Updates from: 05/21/2022 01:10:22
Category Microsoft Docs article Related commit history on GitHub Change details
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
This article explains how to reset passwords for yourself and for your users whe
## Before you begin
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](Overview of the Microsoft 365 admin center](../admin-overview/admin-center-overview.md).
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [Overview in the Microsoft 365 admin center](../admin-overview/admin-center-overview.md).
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
admin Ownerless Groups Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/ownerless-groups-teams.md
description: "Learn how to automatically invite members to become owners in an o
A team in Microsoft Teams or a Microsoft 365 group can become ownerless if an owner's account is deleted or disabled in Microsoft 365. Groups and teams require an owner to add or remove members and change group settings.
-You can create a policy what automatically asks the most active members or an ownerless group or team if they'll accept ownership. When a member accepts the invitation to become an owner, the action is logged in the compliance portal audit log. Guests are never invited to be owners.
+A Global administrator can create a policy that automatically asks the most active members of an ownerless group or team if they'll accept ownership. When a member accepts the invitation to become an owner, the action is logged in the compliance portal audit log. Guests are never invited to be owners.
When creating the policy, you can specify: - If you want to limit who can be invited to be an owner by specifying a security group
admin Manage Microsoft Rewards https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-microsoft-rewards.md
description: "Users who have personal Microsoft accounts can earn Microsoft Rewa
# Manage Microsoft Rewards
-Users who have personal Microsoft accounts can earn [Microsoft Rewards](https://www.microsoft.com/rewards) points in connection with their work searches if the *Link Microsoft Azure Active Directory (Azure AD) with Rewards* feature is enabled.
+Users who have personal Microsoft accounts can earn [Microsoft Rewards](https://www.microsoft.com/rewards) points with their work searches if the *Link Microsoft Azure Active Directory (Azure AD) with Rewards* feature is enabled.
-Unless the user opts out of this feature, their personal Microsoft account will be associated with their workplace Azure AD account. Microsoft Rewards receives and logs information that a search has occurred, but does not receive any information about the content of the search. The content of queries from your organization will not be shared with Microsoft Rewards as part of this feature.
+Unless the user opts out of this feature, their personal Microsoft account will be associated with their workplace Azure AD account. Microsoft Rewards receives and logs information that a search has occurred, but doesn't receive any information about the content of the search. The content of queries from your organization won't be shared with Microsoft Rewards as part of this feature.
-For administrators of educational organizations with minor children, a parental Microsoft account is required for the child to participate in Microsoft Rewards. The parental account will not be associated with the studentΓÇÖs organizational account. For more information about Microsoft accounts for children, see [Parental consent and Microsoft child accounts](https://support.microsoft.com/account-billing/c6951746-8ee5-8461-0809-fbd755cd902e).
+For administrators of educational organizations with minor children, a parental Microsoft account is required for the child to participate in Microsoft Rewards. The parental account won't be associated with the studentΓÇÖs organizational account. For more information about Microsoft accounts for children, see [Parental consent and Microsoft child accounts](https://support.microsoft.com/account-billing/c6951746-8ee5-8461-0809-fbd755cd902e).
-This feature is not available for Government users. Administrators should ensure that their organizationΓÇÖs compliance policies permit the use of personal Microsoft Rewards accounts with work searches.
+This feature isn't available for Government users. Administrators should ensure that their organizationΓÇÖs compliance policies permit the use of personal Microsoft Rewards accounts with work searches.
## Related content
admin Compare Ways To Block Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/compare-ways-to-block-access.md
When an employee leaves your organization, on good terms or bad, you need to blo
|Way to block access|Definition|Best practice| |:--|:--|:--| |Block sign-in <br/> |One way to block a user from accessing Microsoft 365 is to change their sign-in status to **Sign-in blocked**. This prevents them from signing into Microsoft 365 from their computers and mobile devices though they can still view previously downloaded or synced email and documents. If you're using Blackberry Enterprise Service, you can disable their access there as well. <br/> |Use when an employee plans to leave the organization or they plan to take a long-term leave of absence. <br/> |
-|Reset user password <br/> |Another way to prevent a user from accessing Microsoft 365 is to reset their password. This prevents them from using their account though they can still view previously downloaded or synced email and documents. You can then sign in as them and change the password to one of your choosing. <br/> |Use when an employee leaves suddenly and permanently and you feel there is concern for business data. <br/> |
-|Remove all assigned licenses <br/> |Another option is to remove any Microsoft 365 licenses assigned to the user. This prevents them from using applications and services like the Office suite, Office apps for the web, Yammer, and SharePoint Online. They can still sign in but cannot use these services. <br/> |Use when you feel this user no longer needs access to specific features in Microsoft 365. <br/> <br> **Important:** When you remove a license, the user's mailbox will be deleted in 30 days.
+|Reset user password <br/> |Another way to prevent a user from accessing Microsoft 365 is to reset their password. This prevents them from using their account though they can still view previously downloaded or synced email and documents. You can then sign in as them and change the password to one of your choosing. <br/> |Use when an employee leaves suddenly and permanently and you feel there's concern for business data. <br/> |
+|Remove all assigned licenses <br/> |Another option is to remove any Microsoft 365 licenses assigned to the user. This prevents them from using applications and services like the Office suite, Office apps for the web, Yammer, and SharePoint Online. They can still sign in but canΓÇÖt use these services. <br/> |Use when you feel this user no longer needs access to specific features in Microsoft 365. <br/> <br> **Important:** When you remove a license, the user's mailbox will be deleted in 30 days.
## Related articles
admin Gdpr Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/gdpr-compliance.md
description: "Learn how Microsoft 365 for business can help you with the General
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that mandates how an organization should handle personal data. If your business sells to, provides services to, or employs citizens of the European Union, then the [GDPR](https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en) will affect you.
-As a small business admin, you are probably asking yourself "how do I get started"? This may be especially true if your business does not handle personal data as a core business activity, or if GDPR is totally new to you.
+As a small business admin, you're probably asking yourself "how do I get started"? This may be especially true if your business doesn't handle personal data as a core business activity, or if GDPR is totally new to you.
You can get started by reviewing this article, which is aimed at helping you understand what the GDPR is, why it came about, and how Microsoft 365 for business can help your organization comply with the GDPR.
You'll see some terms referred to frequently in the GDPR. It's important to unde
**Consent**
-The GDPR states: "The processing of personal data should be designed to serve mankind." The GDPR hopes to achieve this goal by using consent when processing personal data. That could be the simple act of asking your customers if they want to receive email messages from your company. It also means no more opt-out check boxes on your website when you want to use data for marketing. You must take explicit consent using a "clear affirmative act". And, you will need to also keep records of when a consent is taken or revoked.
+The GDPR states: "The processing of personal data should be designed to serve mankind." The GDPR hopes to achieve this goal by using consent when processing personal data. That could be the simple act of asking your customers if they want to receive email messages from your company. It also means no more opt-out check boxes on your website when you want to use data for marketing. You must take explicit consent using a "clear affirmative act". And, you'll need to also keep records of when a consent is taken or revoked.
**Data subject rights**
The GDPR establishes data subject rights, which means that, with respect to thei
- **Ask for data to be deleted:** Also known as the 'right to erasure', this right allows an individual to request that any of their personal data a company has collected is deleted across all systems that use it or share it. -- **Request restricted processing:** An individual can ask that you suppress or restrict their data. However, it is only applicable under certain circumstances.
+- **Request restricted processing:** An individual can ask that you suppress or restrict their data. However, it's only applicable under certain circumstances.
- **Have data portability:** An individual can ask for their data to be transferred to another company.
A good way for a small business to get started with GDPR is to make sure to appl
### Step 1: Know the personal data that you collect and use within your business, and the reasons you need it
-As a small business, one of the first steps you should take is to make an inventory of the personal data you collect and use within your business, and why it is needed. This includes data on both your employees and your customers.
+As a small business, one of the first steps you should take is to make an inventory of the personal data you collect and use within your business, and why it's needed. This includes data on both your employees and your customers.
For example, you may need your employee's personal data based on the employment contract and for legal reasons (for example, reporting taxes to the Internal Revenue Service).
-As another example, you may manage lists of individual customers to
-send them notices about special offers, if they have consented to this.
+As another example, you may manage lists of individual customers to send them notices about special offers, if they have consented to this.
#### Microsoft 365 features that can help+ [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) can help you discover, classify, and protect sensitive information in your company. You can use trainable classifiers to help you identify and label document types that contain personal data. ### Step 2: Inform your customers, employees, and other individuals when you need to collect their personal data
measures).
To better protect personal data, organizations might have to appoint a <b>Data Protection Officer (DPO)</b>. However, you may not need to designate a Data Protection Officer if processing
-of personal data isnΓÇÖt a core part of your business, or if your are a small business. For example, if your business only collects data on your customers for home delivery, you should not need to appoint a DPO. Even if you need to make use of a DPO, these duties might be assigned to an existing employee in addition to his/her other tasks. Or you could chose to hire an external consultant for this duty as needed.
+of personal data isnΓÇÖt a core part of your business, or if you are a small business. For example, if your business only collects data on your customers for home delivery, you should not need to appoint a DPO. Even if you need to make use of a DPO, these duties might be assigned to an existing employee in addition to his/her other tasks. Or you could choose to hire an external consultant for this duty as needed.
You normally donΓÇÖt need to carry out a [Data Protection Impact Assessment](https://gdpr.eu/article-35-impact-assessment/). This is reserved for businesses that pose more risk to personal data (for example, if they do a large-scale monitoring of a publicly accessible area, such as video-surveillance).
Microsoft 365 for business can help you with the GDPR process in the following w
- **Discover:** An important step to GDPR compliance is knowing what data you have. -- **Manage:** Controlling access to data and managing its use is an integral part of GDPR. Microsoft 365 for business protects business data based on policies you want to apply to devices. Device management is vital in an age where employees work remotely. Microsoft 365 for business includes device management features that makes sure data is protected across all devices. For example, you can specify that all Windows 10 devices in your business are protected via Windows Defender.
+- **Manage:** Controlling access to data and managing its use is an integral part of GDPR. Microsoft 365 for business protects business data based on policies you want to apply to devices. Device management is vital in an age where employees work remotely. Microsoft 365 for business includes device management features that make sure data is protected across all devices. For example, you can specify that all Windows 10 devices in your business are protected via Windows Defender.
- **Protect:** Microsoft 365 for business is designed for security. Its device management and data protection controls work across your business network, including remote devices, to help keep data secure. Microsoft 365 for business offers controls such as privacy settings in Office applications and encryption of documents. With Microsoft 365 for business, you can perform GDPR compliance monitoring to make sure you have the right level of protection set.
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
To learn about one of the service plan features, click on the heading in the fol
|Task|Microsoft 365 Business Standard|Microsoft 365 Business Premium| ||||
-[Protect against lost or stolen passwords](#set-up-multifactor-authentication) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) |
+[Protect against lost or stolen passwords](#set-up-multi-factor-authentication) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) |
[Train your users](#train-your-users) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) | [Use dedicated admin accounts](#use-dedicated-admin-accounts)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) | [Protect against malware](#protect-against-malware) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) <br/>(protection for email) | ![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png) <br/>(increased protection for email and devices) |
It's important that before you begin, you check your [Microsoft 365 Secure Score
![Screenshot of Microsoft Secure Score.](../../media/secure-score.png)
-## Set up multifactor authentication
+## Set up multi-factor authentication
Protect against lost or stolen passwords by using multi-factor authentication (MFA). When multi-factor authentication is set up, it requires people to use a code on their phone to sign into Microsoft 365. This extra step can prevent hackers from taking over if they know your password. Multi-factor authentication is also called 2-step verification. Individuals can add 2-step verification to most accounts easily, for example, to their Google or Microsoft accounts. Here's how to [add two-step verification to your personal Microsoft account](https://go.microsoft.com/fwlink/p/?linkid=2016403).
-For businesses using Microsoft 365, add a setting that requires your users to log in using multifactor authentication. When you make this change, users will be prompted to set up their phone for two-factor authentication next time they log in.
+For businesses using Microsoft 365, add a setting that requires your users to log in using multi-factor authentication. When you make this change, users will be prompted to set up their phone for two-factor authentication next time they log in.
To see a training video for how to set up MFA and how users complete the setup, see [set up MFA](set-up-multi-factor-authentication.md) and [user set up](https://support.microsoft.com/office/ace1d096-61e5-449b-a875-58eb3d74de14). ### Turn on security defaults
admin Threats Detected Defender Av https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/threats-detected-defender-av.md
When threats are detected by Microsoft Defender Antivirus, the following things
In most cases, users don't need to take any further action. As soon as a malicious file or program is detected on a device, Microsoft Defender Antivirus blocks it and prevents it from running. Plus, newly detected threats are added to the antivirus and antimalware engine so that other devices and users are protected, as well.
-If there's an action a user needs to take, such as approving the removal of a malicious file, they'll see that in the notification they receive. To learn more about actions that Microsoft Defender Antivirus takes on a user's behalf, or actions users might need to take, see [Protection History](https://support.microsoft.com/office/f1e5fd95-09b4-46d1-b8c7-1059a1e09708). To learn how to manage threat detections as an IT professional/admin, see [Review detected threats and take action](review-threats-take-action.md).
+If there's an action a user needs to take, such as approving the removal of a malicious file, they'll see that in the notification they receive. To learn more about actions that Microsoft Defender Antivirus takes on a user's behalf, or actions users might need to take, see [Protection History](https://support.microsoft.com/office/f1e5fd95-09b4-46d1-b8c7-1059a1e09708). To learn how to manage threat detections as an IT professional/admin, see [Review detected threats and take action](../../business-premium/m365bp-review-threats-take-action.md).
To learn more about different threats, visit the <a href="https://www.microsoft.com/wdsi/threats" target="_blank">Microsoft Security Intelligence Threats site</a>, where you can perform the following actions:
admin Secure Win 10 Pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/secure-win-10-pcs.md
After you set up device protection in Microsoft 365 Business, follow these steps
5. Choose **Apply settings**.
- These settings will apply to all users in your organization. To set up different policies for different security groups, see [Set device protection settings for Windows 10 PCs](../../business-premium/m365bp-protection-settings-for-windows-10-pcs.md).
+ These settings will apply to all users in your organization. To set up different policies for different security groups, see [Set device protection settings for Windows 10 PCs](../../business-premium/m365bp-protection-settings-for-windows-10-devices.md).
admin Usage Analytics Data Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/usage-analytics-data-model.md
description: "Learn how usage analytics connects to an API and provides monthly
## Data for the Microsoft 365 usage analytics tables
-Microsoft 365 usage analytics connects to an API that exposes a multidimensional data model. The APIs that Microsoft 365 usage analytics uses to generate its data are from the various, generally-available, Graph APIs. The function of the Microsoft 365 usage analytics API by itself is not generally available.
+Microsoft 365 usage analytics connects to an API that exposes a multidimensional data model. The APIs that Microsoft 365 usage analytics uses to generate its data are from the various, generally available, Graph APIs. The function of the Microsoft 365 usage analytics API by itself isn't generally available.
> [!NOTE] > For more information, see [Working with Microsoft 365 usage reports in Microsoft Graph](/graph/api/resources/report).
This table provides month-over-month adoption data in terms of enable, active, r
|ActiveUsers <br/> |Number of users who performed an intentional activity in the product for the time-frame value. <br/> A user is counted as active for a product in a particular month, if they have performed one of the key activities in the product. The key activities are available in the **Tenant Product Activity** table. <br/> | |CumulativeActiveUsers <br/> |Number of users who are enabled to use a product and have used the product up to the timeframe month at least once since data collection started in the new usage system. <br/> | |MoMReturningUsers <br/> |Number of users who are active in the timeframe month and also were active in the previous month. <br/> |
-|FirstTimeUsers <br/> |Number of users who became active in the timeframe for the first time since data collection in the new usage system. <br/> A user is counted as a first-time user in a particular month, if we detect their activity for the first time since the beginning of data collection in this new reporting system. Once counted as a first-time user, even if this user has a large gap in their activity they will never be counted again as a first-time user <br/> |
+|FirstTimeUsers <br/> |Number of users who became active in the timeframe for the first time since data collection in the new usage system. <br/> A user is counted as a first-time user in a particular month, if we detect their activity for the first time since the beginning of data collection in this new reporting system. Once counted as a first-time user, even if this user has a large gap in their activity they'll never be counted again as a first-time user <br/> |
|Content Date <br/> |If timeframe shows current month, this value will represent the latest date of the current month for which data is available. <br/> If Timeframe shows previous month, this value will represent the last date of the timeframe month. <br/> | ### Data table - Tenant Product Activity
This table provides monthly totals of activity and active user count for various
### Data table - Tenant Mailbox Usage
-This table consists of summary data across all licensed Exchange Online users who have a user mailbox. It contains end of month state across all user mailboxes. The data in this table is not additive across multiple months. Latest month's data in this table represents the most recent state.
+This table consists of summary data across all licensed Exchange Online users who have a user mailbox. It contains end of month state across all user mailboxes. The data in this table isn't additive across multiple months. Latest month's data in this table represents the most recent state.
|**Column name**|**Column description**| |:--|:--|
This table consists of summary data across all licensed Exchange Online users wh
### Data table - Tenant Client Usage
-This table provides month-over-month summary data about the clients that the users are using to connect to Exchange Online, Skype for Business and Yammer. This table does not yet have client use data for SharePoint Online and OneDrive for Business.
+This table provides month-over-month summary data about the clients that the users are using to connect to Exchange Online, Skype for Business and Yammer. This table doesn't yet have client use data for SharePoint Online and OneDrive for Business.
|**Column name**|**Column description**| |:--|:--|
bookings Enter Business Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/enter-business-information.md
ms.localizationpriority: medium ms.assetid: 828a17db-956a-401e-bb62-d153b6dffd53
-description: "Follow these instructions to create your About Us page, including business name, address, phone number, website URL, logo, and business hours in Microsoft Bookings."
+description: "Follow these instructions to create your About Us page with business name, address, phone number, website URL, logo, and business hours in Microsoft Bookings."
# Enter your business information in Microsoft Bookings
You might need to block out a portion of each day or week to have staff meetings
For example, you have staff meetings every Thursday from 1 o'clock to 2:30 and want to block out that time so all of your staff members can attend. To do this:
-1. On the Business information page, under Business hours, select a start and end time for Thursdays. In this example we'll set 8:00 a.m. to 1:00 p.m.
+1. On the Business information page, under Business hours, select a start and end time for Thursdays. In this example, we'll set 8:00 a.m. to 1:00 p.m.
1. Select **+** to create a new row for Thursday.
business-premium Create Communications Site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/create-communications-site.md
Title: "Create a SharePoint communications site"
+ Title: "Create a SharePoint communications site in Teams for Microsoft 365 Business Premium"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn why and how to create a SharePoint communications site for your campaign or business with Microsoft 365, and protect the team from cyberattacks and incursions from malware and other threats due to improper file sharing."
+description: "Learn why and how to create a SharePoint communications site for your campaign or business with Microsoft 365 Business Premium, and protect the team from cyberattacks and incursions from malware and other threats due to improper file sharing."
-# Create a communications site in SharePoint
+# Create a communications site
A great way to communicate priorities, share strategy documents, and highlight upcoming events is to use a communications site in SharePoint, and that's what this mission is all about. Communications sites are for sharing things broadly across your whole business or campaign &mdash; it's your internal strategy site and tactical room.
business-premium M365bp App Protection Settings For Android And Ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-app-protection-settings-for-android-and-ios.md
You can set up a user access policy that requires mobile users to enter a PIN or
1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
-2. Under **Policies**, choose **Add policy**.
+1. Under **Policies**, choose **Add policy**.
-3. In the **Add policy** pane, enter a name under **Policy name**, and choose the policy type that you want under **Policy type**.
+1. In the **Add policy** pane, enter a name under **Policy name**, and choose the policy type that you want under **Policy type**.
-4. Turn on **Manage how users access Office files on mobile devices**, and then make sure the following three settings are turned on:
-
- - **Require a PIN or fingerprint to access Office apps**
-
- - **Protect work files when devices are lost or stolen**
+1. Turn on **Protect work files when devices are lost or stolen**, and then make sure the following three settings are turned on:
+ - **Force users to save all work files to OneDrive for Business**
+
- **Encrypt work files**
-5. Under **Files in these apps will be protected**, select the Office apps you want to protect on mobile devices.
+1. Turn on **Manage how users access Office files on Mobile devices** and ensure the settings are turned on or set for each item.
-6. Under **Who will get these settings?**, all users are selected by default, but you can choose **Change** to select any security groups you've created.
+1. Under **Files in these apps will be protected**, select the Office apps you want to protect on mobile devices.
-7. To finish creating the policy, choose **Add**.
+1. Under **Who will get these settings?**, all users are selected by default, but you can choose **Change** to select any security groups you've created.
-8. On the **Add policy** page, choose **Close**.
+1. To finish creating the policy, choose **Add**.
-9. On the admin center home page, confirm that your new policy was added by choosing **Policies** and reviewing your policy on the **Policies** page.
+1. On the **Add policy** page, choose **Close**.
+
+1. On the admin center home page, confirm that your new policy was added by choosing **Policies** and reviewing your policy on the **Policies** page.
## Create an app management policy
-1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">https://admin.microsoft.com</a>.
-
-2. In the left nav, choose **Devices** \> **Policies** \> **Add**.
+1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">https://admin.microsoft.com</a>.
+
+1. In the left nav, choose **Devices** \> **Policies** \> **Add**.
-3. On the **Add policy** pane, enter a unique name for this policy.
-
-4. Under **Policy type**, choose **Application Management for Android** or **Application Management for iOS**, depending on which set of policies you want to create.
-
-5. Expand **Protect work files when devices are lost or stolen** and **Manage how users access Office files on mobile devices**. Configure the settings how you would like. **Manage how users access Office files on mobile devices** is **Off** by default, but we recommend that you turn it **On** and accept the default values. For more information, see [Available settings](#available-settings).
-
- You can always use the **Reset default settings** link to return to the default setting.
-
- ![Screenshot of Create a policy with Application management for Android selected.](/media/eabbe06d-ac0a-4f3a-8630-68c808b1e662.png)
+1. On the **Add policy** pane, enter a unique name for this policy.
+
+1. Under **Policy type**, choose **Application Management for Android** or **Application Management for iOS**, depending on which set of policies you want to create.
+
+1. Expand **Protect work files when devices are lost or stolen** and **Manage how users access Office files on mobile devices**. Configure the settings how you would like. **Manage how users access Office files on mobile devices** is **Off** by default, but we recommend that you turn it **On** and accept the default values. For more information, see [Available settings](#available-settings).
+
+ You can always use the **Restore default settings** link to return to the default setting.
+
-6. Next decide **Who will get these settings?** If you don't want to use the default **All Users** security group, choose **Change**, choose the security groups that get these settings \> **Select**.
-
-7. Finally, choose **Done** to save the policy, and assign it to devices.
-
+1. Next decide **Who will get these settings?** If you don't want to use the default **All Users** security group, choose **Change**, choose the security groups that get these settings \> **Select**.
+
+1. Finally, choose **Done** to save the policy, and assign it to devices.
+ ## Edit an app management policy 1. On the **Policies** card, choose **Edit policy**.
-
-2. On the **Edit policy** pane, choose the policy you want to change
-
-3. Choose **Edit** next to each setting to change the values in the policy. When you change a value, it's automatically saved in the policy.
-
-4. When you're finished, close the **Edit policy** pane.
-
+
+1. On the **Edit policy** pane, choose the policy you want to change.
+
+1. Choose **Edit** next to each setting to change the values in the policy. When you change a value, it's automatically saved in the policy.
+
+1. When you're finished, close the **Edit policy** pane.
+ ## Delete an app management policy 1. On the **Policies** page, choose a policy and then **Delete**.
-
-2. On the **Delete policy** pane, choose **Confirm** to delete the policy or policies you chose.
-
+
+1. On the **Delete policy** pane, choose **Confirm** to delete the policy or policies you chose.
+ ## Available settings The following tables give detailed information about settings available to protect work files on devices and the settings that control how users access Office files from their mobile devices.
The following settings are available to protect work files if a user's device is
|Delete work files from an inactive device after this many days |If a device isn't used for the number of days that you specify here, any work files stored on the device will be deleted automatically. | |Force users to save all work files to OneDrive for Business |If this setting is **On**, the only available save location for work files is OneDrive for Business. | |Encrypt work files |Keep this setting **On** so that work files are protected by encryption. Even if the device is lost or stolen, no one can read your company data. |
-
+ ### Settings that control how users access Office files on mobile devices The following settings are available to manage how users access Office work files: - |Setting |Description | |:--|:--| |Require a PIN or fingerprint to access Office apps |If this setting is **On** users must provide another form of authentication, in addition to their username and password, before they can use Office apps on their mobile devices.|
business-premium M365bp Collaborate Share Securely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-collaborate-share-securely.md
Title: "Collaborate and share securely"
+ Title: "Collaborate and share securely in Microsoft 365 Business Premium"
f1.keywords: - NOCSH
search.appverid: - BCS160 - MET150
-description: "An overview on how to collaborate and share files and communicate securely using Teams. In the closed environment provide by Teams, files and communications are free from cyber threats and cyberattacks."
+description: "An overview on how to collaborate and share files and communicate securely using Teams in Microsoft 365 Business Premium. In the closed environment provide by Teams, files and communications are free from cyber threats and cyberattacks."
# Collaborate and share securely
business-premium M365bp Install Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-install-office-apps.md
Title: "Install Office apps on all devices"
+ Title: "Install Office apps on all devices in Microsoft 365 Business Premium"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 - MOE150
-description: "How to install Office on all devices."
+description: "How to install Office on all devices in Microsoft 365 Business Premium."
# Install Office apps on all devices
-Okay, you've set up Microsoft 365, and now you can require users to install individual Office applications on their Mac, PC, or mobile devices. This is something your users should do to be part of the front lines and help protect the org against attack.
+Okay, you've set up Microsoft 365 Business Premium, and now you can require users to install individual Office applications on their Mac, PC, or mobile devices. This is something your users should do to be part of the front lines and help protect the org against attack.
