [test it first](dlp-overview-plan-for-dlp.md#policy-deployment), or keep it turned off for now, and then choose **Next**.
> [!div class="mx-imgBorder"] > ![Specify whether to turn the policy on](../media/dlp-teams-policysettings-turnonnow.png)
To ensure that SharePoint documents that contain sensitive information cannot be
- Recommended DLP policy structure - **Conditions**
- - Content contains any of these sensitive information types: [Select all that applies]
+ - Content contains any of these sensitive information types: [Select all that apply]
- Content is shared from Microsoft 365 with people outside my organization
DLP policy in action when guest attempts to open a document in Teams with block
## Related articles
-[Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md)
-
-[Send email notifications and show policy tips for DLP policies](use-notifications-and-policy-tips.md)
+- [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md)
+- [Send email notifications and show policy tips for DLP policies](use-notifications-and-policy-tips.md)
compliance Dlp Overview Plan For Dlp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-overview-plan-for-dlp.md
+
+ Title: "Plan for data loss prevention"
+f1.keywords:
+- NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+
+- M365-security-compliance
+search.appverid:
+- MET150
+description: "Overview of the planning process for data loss prevention"
++
+# Plan for data loss prevention (DLP)
+
+Every organization will plan for and implement data loss prevention (DLP) differently, because every organization's business needs, goals, resources, and situation are unique to them. However, there are elements that are common to all successful DLP implementations. This article presents the best practices that are used by organizations in their DLP planning.
+
+## Multiple starting points
+
+Many organizations choose to implement DLP to comply with various governmental or industry regulations. For example, the European Union's General Data Protection Regulation (GDPR), or the Health Insurance Portability and Accountability Act (HIPAA), or the California Consumer Privacy Act (CCPA). They also implement data loss prevention to protect their intellectual property. But the starting place and ultimate destination in the DLP journey vary.
+
+Organizations can start their DLP journey:
+
+- from a platform focus, like wanting to protect information in Teams Chat and Channel messages or on Windows 10 devices
+- knowing what sensitive information they want to prioritize protecting, like health care records, and going straight to defining policies to protect it
+- without knowing what their sensitive information is, where it is, and who is doing what with it so they start with discovery and categorization and take a more methodical approach
+- without knowing what their sensitive information is, or where it is, or who is doing what with it, but they will move straight to defining policies and use those outcomes as a starting place and then refine their policies from there
+- knowing that they need to implement the full Microsoft 365 Information Protection stack and so intend to take a longer term, methodical approach
+
+These are just some examples of how customers can approach DLP and it doesn't matter where you start from, Microsoft 365 DLP is flexible enough to accommodate various types of information protection journeys from start to a fully realized data loss prevention strategy.
+
+## Overview of planning process
+
+The [Learn about data loss prevention](dlp-learn-about-dlp.md#learn-about-data-loss-prevention) introduces the three different aspects of the [DLP planning process](dlp-learn-about-dlp.md#plan-for-dlp). We'll go into more detail here on the elements that are common to all DLP plans.
+
+### Identify stakeholders
+
+When implemented, DLP policies can be applied across large portions of your organization. IT can't develop a broad ranging plan on their own without negative consequences. You need to identify the stakeholders who can:
+
+- describe the regulations, laws, and industry standards your organization is subject to
+- the categories of sensitive items to be protected
+- the business processes they are used in
+- the risky behavior that should be limited
+- prioritize which data should be protected first based on the sensitivity of the items and risk involved
+- outline the DLP policy match event review and remediation process
+
+In general these needs tend to be 85% regulatory and compliance protection, and 15% intellectual property protection. Here are some suggestions on roles to include in your planning process:
+
+- Regulatory and compliance officers
+- Chief risk officer
+- Legal officers
+- Security and compliance officers
+- Business owners for the data items
+- Business users
+- IT
+
+### Describe the categories of sensitive information to protect
+
+The stakeholders then describe the categories of sensitive information to be protected and the business process that they're used in. For example, Microsoft 365 DLP defines these categories:
+
+- Financial
+- Medical and health information
+- Privacy
+- Custom
+
+The stakeholders might identify the sensitive information as "We are a data processor, so we have to implement privacy protections on data subject information and financial information".
+
+
+ <!-- The business process is important as it informs the ΓÇÿdata at restΓÇÖ, ΓÇÿdata in transitΓÇÖ, ΓÇÿdata in useΓÇÖ aspect of DLP planning and who should be sharing the items and who should not.-->
+
+### Set goals and strategy
+
+Once you have identified your stakeholders and you know which sensitive information needs protection and where it's used, the stakeholders can set their protection goals and IT can develop an implementation plan.
++
+ <!--
+### Discovery
+ for the locations (DLP workloads) of these types of items. (mapping DLP locations and data at rest, data in transit, data in use)
+
+### IT can start coding test policies
+start small and always in test mode. Note that DLP policies can feed into insider risk.
+
+### Business process owners help with tuning
+ false positive/false negative results and fitting DLP into their business processes.
+
+-->
+
+### Set implementation plan
+
+Your implementation plan should include:
+
+- Mapping out your starting state and desired end state and the steps to get from one to the other
+- how you will address discovery of sensitive items
+- policy planning and the order that they will be implemented
+- how you will address any prerequisites
+- planning on how policies will first be tested before moving to enforcement
+- how you will train your end users
+- how you will test and tune your policies
+- how you will review and update your data loss prevention strategy based on changing regulatory, legal, industry standard or intellectual property protection and business needs
+
+#### Map out path from start to desired end state
+
+Documenting how your organization is going to get from its starting state to the desired end state is essential to communicating with your stakeholders and setting the project scope. Here is a set of steps that are commonly used to deploy DLP. You'll want more detail than this, but you can use this to frame your DLP adoption path.
+
+![graphic showing common order for deploying DLP](../media/dlp-deployment-planning.png)
+
+#### Sensitive item discovery
+
+There are multiple ways to discover what individual sensitive items are and where they are located. You may have sensitivity labels already deployed or you may have decided to deploy a broad DLP policy to all locations that only discovers and audits items. To learn more, see [Know your data](information-protection.md#know-your-data).
+
+#### Policy planning
+
+As you begin your DLP adoption, you can use these questions to focus your policy design and implementation efforts.
+
+##### What laws, regulations and industry standards must your organization comply with?
+
+Because many organizations come to DLP with the goal of regulatory compliance, answering this question is a natural starting place for planning your DLP implementation. But, as the IT implementer, you're probably not positioned to answer it. It needs to be answered by your legal team and business executives.
+
+**Example** Your organization is subject to U.K. financial regulations.
++
+##### What sensitive items does your organization have that must be protected from leakage?
+
+Once your organization knows where it stands in terms of regulatory compliance needs, you'll have some idea of what sensitive items need to be protected from leakage and how you want to prioritize policy implementation to protect them. This will help you choose the most appropriate DLP policy templates. Microsoft 365 comes with pre-configured DLP templates for Financial, Medical and health, Privacy, and you can build your own using the Custom template. As you design and create your actual DLP policies, knowing the answer to this question will also help you choose the right [sensitive information type](sensitive-information-type-learn-about.md#learn-about-sensitive-information-types).
+
+**Example** To get started quickly, you pick the `U.K. Financial Data` policy template, which includes the `Credit Card Number`, `EU Debit Card Number`, and `SWIFT Code` sensitive information types.
+
+##### Where are the sensitive items and what business processes are they involved in?