## Watch: Install Office apps
Have them perform the following:
5. Get the Windows app, and then select **Run**. Teams displays a prompt when installation is complete.
-## Set up mobile devices for Microsoft 365 for business users
+## Set up mobile devices for Microsoft 365 Business Premium users
Use the following instructions to install Office on an iPhone or an Android phone. After you follow these steps, your work files created in Office apps will be protected by Microsoft 365 for business.
business-premium M365bp Manage Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-manage-windows-devices.md
search.appverid:
description: "Learn how to enable Microsoft 365 to protect local Active-Directory-joined Windows 10 devices in just a few steps."
-# Enable domain-joined Windows 10 devices to be managed by Microsoft 365 Business Premium
+# Manage Windows devices with Microsoft 365 Business Premium
-If your organization uses Windows Server Active Directory on-premises, you can set up Microsoft 365 Business Premium to protect your Windows 10 devices, while still maintaining access to on-premises resources that require local authentication.
+If your organization uses Windows Server Active Directory on-premises, you can set up Microsoft 365 Business Premium to protect your Windows devices, while still maintaining access to on-premises resources that require local authentication.
-To set up this protection, you can implement **Hybrid Azure AD joined devices**. These devices are joined to both your on-premises Active Directory and your Azure Active Directory.
+To set this up, implement **Hybrid Azure AD joined devices**. These devices are joined to both your on-premises Active Directory and your Azure Active Directory.
> [!NOTE] > Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../security/defender-business/mdb-overview.md).
This video describes the steps for how to set this up for the most common scenar
- Synchronize users to Azure AD with Azure AD Connect. - Complete Azure AD Connect Organizational Unit (OU) sync.-- Make sure all the domain users you sync have licenses to Microsoft 365 Business Premium.
+- Make sure all the domain users you sync have licenses for Microsoft 365 Business Premium.
See [Synchronize domain users to Microsoft 365](../admin/setup/manage-domain-users.md) for the steps.
+## Device actions
+
+![In the Device actions list, you can see the Devices states.](./../media/a621c47e-45d9-4e1a-beb9-c03254d40c1d.png)
+
+Devices and their associated actions can have the following states:
+
+|**Status**|**Description**|
+|:--|:--|
+|Managed by Intune |Managed by Microsoft 365 Business Premium. |
+|Retire pending |Microsoft 365 Business Premium is getting ready to remove company data from the device. |
+|Retire in progress |Microsoft 365 Business Premium is currently removing company data from the device. |
+|Retire failed | Remove company data action failed. |
+|Retire canceled |Retire action was canceled. |
+|Wipe pending |Waiting for factory reset to start. |
+|Wipe in progress |Factory reset has been issued. |
+|Wipe failed |Couldn't do factory reset. |
+|Wipe canceled |Factory wipe was canceled. |
+|Unhealthy |An action is pending (or in progress), but the device hasn't checked in for 30+ days. |
+|Delete pending |Delete action is pending. |
+|Discovered |Microsoft 365 Business Premium has detected the device. |
+ ## 1. Verify MDM Authority in Intune Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com/#blade/Microsoft_Intune_Enrollment/EnrollmentMenu/overview)) and select **Device enrollment**, then on the **Overview** page, make sure **MDM authority** is **Intune**.
business-premium M365bp Map Protection Features To Intune Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-map-protection-features-to-intune-settings.md
f1.keywords:
Previously updated : 04/21/2022 Last updated : 05/20/2022 audience: Admin
To find the Intune setting, sign in with your Microsoft 365 Business Premium adm
|**Windows 10 device policy setting**|**Intune setting(s)**| |:--|:--|
-|Help protect PCs from viruses and other threats using Windows Defender Antivirus |Allow Real-time Monitoring = ON <br/> Allow Cloud Protection = ON <br/> Prompt Users for Samples Submission = Send Safe samples automatically (Default Non PII auto submit) |
+|Help protect PCs from viruses and other threats using Microsoft Defender Antivirus |Allow Real-time Monitoring = ON <br/> Allow Cloud Protection = ON <br/> Prompt Users for Samples Submission = Send Safe samples automatically (Default Non PII auto submit) |
|Help protect PCs from web-based threats in Microsoft Edge |**SmartScreen** in **Edge Browser settings** is set to **Required**. | |Turn off device screen when idle for (minutes) |Maximum minutes of inactivity until screen locks (minutes) | |Allow users to download apps from Microsoft Store |Custom URI policy |
business-premium M365bp Multifactor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-multifactor-authentication.md
Title: "Set up multifactor authentication for Microsoft 365 Business Premium"
+ Title: "Set up multi-factor authentication for Microsoft 365 Business Premium"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Set up multifactor authentication for mobile devices."
+description: "Set up multi-factor authentication for phones in Microsoft Business Premium. Increase your security by using Microsoft Business Premium's MFA features for your phone."
-# Set up multifactor authentication with your mobile device
+# Set up MFA
-Multifactor authentication (MFA) provides more security because instead of only using a password, or a code through text, a separate app on your phone is used to verify access. This makes it difficult to hack. When MFA is required, members of the organization can use the Microsoft Authenticator app to securely sign in on their devices. <br/><br/>
+Multi-factor authentication (MFA) provides increased security because instead of only using a password, or a code through text, a separate app on your phone is used to verify access. This makes it difficult to hack. When MFA is required, members of the organization can use the Microsoft Authenticator app to securely sign in on their devices. <br/><br/>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MmQR]
-See more at [Set up multi-factor authentication in Microsoft 365](https://support.office.com/article/a32541df-079c-420d-9395-9d59354f7225)
+See more at [Set up multi-factor authentication in Microsoft 365 Business Premium](https://support.office.com/article/a32541df-079c-420d-9395-9d59354f7225)
## Use the Outlook app on your devices
-After an admin has required the front-line users to use MFA then the authenticator app serves as a second form of authentication. We recommend you have them install and use the Outlook app to access their Microsoft 365 email. See [Set up mobile devices](../admin/setup/set-up-mobile-devices.md) for how to install Office apps, including Outlook, on a phone.
+After an admin has required the front-line users to use MFA then the authenticator app serves as a second form of authentication. We recommend you have them install and use the Outlook app to access their Microsoft 365 email.
## Next objective
-Follow the guidance to [Install Office apps](m365bp-install-office-apps.md).
-
-
+Follow the guidance to [Install Office applications](m365bp-install-office-apps.md).
business-premium M365bp Prepare For Office Client Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-prepare-for-office-client-deployment.md
Title: "Prepare for Office client deployment by Microsoft 365 Business Premium"
+ Title: "Prepare for Office client deployment with Microsoft 365 Business Premium"
f1.keywords: - CSH
search.appverid:
- MET150 ROBOTS: NO INDEX, NO FOLLOW ms.assetid: ed34fff3-2881-4ed4-9906-1ba6bb8dd804
-description: "Learn how to automatically install the 32-bit Office apps on Windows 10 computers and keep them updated."
+description: "Learn how to automatically install the 32-bit Office apps on Windows computers and keep them updated in Microsoft 365 Business Premium."
# Prepare to automatically install Office apps to client computers
-Use Microsoft 365 Business Premium to automatically install the 32-bit Office apps on Windows 10 computers and keep them current with updates.
+Use Microsoft 365 Business Premium to automatically install the 32-bit Office apps on Windows computers and keep them current with updates.
Automatic installation works best if the computer: -- is on Windows 10 Business.
+- is on Windows for Business.
- doesn't have existing Office desktop apps (Word, Excel, PowerPoint, Outlook, OneNote, Publisher, Access, and OneDrive) OR has an existing version of Click-to-Run Office installed.
-To determine if you have the Click-to-Run version of Office, in any Office app go to **File** \> **Account** ( **Office Account** in Outlook). If you see **Office Updates** as shown in the following figure, then the installation was done by using Click-to-Run.
+To determine if you have the Click-to-Run version of Office, in any Office app go to **File** \> **Account** ( **Office Account** in Outlook). If you see **Office Updates** as shown in the following figure, then the installation was done by using Click-to-Run.
![Screenshot of Office updates in Office app Account.](./../media/e3439380-fa43-4ed6-ae5d-64851c297df5.png)
To determine if you have the Click-to-Run version of Office, in any Office app g
Works with: -- A user who has a Windows 10 Business user license, an active Microsoft 365 for business license, Windows 10 Creators Update, and is joined to Azure Active Directory.
+- A user who has a Windows Business user license, an active Microsoft 365 for Business license, Windows 10 Creators Update, and is joined to Azure Active Directory.
Doesn't work with:
business-premium M365bp Protection Settings For Windows 10 Pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protection-settings-for-windows-10-pcs.md
- Title: "Edit or create device protection settings for Windows 10 PCs"-- NOCSH-------- M365-subscription-management-- M365-identity-device-management -- Adm_TOC--- Core_O365Admin_Migration-- MiniMaven-- MSB365-- OKR_SMB_M365-- AdminSurgePortfolio-- adminvideo-- BCS160-- MET150
-description: "Learn about settings available in Microsoft 365 for business to secure Windows 10 devices."
--
-# Edit or create device protection settings for Windows 10 PCs
-
-This article applies to Microsoft 365 Business Premium.
-
-> [!NOTE]
-> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../security/defender-business/mdb-overview.md).
-
-After you have set set up default Windows protection settings on the Setup page, you can add new ones that apply to either all users, or a set of users. You can also edit any of the ones you have created.
-
-## Watch: Create protection settings for Windows 10 devices
-
-View a video on how to secure Windows 10 devices with Microsoft 365 Business Premium:
-
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/a5734146-620a-4cec-8618-536b3ca37972?autoplay=false]
-
-1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">https://admin.microsoft.com</a>.
-
-2. On the left nav, choose **Devices** \> **Policies** \> **Add**.
-
-3. On the **Add policy** pane, enter a unique name for this policy.
-
-4. Under **Policy type**, choose **Windows 10 Device Configuration**.
-
-5. Expand **Secure Windows 10 Devices** \> configure the settings how you would like. For more information, see [Available settings](#available-settings).
-
- You can always use the **Reset default settings** link to return to the default setting.
-
- ![Add policy pane with Windows 10 Device configuration selected.](./../media/fa9e2dc2-7eae-4c96-af34-765a1f641ecf.png)
-
-6. Next decide **Who will get these settings?** If you don't want to use the default **All users** security group, Choose **Change**, search for the security group who will get these settings \> **Select**.
-
-7. Finally, choose **Done** to save the policy, and assign it to devices.
-
-## Edit Windows 10 protection settings
-
-1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">https://admin.microsoft.com</a>.
-
-2. On the left nav, choose **Devices** \> **Policies** .
-
-3. Choose an existing Windows device policy and then **Edit**.
-
-4. Choose **Edit** next to a setting you want to change and then **Save**.
-
-## Available settings
-
-By default all settings are **On**. The following settings are available.
-
-For more information, see [How do protection features in Microsoft 365 Premium map to Intune settings](m365bp-map-protection-features-to-intune-settings.md).
--
-|Setting |Description |
-|:--|:--|
-|Help protect PCs from viruses and other threats using Windows Defender Antivirus |Requires that Windows Defender Antivirus is turned on to protect PCs from the dangers of being connected to the internet. |
-|Help protect PCs from web-based threats in Microsoft Edge |Turns on settings in Edge that help protect users from malicious sites and downloads. |
-|Use rules that reduce the attack surface of devices |When turned On, attack surface reduction helps block actions and apps typically used by malware to infect devices. This setting is only available if Windows Defender Antivirus is set to On. See [Reduce attack surfaces](/windows/security/threat-protection/microsoft-defender-atp/exploit-protection) to learn more. |
-|Protect folders from threats such as ransomware |This setting uses controlled folder access to protect company data from modification by suspicious or malicious apps, such as ransomware. These types of apps are blocked from making changes in protected folders. This setting is only available if Windows Defender Antivirus is set to On. See [Protect folders with Controlled folder access](/mem/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy#bkmk_CFA) to learn more. |
-|Prevent network access to potentially malicious content on the Internet |Use this setting to block outbound user connections to low-reputation Internet locations that may host phishing scams, exploits, or other malicious content. This setting is only available if Windows Defender Antivirus is set to **On**. For more information, see [Protect your network](/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). |
-|Help protect files and folders on PCs from unauthorized access with BitLocker |BitLocker protects data by encrypting the computer hard drives and protect against data exposure if a computer is lost or stolen. For more information, see [BitLocker FAQ](/windows/security/information-protection/BitLocker/BitLocker-frequently-asked-questions). |
-|Allow users to download apps from Microsoft Store |Lets users download and install apps from the Microsoft Store. Apps include everything from games to productivity tools, so we leave this setting **On**, but you can turn it off for extra security. |
-|Allow users to access Cortana |Cortana can be very helpful! Cortana can turn settings on or off for you, give directions, and make sure you're on time for appointments, so we keep this setting **On** by default. |
-|Allow users to receive Windows tips and advertisements from Microsoft |Windows tips can be handy and help orient users when new features are released. |
-|Keep Windows 10 devices up to date automatically |Makes sure that Windows 10 devices automatically receive the latest updates. |
-|Turn off device screen when idle for this amount of time |Makes sure that company data is protected if a user is idle. A user may be working in a public location, like a coffee shop, and step away or be distracted for just a moment, leaving their device vulnerable to random glances. This setting lets you control how long the user can be idle before the screen shuts off. |
-
-## See also
-
-[Best practices for securing Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)
business-premium M365bp Reset Devices To Factory Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-reset-devices-to-factory-settings.md
Title: "Reset Windows 10 devices to their factory settings"
+ Title: "Reset Windows devices to their factory settings"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 ms.assetid: c4db6caf-74df-4734-b1dd-53e371c7a3c3
-description: "Learn how to use Microsoft 365 for business to factory reset Windows 10 devices you manage, reverting them to their original settings at purchase."
+description: "Learn how to use Microsoft 365 Business Premium to factory reset Windows devices you manage, reverting them to their original settings at purchase."
-# Reset Windows 10 devices to their factory settings
+# Reset Windows devices to factory settings
This article applies to Microsoft 365 Business Premium.
business-premium M365bp Review Threats Take Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-review-threats-take-action.md
+
+ Title: "Review detected threats and take action"
+f1.keywords: NOCSH
+++
+audience: Admin
++
+ms.localizationpriority: medium
+
+- M365-subscription-management
+- Adm_O365
+- Adm_TOC
+
+search.appverid: MET150
+description: "Learn how to review and manage threats detected by Microsoft Defender Antivirus on your Windows 10 devices."
++
+# Review threats detected by Microsoft Defender Antivirus and take action
+
+As soon as a malicious file or software is detected, Microsoft Defender Antivirus blocks it and prevents it from running. And with cloud-delivered protection turned on, newly detected threats are added to the antivirus and antimalware engine so that your other devices and users are protected, as well.
+
+Microsoft Defender Antivirus detects and protects against the following kinds of threats:
+
+- Viruses, malware, and web-based threats on devices
+- Phishing attempts
+- Data theft attempts
+
+As an IT professional/admin, you can view information about threat detections across [Windows 10 devices that are enrolled in Intune](/mem/intune/enrollment/device-enrollment) in the Microsoft 365 admin center. You'll see summary information, such as:
+
+- How many devices need antivirus protection
+- How many devices are not in compliance with security policies
+- How many threats are currently active, mitigated, or resolved
+
+You have several options to view specific information about threat detections and devices:
+
+- The **Active devices** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. See [Manage threat detections on the Active devices page](#manage-threat-detections-on-the-active-devices-page) in this article.
+- The **Active threats** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. See [Manage threat detections on the Active threats page](#manage-threat-detections-on-the-active-threats-page) in this article.
+- The **Antivirus** page in <a href="https://go.microsoft.com/fwlink/p/?linkid=2150463" target="_blank">Microsoft Endpoint Manager</a>. See [Manage threat detections in Microsoft Endpoint Manager](#manage-threat-detections-in-microsoft-endpoint-manager) in this article.
+
+To learn more, see [Threats detected by Microsoft Defender Antivirus](/admin/security-and-compliance/threats-detected-defender-av.md).
+
+## Manage threat detections on the **Active devices** page
+
+The following procedure applies to customers who have Microsoft 365 Business Premium.
+
+1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and sign in.
+
+2. In the navigation page, select **Devices** > **Active devices**. You'll see a list of active devices and details, such as protection status, antivirus (AV) protection state, and the number of active threats detected.
+
+3. Select a device to view more details about that device and available actions. A flyout opens with recommendations and available actions, such as **Update policy**, **Update antivirus**, **Run quick scan**, **Run full scan**, and more.
+
+## Manage threat detections on the **Active threats** page
+
+The following procedure applies to customers who have Microsoft 365 Business Premium. [Windows 10 devices must be secured](../business-premium/m365bp-secure-windows-devices.md) and [enrolled in Intune](/mem/intune/enrollment/windows-enrollment-methods).
+
+> [!NOTE]
+> The **Microsoft Defender Antivirus** card and **Active threats** page are being rolled out in phases, so you may not have immediate access to them.
+
+1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and sign in.
+
+2. On the **Microsoft Defender Antivirus** card, select **View active threats**. (Alternatively, in the navigation pane, select **Health** > **Threats & antivirus**.)
+
+3. On the **Active threats** page, select a detected threat to learn more about it. A flyout opens with details about that threat, including which devices are affected.
+
+4. On the flyout, select a device to view available actions, such as **Update policy**, **Update antivirus**, **Run quick scan**, and more.
+
+## Actions you can take
+
+When you view details about specific threats or devices, you'll see recommendations and one or more actions you can take. The following table describes actions that you might see.<br><br>
+
+| Action | Description |
+|--|--|
+| Configure protection | Your threat protection policies need to be configured. Select the link to go to your policy configuration page.<br><br>Need help? See [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). |
+| Update policy | Your antivirus and real-time protection policies need to be updated or configured. Select the link to go to the policy configuration page.<br><br>Need help? See [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). |
+| Run quick scan | Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. |
+| Run full scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). |
+| Update antivirus | Requires the device to get [security intelligence updates](https://go.microsoft.com/fwlink/?linkid=2149926) for antivirus and antimalware protection. |
+| Restart device | Forces a Windows 10 device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user is not automatically notified of the restart and could lose unsaved work. |
+
+## Manage threat detections in Microsoft Endpoint Manager
+
+You can use Microsoft Endpoint Manager to manage threat detections. Windows 10 devices must be [enrolled in Intune](/mem/intune/enrollment/windows-enrollment-methods) (part of Microsoft Endpoint Manager).
+
+1. Go to the Microsoft Endpoint Manager admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2150463" target="_blank">https://endpoint.microsoft.com</a> and sign in.
+
+2. In the navigation pane, select **Endpoint security**.
+
+3. Under **Manage**, select **Antivirus**. You'll see several tabs, such as **Summary**, **Windows 10 unhealthy endpoints**, and **Windows 10 detected malware**.
+
+4. Review the information on the available tabs, and then take any needed action.
+
+For example, suppose that devices are listed on the **Windows 10 detected malware** tab. When you select a device, you'll have certain actions available, such as **Restart**, **Quick Scan**, **Full Scan**, **Sync**, or **Update signatures**. Select an action for that device.
+
+The following table describes the actions you might see in Microsoft Endpoint Manager.<br><br>
+
+| Action | Description |
+|--|--|
+| Restart | Forces a Windows 10 device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user is not automatically notified of the restart and could lose unsaved work. |
+| Quick Scan | Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). |
+| Full Scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). |
+| Sync | Requires a device to check in with Intune (part of Microsoft Endpoint Manager). When the device checks in, the device receives any pending actions or policies assigned to the device. |
+| Update signatures | Requires the device to get [security intelligence updates](https://go.microsoft.com/fwlink/?linkid=2149926) for antivirus and antimalware protection. |
+
+> [!TIP]
+> For more information, see [Remote actions for devices](/mem/intune/protect/endpoint-security-manage-devices#remote-actions-for-devices).
+
+## How to submit a file for malware analysis
+
+If you have a file that you think was missed or wrongly classified as malware, you can submit that file to Microsoft for malware analysis. Users and IT admins can submit a file for analysis. Visit [https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission).
+
+## See also
+
+[Best practices for securing Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)
+
+[Overview of Microsoft Defender for Business](../security/defender-business/mdb-overview.md) (Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022)
business-premium M365bp Secure Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-secure-windows-devices.md
By default all settings are **On**. The following settings are available: <br/><
|Setting <br/> |Description <br/> | |:--|:--|
-|Help protect PCs from viruses and other threats using Windows Defender Antivirus <br/> |Requires that Windows Defender Antivirus is turned on to protect PCs from the dangers of being connected to the internet. <br/> |
+|Help protect PCs from viruses and other threats using Microsoft Defender Antivirus <br/> |Requires that Microsoft Defender Antivirus is turned on to protect PCs from the dangers of being connected to the internet. <br/> |
|Help protect PCs from web-based threats in Microsoft Edge <br/> |Turns on settings in Edge that help protect users from malicious sites and downloads. <br/> | |Help protect files and folders on PCs from unauthorized access with BitLocker <br/> |BitLocker protects data by encrypting the computer hard drives and protect against data exposure if a computer is lost or stolen. For more information, see [BitLocker FAQ](/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions). <br/> | |Turn off device screen when idle for this amount of time <br/> |Makes sure that company data is protected if a user is idle. A user may be working in a public location, like a coffee shop, and step away or be distracted for just a moment, leaving their device vulnerable to random glances. This setting lets you control how long the user can be idle before the screen shuts off. <br/> |
business-premium M365bp Validate Settings On Android Or Ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-validate-settings-on-android-or-ios.md
+
+ Title: "Validate app protection settings on Android or iOS devices"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+ms.localizationpriority: medium
+
+- M365-subscription-management
+- M365-identity-device-management
+- Adm_TOC
+
+- Adm_O365
+- Core_O365Admin_Migration
+- MSB365
+- OKR_SMB_M365
+- AdminSurgePortfolio
+search.appverid:
+- BCS160
+- MET150
+ms.assetid: f3433b6b-02f7-447f-9d62-306bf03638b0
+description: "Learn how to validate the Microsoft 365 Business Premium app protection settings in your Android or iOS devices."
++
+# Validate app protection settings on Android or iOS devices
+
+> [!NOTE]
+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../security/defender-business/mdb-overview.md)
+
+Follow the instructions in the following sections to validate app protection settings on Android or iOS devices.
+
+## Android
+
+### Check that the app protection settings are working on user devices
+
+After you [set app protection settings for Android or iOS devices](../business-premium/m365bp-app-protection-settings-for-android-and-ios.md) to protect the apps, you can follow these steps to validate that the settings you chose work.
+
+First, make sure that the policy applies to the app in which you're going to validate it.
+
+1. In the Microsoft 365 Business Premium [admin center](https://admin.microsoft.com), go to **Policies** \> **Edit policy**.
+
+2. Choose **Application policy for Android** for the settings you created at setup, or another policy you created, and verify that it's enforced for Outlook, for example.
+
+ ![Screenshot showing all the apps for which this policy protects files.](../business-premium/media/b3be3ddd-f683-4073-8d7a-9c639a636a2c.png)
+
+### Validate Require a PIN or a fingerprint to access Office apps
+
+In the **Edit policy** pane, choose **Edit** next to **Office documents access control**, expand **Manage how users access Office files on mobile devices**, and make sure that **Require a PIN or fingerprint to access Office apps** is set to **On**.
+
+![Make sure that the Require a PIN or fingerprint to access Office apps is set to On.](../business-premium/media/f37eb5b2-7e26-49fb-9bd6-d955d196bacf.png)
+
+1. In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.
+
+2. You'll also be prompted to enter a PIN or use a fingerprint.
+
+ ![Enter a PIN on your Android device to access Office apps.](../business-premium/media/9e8ecfee-8122-4a3a-8918-eece80344310.png)
+
+### Validate Reset PIN after number of failed attempts
+
+In the **Edit policy** pane, choose **Edit** next to **Office documents access control**, expand **Manage how users access Office files on mobile devices**, and make sure that **Reset PIN after number of failed attempts** is set to some number. This is 5 by default.
+
+1. In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.
+
+2. Enter an incorrect PIN as many times as specified by the policy. You'll see a prompt that states **PIN Attempt Limit Reached** to reset the PIN.
+
+ ![Screenshot indicating after too many incorrect PIN attempts, you need to reset your PIN.](../business-premium/media/fca6fcb4-bb5c-477f-af5e-5dc937e8b835.png)
+
+3. Press **Reset PIN**. You'll be prompted to sign in with the user's Microsoft 365 Business Premium credentials, and then required to set a new PIN.
+
+### Validate Force users to save all work files to OneDrive for Business
+
+In the **Edit policy** pane, choose **Edit** next to **Protection against lost or stolen devices**, expand **Protect work files when devices are lost or stolen**, and make sure that **Force users to save all work files to OneDrive for Business** is set to **On**.
+
+![Verify that Force users to save all work files to OneDrive for Business is set to On.](../business-premium/media/7140fa1d-966d-481c-829f-330c06abb5a5.png)
+
+1. In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.
+
+2. Open an email that contains an attachment and tap the down arrow icon next to the attachment's information.
+
+ ![Tap the down arrow next to an attachment to try to save it.](../business-premium/media/b22573bb-91ce-455f-84fa-8feb2846b117.png)
+
+ You'll see **Cannot save to device** on the bottom of the screen.
+
+ ![Warning text that indicates cannot save a file locally to an Android.](../business-premium/media/52ca3f3d-7ed0-4a52-9621-4872da6ea9c5.png)
+
+ > [!NOTE]
+ > Saving to OneDrive for Business is not enabled for Android at this time, so you can only see that saving locally is blocked.
+
+### Validate Require user to sign in again if Office apps have been idle for a specified time
+
+In the **Edit policy** pane, choose **Edit** next to **Office documents access control**, expand **Manage how users access Office files on mobile devices**, and make sure that **Require users to sign in again after Office apps have been idle for** is set to some number of minutes. This is 30 minutes by default.
+
+1. In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.