+
+The items that contain your organizations sensitive information are used every day in the course of doing business. You need to know where instances of that sensitive information may occur and what business processes they are used in. This will help you choose the right locations to apply your DLP policies to. Microsoft 365 DLP policies are applied to locations:
+
+- Exchange email
+- SharePoint sites
+- OneDrive accounts
+- Teams chat and channel messages
+- Windows 10 Devices
+- Microsoft Cloud App Security
+- On-premises repositories
+
+**Example** Your organizations' internal auditors are tracking a set of credit card numbers. They keep a spreadsheet of them in a secure SharePoint site. Several of the employees make copies and save them to their work OneDrive for Business site, which is synced to their Windows 10 device. One of them pastes a list of 14 of them in an email and tries to send it to the outside auditors for review. You'd want to apply the policy to the secure SharePoint site, all the internal auditors OneDrive for Business accounts, their Windows 10 devices, and Exchange email.
+
+##### What is your organizations tolerance for leakage?
+
+Different groups in your organization may have different views on what's an acceptable level of sensitive item leakage and what's not. Achieving the perfection of zero leakage may come at too high a cost to the business.
+
+**Example** Your organizations' security group, along with the legal team both feel that there should be no sharing of credit card numbers with anyone outside the org and insist on zero leakage. But, as part of regular review of credit card number activity, the internal auditors must share some credit card numbers with third-party auditors. If your DLP policy prohibits all sharing of credit card numbers outside the org, there will be a significant business process disruption and added cost to mitigate the disruption in order for the internal auditors to complete their tracking. This extra cost is unacceptable to the executive leadership. To resolve this, there needs to be an internal conversation to decide an acceptable level of leakage. Once that is decided the policy can provide exceptions for certain individuals to share the information or it can be applied in audit only mode.
+
+#### Planning for prerequisites
+
+Before you can monitor some DLP locations, there are prerequisites that must be met. See the **Before you begin** sections of:
+
+- [Get started with the data loss prevention on-premises scanner (preview)](dlp-on-premises-scanner-get-started.md#before-you-begin)
+- [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md#before-you-begin)
+- [Get started with the Microsoft compliance extension (preview)](dlp-chrome-get-started.md#before-you-begin)
+- [Use data loss prevention policies for non-Microsoft cloud apps (preview)](dlp-use-policies-non-microsoft-cloud-apps.md#before-you-begin)
+
+#### Policy deployment
+
+When you create your DLP policies, you should consider rolling them out gradually to assess their impact and test their effectiveness before fully enforcing them. For example, you don't want a new DLP policy to unintentionally block access to thousands of documents or to break an existing business process.
+
+If you're creating DLP policies with a large potential impact, we recommend following this sequence:
+
+1. **Start in test mode without Policy Tips** and then use the DLP reports and any incident reports to assess the impact. You can use DLP reports to view the number, location, type, and severity of policy matches. Based on the results, you can fine-tune the policies as needed. In test mode, DLP policies will not impact the productivity of people working in your organization. Also, use this stage to test out your workflow for DLP event review and issue remediation.
+
+2. **Move to Test mode with notifications and Policy Tips** so that you can begin to teach users about your compliance policies and prepare them for the policies that are going to be applied. It's useful to have a link to an organization policy page that provides more details about the policy in the policy tip. At this stage, you can also ask users to report false positives so that you can further refine the policies. Move to this stage once you have confidence that the results of policy application match what they stakeholders had in mind.
+
+3. **Start full enforcement on the policies** so that the actions in the rules are applied and the content's protected. Continue to monitor the DLP reports and any incident reports or notifications to make sure that the results are what you intend.
+
+ ![Options for using test mode and turning on policy](../media/49fafaac-c6cb-41de-99c4-c43c3e380c3a.png)
+
+ You can turn off a DLP policy at any time, which affects all rules in the policy. However, each rule can also be turned off individually by toggling its status in the rule editor.
+
+ ![Options for turning off a rule in a policy](../media/f7b258ff-1b8b-4127-b580-83c6492f2bef.png)
+
+ You can also change the priority of multiple rules in a policy. To do that, open a policy for editing. In a row for a rule, choose the ellipses (**...**), and then choose an option, such as **Move down** or **Bring to last**.
+
+ ![Set rule priority](../media/dlp-set-rule-priority.png)
+
+#### End-user training
+
+When a DLP policy is triggered, you can configure your policies to [Send email notifications and show policy tips for DLP policies](use-notifications-and-policy-tips.md#send-email-notifications-and-show-policy-tips-for-dlp-policies) to admins and end users. While your policies are still in test mode and before they are set to enforce a blocking action, policy tips are useful ways to raise awareness of risky behaviors on sensitive items and train users to avoid those behaviors in the future.
+
+#### Review DLP requirements and update strategy
+
+The regulations, laws, and industry standards that your organization is subject to will change over time and your business goals for DLP will too. Be sure to include regular reviews of all these areas so that your organization stays in compliance and your DLP implementation continues to meet your business needs.
+
+## Approaches to deployment
+
+|Customer business needs description | approach |
+|||
+|**Contoso Bank** is in a highly regulated industry and has many different types of sensitive items in many different locations. </br> - knows which types of sensitive information are top priority. </br> - must minimize business disruption as policies are rolled out. </br> - has IT resources and can hire experts to help plan, design deploy </br> - has a premier support contract with Microsoft| - Take the time to understand what regulations they must comply with and how they are going to comply. </br> -Take the time to understand the better together value of the Microsoft 365 Information Protection stack </br> - Develop sensitivity labeling scheme for prioritized items and apply </br> - Involve business process owners </br>- Design/code policies, deploy in test mode, train users </br>- repeat|
+|**TailSpin Toys** doesnΓÇÖt know what they have or where it is, and have little to no resource depth. They use Teams, OneDrive for Business and Exchange extensively. |- Start with simple policies on the prioritized locations. </br>- Monitor what gets identified </br>- Apply sensitivity labels accordingly </br>- Refine policies, train users |
+|**Fabrikam** is a small startup and wants to protect its intellectual property, and must move quickly. They are willing to dedicate some resources, but can't afford to hire outside experts. </br>- Sensitive items are all in Microsoft 365 OneDrive for Business/SharePoint </br>- Adoption of OneDrive for Business and SharePoint is slow, employees/shadow IT use DropBox and Google drive to share/store items </br>- Employees value speed of work over data protection discipline </br>- Customer splurged and bought all 18 employees new Windows 10 devices |- Take advantage of the default DLP policy in Teams </br>- Use restricted by default setting for SharePoint items </br>- Deploy policies that prevent external sharing </br>- Deploy policies to prioritized locations </br>- Deploy policies to Windows 10 devices </br>- Block uploads to non-OneDrive for Business cloud storage |
+
+<!--
+
+## Planning for workloads
+
+### Exchange
+
+### SharePoint
+
+### OneDrive for Business
+
+### Teams
+
+### Windows 10 Devices
+
+### Microsoft Cloud App Security (MCAS)
+
+### On-premises Scanner
+-->
+
+## See also
+- [Learn about data loss prevention](dlp-learn-about-dlp.md#learn-about-data-loss-prevention)
compliance Email Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/email-encryption.md
Here's how email encryption typically works:
- A central server decrypts the message on behalf of the recipient, after validating the recipient's identity. For more information on how Microsoft 365 secures communication between servers, such as between organizations within Microsoft 365 or between Microsoft 365 and a trusted business partner outside of Microsoft 365, see [How Exchange Online uses TLS to secure email connections in Office 365](exchange-online-uses-tls-to-secure-email-connections.md).
-
-Watch this video for an introduction to [Encryption in Office 365](https://www.youtube.com/watch?v=KmfxCd5ublI).
-
+
## Comparing email encryption options available in Office 365 |Email encryption technology|![Conceptual artwork that describes OME](../media/2bf27b5e-bbb3-46d1-95bf-884dc27a746c.png)|![Conceptual artwork that describes IRM](../media/9c0cc444-9448-40c6-b244-8fcc593a64e0.png)|![Conceptual artwork that describes SMIME](../media/ae4613a8-c17e-47e1-8e13-12e891e43744.png)|
For more information about the email encryption options in this article as well
**TLS**
-[Configure custom mail flow by using connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/use-connectors-to-configure-mail-flow)
+[Configure custom mail flow by using connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/use-connectors-to-configure-mail-flow)
compliance New Defender Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/new-defender-alert-policies.md
The following table lists the new alert policies and the existing alert policies
| New or existing alert policy | Alert policy name | Alert policy ID| |:--|:-|:--|
-| New| **Email messages containing malicious URL removed after delivery** | 0179B3F7-3FDA-40C3-8F24-278563978DBB |
-| New| **Email messages containing malicious file removed after delivery** | 8E6BA277-EF39-404E-AAF1-294F6D9A2B88 |
-| New| **Email messages from a campaign were delivered and later removed** | ef850570-5624-42b2-ff0a-08d8d899d578 |
-| New|**Malicious emails were delivered and later removed** | a1f563cc-fb1f-466b-1fb5-08d8d71a3050 |
+| New| **Email messages containing malicious URL removed after delivery** | 8e6ba277-ef39-404e-aaf1-294f6d9a2b88 |
+| New| **Email messages containing malicious file removed after delivery** | 4b1820ec-39dc-45f3-abf6-5ee80df51fd2 |
+| New| **Email messages from a campaign were delivered and later removed** | c8522cbb-9368-4e25-4ee9-08d8d899dfab |
+| New|**Email messages removed after delivery** | b8f6b088-5487-4c70-037c-08d8d71a43fe |
| Existing (will be removed)| **Email messages containing phish URLs removed after delivery**| EA8169FA-0678-4751-8854-AEBEA7ADECEB | | Existing (will be removed)| **Email messages containing malware removed after delivery**| 0179B3F7-3FDA-40C3-8F24-278563978DBB | ||||
The following table identifies when the new alert policies will begin triggering
|:|:--| | **Email messages containing malicious URL removed after delivery** (new) | Alerts will start triggering on April 11, 2021| | **Email messages containing malicious file removed after delivery** (new) | Alerts will start triggering on April 11, 2021 |
-| **Emails messages from a campaign were delivered and later removed** (new) | Alerts will start triggering on May 14, 2021|
-| **Malicious emails were delivered and later removed** (new) | Alerts will start triggering on May 14, 2021|
-| **Email messages containing phish URLs removed after delivery** (existing, will be removed)| The alert policy will be removed on May 14, 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section.|
-| **Email messages containing malware removed after delivery** (existing, will be removed) | The alert policy will be removed on May 14, 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section. |
+| **Emails messages from a campaign were delivered and later removed** (new) | Alerts will start triggering on May 28, 2021|
+| **Malicious emails were delivered and later removed** (new) | Alerts will start triggering on May 28, 2021|
+| **Email messages containing phish URLs removed after delivery** (existing, will be removed)| The alert policy will be removed on May 28, 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section.|
+| **Email messages containing malware removed after delivery** (existing, will be removed) | The alert policy will be removed on May 28, 2021. See the [What you need to do to prepare for these changes](#what-you-need-to-do-to-prepare-for-these-changes) section. |
||| The alert severity changes will be rolled out to all organizations by May 14, 2021. ## How this will affect your organization
-The new alerts will begin firing, and triggering the AIR investigations in your organization on the dates listed above. To reduce the impact on security organizations that have operationalized the two alerts that are to be removed, you will see alerts triggered by the existing alert policies *and* the alerts triggered by the new alert policies between April 5, 2021 and May 14, 2021. This is to provide security teams with time to handle the required changes. To help security teams with the increased alert volume during this short duration, both the existing alerts and the new alerts will be correlated into the same AIR investigation and correlated into a same Incident. More specifically, this includes the following behavior for alerts, AIR investigations, and Incidents:
+The new alerts will begin firing, and triggering the AIR investigations in your organization on the dates listed above. To reduce the impact on security organizations that have operationalized the two alerts that are to be removed, you will see alerts triggered by the existing alert policies *and* the alerts triggered by the new alert policies between April 5, 2021 and May 28, 2021. This is to provide security teams with time to handle the required changes. To help security teams with the increased alert volume during this short duration, both the existing alerts and the new alerts will be correlated into the same AIR investigation and correlated into a same Incident. More specifically, this includes the following behavior for alerts, AIR investigations, and Incidents:
- **Alerts**: By design, you will see the following alert pairs across the existing and new alerts:
How your organization utilizes these alerts will determine what you need to do t
- **Email messages containing malware removed after delivery** -- Do nothing. We'll disable the existing alert policies on May 14, 2021.
+- Do nothing. We'll disable the existing alert policies on May 28, 2021.
**If you have operationalized these alerts:** -- Start consuming the new alerts as a part of your workflows, in anticipation of the existing alert policy removal on May 14, 2021. If you have custom logic in your ticketing system, a security mailbox where you receive alert email notifications, or a SIEM solution that depends on the alert name or alert policy Id (CorrelationId), you will need to modify the logic to accommodate the change.
+- Start consuming the new alerts as a part of your workflows, in anticipation of the existing alert policy removal on May 28, 2021. If you have custom logic in your ticketing system, a security mailbox where you receive alert email notifications, or a SIEM solution that depends on the alert name or alert policy Id (CorrelationId), you will need to modify the logic to accommodate the change.
> [!NOTE] > The information in the alerts, investigations, and incidents has not changed. In fact, this information has been enhanced with additional detail about the threats associated with them.
How your organization utilizes these alerts will determine what you need to do t
- **Email messages containing malware removed after delivery**
- Alternatively, you can leave these alert policies enabled until we delete them on May 14, 2021.
+ Alternatively, you can leave these alert policies enabled until we delete them on May 28, 2021.
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
To use the retention cmdlets, you must first [connect to the Office 365 Security
- [Get-ComplianceTagStorage](/powershell/module/exchange/get-compliancetagstorage)
+- [Get-RecordReviewNotificationTemplateConfig](/powershell/module/exchange/get-recordreviewnotificationtemplateconfig)
+ - [Get-RetentionCompliancePolicy](/powershell/module/exchange/get-retentioncompliancepolicy) - [New-RetentionCompliancePolicy](/powershell/module/exchange/new-retentioncompliancepolicy) - [Remove-RetentionCompliancePolicy](/powershell/module/exchange/remove-retentioncompliancepolicy)
+- [Set-RecordReviewNotificationTemplateConfig](/powershell/module/exchange/set-recordreviewnotificationtemplateconfig )
+ - [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy) - [Get-RetentionComplianceRule](/powershell/module/exchange/get-retentioncompliancerule)
To use the retention cmdlets, you must first [connect to the Office 365 Security
- [Set-RetentionComplianceRule](/powershell/module/exchange/set-retentioncompliancerule) + ## When to use retention policies and retention labels or eDiscovery holds Although retention settings and [holds that you create with an eDiscovery case](create-ediscovery-holds.md) can both prevent data from being permanently deleted, they are designed for different scenarios. To help you understand the differences and decide which to use, use the following guidance:
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
For a more consistent label experience with meaningful reporting, provide approp
- Keys *DisableEncryptOnly* and *DisableDoNotForward* security settings documented in [Set preferences for Outlook for Mac](/DeployOffice/mac/preferences-outlook) - Outlook on the web: - Parameters *SimplifiedClientAccessDoNotForwardDisabled* and *SimplifiedClientAccessEncryptOnlyDisabled* documented for [Set-IRMConfiguration](/powershell/module/exchange/set-irmconfiguration)
- - Outlook for iOS and Android: These apps don't support users applying encryption without labels, so nothing to disable.