+
+1. You should now see Outlook's inbox. Let the Android device idle untouched for at least 30 minutes (or some other amount of time, longer than what you specified in the policy). The device will likely dim.
+
+1. Access Outlook on the Android device again.
+
+1. You'll be prompted to enter your PIN before you can access Outlook again.
+
+### Validate Protect work files with encryption
+
+In the **Edit policy** pane, choose **Edit** next to **Protection against lost or stolen devices**, expand **Protect work files when devices are lost or stolen**, and make sure that **Protect work files with encryption** is set to **On**, and **Force users to save all work files to OneDrive for Business** is set to **Off**.
+
+1. In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.
+
+1. Open an email that contains a few image file attachments.
+
+1. Tap the down arrow icon next to the attachment's info to save it.
+
+ ![Tap the down arrow to save the figure file to the Android device.](../business-premium/media/08a9e21e-4022-45d5-acff-59cface651e7.png)
+
+1. You may be prompted to allow Outlook to access photos, media, and files on your device. Tap **Allow**.
+
+1. At the bottom of the screen, choose to **Save to Device** and then open the **Gallery** app.
+
+1. You should see an encrypted photo (or more, if you saved multiple image file attachments) in the list. It may appear in the Pictures list as a gray square with a white exclamation point within a white circle in the center of the gray square.
+
+ ![An encrypted image file in the Gallery app.](../business-premium/media/25936414-bd7e-421d-824e-6e59b877722d.png)
+
+## iOS
+
+### Check that the App protection settings are working on user devices
+
+After you [set app configurations for iOS devices](../business-premium/m365bp-protection-settings-for-windows-10-devices.md) to protect apps, you can follow these steps to validate that the settings you chose work.
+
+First, make sure that the policy applies to the app in which you're going to validate it.
+
+1. In the Microsoft 365 Business Premium [admin center](https://admin.microsoft.com), go to **Policies** \> **Edit policy**.
+
+1. Choose **Application policy for iOS** for the settings you created at setup, or another policy you created, and verify that it's enforced for Outlook for example.
+
+ ![Screenshot that shows all the apps for which this policy protects files.](../business-premium/media/842441b8-e7b1-4b86-9edd-d94d1f77b6f4.png)
+
+### Validate Require a PIN to access Office apps
+
+In the **Edit policy** pane, choose **Edit** next to **Office documents access control**, expand **Manage how users access Office files on mobile devices**, and make sure that **Require a PIN or fingerprint to access Office apps** is set to **On**.
+
+![Make sure that the Require a PIN or fingerprint to access Office apps is set to On.](../business-premium/media/f37eb5b2-7e26-49fb-9bd6-d955d196bacf.png)
+
+1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.
+
+1. You'll also be prompted to enter a PIN or use a fingerprint.
+
+ ![Enter a PIN on your IOS device to access Office apps.](../business-premium/media/06fc5cf3-9f19-4090-b23c-14bb59805b7a.png)
+
+### Validate Reset PIN after number of failed attempts
+
+In the **Edit policy** pane, choose **Edit** next to **Office documents access control**, expand **Manage how users access Office files on mobile devices**, and make sure that **Reset PIN after number of failed attempts** is set to some number. This is 5 by default.
+
+1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.
+
+1. Enter an incorrect PIN as many times as specified by the policy. You'll see a prompt that states **PIN Attempt Limit Reached** to reset the PIN.
+
+ ![Screenshot warning PIN reset after too many incorrect attempts.](../business-premium/media/fab5c089-a4a5-4e8d-8c95-b8eed1dfa262.png)
+
+1. Press **OK**. You'll be prompted to sign in with the user's Microsoft 365 Business Premium credentials, and then required to set a new PIN.
+
+### Validate Force users to save all work files to OneDrive for Business
+
+In the **Edit policy** pane, choose **Edit** next to **Protection against lost or stolen devices**, expand **Protect work files when devices are lost or stolen**, and make sure that **Force users to save all work files to OneDrive for Business** is set to **On**.
+
+![Verify that Force users to save all work files to OneDrive for Business is set to On.](../business-premium/media/7140fa1d-966d-481c-829f-330c06abb5a5.png)
+
+1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.
+
+1. Open an email that contains an attachment, open the attachment and choose **Save** on the bottom of the screen.
+
+ ![Tap the Save option after you open an attachment to try to save it.](../business-premium/media/b419b070-1530-4f14-86a8-8d89933a2b25.png)
+
+1. You should only see an option for OneDrive for Business. If not, tap **Add Account** and select **OneDrive for Business** from the **Add Storage Account** screen. Provide the end user's Microsoft 365 Business Premium to sign in when prompted.
+
+ Tap **Save** and select **OneDrive for Business**.
+
+### Validate Require user to sign in again if Office apps have been idle for a specified time
+
+In the **Edit policy** pane, choose **Edit** next to **Office documents access control**, expand **Manage how users access Office files on mobile devices**, and make sure that **Require users to sign in again after Office apps have been idle for** is set to some number of minutes. This is 30 minutes by default.
+
+1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.
+
+1. You should now see Outlook's inbox. Let the iOS device untouched for at least 30 minutes (or some other amount of time, longer than what you specified in the policy). The device will likely dim.
+
+1. Access Outlook on the iOS device again.
+
+1. You'll be prompted to enter your PIN before you can access Outlook again.
+
+### Validate Protect work files with encryption
+
+In the **Edit policy** pane, choose **Edit** next to **Protection against lost or stolen devices**, expand **Protect work files when devices are lost or stolen**, and make sure that **Protect work files with encryption** is set to **On**, and **Force users to save all work files to OneDrive for Business** is set to **Off**.
+
+1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.
+
+1. Open an email that contains a few image file attachments.
+
+1. Tap the attachment and then tap the **Save** option under it.
+
+1. Open **Photos** app from the home screen. You should see an encrypted photo (or more, if you saved multiple image file attachments) saved, but encrypted.
+
+## See also
+
+[Best practices for securing Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)
business-premium M365bp Validate Settings On Windows 10 Pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-validate-settings-on-windows-10-pcs.md
+
+ Title: "Validate app protection settings for Windows 10 PCs"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+ms.localizationpriority: medium
+
+- Adm_O365
+- M365-subscription-management
+- M365-identity-device-management
+- Adm_TOC
+
+- Adm_O365
+- Core_O365Admin_Migration
+- MiniMaven
+- MSB365
+- OKR_SMB_M365
+- seo-marvel-mar
+- AdminSurgePortfolio
+search.appverid:
+- BCS160
+- MET150
+ms.assetid: fae8819d-7235-495f-9f07-d016f545887f
+description: "Learn how to verify that Microsoft 365 for business app protection settings took effect on your users' Windows 10 devices."
++
+# Validate device protection settings for Windows 10 PCs
+
+> [!NOTE]
+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../security/defender-business/mdb-overview.md).
+
+## Verify that Windows 10 device policies are set
+
+After you [set up device policies](../business-premium/m365bp-protection-settings-for-windows-10-devices.md), it may take up to a few hours for the policy to take effect on users' devices. You can confirm that the policies took effect by looking at various Windows Settings screens on the users' devices. Because the users won't be able to modify the Windows Update and Microsoft Defender Antivirus settings on their Windows 10 devices, many options will be grayed out.
+
+1. Go to **Settings** \> **Update &amp; security** \> **Windows Update** \> **Restart options** and confirm that all settings are grayed out.
+
+ ![All the Restart options are grayed out.](../business-premium/media/31308da9-18b0-47c5-bbf6-d5fa6747c376.png)
+
+2. Go to **Settings** \> **Update &amp; security** \> **Windows Update** \> **Advanced options** and confirm that all settings are grayed out.
+
+ ![Windows Advanced updates options are all grayed out.](../business-premium/media/049cf281-d503-4be9-898b-c0a3286c7fc2.png)
+
+3. Go to **Settings** \> **Update &amp; security** \> **Windows Update** \> **Advanced options** \> **Choose how updates are delivered**.
+
+ Confirm that you can see the message (in red) that some settings are hidden or managed by your organization, and all the options are grayed out.
+
+ ![Choose how updates are delivered page indicates settings are hidden or managed by your organization.](../business-premium/media/6b3e37c5-da41-4afd-9983-b4f406216b59.png)
+
+4. To open the Windows Defender Security Center, go to **Settings** \> **Update &amp; security** \> **Windows Defender** \> click **Open Windows Defender Security Center** \> **Virus &amp; thread protection** \> **Virus &amp; threat protection settings**.
+
+5. Verify that all options are grayed out.
+
+ ![The Virus and threat protection settings are grayed out.](../business-premium/media/9ca68d40-a5d9-49d7-92a4-c581688b5926.png)
+
+## Related content
+
+[Microsoft 365 for business documentation and resources](/admin)
+
+[Set device configurations for Windows 10 PCs](../business-premium/m365bp-protection-settings-for-windows-10-devices.md)
+[Best practices for securing Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)
business-premium M365bp View Edit Create Mdb Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md
audience: Admin Previously updated : 05/10/2022 Last updated : 05/20/2022 ms.prod: m365-security ms.technology: mdb ms.localizationpriority: high
In Microsoft 365 Business Premium, security settings for managed devices are con
**This guidance describes how to**: - Get an overview of your default policies-- Work with device policies in Defender security center, Admin center, and InTune.
+- Work with device policies in Defender security center, Admin center, and Intune.
## About the default device protection policies
Microsoft 365 Business Premium includes two main types of policies to protect yo
- **Firewall policies**, which determine what network traffic is permitted to flow to and from your organization's devices.
-These policies are part of Microsoft Defender for Business, included in your Microsoft 365 Business Premium subscription. Information is provided for working with policies in the Microsoft Defender security center as well as how to work with policies in the Admin center and InTune.
+These policies are part of Microsoft Defender for Business, included in your Microsoft 365 Business Premium subscription. Information is provided for working with policies in the Microsoft Defender security center as well as how to work with policies in the Admin center and Intune.
## Working with device polices in the Microsoft Defender security center
To view and manage policies:
![Manage devices page.](../media/devicesmanage.png)
-## Working with device policies in InTune
+## Working with device policies in Intune
-Use the following information to create and manage device policies in InTune, done through Endpoint security in the Microsoft Endpoint Manager admin center.
+Use the following information to create and manage device policies in Intune, done through Endpoint security in the Microsoft Endpoint Manager admin center.
### Create, duplicate and edit policies
-To create a policy in InTune
+To create a policy in Intune
1. Sign in to the Microsoft Endpoint Manager admin center.
To create a policy in InTune
1. On the Review + create page, when you're done, choose **Create**. The new profile is displayed in the list when you select the policy type for the profile you created.
-To duplicate a policy in InTune:
+To duplicate a policy in Intune:
1. Sign in to the Microsoft Endpoint Manager admin center.
Regardless of the policy method, managing the same setting on the same device th
## See also
-[Manage endpoint security in Microsoft InTune](/mem/intune/protect/endpoint-security)
+[Manage endpoint security in Microsoft Intune](/mem/Intune/protect/endpoint-security)
[Best practices for securing Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)
business-premium Set Up Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/set-up-meetings.md
Title: "Set up online meetings"
+ Title: "Set up online meetings in Microsoft Business Premium"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Set up online meetings with Microsoft Teams."
+description: "Set up online meetings with Microsoft Teams in Microsoft Business Premium."
# Set up meetings
business-premium Share Files And Videos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/share-files-and-videos.md
Title: "Share files and videos"
+ Title: "Share files and videos in Microsoft Teams and Sharepoint"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Share files and videos inside your campaign with Microsoft Teams and SharePoint."
+description: "Share files and videos inside your campaign with Microsoft Teams and SharePoint. Microsoft 365 Business premium includes Teams which is a great way to safely share files and videos."
-# Share files and videos
+# Share files and videos in a safe environment
-Another thing to pay attention to is ensuring all members of the organization control who can view and edit files, and that they are stored in a secure location with the proper permissions applied. Users can use Microsoft Teams to store files, and then share the files either inside or outside of the firm, practice, or campaign by using Microsoft Teams or by sending SharePoint links. Sending a link rather than an email attachment means you know who is viewing and modifying the files, and they can't be viewed or modified without permission.
+Another thing to pay attention to is ensuring all members of the organization control who can view and edit files, and that they are stored in a secure location with the proper permissions applied. Microsoft 365 Business Premium users can use Microsoft Teams to store files, and then share the files either inside or outside of the firm, practice or campaign. You can also send a Sharepoint link. Sending a link rather than an email attachment means you know who is viewing and modifying the files, and they can't be viewed or modified without permission.
![Diagram of a Microsoft Teams window, showing Files tab and Get link on the menu.](../media/m365-democracy-teams-sharefiles.png)
business Mam And Mdm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/ui/mam-and-mdm.md
Microsoft 365 Business Premium offers a number of ways for you to protect your b
## Mobile device management or MDM
-Microsoft 365 Business Premium lets you set up policies that protect data on your Windows 10 devices. When a device is under mobile device management, you control the entire device, and can wipe data from it, and also reset it to factory settings. For more information, see [Set device protection settings for Windows 10 PCs](../../business-premium/m365bp-protection-settings-for-windows-10-pcs.md).
+Microsoft 365 Business Premium lets you set up policies that protect data on your Windows 10 devices. When a device is under mobile device management, you control the entire device, and can wipe data from it, and also reset it to factory settings. For more information, see [Set device protection settings for Windows 10 PCs](../../business-premium/m365bp-protection-settings-for-windows-10-devices.md).
## Mobile application management or MAM
compliance Archive 17A 4 Cisco Jabber Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-cisco-jabber-data.md
The following overview explains the process of using a data connector to archive
1. Your organization works with 17a-4 to set up and configure the Cisco Jabber DataParser.
-2. On a regular basis, Cisco Jabber items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.
+2. Regularly, Cisco Jabber items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.
3. The Cisco Jabber DataParser connector that you create in the Microsoft Purview compliance portal connects to DataParser and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
compliance Classifier Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md
Microsoft 365 comes with multiple pre-trained classifiers:
> [!CAUTION] > We are deprecating the **Offensive Language** pre-trained classifier because it has been producing a high number of false positives. Don't use it and if you are currently using it, you should move your business processes off of it. We recommend using the **Threat**, **Profanity**, and **Harassment** pre-trained classifiers instead.
+- **Agreements**: Detects content related to legal agreements such as non-disclosure agreements, statements of work, loan and lease agreements, employment and non-compete agreements. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml files.
+ - **Resumes**: detects docx, .pdf, .rtf, .txt items that are textual accounts of an applicant's personal, educational, professional qualifications, work experience, and other personally identifying information+ - **Source Code**: detects items that contain a set of instructions and statements written in the top 25 used computer programming languages on GitHub: ActionScript, C, C#, C++, Clojure, CoffeeScript, Go, Haskell, Java, JavaScript, Lua, MATLAB, Objective-C, Perl, PHP, Python, R, Ruby, Scala, Shell, Swift, TeX, Vim Script. Detects content in .msg, .as, .h, .c, .cs, .cc, .cpp, .hpp, .cxx, .hh, .c++, .clj, .edn, .cljc, .cljs, .coffee, .litcoffee, .go, .hs, .lhs, .java, .jar, .js, .mjs, .lua, .m, .mm, .pl, .pm, .t, .xs, .pod, .php, .phar, .php4, .pyc, .R, .r, .rda, .RData, .rds, .rb, .scala, .sc, .sh, .swift files.
-> [!NOTE]
-> Source Code is trained to detect when the bulk of the text is source code. It does not detect source code text that is interspersed with plain text.
+- **Customer Complaints**: The customer complaints classifier detects feedback and complaints made about your organization's products or services. This classifier can help you meet regulatory requirements on the detection and triage of complaints, like the Consumer Financial Protection Bureau and Food and Drug Administration requirements. It detects content in .msg, and .eml are communications compliance only, .docx, .pdf, .txt, .rtf, .jpg, .jpeg, .png, .gif, .bmp, .svg files.
-- **Agreements**: Detects content related to legal agreements such as non-disclosure agreements, statements of work, loan and lease agreements, employment and non-compete agreements. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml files. - **Discrimination**: Detects explicit discriminatory language and is sensitive to discriminatory language against the African American/Black communities when compared to other communities.+ - **Finance**: Detects content in corporate finance, accounting, economy, banking, and investment categories. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files.+ - **Harassment**: Detects a specific category of offensive language text items related to offensive conduct targeting one or multiple individuals based on the following traits: race, ethnicity, religion, national origin, gender, sexual orientation, age, disability. Detects content in .msg, .docx, .pdf, .txt, .rtf, .jpeg, .jpg, .png, .gif, .bmp, .svg files.+ - **Healthcare**: Detects content in medical and healthcare administration aspects such as medical services, diagnoses, treatment, claims, etc. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files.+ - **HR**: Detects content in human resources related categories of recruitment, interviewing, hiring, training, evaluating, warning, and termination. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files.+ - **IP**: Detects content in Intellectual Property related categories such as trade secrets and similar confidential information. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files.+ - **IT**: Detects content in Information Technology and Cybersecurity categories such as network settings, information security, hardware, and software. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files.+ - **Legal Affairs**: Detects content in legal affairs-related categories such as litigation, legal process, legal obligation, legal terminology, law, and legislation. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml files.+ - **Procurement**: Detects content in categories of bidding, quoting, purchasing, and paying for supply of goods and services. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files.+
+- **Profanity**: Detects a specific category of offensive language text items that contain expressions that embarrass most people.
+
+- **Resumes**: detects docx, .pdf, .rtf, .txt items that are textual accounts of an applicant's personal, educational, professional qualifications, work experience, and other personally identifying information
+
+- **Source Code**: detects items that contain a set of instructions and statements written in the top 25 used computer programming languages on GitHub: ActionScript, C, C#, C++, Clojure, CoffeeScript, Go, Haskell, Java, JavaScript, Lua, MATLAB, Objective-C, Perl, PHP, Python, R, Ruby, Scala, Shell, Swift, TeX, Vim Script.
+
+> [!NOTE]
+> Source Code is trained to detect when the bulk of the text is source code. It does not detect source code text that is interspersed with plain text.
+
+- **Tax**: Detects Tax relation content such as tax planning, tax forms, tax filing, tax regulations. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, xla files.
+
+- **Threat**: Detects a specific category of offensive language text items related to threats to commit violence or do physical harm or damage to a person or property.
- **Profanity**: Detects a specific category of offensive language text items that contain expressions that embarrass most people. Detects content in .msg, .docx, .pdf, .txt, .rtf, .jpeg, .jpg, .png, .gif, .bmp, .svg files. - **Tax**: Detects Tax relation content such as tax planning, tax forms, tax filing, tax regulations. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, xla files. - **Threat**: Detects a specific category of offensive language text items related to threats to commit violence or do physical harm or damage to a person or property. Detects content in .msg, .docx, .pdf, .txt, .rtf, .jpeg, .jpg, .png, .gif, .bmp, .svg files.
compliance Compliance Manager Improvement Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-improvement-actions.md
To edit an improvement actionΓÇÖs status, select **Edit implementation details**
- **Implementation status** - **Not implemented**: action not yet implemented
+ - **Partially implemented**: for automatically tested actions, the action is partially implemented (neither passes nor fails) and receives a partial score
- **Implemented**: action implemented - **Alternative implementation**: select this option if you used other third-party tools or took other actions not included in Microsoft recommendations - **Planned**: action is planned for implementation
Common actions synchronize across groups. When two different assessments in the
## Change test status
-In the **Testing** section, you can view the testing status of your improvement action, the testing date, and any notes. The content of these fields can be changed under **Edit testing details** by any user with editing permissions.
+In the **Testing** section, you can view the testing status of your improvement action, the testing date, and any notes. A user with editing permissions can select **Edit testing details** to edit content on the **Testing** tab.
-The available fields are as follows:
+#### Testing status fields
-- **Test status**: available to select when implementation status is "implemented" or "alternative implementation". Options include:
+**Test status**
+
+You can edit test status when an improvement action's implementation status is "implemented" or "alternative implementation."
+
+Test statuses for [manually tested actions](#manual-testing-source):
+ - **None**: no work has started on the action
- **Not assessed**: action hasn't been tested - **Passed**: implementation has been verified by an assessor - **Failed low risk**: testing failed, low risk - **Failed medium risk**: testing failed, medium risk - **Failed high risk**: testing failed, high risk - **Out of scope**: the action is out of scope for the assessment and doesnΓÇÖt contribute to your score-- **Test date**: toggle through the calendar pop-up to select the date-- **Testing notes** and **Additional notes**: text fields for notes for internal reference
+ - **In progress**: testing in progress
+ - **Remediated**: tbd
+
+[Automatically tested actions](#automatic-testing-source) may also show one of the following states in the **Test status** column on the **Improvement actions** page:
+ - **To be detected**: awaiting signals that indicate test status
+ - **Could not be detected**: couldn't detect a test status; will be automatically checked again
+ - **Partially tested**: action has been partially tested; neither passes nor fails
+
+> [!NOTE]
+> The test status and testing notes for automatically tested improvement actions can't be edited manually. Compliance Manager updates these fields for you.
+
+**Test date**
+
+Toggle through the calendar pop-up to select the testing date.
+
+**Testing notes** and **Additional notes**
+
+Enter notes for your own internal reference in these free text fields.
+
+**Testing history**
+
+The testing history provides a downloaded report of all test status changes for the improvement action.
+
+#### Exporting testing history
+You can export a report that will show you a history of all changes in test status for an improvement action. These reports are especially helpful for monitoring progress on [actions that are automatically tested](#automatic-testing-source), since such actions are regularly or frequently updated based on your tenant's data.
+
+On an improvement action's details page, select the **Testing** tab. Under **Testing history**, select the **Export testing history** button. The report will download as an Excel file.
-### Update testing source
+## Update testing source
Compliance Manager provides you options for how to test improvement actions. In the **Overview** section of each improvement action, the **Testing Source** area has a drop-down menu from which you can choose how you want the action to be tested: **Manual**, **Automatic**, and **Parent**. Learn details about each testing method below.
compliance Create Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-sensitivity-labels.md
The global admin for your organization has full permissions to create and manage
## Create and configure sensitivity labels
-1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Solutions** > **Information protection**
-
- If you don't immediately see this option, first select **Show all**.
+1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Solutions** > **Information protection** > **Labels**
2. On the **Labels** page, select **+ Create a label** to start the new sensitivity label configuration:
Set-Label -Identity $Label -LocaleSettings (ConvertTo-Json $DisplayNameLocaleSet
## Publish sensitivity labels by creating a label policy
-1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Solutions** > **Information protection**
-
- If you don't immediately see this option, first select **Show all**.
+1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Solutions** > **Information protection** > **Label policies**
-2. Select the **Label policies** tab, and then **Publish label** to start the **Create policy** configuration:
+2. On the **Label policies** page, select **Publish label** to start the **Create policy** configuration:
![Publish labels.](../media/publish-sensitivity-labels-full.png)
compliance Data Classification Content Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-content-explorer.md
description: "Content explorer allows you to natively view labeled items."
[!include[Purview banner](../includes/purview-rebrand-banner.md)]
-The data classification content explorer allows you to natively view the items that were summarized on the overview page.
-
-![content explorer collapsed screenshot.](../media/data-classification-content-explorer-1.png)
+Content explorer allows you to natively view the items that were summarized on the overview page.
## Prerequisites
In order to get access to the content explorer tab, an account must be assigned
> Membership in these role groups does not allow you to view the list of items in content explorer or to view the contents of the items in content explorer. > [!IMPORTANT]
-> Only Global admins can manage or assign permissions to other users in the Compliance Center. For more details, see [Give users access to the Security & Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+> Only Global admins can manage or assign permissions to other users in the compliance portal. For more information, see [Permissions in the Microsoft Purview compliance portal](microsoft-365-compliance-center-permissions.md).
> ### Required permissions to access items in content explorer
There are two roles that grant access to content explorer and it is granted usin
- **Content Explorer Content viewer**: Membership in this role group allows you to view the contents of each item in the list. The `data classification content viewer` role has been pre-assigned to this role group.
-The account you use to access content explorer must be in one or both of the role groups. These are independent role groups and are not cumulative. For example, if you want to grant an account the ability to view the items and their locations only, grant Content Explorer List viewer rights. If you want that same account to also be able to view the contents of the items in the list, grant Content Explorer Content viewer rights as well.
+The account you use to access content explorer must be in one or both of the role groups. These are independent role groups and aren't cumulative. For example, if you want to grant an account the ability to view the items and their locations only, grant Content Explorer List viewer rights. If you want that same account to also be able to view the contents of the items in the list, grant Content Explorer Content viewer rights as well.
You can also assign either or both of the roles to a custom role group to tailor access to content explorer.
Sensitivity labels must be enabled for files that are in SharePoint and OneDrive
### Retention labels
-A [retention label](retention.md) allows you to define how long a labeled item is kept and the steps to be taken prior to deleting it. They are applied manually or automatically via policies. They can play a role in helping your organization stay in compliance with legal and regulatory requirements.
+A [retention label](retention.md) allows you to define how long a labeled item is kept and the steps to be taken prior to deleting it. They're applied manually or automatically via policies. They can play a role in helping your organization stay in compliance with legal and regulatory requirements.
### How to use content explorer
A [retention label](retention.md) allows you to define how long a labeled item i
5. Double-click to open the item natively in content explorer. ### Export
-The **export** control will create a .csv file that contains a listing of whatever is showing in the **All locations** pane.
+The **export** control will create a .csv file that contains a listing of whatever the focus of the pane is.
![data classification export control.](../media/data_classification_export_control.png)
The **export** control will create a .csv file that contains a listing of whatev
> [!NOTE] > It can take up to *seven days* for counts to be updated in content explorer.
-### Search
+### Filter
-When you drill down into a location, such as an Exchange or Teams folder, or a SharePoint or OneDrive site, the **search** tool appears.
+When you drill down into a location, such as an Exchange or Teams folder, or a SharePoint or OneDrive site, the **Filter** tool appears.
![content explorer search tool.](../media/data_classification_search_tool.png)
compliance Decision Based On The Results In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/decision-based-on-the-results-in-advanced-ediscovery.md
This tab includes the following components:
- **Recall**: Percentage of relevant files in the review set.
- - **Next relevant**: Cost to review and identify another relevant file that is not currently in the review set.
+ - **Next relevant**: Cost to review and identify another relevant file that isn't currently in the review set.
- **Total cost**: Cost for reviewing this percentage of the case files. Cost parameter settings can be set by the Case manager. - **Distribution by relevance score**: Files in the dark gray display to the left are below the cutoff score. A tool-tip displays the Relevance score and the related percentage of files in the review file set in relation to the total files.
-The expanded **Details** pane displays more details. Files in collection figures do not include empty or nebulous files. Family files figures represent files that are not loaded in Relevance, yet still counted as part of the family.
+The expanded **Details** pane displays more details. Files in collection figures don't include empty or nebulous files. Family files figures represent files that aren't loaded in Relevance, yet still counted as part of the family.
compliance Email Threading In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/email-threading-in-advanced-ediscovery.md
Consider an email conversation that has been going on for a while. In most cases
## What does email threading do?
-Email threading parses each email thread and deconstructs it to individual messages. Each email thread is a chain of individual messages. Microsoft Purview eDiscovery (Premium) analyzes all email messaes in the review set to determine whether an email message has unique content or if the chain (parent messages) are wholly contained in the final message in the email thread. Email messages are divided into four inclusive values:
+Email threading parses each email thread and deconstructs it to individual messages. Each email thread is a chain of individual messages. Microsoft Purview eDiscovery (Premium) analyzes all email messages in the review set to determine whether an email message has unique content or if the chain (parent messages) are wholly contained in the final message in the email thread. Email messages are divided into four inclusive values:
- **Inclusive**: An *Inclusive* email is the final email message in an email thread and contains all the previous content of that email thread. - **Inclusive minus**: An email message is designated as *Inclusive minus* if there are one or more attachments associated with the specific message within the email thread. A reviewer can use the Inclusive minus value to determine which specific email message within the thread has associated attachments. -- **Inclusive copy**: An email message is considered an *Inclusive copy* if it is an exact copy of an Inclusive or Inclusive minus message.
+- **Inclusive copy**: An email message is considered an *Inclusive copy* if it's an exact copy of an Inclusive or Inclusive minus message.
- **None**: The *None* value indicates that the content of the message is wholly contained in at least one other email message that is marked as Inclusive or Inclusive minus. ## How is it different from conversations in Outlook?
-At a glance, this sounds similar to conversation groupings in Outlook. However, there are some important distinctions. Consider an email conversation that got forked into two conversations; for instance, someone responded to an email that is not the latest in the conversation so the last two emails in the conversation both have unique content.
+At a glance, this sounds similar to conversation groupings in Outlook. However, there are some important distinctions. Consider an email conversation that got forked into two conversations; for instance, someone responded to an email that isn't the latest in the conversation so the last two emails in the conversation both have unique content.
Outlook would still group the emails into a single conversation; reading only the last email would mean missing the context of the second-to-last email, which also contains unique content. Because email threading parses out each email into individual components and compares them, email threading would mark both of the last two emails as inclusive, ensuring that you won't miss any context as long as you read all emails marked as inclusive.
compliance Named Entities Use https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/named-entities-use.md
You can use named entity SITs and enhanced policies to detect and protect sensit
- Teams chat and channel messages - Devices (Windows 10, and 11 endpoint devices) - Exchange mailboxes
+- Microsoft Defender for Cloud Apps
Named entity SITs and enhanced policies are not supported for:
To create or edit a DLP policy, use the procedures in [Create, test, and tune a
|SharePoint Online data-at-rest |Supported | |Teams data-at-rest |Supported | |Email messages data-at-rest |Supported for tenants with Privacy Service Plan |
-<!--|Microsoft Defender for Cloud Apps |supported |-->
+|Microsoft Defender for Cloud Apps |Supported |
### Autolabeling
To create or edit a DLP policy, use the procedures in [Create, test, and tune a
|Exchange transport |Supported | |OneDrive for Business data-at-rest |Supported | |SharePoint Online data-at-rest|Supported|
-|Azure Information Protection (AIP) scanner|not supported|
+|Azure Information Protection (AIP) scanner|Not supported|
## Known issues
compliance Office 365 Customer Managed Encryption Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-customer-managed-encryption-features.md
description: In this article, you'll learn about encryption technologies that yo
# Customer-managed encryption features -
-Along with the encryption technologies in Microsoft 365 managed by Microsoft, Microsoft 365 also works with additional encryption technologies that you can manage and configure, such as:
- - [Azure Rights Management](/azure/information-protection/what-is-azure-rms) -- [Secure Multipurpose Internet Mail Extension](https://blogs.technet.com/b/exchange/archive/2014/12/15/how-to-configure-s-mime-in-office-365.aspx)- - [Microsoft Purview Message Encryption](https://products.office.com/en-us/exchange/office-365-message-encryption) - [Secure mail flow with a partner organization](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner)
-For additional information about these technologies, see the [Microsoft 365 service descriptions](/office365/servicedescriptions/office-365-service-descriptions-technet-library).
+For more information about these technologies, see the [Microsoft 365 service descriptions](/office365/servicedescriptions/office-365-service-descriptions-technet-library).
## Azure Rights Management [Azure Rights Management](/azure/information-protection/what-is-azure-rms) (Azure RMS) is the protection technology used by [Azure Information Protection](/information-protection/understand-explore/what-is-information-protection). It uses encryption, identity, and authorization policies to help secure your files and email across multiple platforms and devicesΓÇöphones, tablets, and PCs. Information can be protected both within and outside your organization because protection remains with the data. Azure RMS provides persistent protection of all file types, protects files anywhere, supports business-to-business collaboration, and a wide range of Windows and non-Windows devices. Azure RMS protection can also augment [data loss prevention (DLP) policies](/exchange/security-and-compliance/data-loss-prevention/data-loss-prevention). For more information about which applications and services can use the Azure Rights Management service from Azure Information Protection, see [How applications support the Azure Rights Management service](/information-protection/understand-explore/applications-support).
-Azure RMS is integrated with Microsoft 365 and available to all customers. To configure Microsoft 365 to use Azure RMS, see [Configure IRM to use Azure Rights Management and Set up Information Rights Management (IRM) in SharePoint admin center](../enterprise/activate-rms-in-microsoft-365.md). If you operate on-premises Active Directory (AD) RMS server then you can also [configure IRM to use an on-premises AD RMS server](/office365/SecurityCompliance/configure-irm-to-use-an-on-premises-ad-rms-server), but we strongly recommend you to [migrate to Azure RMS](/azure/information-protection/migrate-from-ad-rms-to-azure-rms) to use new features like secure collaboration with other organizations.
+Azure RMS is integrated with Microsoft 365 and available to all customers. To configure Microsoft 365 to use Azure RMS, see [Configure IRM to use Azure Rights Management and Set up Information Rights Management (IRM) in SharePoint admin center](../enterprise/activate-rms-in-microsoft-365.md). If you operate on-premises Active Directory (AD) RMS server, then you can also [configure IRM to use an on-premises AD RMS server](/office365/SecurityCompliance/configure-irm-to-use-an-on-premises-ad-rms-server), but we strongly recommend you to [migrate to Azure RMS](/azure/information-protection/migrate-from-ad-rms-to-azure-rms) to use new features like secure collaboration with other organizations.
When you protect customer data with Azure RMS, Azure RMS uses a 2048-bit RSA asymmetric key with SHA-256 hash algorithm for integrity to encrypt the data. The symmetric key for Office documents and email is AES 128-bit. For each document or email that is protected by Azure RMS, Azure RMS creates a single AES key (the "content key"), and that key is embedded in the document, and persists through editions of the document. The content key is protected with the organization's RSA key (the "Azure Information Protection tenant key") as part of the policy in the document, and the policy is also signed by the author of the document. This tenant key is common to all documents and emails that are protected by Azure RMS for the organization and this key can only be changed by an Azure Information Protection administrator if the organization is using a tenant key that is customer-managed. For more information about the cryptographic controls used by Azure RMS, see [How does Azure RMS work? Under the hood](/information-protection/understand-explore/how-does-it-work).
-In a default Azure RMS implementation, Microsoft generates and manages the root key that is unique for each tenant. Customers can manage the lifecycle of their root key in Azure RMS with Azure Key Vault Services by using a key management method called [Bring Your Own Key (BYOK)](/azure/information-protection/plan-implement-tenant-key) that allows you to generate your key in on-premises HSMs (hardware security modules), and stay in control of this key after transfer to Microsoft's FIPS 140-2 Level 2-validated HSMs. Access to the root key is not given to any personnel as the keys cannot be exported or extracted from the HSMs protecting them. In addition, you can access a near real-time log showing all access to the root key at any time. For more information, see [Logging and Analyzing Azure Rights Management Usage](/azure/information-protection/log-analyze-usage).
+In a default Azure RMS implementation, Microsoft generates and manages the root key that is unique for each tenant. Customers can manage the lifecycle of their root key in Azure RMS with Azure Key Vault Services by using a key management method called [Bring Your Own Key (BYOK)](/azure/information-protection/plan-implement-tenant-key) that allows you to generate your key in on-premises HSMs (hardware security modules), and stay in control of this key after transfer to Microsoft's FIPS 140-2 Level 2-validated HSMs. Access to the root key isn't given to any personnel as the keys canΓÇÖt be exported or extracted from the HSMs protecting them. In addition, you can access a near real-time log showing all access to the root key at any time. For more information, see [Logging and Analyzing Azure Rights Management Usage](/azure/information-protection/log-analyze-usage).
-Azure Rights Management helps mitigates threats such as wire-tapping, man-in-the-middle attacks, data theft, and unintentional violations of organizational sharing policies. At the same time, any unwarranted access of customer data in-transit or at rest by an unauthorized user who does not have appropriate permissions is prevented via policies that follow that data, thereby mitigating the risk of that data falling in the wrong hands either knowingly or unknowingly and providing data loss prevention functions. If used as part of Azure Information Protection, Azure RMS also provides Data Classification and labeling capabilities, content marking, document access tracking and access revocation capabilities. To learn more about these capabilities, see [What is Azure Information Protection](/information-protection/understand-explore/what-is-information-protection), [Azure Information Protection deployment roadmap](/information-protection/plan-design/deployment-roadmap), and [Quick start tutorial for Azure Information Protection](/information-protection/get-started/infoprotect-quick-start-tutorial).
+Azure Rights Management helps mitigates threats such as wire-tapping, man-in-the-middle attacks, data theft, and unintentional violations of organizational sharing policies. At the same time, any unwarranted access of customer data in-transit or at rest by an unauthorized user who doesn't have appropriate permissions is prevented via policies that follow that data, thereby mitigating the risk of that data falling in the wrong hands either knowingly or unknowingly and providing data loss prevention functions. If used as part of Azure Information Protection, Azure RMS also provides Data Classification and labeling capabilities, content marking, document access tracking and access revocation capabilities. To learn more about these capabilities, see [What is Azure Information Protection](/information-protection/understand-explore/what-is-information-protection), [Azure Information Protection deployment roadmap](/information-protection/plan-design/deployment-roadmap), and [Quick start tutorial for Azure Information Protection](/information-protection/get-started/infoprotect-quick-start-tutorial).
## Secure Multipurpose Internet Mail Extension
-Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and digital signing of MIME data. S/MIME is defined in RFCs 3369, 3370, 3850, 3851, and others. It allows a user to encrypt an email and digitally sign an email. An email that is encrypted using S/MIME can only be decrypted by the recipient of the email using their private key, which is only available to that recipient. As such the emails cannot be decrypted by anybody other than the recipient of the email.
+Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and digital signing of MIME data. S/MIME is defined in RFCs 3369, 3370, 3850, 3851, and others. It allows a user to encrypt an email and digitally sign an email. An email that is encrypted using S/MIME can only be decrypted by the recipient of the email using their private key, which is only available to that recipient. As such the emails canΓÇÖt be decrypted by anybody other than the recipient of the email.
-[Microsoft supports S/MIME](https://blogs.technet.com/b/exchange/archive/2014/12/15/how-to-configure-s-mime-in-office-365.aspx). Public certificates are distributed to the customer's on-premises Active Directory and stored in attributes that can be replicated to an Microsoft 365 tenant. The private keys that correspond to the public keys remain on-premises and are never transmitted to Office 365. Users can compose, encrypt, decrypt, read, and digitally sign emails between two users in an organization using Outlook, Outlook on the web, and Exchange ActiveSync clients. For more information, see [S/MIME encryption now in Office 365](https://blogs.office.com/2014/02/26/smime-encryption-now-in-office-365/).
+[Microsoft supports S/MIME](https://blogs.technet.com/b/exchange/archive/2014/12/15/how-to-configure-s-mime-in-office-365.aspx). Public certificates are distributed to the customer's on-premises Active Directory and stored in attributes that can be replicated to a Microsoft 365 tenant. The private keys that correspond to the public keys remain on-premises and are never transmitted to Office 365. Users can compose, encrypt, decrypt, read, and digitally sign emails between two users in an organization using Outlook, Outlook on the web, and Exchange ActiveSync clients. For more information, see [S/MIME encryption now in Office 365](https://blogs.office.com/2014/02/26/smime-encryption-now-in-office-365/).
## Office 365 Message Encryption
-[Office 365 Message Encryption](https://products.office.com/exchange/office-365-message-encryption) (OME) built on top of [Azure Information Protection](/information-protection/understand-explore/what-is-information-protection) (AIP) enables you to send encrypted and rights-protected mail to anyone. OME mitigates threats such as wire-tapping and man-in-the-middle attacks, and other threats, such as unwarranted access of data by an unauthorized user who does not have appropriate permissions. We have made investments that provide you with a simpler, more intuitive, secure email experience built on top of Azure Information Protection. You can protect messages sent from Microsoft 365 to anyone inside or outside your organization. These messages can be viewed across a diverse set of mail clients using any identity, including Azure Active Directory, Microsoft Account, and Google IDs. For more information on how your organization can use encrypted messages, see [Office 365 Message Encryption](./ome.md).
+[Office 365 Message Encryption](https://products.office.com/exchange/office-365-message-encryption) (OME) built on top of [Azure Information Protection](/information-protection/understand-explore/what-is-information-protection) (AIP) enables you to send encrypted and rights-protected mail to anyone. OME mitigates threats such as wire-tapping and man-in-the-middle attacks, and other threats, such as unwarranted access of data by an unauthorized user who doesn't have appropriate permissions. We have made investments that provide you with a simpler, more intuitive, secure email experience built on top of Azure Information Protection. You can protect messages sent from Microsoft 365 to anyone inside or outside your organization. These messages can be viewed across a diverse set of mail clients using any identity, including Azure Active Directory, Microsoft Account, and Google IDs. For more information on how your organization can use encrypted messages, see [Office 365 Message Encryption](./ome.md).
## Transport Layer Security
If you want to ensure secure communication with a partner, you can use inbound a
## Domain Keys Identified Mail
-Exchange Online Protection (EOP) and Exchange Online support inbound validation of Domain Keys Identified Mail (DKIM) messages. DKIM is a method for validating that a message was sent from the domain it says it originated from and that it was not spoofed by someone else. It ties an email message to the organization responsible for sending it, and is part of a larger paradigm of email encryption. For more information about the three parts of this paradigm, see:
+Exchange Online Protection (EOP) and Exchange Online support inbound validation of Domain Keys Identified Mail (DKIM) messages. DKIM is a method for validating that a message was sent from the domain it says it originated from and that it wasn't spoofed by someone else. It ties an email message to the organization responsible for sending it, and is part of a larger paradigm of email encryption. For more information about the three parts of this paradigm, see:
- [Set up SPF to help prevent spoofing](/office365/SecurityCompliance/set-up-spf-in-office-365-to-help-prevent-spoofing)
compliance Sensitivity Labels Sharepoint Onedrive Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files.md
You can enable the new capabilities by using the Microsoft Purview compliance po
This option is the easiest way to enable sensitivity labels for SharePoint and OneDrive, but you must sign in as a global administrator for your tenant.
-1. Sign in to the [Microsoft Purview compliance portal](https://compliance.microsoft.com/) as a global administrator, and navigate to **Solutions** > **Information protection**
-
- If you don't immediately see this option, first select **Show all**.
+1. Sign in to the [Microsoft Purview compliance portal](https://compliance.microsoft.com/) as a global administrator, and navigate to **Solutions** > **Information protection** > **Labels**
2. If you see a message to turn on the ability to process content in Office online files, select **Turn on now**:
compliance Use Notifications And Policy Tips https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-notifications-and-policy-tips.md
You can use a Microsoft Purview data loss prevention (DLP) policy to identify, m
![Message bar shows policy tip in Excel 2016](../media/7002ff54-1656-4a6c-993f-37427d6508c8.png)
-In the Compliance Center, when you create a DLP policy, you can configure the user notifications to:
+When you create a DLP policy, you can configure the user notifications to:
- Send an email notification to the people you choose that describes the issue.
When you create a DLP policy, you can enable **User notifications**. When user n
1. Go to [https://(https://compliance.microsoft.com/permissions](https://(https://compliance.microsoft.com/permissions).
-2. Sign in using your work or school account. You're now in the Security &amp; Compliance Center.
+2. Sign in using your work or school account.
3. In the Microsoft Purview compliance portal \> left navigation \> **Data loss prevention** \> **Policy** \> **+ Create a policy**. ![Create a policy button.](../media/b1e48a08-92e2-47ca-abdc-4341694ddc7c.png)
-4. Choose the DLP policy template that protects the types of sensitive information that you need \> **Next**.
+4. Choose the DLP policy template that protects the types of sensitive information you want to protect \> **Next**.
To start with an empty template, choose **Custom** \> **Custom policy** \> **Next**.
For each rule in a DLP policy, you can configure policy tips to:
- Allow the person to override the DLP policy. Optionally, you can:
- - Require the person to enter a business justification for overriding the policy. This information is logged and you can view it in the DLP reports in the **Reports** section of the Security &amp; Compliance Center.
+ - Require the person to enter a business justification for overriding the policy. This information is logged and you can view it in the DLP reports in the **Reports** section of the portal.
- Allow the person to report a false positive and override the DLP policy. This information is also logged for reporting, so that you can use false positives to fine tune your rules.
Currently, Outlook 2013 and later supports showing policy tips only for these co
Note that Exceptions are considered conditions and all of these conditions work in Outlook, where they will match content and enforce protective actions on content. But showing policy tips to users is not yet supported. Also, Outlook does not support showing policy tips for a DLP policy that's applied to a dynamic distribution group.
-### Policy tips in the Exchange admin center vs. the Security &amp; Compliance Center
+### Policy tips in the Exchange admin center vs. the Microsoft Purview Compliance portal
-Policy tips can work either with DLP policies and mail flow rules created in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>, or with DLP policies created in the Security &amp; Compliance Center, but not both. This is because these policies are stored in different locations, but policy tips can draw only from a single location.
+Policy tips can work either with DLP policies and mail flow rules created in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>, or with DLP policies created in the compliance portal, but not both. This is because these policies are stored in different locations, but policy tips can draw only from a single location.
-If you've configured policy tips in the Exchange admin center, any policy tips that you configure in the Security &amp; Compliance Center won't appear to users in Outlook on the web and Outlook 2013 and later until you turn off the tips in the Exchange admin center. This ensures that your current Exchange mail flow rules (also known as transport rules) will continue to work until you choose to switch over to the Security &amp; Compliance Center.
+If you've configured policy tips in the Exchange admin center, any policy tips that you configure in the compliance portal won't appear to users in Outlook on the web and Outlook 2013 and later until you turn off the tips in the Exchange admin center. This ensures that your current Exchange mail flow rules (also known as transport rules) will continue to work until you choose to switch over to the compliance portal.
-Note that while policy tips can draw only from a single location, email notifications are always sent, even if you're using DLP policies in both the Security &amp; Compliance Center and the Exchange admin center.
+Note that while policy tips can draw only from a single location, email notifications are always sent, even if you're using DLP policies in both the compliance portal and the Exchange admin center.
### Default text for policy tips in email
enterprise Connect To Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-microsoft-365-powershell.md
Currently, the Azure Active Directory PowerShell for Graph module doesn't comple
## What do you need to know before you begin?
+>[!NOTE]
+> The Azure Active Directory Module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).
**Operating system**
You will need an active Azure subscription for your organization that is tied to
For more information, see [Azure Cloud Shell](/azure/cloud-shell/overview).
-## Get started with the Microsoft Graph PowerShell SDK
-
-You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs.
-
-For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started?view=graph-powershell-beta)
## See also
enterprise Contoso Infra Needs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/contoso-infra-needs.md
Contoso business needs fall into five main categories:
Reduce maintenance and support costs and improve performance for remote access solution by moving commonly accessed resources to the cloud. -- Provide better connectivity and lower overhead for business-to-susiness (B2B) transactions
+- Provide better connectivity and lower overhead for business-to-business (B2B) transactions
Replace an aging and expensive partner extranet with a cloud-based solution that uses federated authentication.
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
### Prepare the target (destination) tenant by creating the migration application and secret
-1. Log into your Azure AD portal (<https://portal.azure.com>) with your target tenant admin credentials
+1. Log in to your Azure AD portal (<https://portal.azure.com>) with your target tenant admin credentials
![Azure Logon](../media/tenant-to-tenant-mailbox-move/74f26681e12df3308c7823ee7d527587.png)
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
```powershell # Enable customization if tenant is dehydrated
- $dehydrated=Get-OrganizationConfig | fl isdehydrated
- if ($dehydrated -eq $true) {Enable-OrganizationCustomization}
-
+ $dehydrated=Get-OrganizationConfig | select isdehydrated
+ if ($dehydrated -eq $true) {Enable-OrganizationCustomization}
$AppId = "[guid copied from the migrations app]"- $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AppId, (ConvertTo-SecureString -String "[this is your secret password you saved in the previous steps]" -AsPlainText -Force)- New-MigrationEndpoint -RemoteServer outlook.office.com -RemoteTenant "sourcetenant.onmicrosoft.com" -Credentials $Credential -ExchangeRemoteMove:$true -Name "[the name of your migration endpoint]" -ApplicationId $AppId ```
Cross-tenant migration only migrates mailbox data and nothing else. There are mu
**Can I have the same labels in the destination tenant as you had in the source tenant, either as the only set of labels or an additional set of labels for the migrated users depending on alignment between the organizations.**
-Since, Cross-tenant migrations does not export labels and there is no way to share labels between tenants you can only achieve this by recreating the labels in the destination tenant.
+Because cross-tenant migrations do not export labels and there is no way to share labels between tenants, you can only achieve this by recreating the labels in the destination tenant.
**Do you support moving Microsoft 365 Groups?**
enterprise Microsoft 365 Networking China https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-networking-china.md
For organizations with global Microsoft 365 tenants and a presence in China, Mic
As a result, Microsoft has partnered with telecommunications providers to carry Teams and Skype for Business Online real-time media traffic using a higher-quality, preferential network path between domestic and public internet connections in China and the Teams and Skype services in the Microsoft 365 global cloud. This capability has resulted in a more than ten-fold improvement in packet loss and other key metrics impacting your user's experience. >[!IMPORTANT]
->Currently, these improvements do not address attending Microsoft Live Events meetings such as large broadcast or ΓÇ£town hallΓÇ¥ style meetings using Teams or Microsoft Stream. To view a Live Events meeting, users in China need to use a private network or SDWAN/VPN solution. However, the network improvements will benefit users who are presenting or producing a Live Events meeting, because that experience acts as a regular Teams meeting for the producer or presenter.
+>Currently, these improvements do not address attending Microsoft Live Events meetings such as large broadcast or ΓÇ£town hallΓÇ¥ style meetings using Teams or Microsoft Stream. The network improvements will benefit users who are presenting or producing a Live Events meeting, because that experience acts as a regular Teams meeting for the producer or presenter.
### Organization network best practices for Teams meetings
enterprise Minification And Bundling In Sharepoint Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/minification-and-bundling-in-sharepoint-online.md
For JavaScript and CSS files, you can also use an approach called minification,
You can use third-party software such as Web Essentials to bundle CSS and JavaScript files. > [!IMPORTANT]
-> Web Essentials is a third-party, open-source, community-based project. The software is an extension to Visual Studio 2012 and Visual Studio 2013 and is not supported by Microsoft. To download Web Essentials, visit the website at [https://vswebessentials.com/download](https://go.microsoft.com/fwlink/p/?LinkId=525629).
+> Web Essentials is a third-party, open-source, community-based project. The software is an extension to Visual Studio 2012 and Visual Studio 2013 and is not supported by Microsoft. To download Web Essentials, visit the website at [Web Essentials 2012](https://marketplace.visualstudio.com/items?itemName=MadsKristensen.WebEssentials2012).
Web Essentials offers two forms of bundling:
-
+
- .bundle: for CSS and JavaScript files - .sprite: for images (only available in Visual Studio 2013)
enterprise Multi Geo Add Group With Pdl https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-geo-add-group-with-pdl.md
New-UnifiedGroup -DisplayName MultiGeoEUR -Alias "MultiGeoEUR" -AccessType Publi
![Screenshot of New-UnifiedGroup PowerShell cmdlet with syntax.](../media/multi-geo-new-group-with-pdl-powershell.png)
-Note that SharePoint group site provisioning is on-demand. The site will be provisioned the first time a group owner or member attempts to access it.
+> [!Note]
+> SharePoint group site provisioning is on-demand. The site will be provisioned the first time a group owner or member attempts to access it.
## Geo location codes
enterprise Multi Geo Capabilities In Onedrive And Sharepoint Online In Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md
description: "Expand your Microsoft 365 presence to multiple geographic regions
# Multi-Geo Capabilities in OneDrive and SharePoint Online
-Multi-Geo capabilities in OneDrive and SharePoint Online enables control of shared resources like SharePoint team sites and Microsoft 365 Group mailboxes stored at rest in a specified geo location.
+Multi-Geo capabilities in OneDrive and SharePoint Online enable control of shared resources like SharePoint team sites and Microsoft 365 Group mailboxes stored at rest in a specified geo location.