+ - Outlook for iOS and Android: These apps don't support users applying encryption without labels, so nothing to disable.
> [!NOTE] > If users manually remove encryption from a labeled document that's stored in SharePoint or OneDrive and you've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md), the label encryption will be automatically restored the next time the document is accessed or downloaded.
contentunderstanding Solution Manage Contracts Step1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/solution-manage-contracts-step1.md
Your organization needs a way to identify and classify all contract documents fr
## Steps to create and train your model > [!NOTE]
-> For these steps, you can use the example files in the [Microsoft SharePoint Syntex Samples repository](https://github.com/pnp/syntex-samples). The samples in this repository contain both the document understanding model files and the files used to train the model.
+> For these steps, you can use the example files in the [Contracts Management Solution Assets repository](https://github.com/pnp/syntex-samples/tree/main/scenario%20assets/Contracts%20Management). The examples in this repository contain both the document understanding model files and the files used to train the model.
### Create a Contract model
contentunderstanding Solution Manage Contracts Step2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/solution-manage-contracts-step2.md
audience: admin Previously updated : 05/10/2021 Last updated : 05/19/2021 ms.prod: microsoft-365-enterprise search.appverid: localization_priority: None
After you attach the SharePoint document library, you'll be able to view any cla
## Customize your Contracts tab tile view > [!NOTE]
-> This section references code examples that are contained in the **ContractCard.json** file that is included in the **solutionfiles** zip file.
+> This section references code examples that are contained in the [ContractTileFormatting.json](https://github.com/pnp/syntex-samples/blob/main/scenario%20assets/Contracts%20Management/View%20Formatter/ContractTileFormatting.json) file that is included in the [Contracts Management Solution Assets repository](https://github.com/pnp/syntex-samples/tree/main/scenario%20assets/Contracts%20Management).
While Teams lets you view your contracts in a tile view, you might want to customize it to view the contract data you want to make visible in the contract card. For example, for the **Contracts** tab, it is important for members to see the client, contractor, and fee amount on the contract card. All of these fields were extracted from each contract through your SharePoint Syntex model that was applied to your document library. You also want to be able to change the tile header bar to different colors for each status so that members can easily see where the contract is in the approval process. For example, all approved contracts will have a blue header bar. ![List view.](../media/content-understanding/tile.png)
-The custom tile view you use requires you to make changes to the JSON file used to format the current tile view. You can reference the JSON file used to create the card view by downloading the **ContractCard.json** file. In the following sections, you'll see specific sections of the code for features that are in the contract cards.
+The custom tile view you use requires you to make changes to the JSON file used to format the current tile view. You can reference the JSON file used to create the card view by looking at the [ContractTileFormatting.json](https://github.com/pnp/syntex-samples/blob/main/scenario%20assets/Contracts%20Management/View%20Formatter/ContractTileFormatting.json) file. In the following sections, you'll see specific sections of the code for features that are in the contract cards.
If you want to see or make changes to the JSON code for your view in your Teams channel, in the Teams channel, select the view drop-down menu, and then select **Format current view**.
If you want to see or make changes to the JSON code for your view in your Teams
## Card size and shape
-In the **ContractCard.json** file that you downloaded in the reference zip file, look at the following section to see the code for how the size and shape of the card is formatted.
+In the [ContractTileFormatting.json](https://github.com/pnp/syntex-samples/blob/main/scenario%20assets/Contracts%20Management/View%20Formatter/ContractTileFormatting.json) file, look at the following section to see the code for how the size and shape of the card is formatted.
```JSON {
In the **ContractCard.json** file that you downloaded in the reference zip file,
## Contract status
-The following code lets you define the status of each title card. Note that each status value (*New*, *In review*, *Approved*, and *Rejected*) will display a different color code for each. In the **ContractCard.json** file that you downloaded, look at the section that defines the status.
+The following code lets you define the status of each title card. Note that each status value (*New*, *In review*, *Approved*, and *Rejected*) will display a different color code for each. In the [ContractTileFormatting.json](https://github.com/pnp/syntex-samples/blob/main/scenario%20assets/Contracts%20Management/View%20Formatter/ContractTileFormatting.json) file, look at the section that defines the status.
```JSON {
The following code lets you define the status of each title card. Note that each
Each contract card will display three fields that were extracted for each contract (*Client*, *Contractor*, and *Fee Amount*). Additionally, you also want to display the time/date that the file was classified by the SharePoint Syntex model used to identify it.
-In the **ContractCard.json** file that you downloaded, the following sections define each of these.
+In the [ContractTileFormatting.json](https://github.com/pnp/syntex-samples/blob/main/scenario%20assets/Contracts%20Management/View%20Formatter/ContractTileFormatting.json) file, the following sections define each of these.
### Client
enterprise Connect To All Microsoft 365 Services In A Single Windows Powershell Window https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window.md
Follow these steps to connect to all the services in a single PowerShell window
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $Credential ```
-5. Run these commands to connect to Skype for Business Online. A warning about increasing the `WSMan NetworkDelayms` value will appear the first time that you connect. Ignore it.
-
- > [!Note]
- > Skype for Business Online Connector is currently part of the latest Teams PowerShell module. If you're using the latest Teams PowerShell public release, you don't need to install the Skype for Business Online Connector.
-
- ```powershell
- Import-Module MicrosoftTeams
- $credential = Get-Credential
- Connect-MicrosoftTeams -Credential $credential
- ```
-
-6. Run these commands to connect to Exchange Online.
+5. Run these commands to connect to Exchange Online.
```powershell Import-Module ExchangeOnlineManagement
Follow these steps to connect to all the services in a single PowerShell window
> [!Note] > To connect to Exchange Online for Microsoft 365 clouds other than Worldwide, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
-7. Run these commands to connect to the Security &amp; Compliance Center.
+6. Run these commands to connect to the Security &amp; Compliance Center.
```powershell $acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
Follow these steps to connect to all the services in a single PowerShell window
> [!Note] > To connect to the Security &amp; Compliance Center for Microsoft 365 clouds other than Worldwide, see [Connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell).
-8. Run these commands to connect to Teams PowerShell.
+7. Run these commands to connect to Teams PowerShell (and Skype for Business Online).
```powershell Import-Module MicrosoftTeams
Follow these steps to connect to all the services in a single PowerShell window
Connect-MicrosoftTeams -Credential $credential ```
+ > [!Note]
+ > Skype for Business Online Connector is currently part of the latest Teams PowerShell module. If you're using the latest Teams PowerShell public release, you don't need to install the Skype for Business Online Connector.
+
> [!Note] > To connect to Microsoft Teams clouds other than *Worldwide*, see [Connect-MicrosoftTeams](/powershell/module/teams/connect-microsoftteams). - ### Azure Active Directory PowerShell for Graph module Here are the commands for all the services in a single block when you use the Azure Active Directory PowerShell for Graph module. Specify the name of your domain host and the UPN for the sign-in and run them all at the same time.