-Each user, Group mailbox, and SharePoint site has a Preferred Data Location (PDL) which denotes the geo location where related data is to be stored. Users' personal data (Exchange mailbox and OneDrive) along with any Microsoft 365 Groups or SharePoint sites that they create can be stored in the specified geo location to meet data residency requirements. You can [specify different administrators for each geo location](add-a-sharepoint-geo-admin.md).
+Each user, Group mailbox, and SharePoint site have a Preferred Data Location (PDL) which denotes the geo location where related data is to be stored. Users' personal data (Exchange mailbox and OneDrive) along with any Microsoft 365 Groups or SharePoint sites that they create can be stored in the specified geo location to meet data residency requirements. You can [specify different administrators for each geo location](add-a-sharepoint-geo-admin.md).
Users get a seamless experience when using Microsoft 365 services, including Office applications, OneDrive, and Search. See [User experience in a multi-geo environment](multi-geo-user-experience.md) for details.
Each user's OneDrive can be provisioned in or [moved by an administrator](move-o
Management of the Multi-Geo feature is available through the <a href="https://go.microsoft.com/fwlink/?linkid=2185219" target="_blank">SharePoint admin center</a>. Detailed information can be found in the [corresponding blog post](https://techcommunity.microsoft.com/t5/Office-365-Blog/Now-available-Multi-Geo-in-SharePoint-and-Office-365-Groups/ba-p/263302).
-When a user creates a SharePoint group-connected site in a multi-geo environment, their PDL is used to determine the geo location where the site and its associated Group mailbox is created. (If the user's PDL value hasn't been set, or has been set to geo location that hasn't been configured as a satellite location, then the site and mailbox are created in the central location.)
+When a user creates a SharePoint group-connected site in a multi-geo environment, their PDL is used to determine the geo location where the site and its associated Group mailbox are created. (If the user's PDL value hasn't been set, or has been set to geo location that hasn't been configured as a satellite location, then the site and mailbox are created in the central location.)
-Microsoft 365 services other than Exchange, OneDrive, SharePoint, and Teams are not Multi-Geo. However, Microsoft 365 Groups that are created by these services will be configured with the PDL of the creator and their Exchange Group mailbox, SharePoint site are provisioned in the corresponding geo.
+Microsoft 365 services other than Exchange, OneDrive, SharePoint, and Teams aren't Multi-Geo. However, Microsoft 365 Groups that are created by these services will be configured with the PDL of the creator and their Exchange Group mailbox, SharePoint site are provisioned in the corresponding geo.
## Managing the multi-geo environment
enterprise Office 365 Network Mac Perf Cpe https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-cpe.md
Microsoft is working with various partners to enable integration with Microsoft
Informed network routing currently identifies traffic associated with a specific office location and Internet circuit based on the public IP address used to send network traffic to Microsoft.
-In the case where there is not at least one network circuit providing direct Internet access at a branch location, informed network routing may not provide significant value.
+In the case where there isn't at least one network circuit providing direct Internet access at a branch location, informed network routing may not provide significant value.
### Application usage
-Application experience data (reflected through network quality metrics) is collected through usage of specific Microsoft client applications. Exchange metrics reflect usage of the Outlook client as well as some Outlook Web App usage. SharePoint and OneDrive metrics reflect usage of the tenant-specific SharePoint endpoints, regardless of client application. Teams metrics reflect usage of the Teams desktop client. Other application traffic is not considered when evaluating the health of a network circuit.
+Application experience data (reflected through network quality metrics) is collected through usage of specific Microsoft client applications. Exchange metrics reflect usage of the Outlook client and some Outlook Web App usage. SharePoint and OneDrive metrics reflect usage of the tenant-specific SharePoint endpoints, regardless of client application. Teams metrics reflect usage of the Teams desktop client. Other application traffic isn't considered when evaluating the health of a network circuit.
## Enabling informed network routing Enabling informed network routing requires multiple steps, some of which will need to be performed within the configuration interface of your SD-WAN solution. Consult your SD-WAN solution vendor for guidance on how to initiate the process of enabling informed network routing within the SD-WAN solution before proceeding with configuration in the Microsoft 365 admin center.
-Once you are ready to enable informed network routing in the Microsoft 365 admin center, ensure you have the necessary **User Admin**, or **Global admin** permissions.
+Once you're ready to enable informed network routing in the Microsoft 365 admin center, ensure you have the necessary **User Admin**, or **Global admin** permissions.
>[!IMPORTANT] >In order to provide the necessary tenant-level applications permissions consent for the selected SD-WAN solution to access the informed network routing data sharing channel, you must perform the following steps as a global administrator.
In the [Microsoft 365 admin center](https://admin.microsoft.com/), select **Heal
This section of the admin center provides aggregated network connectivity metrics for your organization and guidance on how to improve your connectivity. See [Network connectivity in the Microsoft 365 Admin Center](office-365-network-mac-perf-overview.md) for additional information on these features available within the admin center.
-Select **Settings > SD-WAN solution** to open the informed network routing configuration pane. The other options that appear under **Settings** are applicable to the general network connectivity guidance in the admin center and are not required to enable informed network routing.
+Select **Settings > SD-WAN solution** to open the informed network routing configuration pane. The other options that appear under **Settings** are applicable to the general network connectivity guidance in the admin center and aren't required to enable informed network routing.
In the configuration pane, select **Add your SD-WAN solution**. ### Step 2: Select your SD-WAN solution and data storage location
-In the drop-down boxes, select the SD-WAN solution you have deployed and the location where you wish to have the data associated with informed network routing stored. See the [data storage](#data-storage) section for additional information.
+In the drop-down boxes, select the SD-WAN solution you've deployed and the location where you wish to have the data associated with informed network routing stored. See the [data storage](#data-storage) section for additional information.
Select **Next**.
Select **Next**.
### Step 4: Grant permissions to the SD-WAN solution
-This step will initiate a permissions grant request with Azure Active Directory (Azure AD). You will be requested to grant tenant-level permissions that allow your selected SD-WAN solution access to the informed network routing data storage and the service health information associated with your tenant. This action requires **Azure AD DC admin**, or **Global admin** role permissions.
+This step will initiate a permissions grant request with Azure Active Directory (Azure AD). You'll be requested to grant tenant-level permissions that allow your selected SD-WAN solution access to the informed network routing data storage and the service health information associated with your tenant. This action requires **Azure AD DC admin**, or **Global admin** role permissions.
Select the **Give permission to this application** link and follow the Azure AD requests.
-Once you have completed the permissions grant, select **Next**.
+Once you've completed the permissions grant, select **Next**.
### Step 5: Confirm your configuration settings
Select **Done** and then close the SD-WAN solution configuration pane.
## Configuring informed network routing
-You will perform much of the configuration for informed network routing within your SD-WAN solution, such as configuring how your traffic should be routed under normal circumstances and the alternate paths that should be used if issues are detected. Consult your SD-WAN solution provider for details on these configuration steps.
+You'll perform much of the configuration for informed network routing within your SD-WAN solution, such as configuring how your traffic should be routed under normal circumstances and the alternate paths that should be used if issues are detected. Consult your SD-WAN solution provider for details on these configuration steps.
Each office location must be configured in the Microsoft 365 admin center so that informed network routing can properly identify traffic associated with the network circuits providing connectivity to these locations. Office locations may be auto-detected as part of Microsoft's ongoing collection of network telemetry. As a result, some locations may be pre-populated in the admin center for your tenant.
-If these locations are accurate, you will simply need to enable the informed network routing feature for each desired location and configure the Internet circuits and their public IP addresses.
+If these locations are accurate, you'll simply need to enable the informed network routing feature for each desired location and configure the Internet circuits and their public IP addresses.
-If the auto-detected locations are not accurate, or there are no locations pre-populated in your tenant, you will have to add or edit locations manually to reflect an accurate topology of your organization.
+If the auto-detected locations are not accurate, or there are no locations pre-populated in your tenant, you'll have to add or edit locations manually to reflect an accurate topology of your organization.
### Updating locations
enterprise Office 365 Network Mac Perf Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-overview.md
The Microsoft 365 Admin Center now includes aggregated network connectivity metr
>[!NOTE] >Network connectivity in the Admin Center supports tenants in WW Commercial and Germany but not GCC Moderate, GCC High, DoD or China.
-When you first navigate to the network performance page, you will have to configure your locations in order to see the map of global network performance, a network assessment scoped to the entire tenant, percentage of your users working remotely vs onsite, and a list of current issues to take action on and/or to research further. From the overview pane, you can drill down to view specific network performance metrics and issues by location. For more information, see [Network performance overview in the Microsoft 365 Admin Center](#network-connectivity-overview-in-the-microsoft-365-admin-center).
+When you first navigate to the network performance page, you'll have to configure your locations in order to see the map of global network performance, a network assessment scoped to the entire tenant, percentage of your users working remotely vs onsite, and a list of current issues to take action on and/or to research further. From the overview pane, you can drill down to view specific network performance metrics and issues by location. For more information, see [Network performance overview in the Microsoft 365 Admin Center](#network-connectivity-overview-in-the-microsoft-365-admin-center).
To access the network connectivity page, you must be an administrator for the organization within Microsoft 365. The Report Reader administrative role will have read access to this information. To configure locations and other elements of network connectivity an administrator must have the Service Support Administrator role.
To get started, turn on your location opt-in setting to automatically collect da
### 1. Enable Windows Location Services
-For this option, you must have at least two computers running at each office location that support the pre-requisites. OneDrive for Windows version must be up-to-date and installed on each computer. For more information on OneDrive versions, see the [OneDrive release notes](https://support.office.com/article/onedrive-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0). Network measurements are planned to be added to other Office 365 client applications in the near future.
+For this option, you must have at least two computers running at each office location that support the pre-requisites. OneDrive for Windows version must be up-to-date and installed on each computer. For more information on OneDrive versions, see the [OneDrive release notes](https://support.office.com/article/onedrive-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0). Network measurements are planned to be added to other Office 365 client applications soon.
Windows Location Service must be consented on the machines. You can test this by running the **Maps** app and locating yourself. It can be enabled on a single machine with **Settings | Privacy | Location** where the setting _Allow apps to access your location_ must be enabled. Windows Location Services consent can be deployed to PCs using MDM or Group Policy with the setting _LetAppsAccessLocation_.
-You do not need to add locations in the Admin Center with this method as they are automatically identified at the city resolution. Multiple office locations within the same city will not be shown when using Windows Location Services. Location information is rounded to the nearest 300 meters by 300 meters so that more precise location information is not accessed.
+You don't need to add locations in the Admin Center with this method as they're automatically identified at the city resolution. Multiple office locations within the same city won't be shown when using Windows Location Services. Location information is rounded to the nearest 300 meters by 300 meters so that more precise location information isn't accessed.
-The machines should have Wi-Fi networking rather than an ethernet cable. Machines with an ethernet cable do not have accurate location information.
+The machines should have Wi-Fi networking rather than an ethernet cable. Machines with an ethernet cable don't have accurate location information.
Measurement samples and office locations should start to appear 24 hours after these pre-requisites have been met. ### 2. Add locations and provide LAN subnet information
-For this option, neither Windows Location Services nor Wi-Fi are required. Your OneDrive for Windows version must be up-to-date and installed on at least one computer at the location.
+For this option, neither Windows Location Services nor Wi-Fi is required. Your OneDrive for Windows version must be up-to-date and installed on at least one computer at the location.
-Make sure that you also add locations in the **locations page** or import those from a CSV file. The locations added must include your office LAN subnet information. In the dialog for adding or editing a location, you can specify a number of LAN subnets and a number of public egress IP subnets. The LAN subnets are required and one of them must match the LAN subnet attribute on a received network assessment for results to show up. Super nets are not supported so the LAN subnet must match exactly.
+Make sure that you also add locations in the **locations page** or import those from a CSV file. The locations added must include your office LAN subnet information. In the dialog for adding or editing a location, you can specify a number of LAN subnets and a number of public egress IP subnets. The LAN subnets are required and one of them must match the LAN subnet attribute on a received network assessment for results to show up. Super nets aren't supported so the LAN subnet must match exactly.
-Note that usually, LAN subnets are private IP address ranges as defined in RFC1918 such that the use of public IP addresses as the LAN subnets is likely to be incorrect. The dialog will show suggestions of LAN subnets that have been seen in recent network assessment tests for your organization so that you can choose.
+Usually, LAN subnets are private IP address ranges as defined in RFC1918 such that the use of public IP addresses as the LAN subnets is likely to be incorrect. The dialog will show suggestions of LAN subnets that have been seen in recent network assessment tests for your organization so that you can choose.
-If you add public egress IP addresses, these are used as a secondary differentiator and are intended for when you have multiple sites using the same LAN subnet IP address ranges. To make sure your test results show up, you should start by leaving the public egress IP address ranges blank. If they are included then a test result must match both one of the LAN subnet IP address ranges and one of the public egress IP address ranges.
+If you add public egress IP addresses, these are used as a secondary differentiator and are intended for when you have multiple sites using the same LAN subnet IP address ranges. To make sure your test results show up, you should start by leaving the public egress IP address ranges blank. If they are included, then a test result must match both one of the LAN subnet IP address ranges and one of the public egress IP address ranges.
This option allows you to have multiple offices defined within a city.
-All test measurements from client machines include the LAN subnet information, which is correlated with the office location details that you have entered. Measurement samples and office locations should start to appear 24 hours after these pre-requisites have been met.
+All test measurements from client machines include the LAN subnet information, which is correlated with the office location details that you've entered. Measurement samples and office locations should start to appear 24 hours after these pre-requisites have been met.
### 3. Manually gather test reports with the Microsoft 365 network connectivity test tool
-For this option, you need to identify a person at each location. Ask them to browse to [Microsoft 365 network connectivity test](https://connectivity.office.com) on a Windows machine on which they have administrative permissions. On the web site, they need to sign in to their Office 365 account for the same organization that you want to see the results. Then they should click **Run test**. During the test there is a downloaded Connectivity test EXE. They need to open and execute that. Once the tests are completed, the test result is uploaded to the Admin Center.
+For this option, you need to identify a person at each location. Ask them to browse to [Microsoft 365 network connectivity test](https://connectivity.office.com) on a Windows machine on which they have administrative permissions. On the web site, they need to sign in to their Office 365 account for the same organization that you want to see the results. Then they should click **Run test**. During the test there's a downloaded Connectivity test EXE. They need to open and execute that. Once the tests are completed, the test result is uploaded to the Admin Center.
Test reports are linked to a location if it was added with LAN subnet information, otherwise they are shown at the city location only.
Complex enterprises with multiple office locations and non-trivial network perim
> [!div class="mx-imgBorder"] > ![Customer network to cloud.](../media/m365-mac-perf/m365-mac-perf-first-last-mile.png)
-Many enterprises have network perimeter configurations which have grown over time and are primarily designed to accommodate employee Internet web site access where most web sites are not known in advance and are untrusted. The prevailing and necessary focus is avoiding malware and phishing attacks from these unknown web sites. This network configuration strategy, while helpful for security purposes, can lead to degradation of Microsoft 365 user performance and user experience.
+Many enterprises have network perimeter configurations, which have grown over time and are primarily designed to accommodate employee Internet web site access where most web sites aren't known in advance and are untrusted. The prevailing and necessary focus is avoiding malware and phishing attacks from these unknown web sites. This network configuration strategy, while helpful for security purposes, can lead to degradation of Microsoft 365 user performance and user experience.
## How we can solve these challenges Enterprises can improve general user experience and secure their environment by following [Office 365 connectivity principles](./microsoft-365-network-connectivity-principles.md) and by using the Microsoft 365 Admin Center network connectivity feature. In most cases, following these general principles will have a significant positive impact on end-user latency, service reliability and overall performance of Microsoft 365.
-Microsoft is sometimes asked to investigate network performance issues with Microsoft 365 for large enterprise customers, and these frequently have a root cause related to the customer's network perimeter infrastructure. When a common root cause of a customer network perimeter issue is found we seek to identify simple test measurements that identifies it. A test with a measurement threshold that identifies a specific problem is valuable because we can test the same measurement at any location, tell whether this root cause is present there and share it as a network insight with the administrator.
+Microsoft is sometimes asked to investigate network performance issues with Microsoft 365 for large enterprise customers, and these frequently have a root cause related to the customer's network perimeter infrastructure. When a common root cause of a customer network perimeter issue is found, we seek to identify simple test measurements. A test with a measurement threshold that identifies a specific problem is valuable because we can test the same measurement at any location, tell whether this root cause is present there and share it as a network insight with the administrator.
-Some network insights will merely indicate a problem that needs further investigation. A network insight where we have enough tests to show a specific remediation action to correct the root cause is listed as a **recommended action**. These recommendations, based on live metrics that reveal values that fall outside a predetermined threshold, are much more valuable than general best practice advice since they are specific to your environment and will show the actual improvement once the recommended changes have been made.
+Some network insights will merely indicate a problem that needs further investigation. A network insight where we have enough tests to show a specific remediation action to correct the root cause is listed as a **recommended action**. These recommendations, based on live metrics that reveal values that fall outside a predetermined threshold, are much more valuable than general best practice advice since they're specific to your environment and will show the actual improvement once the recommended changes have been made.
## Network connectivity overview in the Microsoft 365 Admin Center
-Microsoft has existing network measurements from several Office desktop and web clients which support the operation of Microsoft 365. These measurements are now being used to provide network architecture design insights and a network assessment which are shown in the **Network connectivity** page in the Microsoft 365 Admin Center.
+Microsoft has existing network measurements from several Office desktop and web clients, which support the operation of Microsoft 365. These measurements are now being used to provide network architecture design insights and a network assessment, which are shown in the **Network connectivity** page in the Microsoft 365 Admin Center.
-By default, approximate location information associated with the network measurements identify the city where client devices are located. The network assessment at each location is shown with color and the relative number of users at each location is represented by the size of the circle.
+By default, approximate location information associated with the network measurements identifies the city where client devices are located. The network assessment at each location is shown with color and the relative number of users at each location is represented by the size of the circle.
> [!div class="mx-imgBorder"] > ![Network insights overview map.](../media/m365-mac-perf/m365-mac-perf-overview-map.png)
You can view a table view of the locations where they can be filtered, sorted, a
## Remote worker assessment and user connection metrics
-We classify network traffic logs as remote or onsite users and show their percentages in the user connection metrics section of the overview pane. For cities where you have remote users, you will find the location specific remote network assessment score when you open that locationΓÇÖs page. The locations list will have both office locations and remote worker cities, which can be filtered and sorted. We provide the remote worker assessment score, with points breakdown for Exchange, SharePoint and Teams.
+We classify network traffic logs as remote or onsite users and show their percentages in the user connection metrics section of the overview pane. For cities where you have remote users, you'll find the location specific remote network assessment score when you open that locationΓÇÖs page. The locations list will have both office locations and remote worker cities, which can be filtered and sorted. We provide the remote worker assessment score, with points breakdown for Exchange, SharePoint and Teams.
Home user networking insights are aggregated and reported at a city level and limited to cities with a minimum of 5 remote employees. We are not identifying individual employees working from home.
-Locations are auto classified as onsite or remote, however, you have the option to enter all your onsite egress IP addresses manually to ensure a 100% classification. If you decide to go this route, you will have to check the **Enter all onsite egress IP addresses manually** checkbox in the Locations Settings flyout after adding all your egress IP addresses. When this is done, all network traffic logs from egress IP addresses you have marked as onsite will always be classified as offices and every other egress IP address will be classified as remote.
+Locations are auto classified as onsite or remote, however, you have the option to enter all your onsite egress IP addresses manually to ensure a 100% classification. If you decide to go this route, you'll have to check the **Enter all onsite egress IP addresses manually** checkbox in the Locations Settings flyout after adding all your egress IP addresses. When this is done, all network traffic logs from egress IP addresses you've marked as onsite will always be classified as offices and every other egress IP address will be classified as remote.
## Specific office location network performance summary and insights
enterprise Page Diagnostics For Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/page-diagnostics-for-spo.md
The Page Diagnostics for SharePoint tool can be installed for:
>[!TIP] >Version **2.0.0** and later includes support for modern pages in addition to classic site pages. If you are unsure which version of the tool you are using, you can select the **About** link or the ellipses (...) to verify your version. **Always update to the latest version** when using the tool.
-The Page Diagnostics for SharePoint tool is a browser extension for the new Microsoft Edge (https://www.microsoft.com/edge) and Chrome browsers that analyzes both SharePoint Online modern portal and classic publishing site pages. This tool only works for SharePoint Online, and cannot be used on a SharePoint system page.
+The Page Diagnostics for SharePoint tool is a browser extension for the new Microsoft Edge (https://www.microsoft.com/edge) and Chrome browsers that analyzes both SharePoint Online modern portal and classic publishing site pages. This tool only works for SharePoint Online, and canΓÇÖt be used on a SharePoint system page.
The tool generates a report for each analyzed page showing how the page performs against a pre-defined set of rules and displays detailed information when results for a test fall outside the baseline value. SharePoint Online administrators and designers can use the tool to troubleshoot performance issues and to ensure that new pages are optimized prior to publishing.
-The Page Diagnostics tool is designed to analyze SharePoint site pages only, not system pages such as *allitems.aspx* or *sharepoint.aspx*. If you attempt to run the tool on a system page or any other non-site page, you will receive an error message advising that the tool cannot be run for that type of page.
+The Page Diagnostics tool is designed to analyze SharePoint site pages only, not system pages such as *allitems.aspx* or *sharepoint.aspx*. If you attempt to run the tool on a system page or any other non-site page, you'll receive an error message advising that the tool canΓÇÖt be run for that type of page.
> [!div class="mx-imgBorder"] > ![Must run on a SharePoint page.](../media/page-diagnostics-for-spo/pagediag-Error-StartPage.png)
-This is not an error in the tool as there is no value in assessing libraries or system pages. Please navigate to a SharePoint site page to use the tool. If this error occurs on a SharePoint page, please check the master page to ensure that the SharePoint metatags have not been removed.
+This isn't an error in the tool as there's no value in assessing libraries or system pages. Please navigate to a SharePoint site page to use the tool. If this error occurs on a SharePoint page, please check the master page to ensure that the SharePoint metatags haven't been removed.
To provide feedback about the tool, select the ellipsis at the top right corner of the tool and then select [Give feedback](https://go.microsoft.com/fwlink/?linkid=874109).
The installation procedure in this section will work for both the Chrome and Mic
> [!IMPORTANT] > Microsoft does not read data or page content that is analyzed by the Page Diagnostics for SharePoint tool, and we do not capture any personal information, website or download information. The only identifiable information logged to Microsoft by the tool is the tenant name, counts of rules that have failed and the date and time the tool was run. This information is used by Microsoft to better understand modern portal and publishing site usage trends and common performance issues.
-1. Install the Page Diagnostics for SharePoint tool for **Microsoft Edge** [(Edge extension)](https://microsoftedge.microsoft.com/addons/detail/ocemkolpnamjcacndljdfmhlpcaoipji) or **Chrome** [(Chrome extension)](https://chrome.google.com/webstore/detail/inahogkhlkbkjkkaleonemeijihmfagi). Please review the User Privacy Policy provided on the description page in the store. When adding the tool to your browser, you will see the following permissions notice.
+1. Install the Page Diagnostics for SharePoint tool for **Microsoft Edge** [(Edge extension)](https://microsoftedge.microsoft.com/addons/detail/ocemkolpnamjcacndljdfmhlpcaoipji) or **Chrome** [(Chrome extension)](https://chrome.google.com/webstore/detail/inahogkhlkbkjkkaleonemeijihmfagi). Please review the User Privacy Policy provided on the description page in the store. When adding the tool to your browser, you'll see the following permissions notice.
> [!div class="mx-imgBorder"] > ![Extension permissions.](../media/page-diagnostics-for-spo/pagediag-add-to-edge.png)
The installation procedure in this section will work for both the Chrome and Mic
1. If you want to use the tool in Incognito or InPrivate mode, follow the procedure for your browser: 1. In Microsoft Edge, navigate to **Extensions** or type _edge://extensions_ in the URL bar and select **Details** for the extension. In the extension settings, select the checkbox for **allow in InPrivate**. 1. In Chrome, navigate to **Extensions** or type _chrome://extensions_ in the URL bar and select **Details** for the extension. In the extension settings, select the slider for **allow in Incognito**.
-1. Navigate to the SharePoint site page on SharePoint Online that you would like to review. We have allowed for "delay loading" of items on pages; therefore, the tool will not stop automatically (this is by design to accommodate all page load scenarios). To stop collection, select **Stop**. Make sure that the page load has completed before you stop data collection or you will only capture a partial trace.
-1. Click on the extension's toolbar button ![Page Diagnostics for SharePoint logo.](../media/page-diagnostics-for-spo/pagediag-icon32.png) to load the tool and you will be presented with the following extension popup window:
+1. Navigate to the SharePoint site page on SharePoint Online that you would like to review. We've allowed for "delay loading" of items on pages; therefore, the tool won't stop automatically (this is by design to accommodate all page load scenarios). To stop collection, select **Stop**. Make sure that the page load has completed before you stop data collection or you'll only capture a partial trace.
+1. Click on the extension's toolbar button ![Page Diagnostics for SharePoint logo.](../media/page-diagnostics-for-spo/pagediag-icon32.png) to load the tool and you'll be presented with the following extension popup window:
![Page Diagnostics tool Popup.](../media/page-diagnostics-for-spo/pagediag-Landing.png)
Select **Start** to begin collecting data for analysis.
> [!div class="mx-imgBorder"] > ![Page diagnostics details.](../media/page-diagnostics-for-spo/pagediag-details.PNG)
- - **CorrelationID** is an important element when working with Microsoft Support as it allows them to gather additional diagnostic data for the specific page.
+ - **CorrelationID** is an important element when working with Microsoft Support as it allows them to gather more diagnostic data for the specific page.
- **SPRequestDuration** is the time taken for SharePoint to process the page. Structural navigation, large images, lots of API calls could all contribute to longer durations.
- - **SPIISLatency** is the time in milliseconds taken for SharePoint Online begin loading the page. This value does not include the time taken for the web application to respond.