Connect-AzureAD -Credential $credential
#SharePoint Online Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential
-#Skype for Business Online
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams -Credential $credential
#Exchange Online Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -ShowProgress $true #Security & Compliance Center Connect-IPPSSession -UserPrincipalName $acctName
-#Teams
+#Teams and Skype for Business Online
Import-Module MicrosoftTeams Connect-MicrosoftTeams -Credential $credential ```
Connect-MsolService -Credential $credential
#SharePoint Online Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential
-#Skype for Business Online
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams -Credential $credential
#Exchange Online Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -ShowProgress $true #Security & Compliance Center Connect-IPPSSession -UserPrincipalName $acctName
-#Teams
+#Teams and Skype for Business Online
Import-Module MicrosoftTeams Connect-MicrosoftTeams -Credential $credential ```
$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
Connect-AzureAD #SharePoint Online Connect-SPOService -Url https://$orgName-admin.sharepoint.com
-#Skype for Business Online
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams
#Exchange Online Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName $acctName -ShowProgress $true #Security & Compliance Center Connect-IPPSSession -UserPrincipalName $acctName
-#Teams
+#Teams and Skype for Business Online
Import-Module MicrosoftTeams Connect-MicrosoftTeams ```
$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
Connect-MsolService #SharePoint Online Connect-SPOService -Url https://$orgName-admin.sharepoint.com
-#Skype for Business Online
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams
#Exchange Online Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName $acctName -ShowProgress $true #Security & Compliance Center Connect-IPPSSession -UserPrincipalName $acctName
-#Teams
+#Teams and Skype for Business Online
Import-Module MicrosoftTeams Connect-MicrosoftTeams ```
Remove-PSSession $sfboSession ; Disconnect-SPOService ; Disconnect-MicrosoftTeam
- [Connect to Microsoft 365 with PowerShell](connect-to-microsoft-365-powershell.md) - [Manage SharePoint Online with PowerShell](manage-sharepoint-online-with-microsoft-365-powershell.md)-- [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md)
+- [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md)
includes Office 365 Worldwide Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-worldwide-endpoints.md
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--Worldwide endpoints version 2021042900-->
-<!--File generated 2021-05-18 11:00:40.2686-->
+<!--Worldwide endpoints version 2021051900-->
+<!--File generated 2021-05-19 08:00:02.2089-->
## Exchange Online
ID | Category | ER | Addresses | Ports
53 | Default<BR>Required | No | `ajax.aspnetcdn.com, apis.live.net, cdn.optimizely.com, officeapps.live.com, www.onedrive.com` | **TCP:** 443 56 | Allow<BR>Required | Yes | `*.msftidentity.com, *.msidentity.com, account.activedirectory.windowsazure.com, accounts.accesscontrol.windows.net, adminwebservice.microsoftonline.com, api.passwordreset.microsoftonline.com, autologon.microsoftazuread-sso.com, becws.microsoftonline.com, clientconfig.microsoftonline-p.net, companymanager.microsoftonline.com, device.login.microsoftonline.com, graph.microsoft.com, graph.windows.net, login.microsoft.com, login.microsoftonline.com, login.microsoftonline-p.com, login.windows.net, logincert.microsoftonline.com, loginex.microsoftonline.com, login-us.microsoftonline.com, nexus.microsoftonline-p.com, passwordreset.microsoftonline.com, provisioningapi.microsoftonline.com`<BR>`20.190.128.0/18, 40.126.0.0/18, 2603:1006:2000::/48, 2603:1007:200::/48, 2603:1016:1400::/48, 2603:1017::/48, 2603:1026:3000::/48, 2603:1027:1::/48, 2603:1036:3000::/48, 2603:1037:1::/48, 2603:1046:2000::/48, 2603:1047:1::/48, 2603:1056:2000::/48, 2603:1057:2::/48` | **TCP:** 443, 80 59 | Default<BR>Required | No | `*.hip.live.com, *.microsoftonline.com, *.microsoftonline-p.com, *.msauth.net, *.msauthimages.net, *.msecnd.net, *.msftauth.net, *.msftauthimages.net, *.phonefactor.net, enterpriseregistration.windows.net, management.azure.com, policykeyservice.dc.ad.msft.net` | **TCP:** 443, 80
-64 | Allow<BR>Required | Yes | `*.compliance.microsoft.com, *.manage.office.com, *.protection.office.com, *.security.microsoft.com, compliance.microsoft.com, manage.office.com, protection.office.com, security.microsoft.com`<BR>`52.108.0.0/14, 2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40, 2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40, 2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64, 2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64, 2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64, 2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64, 2a01:111:f406:a003::/64` | **TCP:** 443
-65 | Allow<BR>Required | Yes | `*.portal.cloudappsecurity.com, account.office.net, home.office.com, www.office.com`<BR>`52.108.0.0/14, 2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40, 2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40, 2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64, 2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64, 2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64, 2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64, 2a01:111:f406:a003::/64` | **TCP:** 443, 80
+64 | Allow<BR>Required | Yes | `*.compliance.microsoft.com, *.protection.office.com, *.security.microsoft.com, compliance.microsoft.com, protection.office.com, security.microsoft.com`<BR>`52.108.0.0/14, 2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40, 2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40, 2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64, 2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64, 2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64, 2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64, 2a01:111:f406:a003::/64` | **TCP:** 443
+65 | Allow<BR>Required | Yes | `*.portal.cloudappsecurity.com, account.office.net`<BR>`52.108.0.0/14, 2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40, 2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40, 2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64, 2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64, 2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64, 2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64, 2a01:111:f406:a003::/64` | **TCP:** 443, 80
66 | Default<BR>Required | No | `suite.office.net` | **TCP:** 443 67 | Default<BR>Optional<BR>**Notes:** Security and Compliance Center eDiscovery export | No | `*.blob.core.windows.net` | **TCP:** 443 68 | Default<BR>Optional<BR>**Notes:** Portal and shared: 3rd party office integration. (including CDNs) | No | `*.helpshift.com, *.localytics.com, analytics.localytics.com, api.localytics.com, connect.facebook.net, firstpartyapps.oaspapps.com, outlook.uservoice.com, prod.firstpartyapps.oaspapps.com.akadns.net, rink.hockeyapp.net, sdk.hockeyapp.net, telemetryservice.firstpartyapps.oaspapps.com, web.localytics.com, webanalytics.localytics.com, wus-firstpartyapps.oaspapps.com` | **TCP:** 443
ID | Category | ER | Addresses | Ports
125 | Default<BR>Required | No | `*.entrust.net, *.geotrust.com, *.omniroot.com, *.public-trust.com, *.symcb.com, *.symcd.com, *.verisign.com, *.verisign.net, apps.identrust.com, cacerts.digicert.com, cert.int-x3.letsencrypt.org, crl.globalsign.com, crl.globalsign.net, crl.identrust.com, crl.microsoft.com, crl3.digicert.com, crl4.digicert.com, isrg.trustid.ocsp.identrust.com, mscrl.microsoft.com, ocsp.digicert.com, ocsp.globalsign.com, ocsp.msocsp.com, ocsp2.globalsign.com, ocspx.digicert.com, secure.globalsign.com, www.digicert.com, www.microsoft.com` | **TCP:** 443, 80 126 | Default<BR>Optional<BR>**Notes:** Connection to the speech service is required for Office Dictation features. If connectivity is not allowed, Dictation will be disabled. | No | `officespeech.platform.bing.com` | **TCP:** 443 128 | Default<BR>Required | No | `*.config.office.net, *.manage.microsoft.com` | **TCP:** 443
-147 | Default<BR>Required | No | `*.office.com` | **TCP:** 443, 80
+147 | Default<BR>Required | No | `*.manage.office.com, *.office.com, home.office.com, manage.office.com, www.office.com` | **TCP:** 443, 80
148 | Default<BR>Required | No | `cdnprod.myanalytics.microsoft.com, myanalytics.microsoft.com, myanalytics-gcc.microsoft.com` | **TCP:** 443, 80 149 | Default<BR>Required | No | `workplaceanalytics.cdn.office.net` | **TCP:** 443, 80 150 | Default<BR>Optional<BR>**Notes:** Blocking these endpoints will affect the ability to access the Office 365 ProPlus deployment and management features via the portal. | No | `*.officeconfig.msocdn.com` | **TCP:** 443
knowledge Plan Topic Experiences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/plan-topic-experiences.md
In this article we'll examine these planning decisions:
Security and privacy of your data is respected, and topic experiences does not grant users additional access to files they donΓÇÖt have rights to. We recommend you also read [Microsoft Viva Topics security and privacy](topic-experiences-security-privacy.md) as part of your planning process.