- - **Page load time** is the total time recorded by the page from the time of the request to the time the response was received and rendered in the browser. This value is affected by a variety of factors including network latency, the performance of the computer and the time it takes for the browser to load the page.
+ - **SPIISLatency** is the time in milliseconds taken for SharePoint Online begin loading the page. This value doesn't include the time taken for the web application to respond.
+ - **Page load time** is the total time recorded by the page from the time of the request to the time the response was received and rendered in the browser. This value is affected by various factors including network latency, the performance of the computer and the time it takes for the browser to load the page.
- The **Page URL** (Uniform Resource Locator) is the web address of the current page. 1. The [**Diagnostic tests**](#how-to-use-the-diagnostic-tests-tab) tab displays the analysis results in three categories; **No action required**, **Improvement opportunities** and **Attention required**. Each test result is represented by an item in one of these categories as described in the following table:
Select **Start** to begin collecting data for analysis.
When you analyze a SharePoint modern portal page or classic publishing site page with the Page Diagnostics for SharePoint tool, results are analyzed using pre-defined rules that compare results against baseline values and displayed in the **Diagnostic tests** tab. Rules for certain tests may use different baseline values for modern portal and classic publishing sites depending on how specific performance characteristics differ between the two.
-Test results that appear in the **Improvement opportunities** or **Attention required** categories indicate areas that should be reviewed against recommended practices, and can be selected to display additional information about the result. Details for each item include a _Learn more_ link which will take you directly to the appropriate guidance related to the test. Test results that appear in the **No action required** category indicate compliance with the relevant rule and do not display additional details when selected.
+Test results that appear in the **Improvement opportunities** or **Attention required** categories indicate areas that should be reviewed against recommended practices, and can be selected to display additional information about the result. Details for each item include a _Learn more_ link, which will take you directly to the appropriate guidance related to the test. Test results that appear in the **No action required** category indicate compliance with the relevant rule and don't display additional details when selected.
-The information in the Diagnostics tests tab will not tell you how to design pages, but will highlight factors that may impact page performance. Some page functionality and customizations have an unavoidable impact on page performance, and should be reviewed for potential remediation or omission from the page if their impact is substantial.
+The information in the Diagnostics tests tab won't tell you how to design pages, but will highlight factors that may impact page performance. Some page functionality and customizations have an unavoidable impact on page performance, and should be reviewed for potential remediation or omission from the page if their impact is substantial.
-Red or yellow results may also indicate web parts that refresh data too frequently. For example, corporate news is not updated every second but custom web parts are often built to fetch the latest news every second instead of implementing caching elements that could improve the overall user experience. Keep in mind when including web parts on a page that there are often simple ways to reduce their performance impact by evaluating the value of each available parameter to ensure it is set appropriately for its intended purpose.
+Red or yellow results may also indicate web parts that refresh data too frequently. For example, corporate news isn't updated every second but custom web parts are often built to fetch the latest news every second instead of implementing caching elements that could improve the overall user experience. Keep in mind when including web parts on a page that there are often simple ways to reduce their performance impact by evaluating the value of each available parameter to ensure it's set appropriately for its intended purpose.
>[!NOTE] >Classic team sites that don't have the publishing feature enabled cannot make use of CDNs. When you run the tool on these sites, the CDN test is expected to fail and can be ignored, but all of the remaining tests are applicable. The additional functionality of the SharePoint publishing feature can increase page load times, so it should not be enabled just to allow CDN functionality.
The **Network Trace** tab provides detailed information about both requests to b
> [!div class="mx-imgBorder"] > ![Enable exporting to HAR.](../media/page-diagnostics-for-spo/pagediag-submithar.png)
-That should be enabled prior to clicking Start, which will then enable debug mode in your browser. It will generate an HTTP Archive file (HAR) which can then be accessed through the "Network Trace" tab. Click the "Export to HAR" and it will download the file to your computer and you can then share it accordingly. The file can be opened in a variety of debug tools, like F12 Developer Tools and Fiddler.
+That should be enabled prior to clicking Start, which will then enable debug mode in your browser. It will generate an HTTP Archive file (HAR) which can then be accessed through the "Network Trace" tab. Click the "Export to HAR" and it will download the file to your computer and you can then share it accordingly. The file can be opened in various debug tools, like F12 Developer Tools and Fiddler.
> [!div class="mx-imgBorder"] > ![Network trace.](../media/page-diagnostics-for-spo/pagediag-networktracehar.png)
That should be enabled prior to clicking Start, which will then enable debug mod
## Engaging with Microsoft Support
-We have included a **Microsoft Support level feature** that should only be utilized when working directly on a support case. Utilizing this feature will provide no benefit to you when used without support team engagement, and can make the page perform significantly slower. There is no additional information when using this feature in the tool as the additional information is added to the logging in the service.
+We've included a **Microsoft Support level feature** that should only be utilized when working directly on a support case. Utilizing this feature will provide no benefit to you when used without support team engagement, and can make the page perform significantly slower. There's no additional information when using this feature in the tool as the additional information is added to the logging in the service.
No change is visible except that you will be notified that you have enabled it and your page performance will be significantly degraded by 2-3 times slower performance whilst enabled. It will only be relevant for the particular page and that active session. For this reason, this should be used sparingly and only when actively engaged with support.
enterprise Performance Troubleshooting Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/performance-troubleshooting-plan.md
This action plan contains two parts; a preparation phase, and a logging phase. I
### Prepare the client computer -- Find a client computer that can reproduce the performance problem. This computer will be used during the course of troubleshooting.
+- Find a client computer that can reproduce the performance problem. This computer will be used during troubleshooting.
- Write down the steps that cause the performance problem to happen so you're ready when it comes time to test. - Install tools for gathering and recording information: - Install [Netmon 3.4](https://www.microsoft.com/download/details.aspx?id=4865) (or use an equivalent network tracing tool).
This action plan contains two parts; a preparation phase, and a logging phase. I
- Start your Netmon capture (or network tracing tool). - Clear your DNS cache on the client computer from the command line by typing ipconfig /flushdns. - Start a new browser session and turn on HTTPWatch.-- Optional: If you are testing Exchange Online, run the Exchange Client Performance Analyzer tool from the Office 365 admin console.
+- Optional: If you're testing Exchange Online, run the Exchange Client Performance Analyzer tool from the Office 365 admin console.
- Reproduce the exact steps that cause the performance issue. - Stop your Netmon or other tool's trace. - At the command line, run a trace route to your Office 365 subscription by typing the following command and then pressing ENTER:
If you're not familiar with running the tools mentioned in this article, don't w
### Flush the DNS Cache first
-Why? By flushing out the DNS cache you're starting your tests with a clean slate. By clearing the cache, you're resetting the DNS resolver contents to the most up-to-date entries. Remember that a flush does not remove HOSTs file entries. If you use HOST file entries extensively, you should copy those entries out to a file in another directory and then empty the HOST file.
+Why? By flushing out the DNS cache, you're starting your tests with a clean slate. By clearing the cache, you're resetting the DNS resolver contents to the most up-to-date entries. Remember that a flush doesn't remove HOST file entries. If you use HOST file entries extensively, you should copy those entries out to a file in another directory and then empty the HOST file.
#### Flush your DNS resolver cache
In the past, HTTPWatch has been associated with both the Commands and the Explor
![HTTPWatch showing the Network tab for a page load of the Office 365 homepage.](../media/021a2c64-d581-49fd-adf4-4c364f589d75.PNG)
-This screen shot is from the Professional version of HTTPWatch. You can open traces taken in the Basic Version on a computer with a Professional version and read it there. Extra information may be available from the trace through that method.
+This screenshot is from the Professional version of HTTPWatch. You can open traces taken in the Basic Version on a computer with a Professional version and read it there. Extra information may be available from the trace through that method.
## Problem Steps Recorder
-Steps Recorder, or PSR.exe, allows you to record issues as they are occurring. It's a very useful tool and very simple to run.
+Steps Recorder, or PSR.exe, allows you to record issues as they're occurring. It's a very useful tool and simple to run.
### Run Problem Steps Recorder (PSR.exe) to record your work
Steps Recorder, or PSR.exe, allows you to record issues as they are occurring. I
2. When the small PSR.exe window appears, click **Start Record** and reproduce the steps that reproduce the performance issue. You can add comments as needed, by clicking **Add Comments**.
-3. Click **Stop Record** when you have completed the steps. If the performance issue is a page render, wait for the page to render before you stop the recording.
+3. Click **Stop Record** when you've completed the steps. If the performance issue is a page render, wait for the page to render before you stop the recording.
4. Click **Save**.
The date and time is recorded for you. This links your PSR to your Netmon trace
## Read your traces
-It isn't possible to teach everything about network and performance troubleshooting that someone would need to know via an article. Getting good at performance takes experience, and knowledge of how your network works and usually performs. But it is possible to round up a list of top issues and show how tools can make it easier for you to eliminate the most common problems.
+It isn't possible to teach everything about network and performance troubleshooting that someone would need to know via an article. Getting good at performance takes experience, and knowledge of how your network works and usually performs. But it's possible to round up a list of top issues and show how tools can make it easier for you to eliminate the most common problems.
-If you want to pick up skills reading network traces for your Office 365 sites, there is no better teacher than creating traces of page loads regularly and gaining experience reading them. For example, when you have a chance, load an Office 365 service and trace the process. Filter the trace for DNS traffic, or search the FrameData for the name of the service you browsed. Scan the trace to get an idea of the steps that occur when the service loads. This will help you learn what normal page load should look like, and in the case of troubleshooting, particularly around performance, comparing good to bad traces can teach you a lot.
+If you want to pick up skills reading network traces for your Office 365 sites, there's no better teacher than creating traces of page loads regularly and gaining experience reading them. For example, when you have a chance, load an Office 365 service and trace the process. Filter the trace for DNS traffic, or search the FrameData for the name of the service you browsed. Scan the trace to get an idea of the steps that occur when the service loads. This will help you learn what normal page load should look like, and in the case of troubleshooting, particularly around performance, comparing good to bad traces can teach you a lot.
-Netmon uses Microsoft Intellisense in the Display filter field. Intellisense, or intelligent code completion, is that trick where you type in a period and all available options are displayed in a drop-down selection box. If, for example, you are worried about TCP window scaling, you can find your way to a filter (such as `.protocol.tcp.window < 100`) by this means.
+Netmon uses Microsoft Intellisense in the Display filter field. Intellisense, or intelligent code completion, is that trick where you type in a period and all available options are displayed in a drop-down selection box. For example, you're worried about TCP window scaling, you can find your way to a filter (such as `.protocol.tcp.window < 100`) by this means.
![Screenshot of Netmon showing that the Display Filter field uses intellisense.](../media/75a56c11-9a60-47ee-a100-aabdfb1ba10f.PNG)
-Netmon traces can have a lot of traffic in them. If you aren't experienced with reading them, it's likely you will be overwhelmed opening the trace the first time. The first thing to do is separate the signal from the background noise in the trace. You tested against Office 365, and that's the traffic you want to see. If you are used to navigating through traces, you may not need this list.
+Netmon traces can have a lot of traffic in them. If you aren't experienced with reading them, it's likely you'll be overwhelmed opening the trace the first time. The first thing to do is separate the signal from the background noise in the trace. You tested against Office 365, and that's the traffic you want to see. If you're used to navigating through traces, you may not need this list.
Traffic between your client and Office 365 travels via TLS, which means that the body of the traffic will be encrypted and not readable in a generic Netmon trace. Your performance analysis doesn't need to know the specifics of the information in the packet. It is, however, very interested in packet headers and the information that they contain. ### Tips to get a good trace -- Know the value of the IPv4 or IPv6 address of your client computer. You can get this from the command prompt by typing **IPConfig** and then pressing ENTER. Knowing this address will let you tell at a glance whether the traffic in the trace directly involves your client computer. If there is a known proxy, ping it and get its IP address as well.
+- Know the value of the IPv4 or IPv6 address of your client computer. You can get this from the command prompt by typing **IPConfig** and then pressing ENTER. Knowing this address will let you tell at a glance whether the traffic in the trace directly involves your client computer. If there's a known proxy, ping it and get its IP address as well.
-- Flush your DNS resolver cache and, if possible, close all browsers except the one in which you are running your tests. If you are not able to do this, for instance, if support is using some browser-based tool to see your client computer's desktop, be prepared to filter your trace.
+- Flush your DNS resolver cache and, if possible, close all browsers except the one in which you're running your tests. If you aren't able to do this, for instance, if support is using some browser-based tool to see your client computer's desktop, be prepared to filter your trace.
- In a busy trace, locate the Office 365 service that you're using. If you've never or seldom seen your traffic before, this is a helpful step in separating the performance issue from other network noise. There are a few ways to do this. Directly before your test, you can use _ping_ or _PsPing_ against the URL of the specific service (`ping outlook.office365.com` or `psping -4 microsoft-my.sharepoint.com:443`, for example). You can also easily find that ping or PsPing in a Netmon trace (by its process name). That will give you a place to start looking.
-If you're only using Netmon tracing at the time of the problem, that's okay too. To orient yourself, use a filter like `ContainsBin(FrameData, ASCII, "office")` or `ContainsBin(FrameData, ASCII, "outlook")`. You can record your frame number from the trace file. You may also want to scroll the _Frame Summary_ pane all the way to the right and look for the Conversation ID column. There is a number indicated there for the ID of this specific conversation that you can also record and look at in isolation later. Remember to remove this filter before applying any other filtering.
+If you're only using Netmon tracing at the time of the problem, that's okay too. To orient yourself, use a filter like `ContainsBin(FrameData, ASCII, "office")` or `ContainsBin(FrameData, ASCII, "outlook")`. You can record your frame number from the trace file. You may also want to scroll the _Frame Summary_ pane all the way to the right and look for the Conversation ID column. There's a number indicated there for the ID of this specific conversation that you can also record and look at in isolation later. Remember to remove this filter before applying any other filtering.
> [!TIP] > Netmon has a lot of helpful built-in filters. Try the **Load Filter** button at the top of the _Display_ filter pane.
Get familiar with your traffic, and learn to locate the information you need. Fo
Taking Office 365 Outlook Online as an example, the traffic begins something like this: -- DNS Standard Query and DNS Response for outlook.office365.com with matching QueryIDs. It's important to note the time offset for this turn-around, as well as where in the world the Office 365 Global DNS sends the request for name resolution. Ideally, as locally as possible, rather than halfway across the world.
+- DNS Standard Query and DNS Response for outlook.office365.com with matching QueryIDs. It's important to note the time offset for this turn-around, and where in the world the Office 365 Global DNS sends the request for name resolution. Ideally, as locally as possible, rather than halfway across the world.
-- A HTTP GET Request whose status report Moved Permanently (301)
+- An HTTP GET Request whose status report Moved Permanently (301)
- RWS Traffic including RWS Connect requests and Connect replies. (This is Remote Winsock making a connection for you.) -- A TCP SYN and TCP SYN/ACK conversation. A lot of the settings in this conversation impact your performance.
+- A TCP SYN and TCP SYN/ACK conversation. Many settings in this conversation impact your performance.
-- Then a series of TLS:TLS traffic which is where the TLS handshake and TLS certificate conversations take place. (Remember the data is encrypted via SSL/TLS.)
+- Then a series of TLS:TLS traffic, which is where the TLS handshake and TLS certificate conversations take place. (Remember the data is encrypted via SSL/TLS.)
-All parts of the traffic are important and connected, but small portions of the trace contain information particularly important in terms of performance troubleshooting, so we'll focus on those areas. Also, since we've done enough Office 365 performance troubleshooting at Microsoft to compile a Top Ten list of common problems, we'll focus on those issues and how to use the tools we have to root them out next.
+All parts of the traffic are important and connected, but small portions of the trace contain information important in terms of performance troubleshooting, so we'll focus on those areas. Also, since we've done enough Office 365 performance troubleshooting at Microsoft to compile a Top Ten list of common problems, we'll focus on those issues and how to use the tools we have to root them out next.
-If you haven't installed them all ready, the matrix below makes use of several tools. Where possible. Links are provided to the installation points. The list includes common network tracing tools like [Netmon](https://www.microsoft.com/download/details.aspx?id=4865) and [Wireshark](https://www.wireshark.org/), but use any tracing tool you are comfortable with, and in which you're accustomed to filtering network traffic. When you're testing, remember:
+If you haven't installed them already, the matrix below makes use of several tools where ever possible. Links are provided to the installation points. The list includes common network tracing tools like [Netmon](https://www.microsoft.com/download/details.aspx?id=4865) and [Wireshark](https://www.wireshark.org/), but use any tracing tool you're comfortable with, and in which you're accustomed to filtering network traffic. When you're testing, remember:
- *Close your browsers, and test with only one browser running* - This will reduce the overall traffic you capture. It makes for a less busy trace. - *Flush your DNS resolver cache on the client computer* - This will give you a clean slate when you start to take your capture, for a cleaner trace.
Some common issues you may face and how to find them in your Network trace.
### TCP Windows Scaling
-Found in the SYN - SYN/ACK. Legacy or aging hardware may not take advantage of TCP windows scaling. Without proper TCP windows scaling settings, the default 16-bit buffer in TCP headers fills in milliseconds. Traffic cannot continue to send until the client receives an acknowledgment that the original data has been received, causing delays.
+Found in the SYN - SYN/ACK. Legacy or aging hardware may not take advantage of TCP windows scaling. Without proper TCP windows scaling settings, the default 16-bit buffer in TCP headers fills in milliseconds. Traffic canΓÇÖt continue to send until the client receives an acknowledgment that the original data has been received, causing delays.
#### Tools
Look for the SYN - SYN/ACK traffic in your network trace. In Netmon, use a filt
![Filter in Netmon or Wireshark for Syn packets for both tools: TCP.Flags.Syn == 1.](../media/4b9a12a1-c915-43c8-ac2f-a679d0435a29.PNG)
-Notice that for every SYN there is a source port (SrcPort) number that is matched in the destination port (DstPort) of the related Acknowledgment (SYN/ACK).
+Notice that for every SYN there's a source port (SrcPort) number that is matched in the destination port (DstPort) of the related Acknowledgment (SYN/ACK).
To see the Windows Scaling value that is used by your network connection, expand first the SYN, and then the related SYN/ACK.
To see the Windows Scaling value that is used by your network connection, expand
### TCP Idle Time Settings
-Historically, most perimeter networks are configured for transient connections, meaning idle connections are generally terminated. Idle TCP sessions can be terminated by proxies and firewalls at greater than 100 to 300 seconds. This is problematic for Outlook Online because it creates and uses long-term connections, whether they are idle or not.
+Historically, most perimeter networks are configured for transient connections, meaning idle connections are generally terminated. Idle TCP sessions can be terminated by proxies and firewalls at greater than 100 to 300 seconds. This is problematic for Outlook Online because it creates and uses long-term connections, whether they're idle or not.
-When connections are terminated by proxy or firewall devices, the client is not informed, and an attempt to use Outlook Online will mean a client computer will try, repeatedly, to revive the connection before making a new one. You may see hangs in the product, prompts, or slow performance on page load.
+When connections are terminated by proxy or firewall devices, the client isn't informed, and an attempt to use Outlook Online will mean a client computer will try, repeatedly, to revive the connection before making a new one. You may see hangs in the product, prompts, or slow performance on page load.
#### Tools
As an example, the filter in Netmon may look like `.Protocol.IPv4.Address == 10
> [!TIP] > Don't know if the IP address in your trace belongs to your DNS server? Try looking it up at the command line. Click **Start** \> **Run** \> and type **cmd**, or press **Windows Key** \> and type **cmd**. At the prompt, type `nslookup <the IP address from the network trace>`. To test, use nslookup against your own computer's IP address. > To see a list of Microsoft's IP ranges, see [Office 365 URLs and IP address ranges](./urls-and-ip-address-ranges.md).
-If there is a problem, expect long Time Offsets to appear, in this case (Outlook Online), particularly in TLS:TLS packets that show the passage of Application Data (for example, in Netmon you can find application data packets via `.Protocol.TLS AND Description == "TLS:TLS Rec Layer-1 SSL Application Data"`). You should see a smooth progression in the time across the session. If you see long delays when refreshing your Outlook Online, this could be caused by a high degree of resets being sent.
+If there's a problem, expect long Time Offsets to appear, in this case (Outlook Online), particularly in TLS:TLS packets that show the passage of Application Data (for example, in Netmon you can find application data packets via `.Protocol.TLS AND Description == "TLS:TLS Rec Layer-1 SSL Application Data"`). You should see a smooth progression in the time across the session. If you see long delays when refreshing your Outlook Online, this could be caused by a high degree of resets being sent.
### Latency/Round Trip Time
Need to measure the speed of your connection, or your ISP connection's bandwidth
#### What to look for
-To track latency in a trace, you will benefit from having recorded the client computer IP address and the IP address of the DNS server in Office 365. This is for the purpose of easier trace filtering. If you connect through a proxy, you will need your client computer IP address, the proxy/egress IP address, and the Office 365 DNS IP address, to make the work easier.
+To track latency in a trace, you'll benefit from having recorded the client computer IP address and the IP address of the DNS server in Office 365. This is for easier trace filtering. If you connect through a proxy, you will need your client computer IP address, the proxy/egress IP address, and the Office 365 DNS IP address, to make the work easier.
A ping request sent to outlook.office365.com will tell you the name of the datacenter receiving the request, even if ping *may* not be able to connect to send the trademark consecutive ICMP packets. If you use PsPing (a free tool for download), and specific the port (443) and perhaps to use IPv4 (-4) you will get an average round-trip-time for packets sent. This will work this for other URLs in the Office 365 services, like `psping -4 yourSite.sharepoint.com:443`. In fact, you can specify a number of pings to get a larger sample for your average, try something like `psping -4 -n 20 yourSite-my.sharepoint.com:443`.
There is no network trace or troubleshooting tool specific to this. Instead, it'
Found in the SYN - SYN/ACK. Do this check in any performance network trace you've taken to ensure that TCP packets are configured to carry the maximum amount of data possible.
-The goal is to see a MSS of 1460 bytes for transmission of data. If you're behind a proxy, or you are using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.
+The goal is to see an MSS of 1460 bytes for transmission of data. If you're behind a proxy, or you are using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.
#### Tools
Locate the connection in the trace that you're interested in seeing either by sc
### DNS Geolocation
-Where in the world Office 365 tries to resolve your DNS call effects your connection speed.
+Where in the world Office 365 tries to resolve your DNS call affects your connection speed.
In Outlook Online, after the first DNS lookup is completed, the location of that DNS will be used to connect to your nearest datacenter. You will be connected to an Outlook Online CAS server, which will use the backbone network to connect to the datacenter (dC) where your data is stored. This is faster.
enterprise Plan For Network Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/plan-for-network-devices.md
description: "Summary: Describes considerations for network capacity, WAN accele
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-Some network hardware may have limitations on the number of concurrent sessions that are supported. For organizations having more than 2,000 users, we recommend that they monitor their network devices to ensure they are capable of handling the additional Office 365 service traffic. Simple Network Management Protocol (SNMP) monitoring software can help you do this.
+Some network hardware may have limitations on the number of concurrent sessions that are supported. For organizations having more than 2,000 users, we recommend that they monitor their network devices to ensure they're capable of handling the additional Office 365 service traffic. Simple Network Management Protocol (SNMP) monitoring software can help you do this.
This article is part of [Network planning and performance tuning for Office 365](./network-planning-and-performance.md).
The following Skype for Business Help articles have more information about Skype
- [Troubleshooting Skype for Business Online sign-in errors for administrators](/skypeforbusiness/set-up-skype-for-business-online/troubleshooting-sign-in-errors-for-admins) -- [You cannot connect to Skype for Business, or certain features do not work, because an on-premises firewall blocks the connection](https://go.microsoft.com/fwlink/p/?LinkID=243625)
+- [You cannot connect to Skype for Business, or certain features don't work, because an on-premises firewall blocks the connection](https://go.microsoft.com/fwlink/p/?LinkID=243625)
> [!NOTE] > While many of these settings are Skype for Business-specific, the general guidance on network configuration is useful for all Office 365 services.
enterprise Prepare A Non Routable Domain For Directory Synchronization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization.md
You can solve the ".local" problem by registering new UPN suffix or suffixes in
After you've updated the UPNs to use the verified domain, you're ready to synchronize your on-premises AD DS with Microsoft 365.
-#### Step 1: Add the new UPN suffix**
+#### Step 1: Add the new UPN suffix
1. On the AD DS domain controller, in the Server Manager choose **Tools** \> **Active Directory Domains and Trusts**.
For example, you could run the following PowerShell commands to update all conto
$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("@contoso.local","@contoso.com"); $_ | Set-ADUser -UserPrincipalName $newUpn} ```
-See [Active Directory Windows PowerShell module](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee617195(v=technet.10)) to learn more about using Windows PowerShell in AD DS.
+See [Active Directory Windows PowerShell module](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee617195(v=technet.10)) to learn more about using Windows PowerShell in AD DS.
enterprise Protect Your Global Administrator Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/protect-your-global-administrator-accounts.md
Security breaches of a Microsoft 365 tenant, including information harvesting an
- You own your data and identities and the responsibility for protecting them, the security of your on-premises resources, and the security of cloud components you control.
-Microsoft provides capabilities to help protect your organization, but they are effective only if you use them. If you do not use them, you may be vulnerable to attack. To protect your privileged accounts, Microsoft is here to help you with detailed instructions to:
+Microsoft provides capabilities to help protect your organization, but they're effective only if you use them. If you don't use them, you may be vulnerable to attack. To protect your privileged accounts, Microsoft is here to help you with detailed instructions to:
1. Create dedicated, privileged, cloud-based accounts and use them only when necessary.
You can further protect your privileged accounts with Azure AD Privileged Identi
## 2. Configure multi-factor authentication for your dedicated Microsoft 365 privileged accounts
-Multi-factor authentication (MFA) requires additional information beyond the account name and password. Microsoft 365 supports these additional verification methods:
+Multi-factor authentication (MFA) requires additional information beyond the account name and password. Microsoft 365 supports these extra verification methods:
- The Microsoft Authenticator app - A phone call
Multi-factor authentication (MFA) requires additional information beyond the acc
>For organizations that must adhere to National Institute of Standards and Technology (NIST) standards, the use of a phone call or text message-based additional verification methods are restricted. Click [here](https://pages.nist.gov/800-63-FAQ/#q-b01) for the details. >
-If you are a small business that is using user accounts stored only in the cloud (the cloud-only identity model), [set up MFA](/office365/admin/security-and-compliance/set-up-multi-factor-authentication) to configure MFA using a phone call or a text message verification code sent to a smart phone for each dedicated privileged account.