+To learn more about the AI technology behind Viva Topics, read [Alexandria in Microsoft Viva Topics: from big data to big knowledge](https://www.microsoft.com/research/blog/alexandria-in-microsoft-viva-topics-from-big-data-to-big-knowledge).
+ ## Requirements You must be [subscribed to Viva Topics](https://www.microsoft.com/microsoft-viva/topics) and be a global administrator or SharePoint administrator to access the Microsoft 365 admin center and set up Topics.
security Gov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/gov.md
Integrations: Azure Sentinel | ![Yes](images/svg/check-yes.svg) | ![Yes](images/
Integrations: Microsoft Cloud App Security | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development Integrations: Microsoft Compliance Manager | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development Integrations: Microsoft Defender for Identity | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
-Integrations: Microsoft Endpoint DLP | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog
-Integrations: Microsoft Intune | ![Yes](images/svg/check-yes.svg) | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
+Integrations: Microsoft Endpoint DLP | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
+Integrations: Microsoft Intune | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
Integrations: Microsoft Power Automate & Azure Logic Apps | ![Yes](images/svg/check-yes.svg) | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development Microsoft Threat Experts | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog
security Placeholder https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/placeholder.md
+
+ Title: Placeholder topic to create the folder in master-to be deleted
+description: Placeholder topic to create the folder in master-to be deleted
+keywords:
+search.product: eADQiWindows 10XVcnh
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+f1.keywords:
+ - NOCSH
++
+localization_priority: Normal
+
+audience: ITPro
+
+ - M365-security-compliance
+ - m365initiative-m365-defender
+
+search.appverid:
+ - MOE150
+ - MET150
+ms.technology: m365d
++
+# Placeholder topic to create the folder in master-to be deleted
+
security Advanced Hunting Identitylogonevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table.md
The `IdentityLogonEvents` table in the [advanced hunting](advanced-hunting-overv
> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the security center. >[!NOTE]
->This table covers Azure Active Directory (AD) logon activities tracked by Cloud App Security, specifically interactive sign-ins and authentication activities using ActiveSync and other legacy protocols. Non-interactive logons that are not available in this table can be viewed in the Azure AD audit log. [Learn more about connecting Cloud App Security to Microsoft 365](/cloud-app-security/connect-office-365-to-microsoft-cloud-app-security)
+>This table covers Azure Active Directory (Azure AD) logon activities tracked by Cloud App Security, specifically interactive sign-ins and authentication activities using ActiveSync and other legacy protocols. Non-interactive logons that are not available in this table can be viewed in the Azure AD audit log. [Learn more about connecting Cloud App Security to Microsoft 365](/cloud-app-security/connect-office-365-to-microsoft-cloud-app-security)
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Investigate Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-users.md
To get a quick summary of a user account for the incident, select the check mark
:::image type="content" source="../../media/investigate-users/incidents-ss-user-pane.png" alt-text="Example of the user account summary pane for an incident in the Microsoft 365 security center"::: > [!NOTE]
-> The User page shows Azure Active Directory (AD) organization as well as groups, helping you understand the groups and permissions associated with a user.
+> The User page shows Azure Active Directory (Azure AD) organization as well as groups, helping you understand the groups and permissions associated with a user.
In this fly-out page, you can review user threat information, including any current incidents, active alerts, and risk level as well as user exposure, accounts, devices, and more.
security M365d Enable Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/m365d-enable-faq.md
Microsoft 365 Defender is available in Microsoft 365 security center. To go to t
## What permissions do I need to access Microsoft 365 Defender in Microsoft 365 security center?
-Accounts assigned the following Azure Active Directory (AD) roles can access Microsoft 365 Defender functionality and data:
+Accounts assigned the following Azure Active Directory (Azure AD) roles can access Microsoft 365 Defender functionality and data:
- Global administrator - Security administrator
security Identity Access Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies.md
This guidance discusses how to deploy the recommended policies in a newly-provis
The following diagram illustrates the recommended set of policies. It shows which tier of protections each policy applies to and whether the policies apply to PCs or phones and tablets, or both categories of devices. It also indicates where you configure these policies.
-[![Common policies for configuring identity and device access](../../media/microsoft-365-policies-configurations/Identity_device_access_policies_byplan.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/Identity_device_access_policies_byplan.png)
+[![Common policies for configuring identity and device access](../../media/microsoft-365-policies-configurations/Identity-device-access-policies-byplan.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/Identity-device-access-policies-byplan.png)
Here's a one-page PDF summary with links to the individual policies:
security Microsoft 365 Policies Configurations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/microsoft-365-policies-configurations.md
It's important to use consistent levels of protection across your data, identiti
The **Identity and device protection for Microsoft 365** architecture model shows you which capabilities are comparable.
-[![Thumb image for Identity and device protection for Microsoft 365 poster](../../media/microsoft-365-policies-configurations/O365_Identity_device_protection_thumb.png)](../../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) <br> [View as a PDF](../../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.vsdx)
+[![Thumb image for Identity and device protection for Microsoft 365 poster](../../media/microsoft-365-policies-configurations/O365-Identity-device-protection-thumb.png)](../../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) <br> [View as a PDF](../../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.vsdx)
Additionally, see the [Deploy information protection for data privacy regulations](../../solutions/information-protection-deploy.md) solution to protect information stored in Microsoft 365.
solutions Choose Domain To Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/choose-domain-to-create-groups.md
There are a few more things to know:
- A maximum limit of 100 email address policies can be configured for an organization.
-## Related articles
+## Related content
-[Collaboration governance planning step-by-step](collaboration-governance-overview.md#collaboration-governance-planning-step-by-step)
+[Collaboration governance planning step-by-step](collaboration-governance-overview.md#collaboration-governance-planning-step-by-step) (article)
-[Create your collaboration governance plan](collaboration-governance-first.md)
+[Create your collaboration governance plan](collaboration-governance-first.md) (article)
-[Create an Microsoft 365 group in the admin center](../admin/create-groups/create-groups.md)
+[Create an Microsoft 365 group in the admin center](../admin/create-groups/create-groups.md) (article)
solutions Configure Teams Highly Sensitive Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-highly-sensitive-protection.md
You can also use [teams policies](/MicrosoftTeams/teams-policies) to control who
Each time you create a new team with the highly sensitive label, there are two steps to do in SharePoint: -- Update the guest sharing settings for the site in the SharePoint admin center to match what you chose when you created the label, and update the default sharing link to *People with existing access*.
+- Update the guest sharing settings for the site in the SharePoint admin center to update the default sharing link to *People with existing access*.
- Update the site sharing settings in the site itself to prevent members from sharing files, folders, or the site, and turn off access requests. ### Site guest sharing settings
To configure owners-only site sharing
## See Also
-[Create and configure sensitivity labels and their policies](../compliance/create-sensitivity-labels.md)
+[Create and configure sensitivity labels and their policies](../compliance/create-sensitivity-labels.md)
solutions Configure Teams Sensitive Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-sensitive-protection.md
You can also use [teams policies](/MicrosoftTeams/teams-policies) to control who
Each time you create a new team with the sensitive label, there are two steps to do in SharePoint: -- Update the guest sharing settings for the site in the SharePoint admin center to match what you chose when you created the label, and update the default sharing link to *Specific people*.
+- Update the guest sharing settings for the site in the SharePoint admin center to update the default sharing link to *Specific people*.
- Update the site sharing settings in the site itself to prevent members from sharing the site. ### Site guest sharing settings
To configure owners-only site sharing
## See Also
-[Create and configure sensitivity labels and their policies](../compliance/create-sensitivity-labels.md)
+[Create and configure sensitivity labels and their policies](../compliance/create-sensitivity-labels.md)
solutions Deploy Threat Protection Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/deploy-threat-protection-configure.md
keywords: security solution, setup, configuration, Microsoft 365 E5, advanced th
-ms.audience: ITPro
+audience: ITPro
ms.prod: m365-security ms.technology: m365d
Follow these steps to configure threat protection across Microsoft 365.
Microsoft has tested and recommends a specific set of Conditional Access and related policies for protecting access to all of your SaaS applications, especially Microsoft 365. Policies are recommended for baseline, sensitive, and highly regulated protection. Begin by implementing the policies for baseline protection.
-[![Common policies for configuring identity and device access](../media/microsoft-365-policies-configurations/Identity_device_access_policies_byplan.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/Identity_device_access_policies_byplan.png)
-[See a larger version of this image](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/Identity_device_access_policies_byplan.png)
+[![Common policies for configuring identity and device access](../media/microsoft-365-policies-configurations/Identity-device-access-policies-byplan.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/Identity-device-access-policies-byplan.png)
+[See a larger version of this image](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/Identity-device-access-policies-byplan.png)
### To implement baseline protection for Microsoft 365
After you have set up and deployed your threat protection services and capabilit
![Microsoft 365 security center](../media/solutions-architecture-center/m365-security-center.png) The Microsoft 365 security center is intended for security admins and security operations teams. In the Microsoft 365 security center, you can:-- View the overall security health of your organization with [Secure Score](https://docs.microsoft.com/microsoft-365/security/defender/microsoft-secure-score).
+- View the overall security health of your organization with [Secure Score](/microsoft-365/security/defender/microsoft-secure-score).
- [Monitor and view reports](../security/defender-endpoint/threat-protection-reports.md) on the status of your identities, data, devices, apps, and infrastructure.-- Connect the dots on alerts through [incidents](https://docs.microsoft.com/microsoft-365/security/defender/incident-queue).
+- Connect the dots on alerts through [incidents](/microsoft-365/security/defender/incident-queue).
- Use [automated investigation and remediation](../security/defender/m365d-autoir.md) to address threats.-- [Proactively hunt for threats](https://docs.microsoft.com/microsoft-365/security/defender/advanced-hunting-overview), such as intrusion attempts or breach activity affecting your email, data, devices, and identities.-- [Understand the latest attack campaigns](https://docs.microsoft.com/microsoft-365/security/defender/latest-attack-campaigns) and techniques with threat analytics.
+- [Proactively hunt for threats](/microsoft-365/security/defender/advanced-hunting-overview), such as intrusion attempts or breach activity affecting your email, data, devices, and identities.
+- [Understand the latest attack campaigns](/microsoft-365/security/defender/latest-attack-campaigns) and techniques with threat analytics.
- ... and more! ### More information about the Microsoft 365 security center
solutions Deploy Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/deploy-threat-protection.md
Title: Deploy threat protection capabilities across Microsoft 365 description: Get an overview of threat protection services and security capabilities in Microsoft 365 E5. Protect your user accounts, devices, email content, and more with Microsoft 365 E5.
-keywords: microsoft threat protection, setup, advanced threat protection, security, microsoft 365 E5, protect devices, microsoft defender
+keywords: microsoft threat protection, defender, setup, advanced threat protection, security, microsoft 365 E5, protect devices
ms.audience: ITPro
ms.prod: m365-security ms.technology: m365d
+audience: ITPro
localization_priority: Normal - M365-security-compliance
f1.keywords: NOCSH
# Deploy threat protection capabilities across Microsoft 365 E5
-This solution describes powerful threat protection capabilities across Microsoft 365 E5 and explains why threat protection is important. Read this article to get an overview of threat protection in Microsoft 365 E5 and how to approach setup and configuration for your organization.
+This solution describes powerful threat protection capabilities in Microsoft 365 E5 and why threat protection is important. Get an overview of threat protection in Microsoft 365 E5 and see how to approach setup and configuration for your organization.
## Why threat protection is important [Malware](/windows/security/threat-protection/intelligence/understanding-malware), and sophisticated cyberattacks, such as [fileless threats](/windows/security/threat-protection/intelligence/fileless-threats), are a common occurrence. Businesses need to protect themselves and their customers with effective IT security capabilities. Cyberattacks can cause major problems for your organization, ranging from a loss of trust to financial woes, business-threatening downtime, and more. Protecting against threats is important, but it can be challenging to determine where to focus your organization's time, effort, and resources. Microsoft 365 E5 can help.
-Microsoft security solutions are built into our products and services. Automation and machine learning capabilities reduce the load on your security teams to make sure the right items are addressed. And the strength of Microsoft security solutions is built on trillions of signals we process every day in our [Intelligent Security Graph](/graph/security-concept-overview). Microsoft 365 security solutions include [Microsoft 365 Defender](../security/defender/microsoft-365-defender.md), a solution that brings together signals across your email, data, devices, and identities to paint a picture of advanced threats against your organization.
-
-Watch this video for an overview of the deployment process.
-<br><br>
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4vsI7]
+## Threat protection in Microsoft 365 E5
+Microsoft security solutions are built into our products and services. Automation and machine learning capabilities reduce the load on your security teams to make sure the right items are addressed. The strength of Microsoft security solutions is built on trillions of signals we process every day in our [Intelligent Security Graph](/graph/security-concept-overview). Microsoft 365 security solutions include [Microsoft 365 Defender](../security/defender/microsoft-365-defender.md), a solution that brings together signals across your email, data, devices, and identities to paint a picture of advanced threats against your organization.
-## Threat protection in Microsoft 365 E5
+[Microsoft 365 E5](https://www.microsoft.com/microsoft-365/enterprise-e5-business-software?activetab=pivot%3aoverviewtab) enables you to protect your organization with adaptive, built-in intelligence. With the security capabilities in Microsoft 365 E5, you can detect and investigate advanced threats, compromised identities, and malicious actions across your environment (on-premises and in the cloud).