+If you're a small business that is using user accounts stored only in the cloud (the cloud-only identity model), [set up MFA](/office365/admin/security-and-compliance/set-up-multi-factor-authentication) to configure MFA using a phone call or a text message verification code sent to a smart phone for each dedicated privileged account.
-If you are a larger organization that is using a Microsoft 365 hybrid identity model, you have more verification options. If you have the security infrastructure already in place for a stronger secondary authentication method, [set up MFA](../admin/security-and-compliance/set-up-multi-factor-authentication.md) and configure each dedicated privileged account for the appropriate verification method.
+If you're a larger organization that is using a Microsoft 365 hybrid identity model, you have more verification options. If you have the security infrastructure already in place for a stronger secondary authentication method, [set up MFA](../admin/security-and-compliance/set-up-multi-factor-authentication.md) and configure each dedicated privileged account for the appropriate verification method.
-If the security infrastructure for the desired stronger verification method is not in place and functioning for Microsoft 365 MFA, we strongly recommend that you configure dedicated privileged accounts with MFA using the Microsoft Authenticator app, a phone call, or a text message verification code sent to a smart phone for your privileged accounts as an interim security measure. Do not leave your dedicated privileged accounts without the additional protection provided by MFA.
+If the security infrastructure for the desired stronger verification method isn't in place and functioning for Microsoft 365 MFA, we strongly recommend that you configure dedicated privileged accounts with MFA using the Microsoft Authenticator app, a phone call, or a text message verification code sent to a smart phone for your privileged accounts as an interim security measure. Don't leave your dedicated privileged accounts without the extra protection provided by MFA.
For more information, see [MFA for Microsoft 365](../admin/security-and-compliance/multi-factor-authentication-microsoft-365.md).
Use these additional methods to ensure that your privileged account, and the con
### Privileged access workstation
-To ensure that the execution of highly privileged tasks is as secure as possible, use a privileged access workstation (PAW). A PAW is a dedicated computer that is only used for sensitive configuration tasks, such as Microsoft 365 configuration that requires a privileged account. Because this computer is not used daily for Internet browsing or email, it is better protected from Internet attacks and threats.
+To ensure that the execution of highly privileged tasks is as secure as possible, use a privileged access workstation (PAW). A PAW is a dedicated computer that is only used for sensitive configuration tasks, such as Microsoft 365 configuration that requires a privileged account. Because this computer isn't used daily for Internet browsing or email, it's better protected from Internet attacks and threats.
For instructions on how to set up a PAW, see [https://aka.ms/cyberpaw](/security/compass/privileged-access-devices).
To develop a comprehensive roadmap to secure privileged access against cyber att
### Azure AD Privileged Identity Management
-Rather than having your privileged accounts be permanently assigned an administrator role, you can use Azure AD PIM to enable on-demand, just-in-time assignment of the administrator role when it is needed.
+Rather than having your privileged accounts be permanently assigned an administrator role, you can use Azure AD PIM to enable on-demand, just-in-time assignment of the administrator role when it's needed.
Your administrator accounts go from being permanent admins to eligible admins. The administrator role is inactive until someone needs it. You then complete an activation process to add the administrator role to the privileged account for a predetermined amount of time. When the time expires, PIM removes the administrator role from the privileged account.
For more information, see:
Privileged access management is enabled by configuring policies that specify just-in-time access for task-based activities in your tenant. It can help protect your organization from breaches that may use existing privileged administrator accounts with standing access to sensitive data or access to critical configuration settings. For example, you could configure a privileged access management policy that requires explicit approval to access and change organization mailbox settings in your tenant.
-In this step, you'll enable privileged access management in your tenant and configure privileged access policies that provide additional security for task-based access to data and configuration settings for your organization. There are three basic steps to get started with privileged access in your organization:
+In this step, you'll enable privileged access management in your tenant and configure privileged access policies that provide extra security for task-based access to data and configuration settings for your organization. There are three basic steps to get started with privileged access in your organization:
- Creating an approver's group - Enabling privileged access
For more information, see [Privileged access management](/office365/securitycomp
### Security information and event management (SIEM) software for Microsoft 365 logging
-SIEM software run on a server performs real-time analysis of security alerts and events created by applications and network hardware. To allow your SIEM server to include Microsoft 365 security alerts and events in its analysis and reporting functions, integrate Azure AD into you SEIM. See [Introduction to Azure Log Integration](/azure/security/security-azure-log-integration-overview).
+SIEM software run on a server performs real-time analysis of security alerts and events created by applications and network hardware. To allow your SIEM server to include Microsoft 365 security alerts and events in its analysis and reporting functions, integrate Azure AD into your SEIM. See [Introduction to Azure Log Integration](/azure/security/security-azure-log-integration-overview).
## Next step
enterprise Urls And Ip Address Ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
Title: "Office 365 URLs and IP address ranges"
Previously updated : 04/28/2022 Last updated : 05/20/2022 audience: Admin
Office 365 requires connectivity to the Internet. The endpoints below should be
|**Last updated:** 04/28/2022 - ![RSS.](../medi#pacfiles)| |
-Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you are using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
+Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This cadence allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
Endpoint data below lists requirements for connectivity from a user's machine to Office 365. For detail on IP addresses used for network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections, see [Additional endpoints](additional-office365-ip-addresses-and-urls.md) for more information.
-The endpoints are grouped into four service areas representing the three primary workloads and a set of common resources. The groups may be used to associate traffic flows with a particular application, however given that features often consume endpoints across multiple workloads, these groups cannot effectively be used to restrict access.
+The endpoints are grouped into four service areas representing the three primary workloads and a set of common resources. The groups may be used to associate traffic flows with a particular application, however given that features often consume endpoints across multiple workloads, these groups can't effectively be used to restrict access.
Data columns shown are: - **ID**: The ID number of the row, also known as an endpoint set. This ID is the same as is returned by the web service for the endpoint set. -- **Category**: Shows whether the endpoint set is categorized as "Optimize", "Allow", or "Default". You can read about these categories and guidance for management of them at [New Office 365 endpoint categories](microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories). This column also lists which endpoint sets are required to have network connectivity. For endpoint sets which are not required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you are excluding an entire service area, the endpoint sets listed as required do not require connectivity.
+- **Category**: Shows whether the endpoint set is categorized as **Optimize**, **Allow**, or **Default**. This column also lists which endpoint sets are required to have network connectivity. For endpoint sets that aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity.
-- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Office 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute is not supported for this endpoint set. However, it should not be assumed that no routes are advertised for an endpoint set where ER is **No**.
+ You can read about these categories and guidance for their management in [New Office 365 endpoint categories](microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories).
-- **Addresses**: Lists the FQDNs or wildcard domain names and IP Address ranges for the endpoint set. Note that an IP Address range is in CIDR format and may include many individual IP Addresses in the specified network.
+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Office 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute is not supported for this endpoint set.
-- **Ports**: Lists the TCP or UDP ports that are combined with the Addresses to form the network endpoint. You may notice some duplication in IP Address ranges where there are different ports listed.
+ Some routes may be advertised in more than one BGP community, making it possible for endpoints within a given IP range to traverse the ER circuit, but still be unsupported. In all cases, the value of a given endpoint set's ER column should be respected. For more information about BGP communities, see [Using BGP communities in ExpressRoute for Office 365 scenarios](bgp-communities-in-expressroute.md#key-planning-considerations-to-using-bgp-communities).
+
+- **Addresses**: Lists the FQDNs or wildcard domain names and IP address ranges for the endpoint set. Note that an IP address range is in CIDR format and may include many individual IP addresses in the specified network.
+
+- **Ports**: Lists the TCP or UDP ports that are combined with listed IP addresses to form the network endpoint. You may notice some duplication in IP address ranges where there are different ports listed.
[!INCLUDE [Office 365 worldwide endpoints](../includes/office-365-worldwide-endpoints.md)]
enterprise Using Content Search Web Part Instead Of Content Query Web Part To Improve Perfo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/using-content-search-web-part-instead-of-content-query-web-part-to-improve-perfo.md
description: Learn how to increase performance by replacing the Content Query We
This article describes how to increase performance by replacing the Content Query Web Part with the Content Search Web Part in SharePoint Server 2013 and SharePoint Online.
-One of the most powerful new features of SharePoint Server 2013 and SharePoint Online is the Content Search Web Part (CSWP). This Web Part uses the search index to quickly retrieve results which are shown to the user. Use the Content Search Web Part instead of the Content Query Web Part (CQWP) in your pages to improve performance for your users.
+One of the most powerful new features of SharePoint Server 2013 and SharePoint Online is the Content Search Web Part (CSWP). This Web Part uses the search index to quickly retrieve results, which are shown to the user. Use the Content Search Web Part instead of the Content Query Web Part (CQWP) in your pages to improve performance for your users.
-Using a Content Search Web Part over a Content Query Web Part will almost always result in significantly better page load performance on SharePoint Online. There is a little additional configuration to get the right query, but the rewards are improved performance and happier users.
+Using a Content Search Web Part over a Content Query Web Part will almost always result in better page load performance on SharePoint Online. There's a little additional configuration to get the right query, but the rewards are improved performance and happier users.
## Comparing the performance gain you get from using Content Search Web Part instead of Content Query Web Part
-The following examples show the relative performance gains you may receive when you use a Content Search Web Part instead of a Content Query Web Part. The effects are more obvious with a complex site structure and very broad content queries.
+The following examples show the relative performance gains you may receive when you use a Content Search Web Part instead of a Content Query Web Part. The effects are more obvious with a complex site structure and broad content queries.
This example site has the following characteristics:
This example site has the following characteristics:
- The example only uses 50 items across the 8 sites. The effects will be even more pronounced for sites with more content.
-Here is a screen shot of the results of the Content Query Web Part.
+Here's a screenshot of the results of the Content Query Web Part.
![Graphic showing content query for web part.](../media/b3d41f20-dfe5-46ed-9c0a-31057e82de33.png)
-In Internet Explorer, use the **Network** tab of the F12 developer tools to look at the details for the response header. In the following screen shot, the value for the **SPRequestDuration** for this page load is 924 milliseconds.
+In Internet Explorer, use the **Network** tab of the F12 developer tools to look at the details for the response header. In the following screenshot, the value for the **SPRequestDuration** for this page load is 924 milliseconds.
![Screenshot showing request duration of 924.](../media/343571f2-a249-4de2-bc11-2cee93498aea.png)
- **SPRequestDuration** indicates the amount of work that is done on the server to prepare the page. Switching Content by Query Web Parts with Content by Search Web Parts dramatically reduces the time it takes to render the page. By contrast, a page with an equivalent Content Search Web Part, returning the same number of results has an **SPRequestDuration** value of 106 milliseconds as shown in this screen shot:
+ **SPRequestDuration** indicates the amount of work that is done on the server to prepare the page. Switching Content by Query Web Parts with Content by Search Web Parts dramatically reduces the time it takes to render the page. By contrast, a page with an equivalent Content Search Web Part, returning the same number of results has an **SPRequestDuration** value of 106 milliseconds as shown in this screenshot:
![Screen shot showing Request Duration of 106.](../media/b46387ac-660d-4e5e-a11c-cc430e912962.png) ## Adding a Content Search Web Part in SharePoint Online
-Adding a Content Search Web Part is very similar to a regular Content Query Web Part. See the section *"Add a Content Search Web Part"* in [Configure a Content Search Web Part in SharePoint](https://support.office.com/article/Configure-a-Content-Search-Web-Part-in-SharePoint-0dc16de1-dbe4-462b-babb-bf8338c36c9a).
+Adding a Content Search Web Part is similar to a regular Content Query Web Part. See the section *"Add a Content Search Web Part"* in [Configure a Content Search Web Part in SharePoint](https://support.office.com/article/Configure-a-Content-Search-Web-Part-in-SharePoint-0dc16de1-dbe4-462b-babb-bf8338c36c9a).
## Creating the right search query for your Content Search Web Part
-Once you have added a Content Search Web Part, you can refine the search and return the items you want. For detailed instructions on how to do this, see the section, *"Display content by configuring an advanced query in a Content Search Web Part"* in [Configure a Content Search Web Part in SharePoint](https://support.office.com/article/Configure-a-Content-Search-Web-Part-in-SharePoint-0dc16de1-dbe4-462b-babb-bf8338c36c9a).
+Once you've added a Content Search Web Part, you can refine the search and return the items you want. For detailed instructions on how to do this, see the section, *"Display content by configuring an advanced query in a Content Search Web Part"* in [Configure a Content Search Web Part in SharePoint](https://support.office.com/article/Configure-a-Content-Search-Web-Part-in-SharePoint-0dc16de1-dbe4-462b-babb-bf8338c36c9a).
## Query building and testing tool
lighthouse M365 Lighthouse View Failed Network Connections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-failed-network-connections.md
+
+ Title: "View an enterprise Cloud PC failed network connection in Microsoft 365 Lighthouse"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+ms.localizationpriority: medium
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolib
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to view an enterprise Cloud PC failed network connection."
++
+# View an enterprise Cloud PC failed network connection in Microsoft 365 Lighthouse
+
+Microsoft 365 Lighthouse provides connection status between your tenants and Azure Active Directory. When a Cloud PC has a failed network connection, you can view detailed information in Microsoft Endpoint Manager admin center.
+
+## Before you begin
+
+- You must be a Global Administrator in the partner tenant.
+- You must have Cloud PC administrator or Cloud PC reader access to view connection issues.
+
+## View a failed network connection
+
+1. In the left navigation pane in Lighthouse, select **Windows 365**.
+
+2. Select the **Azure network connections** tab.
+
+3. From the connection summary area, select **Failed connections**.
+
+4. From the filtered list, select **View connection details in Microsoft Endpoint Manager** next to the connection you want to investigate.
+
+5. From Microsoft Endpoint Manager admin center, select **View details** to learn more about the error.
+
+## Next steps
+
+To troubleshoot connection issues, see [Troubleshoot on-premises network connection](/windows-365/enterprise/troubleshoot-on-premises-network-connection) article.
+
+## Related content
+
+[Cloud PC role-based access control ](/windows-365/enterprise/role-based-access)(article)\
+[Active Directory domain join](/windows-365/enterprise/troubleshoot-on-premises-network-connection#active-directory-domain-join) (article)\
+[Azure Active Directory device Sync](/windows-365/enterprise/troubleshoot-on-premises-network-connection#azure-active-directory-device-sync) (article)
lighthouse M365 Lighthouse View Service Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-service-health.md
- AdminSurgePortfolib - M365-Lighthouse search.appverid: MET150
-description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how view tenant service health."
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to view tenant service health."
# View tenant service health in Microsoft 365 Lighthouse
lti Teams Meetings With Canvas https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-meetings-with-canvas.md
Microsoft Teams meetings is a Learning Tools Interoperability (LTI) app that hel
## Microsoft Office 365 Admin
-Before managing the Microsoft Teams integration within Instructure Canvas, it is important to have CanvasΓÇÖs **Microsoft-Teams-Sync-for-Canvas** Azure app approved by your institutionΓÇÖs Microsoft Office 365 admin in your Microsoft Azure tenant before completing the Canvas admin setup.
+Before managing the Microsoft Teams integration within Instructure Canvas, it's important to have CanvasΓÇÖs **Microsoft-Teams-Sync-for-Canvas** Azure app approved by your institutionΓÇÖs Microsoft Office 365 admin in your Microsoft Azure tenant before completing the Canvas admin setup.
1. Sign in to Canvas.
Before managing the Microsoft Teams integration within Instructure Canvas, it is
> [!NOTE] > Sync is a functionality that is managed by LMS partner and is used to sync membership at a course level to the Teams team using Microsoft graph APIs. This is primarily a functionality that an educator switches on as true at a course level. Subsequently any membership change done on LMS side for the addition or deletion of the members gets reflected using the Sync implemented by the LMS partner. Even before this process is enabled for an Educator the M365 education institute admin allows their educators to access sync using the Sync permission modal found below. These permissions are granted to the LMS partner to enable educators to sync membership between the LMS course and Teams Class teams.
-8. Enable the Microsoft Teams sync by turning the toggle on.
+8. Enable the Microsoft Teams sync by turning on the toggle.
![teams-sync.](media/teams-sync.png)
As a Canvas Admin, you'll need to add the Microsoft Teams meetings LTI app withi
## Enable for Canvas Courses
-In order to use the LTI within a course, an instructor of the Canvas course must enable the integrations sync. Each course must be enabled by an instructor for a corresponding Teams to be created; there is no global mechanism for Teams creation. This is designed out of caution to prevent unwanted Teams being created.
+In order to use the LTI within a course, an instructor of the Canvas course must enable the integrations sync. Each course must be enabled by an instructor for a corresponding Teams to be created; there's no global mechanism for Teams creation. This is designed out of caution to prevent unwanted Teams being created.
Please refer your instructors to [educator documentation](https://support.microsoft.com/topic/use-microsoft-teams-classes-in-your-lms-preview-ac6a1e34-32f7-45e6-b83e-094185a1e78a#ID0EBD=Instructure_Canvas) for enabling the LTI for each course and finishing the integration setup.
security Configure Extension File Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md
You can define exclusions for Microsoft Defender Antivirus that apply to [schedu
- [Exclusions for files that are opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) > [!IMPORTANT]
-> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response (EDR)](/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response), [attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction), and [controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections.
+> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, such as [attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) and [controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections.
> To exclude files broadly, add them to the Microsoft Defender for Endpoint [custom indicators](/microsoft-365/security/defender-endpoint/manage-indicators). ## Before you begin
security Configure Machines Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-machines-onboarding.md
Before you can track and manage onboarding of devices:
- [Enroll your devices to Intune management](configure-machines.md#enroll-devices-to-intune-management) - [Ensure you have the necessary permissions](configure-machines.md#obtain-required-permissions)
+Watch this video to learn how to easily onboard clients with Microsoft Defender for Endpoint.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bGqr?rel=0]
+ ## Discover and track unprotected devices The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows devices that have actually onboarded to Defender for Endpoint against the total number of Intune-managed Windows devices. :::image type="content" source="images/secconmgmt_onboarding_card.png" alt-text="The Device configuration management Onboarding card" lightbox="images/secconmgmt_onboarding_card.png":::
-*Card showing onboarded devices compared to the total number of Intune-managed Windows device*
+*Card showing onboarded devices compared to the total number of Intune-managed Windows devices*
> [!NOTE] > If you used Configuration Manager, the onboarding script, or other onboarding methods that don't use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Defender for Endpoint onboarding and assign that profile to your devices.
security Device Discovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery.md
Unknown and unmanaged devices introduce significant risks to your network - whet
- Onboard unmanaged endpoints to the service, increasing the security visibility on them. - Reduce the attack surface by identifying and assessing vulnerabilities, and detecting configuration gaps.
-Watch this video for a quick overview of how device discovery:
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWORdQ]
+Watch this video for a quick overview of how to assess and onboard unmanaged devices that Microsoft Defender for Endpoint discovered.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4RwQz]
In conjunction with this capability, a security recommendation to onboard devices to Microsoft Defender for Endpoint is available as part of the existing threat and vulnerability management experience.
Search for "SSH" related security recommendations to find SSH vulnerabilities th
## Use advanced hunting on discovered devices
-You can use advanced hunting queries to gain visibility on discovered devices. Find details about discovered devices in the DeviceInfo table, or network-related information about those devices in the DeviceNetworkInfo table.
+You can use advanced hunting queries to gain visibility on discovered devices. Find details about discovered devices in the DeviceInfo table, or network-related information about those devices, in the DeviceNetworkInfo table.
:::image type="content" source="images/f48ba1779eddee9872f167453c24e5c9.png" alt-text="The Advanced hunting page on which queries can be used" lightbox="images/f48ba1779eddee9872f167453c24e5c9.png"::: ### Query discovered devices details
-Run this query, on the DeviceInfo table, to return all discovered devices along with the most up to details for each device:
+Run this query on the DeviceInfo table to return all discovered devices along with the most up-to-date details for each device:
```query DeviceInfo
security Edr In Block Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/edr-in-block-mode.md
EDR in block mode is integrated with [threat & vulnerability management](next-ge
> [!TIP] > To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](configure-machines-security-baseline.md)**.
+Watch this video to learn why and how to turn on endpoint detection and response (EDR) in block mode, enable behavioral blocking, and containment at every stage from pre-breach to post-breach.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4HjW2]
+ ## What happens when something is detected? When EDR in block mode is turned on, and a malicious artifact is detected, Microsoft Defender for Endpoint blocks and remediates that artifact. Your security operations team will see detection status as **Blocked** or **Prevented** in the [Action center](respond-machine-alerts.md#check-activity-details-in-action-center), listed as completed actions.
security Indicator Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/indicator-manage.md
recommendedActions|String|TI indicator alert recommended actions. **Optional**
rbacGroupNames|String|Comma-separated list of RBAC group names the indicator would be applied to. **Optional** category|String|Category of the alert. Examples include: Execution and credential access. **Optional** mitretechniques|String|MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/). **Optional** It is recommended to add a value in category when a MITRE technique.
-GenerateAlert|String|Whether the alert should be generated or not. Possible Values are: True or False. **Optional**
--
+GenerateAlert|String|Whether the alert should be generated. Possible Values are: True or False. **Optional**
> [!NOTE] > Classless Inter-Domain Routing (CIDR) notation for IP addresses is not supported. For more information, see [Microsoft Defender for Endpoint alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).
+Watch this video to learn how Microsoft Defender for Endpoint provides multiple ways to add and manage Indicators of compromise (IoCs).
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLVw]
+ ## See also - [Create indicators](manage-indicators.md)
security Manage Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-alerts.md
Selecting an alert in either of those places brings up the **Alert management pa
:::image type="content" source="images/atp-alerts-selected.png" alt-text="The Alert management pane and the Alerts queue" lightbox="images/atp-alerts-selected.png":::
+Watch this video to learn how to use the new Microsoft Defender for Endpoint alert page.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4yiO5]
+ ## Link to another incident You can create a new incident from the alert or link to an existing incident.
security Manage Outdated Endpoints Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md
Title: Apply Microsoft Defender AV protection updates to out of date endpoints
-description: Define when and how updates should be applied for endpoints that have not updated in a while.
-keywords: updates, protection, out-of-date, outdated, old, catch-up
+ Title: Apply Microsoft Defender Antivirus protection updates to out of date endpoints
+description: Define when and how updates should be applied for endpoints that haven't updated in a while.
+keywords: updates, protection, out of date, outdated, old, catch-up
ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library
Previously updated : 10/18/2018 ms.technology: mde
# Manage Microsoft Defender Antivirus updates and scans for endpoints that are out of date -- **Applies to:** - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus **Platforms**-- Windows
-Microsoft Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis.
+- Windows
-For example, an employee that uses a particular PC is on break for three days and does not log on to their PC during that time.
+With Microsoft Defender Antivirus, your security team can define how long an endpoint can avoid an update or how many scans it can miss before it's required to receive the update and run a scan. This capability is especially useful in environments where devices aren't often connected to a corporate or external network, or for devices that aren't used on a daily basis.
-When the user returns to work and logs on to their PC, Microsoft Defender Antivirus will immediately check and download the latest protection updates, and run a scan.
+For example, an employee who uses a particular computer takes three days off of work, and doesn't sign on their computer during that time. When the employee returns to work and signs into their computer, Microsoft Defender Antivirus will immediately check and download the latest protection updates, and then run a scan.
## Set up catch-up protection updates for endpoints that haven't updated for a while
-If Microsoft Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-microsoft-defender-antivirus.md).
+If Microsoft Defender Antivirus didn't download protection updates for a specified period, you can set it up to automatically check and download the latest update the next time someone signs in on an endpoint. This configuration is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-microsoft-defender-antivirus.md).
+
+You can use one of several methods to set up catch-up protection updates:
+
+- [Configuration Manager](#use-configuration-manager-to-configure-catch-up-protection-updates)
+- [Group Policy](#use-group-policy-to-enable-and-configure-the-catch-up-update-feature)
+- [PowerShell cmdlets](#use-powershell-cmdlets-to-configure-catch-up-protection-updates)
+- [Windows Management Instruction (WMI)](#use-windows-management-instruction-wmi-to-configure-catch-up-protection-updates)
### Use Configuration Manager to configure catch-up protection updates
-1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
+1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
2. Go to the **Security intelligence updates** section and configure the following settings:
- 1. Set **Force a security intelligence update if the client computer is offline for more than two consecutive scheduled updates** to **Yes**.
- 2. For the **If Configuration Manager is used as a source for security intelligence updates...**, specify the hours before which the protection updates delivered by Configuration Manager should be considered out-of-date. This will cause the next update location to be used, based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order).
+ - Set **Force a security intelligence update if the client computer is offline for more than two consecutive scheduled updates** to **Yes**.
+ - For the **If Configuration Manager is used as a source for security intelligence updates...**, specify the hours before which the protection updates delivered by Configuration Manager should be considered out of date. This setting causes the next update location to be used, based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order).
-3. Click **OK**.
+3. Select **OK**.
4. [Deploy the updated policy as usual](/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers). ### Use Group Policy to enable and configure the catch-up update feature
-1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and then select **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration**.
-3. Click **Policies** then **Administrative templates**.
+3. Select **Policies** then **Administrative templates**.
4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates**.
-5. Double-click the **Define the number of days after which a catch-up security intelligence update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender AV to check for and download the latest protection update.
+5. Double-click the **Define the number of days after which a catch-up security intelligence update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender Antivirus to check for and download the latest protection update.
-6. Click **OK**.