-[Microsoft 365 E5](https://www.microsoft.com/microsoft-365/enterprise-e5-business-software?activetab=pivot%3aoverviewtab) enables you to protect your organization with adaptive, built-in intelligence. With the threat protection features in Microsoft 365 E5, you can detect and investigate advanced threats, compromised identities, and malicious actions across your on-premises and cloud environment.
+## Better protection with integration
-In Microsoft 365 E5, threat protection capabilities are integrated by default. Signals from each capability add strength to the overall ability to detect and respond to threats. The combined set of capabilities offers the best protection for organizations, especially multi-national organizations, compared to running non-Microsoft products. The following image depicts the threat protection services and capabilities in Microsoft 365 E5 that are described in this article.
+In Microsoft 365 E5, threat protection capabilities are integrated by default. Signals from each capability add strength to the overall ability to detect and respond to threats. The combined set of capabilities offers the best protection for organizations, especially multi-national organizations, compared to running non-Microsoft products. The following image depicts the threat protection services and capabilities that are described in this article.
![Overview of Microsoft 365 Defender](../media/deploy-threat-protection/deploy-threat-protection-across-m365-overview.png)
Microsoft 365 Defender brings the signals and data together into a [unified Micr
> [!div class="mx-imgBorder"] > ![Conceptual illustration of Microsoft 365 Defender dashboard](../media/deploy-threat-protection/deploy-threat-protection-across-m365-mtp.png)
+## Deployment overview
+ The following illustration depicts a recommended path for deploying these individual capabilities. > [!div class="mx-imgBorder"] > ![M365 threat protection signals](../media/deploy-threat-protection/deploy-threat-protection-across-m365.png)
-|Solution/capabilities |Description |
-|||
-|Multi-factor authentication and Conditional Access |Protect against compromised identities and devices. Begin with this protection because it's foundational. The configuration recommended in this guidance includes Azure AD Identity Protection as a prerequisite. |
-|Microsoft Defender for Identity | A cloud-based security solution that uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Focus on Microsoft Defender for Identity next because it protects your on-premises and cloud infrastructure, has no dependencies or prerequisites, and can provide immediate security benefits. |
-|Microsoft Defender for Office 365 | Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Protections for malware, phishing, spoofing, and other attack types. Configuring Microsoft Defender for Office 365 is recommended next because change control, migrating settings from incumbent system, and other considerations can take longer to deploy. <p>**NOTE**: Make sure to configure the threat protection capabilities that are included in all Office 365 subscriptions (Exchange Online Protection). |
-|Microsoft Defender for Endpoint | An endpoint protection platform that helps prevent, detect, investigate, and respond to advanced threats. Defender for Endpoint can take some time to deploy, but configuration can be done in parallel with other capabilities. |
-|Microsoft Cloud App Security | A cloud access security broker for discovery, investigation, and governance. You can enable Microsoft Cloud App Security early to begin collecting data and insights. Implementing information and other targeted protection across your SaaS apps involves planning and can take more time. |
+Watch this video for an overview of the deployment process.
+<br><br>
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4vsI7]
+
+The following table describes the various solutions/capabilities to configure and what they do.
+
+|Step |Solution/capabilities |Description |
+|--|||
+| 1 |[Multi-factor authentication and Conditional Access](deploy-threat-protection-configure.md#step-1-set-up-multi-factor-authentication-and-conditional-access-policies) |Protect against compromised identities and devices. Begin with this protection because it's foundational. The configuration recommended in this guidance includes Azure AD Identity Protection as a prerequisite. For more information, see [Azure AD Identity Protection](/azure/security/fundamentals/threat-detection#azure-active-directory-identity-protection). |
+| 2 |[Microsoft Defender for Identity](deploy-threat-protection-configure.md#step-2-configure-microsoft-defender-for-identity) | A cloud-based security solution that uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Focus on Microsoft Defender for Identity next because it protects your on-premises and cloud infrastructure, has no dependencies or prerequisites, and can provide immediate security benefits. For more information, see [What is Identity Protection?](/azure/active-directory/identity-protection/overview-identity-protection). |
+| 3 |[Microsoft 365 Defender](deploy-threat-protection-configure.md#step-3-turn-on-microsoft-365-defender) |Combines signals and orchestrates capabilities into a single solution. Enables security professionals to stitch together threat signals and determine the full scope and impact of a threat. Microsoft 365 Defender takes automatic actions to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities. For more information, see [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender). |
+| 4 |[Microsoft Defender for Office 365](deploy-threat-protection-configure.md#step-4-configure-microsoft-defender-for-office-365) | Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Protects against malware, phishing, spoofing, and other attack types. Configuring Microsoft Defender for Office 365 is recommended because change control, migrating settings from incumbent system, and other considerations can take longer to deploy. For more information, see [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365). |
+| 5 |[Microsoft Defender for Endpoint](deploy-threat-protection-configure.md#step-5-configure-microsoft-defender-for-endpoint) | Helps prevent, detect, investigate, and respond to advanced threats across devices (also referred to as endpoints). Defender for Endpoint is a robust threat protection offering. For more information, see [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint). |
+| 6 |[Microsoft Cloud App Security](deploy-threat-protection-configure.md#step-6-configure-microsoft-cloud-app-security) | A cloud access security broker for discovery, investigation, and governance. You can enable Microsoft Cloud App Security early to begin collecting data and insights. Implementing information and other targeted protection across your SaaS apps involves planning and can take more time. For more information, see [What is Cloud App Security?](/cloud-app-security/what-is-cloud-app-security) |
> [!TIP]
-> Organizations who have multiple security teams can implement these capabilities in parallel.
+> Organizations who have multiple security teams can implement capabilities in parallel. For example, one team can configure Defender for Office 365 while another team configures Defender for Endpoint. Configuration doesn't have to follow our suggested order exactly.
## Plan to deploy your threat protection solution
The following diagram illustrates the high-level process for deploying threat pr
![Process for deploying threat protection capabilities](../media/deploy-threat-protection/deploy-threat-protection-across-m365-grid.png)
-To make sure your organization has the best protection possible, set up and deploy your security solution with a process that includes the following steps:
+To make sure your organization has the best protection possible, [set up and deploy your security solution](deploy-threat-protection-configure.md) with a process that includes the following steps:
1. [Set up multi-factor authentication and Conditional Access policies](deploy-threat-protection-configure.md#step-1-set-up-multi-factor-authentication-and-conditional-access-policies). 2. [Configure Microsoft Defender for Identity](deploy-threat-protection-configure.md#step-2-configure-microsoft-defender-for-identity).
solutions Productivity Illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md
Recommended capabilities for protecting identities and devices that access Micro
| Item | Description | |:--|:--|
-|[![Model poster: Identity and device protection for Microsoft 365](../media/microsoft-365-policies-configurations/O365_Identity_device_protection_thumb.png)](../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) <br/> [View as a PDF](../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.vsdx) <br/> Updated September 2020|It's important to use consistent levels of protection across your data, identities, and devices. This model shows you which capabilities are comparable with more information on capabilities to protect identities and devices. <br/> |
+|[![Model poster: Identity and device protection for Microsoft 365](../media/microsoft-365-policies-configurations/O365-Identity-device-protection-thumb.png)](../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) <br/> [View as a PDF](../downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.pdf) \| [Download as a Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/MSFT_cloud_architecture_identity&device_protection.vsdx) <br/> Updated September 2020|It's important to use consistent levels of protection across your data, identities, and devices. This model shows you which capabilities are comparable with more information on capabilities to protect identities and devices. <br/> |
<a name="BKMK_ediscovery"></a> ## Advanced eDiscovery architecture in Microsoft 365