+6. Select **OK**.
### Use PowerShell cmdlets to configure catch-up protection updates
-Use the following cmdlets:
+Use the following cmdlet:
```PowerShell Set-MpPreference -SignatureUpdateCatchupInterval ```
-See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender Antivirus cmdlets](/powershell/module/defender/) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+For more information about using PowerShell with Microsoft Defender Antivirus, see the following articles:
+
+- [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md)
+- [Defender Antivirus cmdlets](/powershell/module/defender/)
### Use Windows Management Instruction (WMI) to configure catch-up protection updates
Use the [**Set** method of the **MSFT_MpPreference**](/previous-versions/windows
SignatureUpdateCatchupInterval ```
-See the following for more information and allowed parameters:
+See the following article for more information and allowed parameters:
- [Windows Defender WMIv2 APIs](/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal)
-## Set the number of days before protection is reported as out-of-date
+## Set the number of days before protection is reported as out of date
-You can also specify the number of days after which Microsoft Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Microsoft Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source.
+You can also specify the number of days after which Microsoft Defender Antivirus protection is considered old or out of date. After the specified number of days, the client will report itself as "out of date" and will show an error to the endpoint user. When an endpoint is considered out of date, Microsoft Defender Antivirus might attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order)).
-### Use Group Policy to specify the number of days before protection is considered out-of-date
+You can use Group Policy to specify the number of days after which endpoint protection is considered to be out of date.
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
+### Use Group Policy to specify the number of days before protection is considered out of date
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and then select **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration**.
-3. Click **Policies** then **Administrative templates**.
+3. Select **Policies** then **Administrative templates**.
4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following settings:
- 1. Double-click **Define the number of days before spyware definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender AV to consider spyware Security intelligence to be out-of-date.
+ 1. Double-click **Define the number of days before spyware definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender Antivirus to consider spyware Security intelligence to be out of date.
- 2. Click **OK**.
+ 2. Select **OK**.
- 3. Double-click **Define the number of days before virus definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender AV to consider virus Security intelligence to be out-of-date.
+ 3. Double-click **Define the number of days before virus definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender Antivirus to consider virus Security intelligence to be out of date.
- 4. Click **OK**.
+ 4. Select **OK**.
## Set up catch-up scans for endpoints that have not been scanned for a while
You can set the number of consecutive scheduled scans that can be missed before
The process for enabling this feature is:
-1. Set up at least one scheduled scan (see the [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) topic).
+1. Set up at least one scheduled scan (see the [Scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) article).
+ 2. Enable the catch-up scan feature.+ 3. Define the number of scans that can be skipped before a catch-up scan occurs.
-This feature can be enabled for both full and quick scans.
+This feature can be enabled for both full and quick scans.
+
+> [!TIP]
+> We recommend using quick scans for most situations. To learn more, see [Quick scan, full scan, and custom scan](schedule-antivirus-scans.md#quick-scan-full-scan-and-custom-scan).
+
+You can use one of several methods to set up catch-up scans:
+
+- [Group Policy](#use-group-policy-to-enable-and-configure-the-catch-up-scan-feature)
+- [Use PowerShell cmdlets to configure catch-up scans](#use-powershell-cmdlets-to-configure-catch-up-scans)
+- [Windows Management Instruction (WMI)](#use-windows-management-instruction-wmi-to-configure-catch-up-scans)
+- [Configuration Manager](#use-configuration-manager-to-configure-catch-up-scans)
### Use Group Policy to enable and configure the catch-up scan feature 1. Ensure you have set up at least one scheduled scan.
-2. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
+2. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
-4. Click **Policies** then **Administrative templates**.
+4. Select **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Microsoft Defender Antivirus > Scan** and configure the following settings:
- 1. If you have set up scheduled quick scans, double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**.
- 2. If you have set up scheduled full scans, double-click the **Turn on catch-up full scan** setting and set the option to **Enabled**. Click **OK**.
- 3. Double-click the **Define the number of days after which a catch-up scan is forced** setting and set the option to **Enabled**.
- 4. Enter the number of scans that can be missed before a scan will be automatically run when the user next logs on to the PC. The type of scan that is run is determined by the **Specify the scan type to use for a scheduled scan** (see the [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) topic). Click **OK**.
+ - If you have set up scheduled quick scans, double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**.
+ - If you have set up scheduled full scans, double-click the **Turn on catch-up full scan** setting and set the option to **Enabled**. Select **OK**.
+ - Double-click the **Define the number of days after which a catch-up scan is forced** setting and set the option to **Enabled**.
+ - Enter the number of scans that can be missed before a scan will be automatically run when the user next signs in on the endpoint. The type of scan that is run is determined by the **Specify the scan type to use for a scheduled scan** (see the [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) article). Select **OK**.
> [!NOTE] > The Group Policy setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run.
Set-MpPreference -DisableCatchupQuickScan
```
-See [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender Antivirus cmdlets](/powershell/module/defender/) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+For more information about using PowerShell with Microsoft Defender Antivirus, see the following articles:
+
+- [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md)
+- [Defender Antivirus cmdlets](/powershell/module/defender/)
### Use Windows Management Instruction (WMI) to configure catch-up scans
DisableCatchupFullScan
DisableCatchupQuickScan ```
-See the following for more information and allowed parameters:
+See the following article for more information and allowed parameters:
- [Windows Defender WMIv2 APIs](/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal) ### Use Configuration Manager to configure catch-up scans
-1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
+1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
2. Go to the **Scheduled scans** section and **Force a scan of the selected scan type if client computer is offline...** to **Yes**.
-3. Click **OK**.
+3. Select **OK**.
4. [Deploy the updated policy as usual](/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
security Microsoft Defender Antivirus Compatibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility.md
ms.technology: mde Previously updated : 04/19/2022 - M365-security-compliance - m365initiative-defender-endpoint
**Platforms** - Windows - Microsoft Defender Antivirus is automatically installed on endpoints running the following versions of Windows: - Windows 10 or newer
The table in this section describes various states you might see with Microsoft
## See also - [Microsoft Defender Antivirus on Windows clients](microsoft-defender-antivirus-in-windows-10.md)-- [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server.md) - [EDR in block mode](edr-in-block-mode.md) - [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about)
security Microsoft Defender Antivirus On Windows Server https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server.md
- Title: Microsoft Defender Antivirus on Windows Server
-description: Learn how to enable and configure Microsoft Defender Antivirus on Windows Server 2016, Windows Server 2019, and Windows Server 2022.
-keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
-ms.pagetype: security
-ms.sitesec: library
----- Previously updated : 04/01/2022--- M365-security-compliance-- m365initiative-defender-endpoint--
-# Microsoft Defender Antivirus on Windows Server
--
-**Applies to:**
-- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)-
-Microsoft Defender Antivirus is available in the following editions/versions of Windows Server:
--- Windows Server 2022-- Windows Server 2019-- Windows Server, version 1803 or later-- Windows Server 2016-- Windows Server 2012 R2 (Requires Microsoft Defender for Endpoint)-
-## Setting up Microsoft Defender Antivirus on Windows Server
-
-The process of setting up and running Microsoft Defender Antivirus on Windows Server includes the following steps:
-
-1. [Enable the interface](#enable-the-user-interface-on-windows-server).
-2. [Install Microsoft Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server).
-3. [Verify Microsoft Defender Antivirus is running](#verify-microsoft-defender-antivirus-is-running).
-4. [Update your antimalware Security intelligence](#update-antimalware-security-intelligence).
-5. (As needed) [Submit samples](#submit-samples).
-6. (As needed) [Configure automatic exclusions](#configure-automatic-exclusions).
-7. (Only if necessary) Set [Windows Server to passive mode](#passive-mode-and-windows-server).
-
-## Enable the user interface on Windows Server
-
-> [!IMPORTANT]
-> If you're using Windows Server 2012 R2, see [Options to install Microsoft Defender for Endpoint](configure-server-endpoints.md#options-to-install-the-microsoft-defender-for-endpoint-packages).
-
-By default, Microsoft Defender Antivirus is installed and functional on Windows Server. Sometimes, the user interface (GUI) is installed by default. The GUI isn't required; you can use PowerShell, Group Policy, or other methods to manage Microsoft Defender Antivirus. However, many organizations prefer to use the GUI for Microsoft Defender Antivirus. To install the GUI, use one of the procedures in the following table:
-
-| Procedure | What to do |
-|:|:|
-| Turn on the GUI using the Add Roles and Features Wizard | 1. See [Install roles, role services, and features by using the add Roles and Features Wizard](/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**. <br/><br/>2. When you get to the **Features** step of the wizard, under **Windows Defender Features**, select the **GUI for Windows Defender** option. |
-| Turn on the GUI using PowerShell | 1. On your Windows Server, open Windows PowerShell as an administrator. <br/><br/>2. Run the following PowerShell cmdlet: `Install-WindowsFeature -Name Windows-Defender-GUI` |
-
-## Install Microsoft Defender Antivirus on Windows Server
-
-If you need to install or reinstall Microsoft Defender Antivirus on Windows Server, use one of the procedures in the following table:
-
-| Procedure | What to do |
-|:|:|
-| Use the Add Roles and Features Wizard to install Microsoft Defender Antivirus | 1. See [Install or Uninstall Roles, Role Services, or Features](/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**. <br/><br/>2. When you get to the **Features** step of the wizard, select the Microsoft Defender Antivirus option. Also select the **GUI for Windows Defender** option. |
-| Use PowerShell to install Microsoft Defender Antivirus | 1. On your Windows Server, open Windows PowerShell as an administrator. <br/><br/>2. Run the following PowerShell cmdlet: `Install-WindowsFeature -Name Windows-Defender` |
-
-> [!NOTE]
-> Event messages for the antimalware engine included with Microsoft Defender Antivirus can be found in [Microsoft Defender Antivirus Events](troubleshoot-microsoft-defender-antivirus.md).
-
-## Verify Microsoft Defender Antivirus is running
-
-After you've installed (or reinstalled) Microsoft Defender Antivirus, your next step is to verify that it's running. Use the PowerShell cmdlets in the following table:
-
-| Procedure | PowerShell cmdlet |
-|:|:|
-| Verify that Microsoft Defender Antivirus is running | `Get-Service -Name windefend` |
-| Verify that firewall protection is turned on | `Get-Service -Name mpssvc` |
-
-As an alternative to PowerShell, you can use Command Prompt to verify that Microsoft Defender Antivirus is running. To do that, run the following command from a command prompt:
-
-```cmd
-sc query Windefend
-```
-
-The `sc query` command returns information about the Microsoft Defender Antivirus service. When Microsoft Defender Antivirus is running, the `STATE` value displays `RUNNING`.
-
-To view all the services that aren't running, run the following PowerShell cmdlet:
-
-```cmd
-sc query state= all
-```
-
-## Update antimalware Security intelligence
-
-To get your regular security intelligence updates, the Windows Update service must be running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Microsoft Defender Antivirus Security intelligence are approved for the computers you manage.
-
-By default, Windows Update doesn't download and install updates automatically on Windows Server 2019 or Windows Server 2022, or Windows Server 2016. You can change this configuration by using one of the following methods:
-
-| Method | Description |
-|||
-| **Windows Update** in Control Panel | **Install updates automatically** results in all updates being automatically installed, including Windows Defender Security intelligence updates. <br/><br/> **Download updates but let me choose whether to install them** allows Windows Defender to download and install Security intelligence updates automatically, but other updates aren't automatically installed. |
-| **Group Policy** | You can set up and manage Windows Update by using the settings available in Group Policy, in the following path: **Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates** |
-| The **AUOptions** registry key | The following two values allow Windows Update to automatically download and install Security intelligence updates: <br/><br/> **4** - **Install updates automatically**. This value results in all updates being automatically installed, including Windows Defender Security intelligence updates. <br/><br/> **3** - **Download updates but let me choose whether to install them**. This value allows Windows Defender to download and install Security intelligence updates automatically, but other updates aren't automatically installed. |
-
-To ensure that protection from malware is maintained, enable the following
--- Windows Error Reporting service-- Windows Update service-
-The following table lists the services for Microsoft Defender Antivirus and the dependent services.
-
-| Service Name | File Location | Description |
-||||
-| Windows Defender Service (WinDefend) | `C:\Program Files\Windows Defender\MsMpEng.exe` | This is the main Microsoft Defender Antivirus service that needs to be running always.|
-| Windows Error Reporting Service (Wersvc) | `C:\WINDOWS\System32\svchost.exe -k WerSvcGroup` | This service sends error reports back to Microsoft. |
-| Windows Defender Firewall (MpsSvc) | `C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork` | We recommend keeping the Windows Defender Firewall service enabled. |
-| Windows Update (Wuauserv) | `C:\WINDOWS\system32\svchost.exe -k netsvcs`| Windows Update is needed to get Security intelligence updates and antimalware engine updates |
-
-## Submit samples
-
-Sample submission allows Microsoft to collect samples of potentially malicious software. To help provide continued and up-to-date protection, Microsoft researchers use these samples to analyze suspicious activities and produce updated antimalware Security intelligence. We collect program executable files, such as .exe files and .dll files. We don't collect files that contain personal data, like Microsoft Word documents and PDF files.
-
-### Submit a file
-
-1. Review the [submission guide](/windows/security/threat-protection/intelligence/submission-guide).
-
-2. Visit the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission), and submit your file.
-
-### Enable automatic sample submission
-
-To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the **SubmitSamplesConsent** value data according to one of the following settings:
-
-|Setting|Description|
-|||
-| **0** - **Always prompt** | The Microsoft Defender Antivirus service prompts you to confirm submission of all required files. This is the default setting for Microsoft Defender Antivirus, but isn't recommended for installations on Windows Server 2016 or 2019, or Windows Server 2022 without a GUI. |
-| **1** - **Send safe samples automatically** | The Microsoft Defender Antivirus service sends all files marked as "safe" and prompts for the remainder of the files. |
-| **2** - **Never send** | The Microsoft Defender Antivirus service doesn't prompt and doesn't send any files. |
-| **3** - **Send all samples automatically** | The Microsoft Defender Antivirus service sends all files without a prompt for confirmation. |
-
-> [!NOTE]
-> This option is not available for Windows Server 2012 R2.
-
-## Configure automatic exclusions
-
-To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Microsoft Defender Antivirus on Windows Server 2016 or 2019, or Windows Server 2022.
-
-See [Configure exclusions in Microsoft Defender Antivirus on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md).
-
-## Passive mode and Windows Server
-
-If you're using a non-Microsoft antivirus product as your primary antivirus solution on Windows Server, you must set Microsoft Defender Antivirus to passive mode or disabled mode. If your Windows Server endpoint is onboarded to Microsoft Defender for Endpoint, you can set Microsoft Defender Antivirus to passive mode. If you're not using Microsoft Defender for Endpoint, set Microsoft Defender Antivirus to disabled mode.
-
-> [!TIP]
-> See [Microsoft Defender Antivirus compatibility with other security products](microsoft-defender-antivirus-compatibility.md).
-
-The following table describes methods to set Microsoft Defender Antivirus to passive mode, disable Microsoft Defender Antivirus, and uninstall Microsoft Defender Antivirus:
-
-| Procedure | Description |
-|||
-| Set Microsoft Defender Antivirus to passive mode by using a registry key | Set the ForceDefenderPassiveMode registry key as follows: <br/>- Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection` <br/>- Name: `ForceDefenderPassiveMode` <br/>- Type: `REG_DWORD` <br/>- Value: `1` |
-| Turn off the Microsoft Defender Antivirus user interface using PowerShell | Open Windows PowerShell as an administrator, and run the following PowerShell cmdlet: `Uninstall-WindowsFeature -Name Windows-Defender-GUI`
-| Disable Microsoft Defender Antivirus using PowerShell | Use the following PowerShell cmdlet: `Set-MpPreference -DisableRealtimeMonitoring $true` |
-| Disable Microsoft Defender Antivirus using the Remove Roles and Features wizard | See [Install or Uninstall Roles, Role Services, or Features](/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#remove-roles-role-services-and-features-by-using-the-remove-roles-and-features-wizard), and use the **Remove Roles and Features Wizard**. <br/><br/>When you get to the **Features** step of the wizard, clear the **Windows Defender Features** option. <br/><br/> If you clear **Windows Defender** by itself under the **Windows Defender Features** section, you'll be prompted to remove the interface option **GUI for Windows Defender**.<br/><br/>Microsoft Defender Antivirus will still run normally without the user interface, but the user interface can't be enabled if you disable the core **Windows Defender** feature. |
-| Uninstall Microsoft Defender Antivirus using PowerShell | Use the following PowerShell cmdlet: `Uninstall-WindowsFeature -Name Windows-Defender` |
-| Disable Microsoft Defender Antivirus using Group Policy | In your Local Group Policy Editor, navigate to **Administrative Template** > **Windows Component** > **Endpoint Protection** > **Disable Endpoint Protection**, and then select **Enabled** > **OK**. |
-
-### Are you using Windows Server 2012 R2 or Windows Server 2016?
-
-If your Windows Server is onboarded to Microsoft Defender for Endpoint, you can now run Microsoft Defender Antivirus in passive mode on Windows Server 2012 R2 and Windows Server 2016. See the following articles:
--- [Options to install Microsoft Defender for Endpoint](configure-server-endpoints.md#options-to-install-the-microsoft-defender-for-endpoint-packages)--- [Microsoft Defender Antivirus compatibility with other security products](microsoft-defender-antivirus-compatibility.md)-
-## See also
--- [Microsoft Defender Antivirus in Windows](microsoft-defender-antivirus-windows.md)-
security Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-threat-experts.md
Microsoft Threat Experts is a managed threat hunting service that provides your
This managed threat hunting service provides expert-driven insights and data through these two capabilities: targeted attack notification and access to experts on demand.
+Watch this video to learn how Microsoft Threat Experts provides Security Operation Centers (SOCs) with expert-level monitoring and analysis and ensures that no critical threat is missed.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qZ0B]
+ ## Before you begin > [!NOTE]
See [Configure Microsoft Threat Experts capabilities](/microsoft-365/security/de
## Microsoft Threat Experts - Targeted attack notification
-Microsoft Threat Experts - Targeted attack notification provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyber-espionage. These notifications shows up as a new alert. The managed hunting service includes:
+Microsoft Threat Experts - Targeted attack notification provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyber-espionage. These notifications show up as a new alert. The managed hunting service includes:
- Threat monitoring and analysis, reducing dwell time and risk to the business - Hunter-trained artificial intelligence to discover and prioritize both known and unknown attacks
security Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection.md
Network protection extends the protection in [Web protection](web-protection-ove
> [!NOTE] > The Defender for Endpoint demo site at demo.wd.microsoft.com is deprecated and will be removed in the future.
+Watch this video to learn how Network protection helps reduce the attack surface of your devices from phishing scams, exploits, and other malicious content.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yZ]
+ ## Requirements for network protection Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection.
A user visits a website:
### Network protection: C2 detection and remediation
-In its initial form, ransomware is a commodity threat, pre-programmed and focused on limited, specific outcomes (for example, encrypting a computer). However, ransomware has evolved into a sophisticated threat that is human driven, adaptive, and focused on larger scale and more widespread outcomes; like holding an entire organization's assets or data for ransom.
+In its initial form, ransomware is a commodity threat, pre-programmed and focused on limited, specific outcomes (for example, encrypting a computer). However, ransomware has evolved into a sophisticated threat that is human-driven, adaptive, and focused on larger scale and more widespread outcomes; like holding an entire organization's assets or data for ransom.
Support for Command and Control (C2) is a key part of this ransomware evolution and is what enables these attacks to adapt to the environment they target. Breaking the link to the command-and-control infrastructure means stopping the progression of an attack to its next stage.
security Prevent Changes To Security Settings With Tamper Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
- nextgen - admindeeplinkDEFENDER ms.technology: mde Previously updated : 04/07/2022 Last updated : 05/20/2022 - M365-security-compliance - m365initiative-defender-endpoint
Tamper protection is available for devices that are running one of the following
> [!NOTE] > Tamper protection in Windows Server 2012 R2 is available for devices onboarded using the modern unified solution package. For more information, see [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints). - ## Overview During some kinds of cyber attacks, bad actors try to disable security features, such as antivirus protection, on your machines. Bad actors like to disable your security features to get easier access to your data, to install malware, or to otherwise exploit your data, identity, and devices. Tamper protection helps prevent these kinds of things from occurring. With tamper protection, malicious apps are prevented from taking actions such as:
During some kinds of cyber attacks, bad actors try to disable security features,
- Disabling virus and threat protection - Disabling real-time protection - Turning off behavior monitoring-- Disabling antivirus (such as IOfficeAntivirus (IOAV))
+- Disabling antivirus protection, such as IOfficeAntivirus (IOAV)
- Disabling cloud-delivered protection - Removing security intelligence updates - Disabling automatic actions on detected threats
Tampering attempts typically indicate bigger cyberattacks. Bad actors try to cha
When a tampering attempt is detected, an alert is raised in the [Microsoft 365 Defender portal](/microsoft-365/security/defender-endpoint/portal-overview) ([https://security.microsoft.com](https://security.microsoft.com)). - Using [endpoint detection and response](overview-endpoint-detection-response.md) and [advanced hunting](advanced-hunting-overview.md) capabilities in Microsoft Defender for Endpoint, your security operations team can investigate and address such attempts. ## Review your security recommendations Tamper protection integrates with [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) capabilities. [Security recommendations](tvm-security-recommendation.md) include making sure tamper protection is turned on. For example, you can search on *tamper*. In the results, you can select **Turn on Tamper Protection** to learn more and turn it on. - To learn more about Threat & Vulnerability Management, see [Dashboard insights - threat and vulnerability management](tvm-dashboard-insights.md#dashboard-insightsthreat-and-vulnerability-management). ## Frequently asked questions
If you are an organization using [Microsoft Defender for Endpoint](/microsoft-36
### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus with Group Policy?
-Group policy doesn't apply to tamper protection. Changes made to Microsoft Defender Antivirus settings are ignored when tamper protection is on.
+If you are currently using Intune to configure and manage tamper protection, you should continue using Intune.
+
+Group policy doesn't apply to tamper protection. Changes made to Microsoft Defender Antivirus settings using Group Policy are ignored when tamper protection is turned on, or when tamper protection is configured with Intune.
### If we use Microsoft Intune to configure tamper protection, does it apply only to the entire organization? You have flexibility in configuring tamper protection with Intune. You can target your entire organization, or select specific devices and user groups.
-### Can I configure Tamper Protection with Microsoft Endpoint Configuration Manager?
+### Can I configure tamper protection with Microsoft Endpoint Configuration Manager?
If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See the following resources:
If you are using tenant attach, you can use Microsoft Endpoint Configuration Man
Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint).
-### What happens if I try to change Microsoft Defender for Endpoint settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device?
-
-You won't be able to change the features that are protected by tamper protection; such change requests are ignored.
- ### I'm an enterprise customer. Can local admins change tamper protection on their devices? No. Local admins cannot change or modify tamper protection settings.
security Security Config Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/security-config-management.md
Security Management for Microsoft Defender for Endpoint is a capability for devi
For more information on Security Configuration Management, including prerequisites, supported platforms and more, see [Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager](/mem/intune/protect/mde-security-integration). -
+Watch this video to learn how to use Microsoft Endpoint Manager to manage security configuration for Microsoft Defender for Endpoint.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLVq]
[!INCLUDE [Prerequisites](../../includes/security-config-mgt-prerequisites.md)]
security Switch To Mde Troubleshooting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting.md
- M365-security-compliance Previously updated : 04/01/2022 Last updated : 05/20/2022 ms.technology: mde
Value: `1`
> [!NOTE] > For passive mode to work on endpoints running Windows Server 2016 and Windows Server 2012 R2, those endpoints must be onboarded using the instructions in [Onboard Windows servers](configure-server-endpoints.md#windows-server-2012-r2-and-windows-server-2016).
-For more information, see [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server.md).
+For more information, see [Microsoft Defender Antivirus in Windows](microsoft-defender-antivirus-windows.md).
## Microsoft Defender Antivirus seems to be stuck in passive mode
security Tvm Remediation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-remediation.md
ms.technology: mde
> > Already have Microsoft Defender for Endpoint P2? [Sign up for a free trial of the Defender Vulnerability Management Add-on.](https://signup.microsoft.com/get-started/signup?products=5908ecaa-b8a7-4a04-b6c0-d44fd934b6f2)
+Watch this short video to learn how threat and vulnerability management discovers vulnerabilities and misconfigurations on your endpoints and provides actionable insights that help you quickly remediate threats and vulnerabilities in your environment.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLVs]
+ ## Request remediation Vulnerability management capabilities bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Recommendation** pages to Intune.
Lower your organization's exposure from vulnerabilities and increase your securi
## View your remediation activities
-When you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created that can be tracked **Remediation** page, and a remediation ticket is created in Microsoft Intune.
+When you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created that can be tracked on a **Remediation** page, and a remediation ticket is created in Microsoft Intune.
If you chose the "attention required" remediation option, there will be no progress bar, ticket status, or due date since there is no actual action we can monitor.
View **Top remediation activities** in the [**Vulnerability management** dashboa
## Related articles - [Dashboard](tvm-dashboard-insights.md)-- [Security recommendations](tvm-security-recommendation.md)
+- [Security recommendations](tvm-security-recommendation.md)
security Streaming Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/streaming-api.md
Topic | Description
[Stream events to your Azure storage account](streaming-api-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft 365 Defender to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account. [Supported event types](supported-event-types.md) | Learn which Advanced Hunting event types the Streaming API supports.
+Watch this short video to learn how to set up the streaming API to ship event information directly to Azure Event hubs for consumption by visualization services, data processing engines, or Azure storage for long-term data retention.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4ga]
## Related topics - [Overview of Advanced Hunting](../defender/advanced-hunting-overview.md)
security Mdo Trial Banner https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/includes/mdo-trial-banner.md
+
+ Title: Microsoft Defender for Office 365 90-day trial banner for content
+description: Customers learn they can sign-up for a free trial of Defender for Office 365.
++++++
+> [!TIP]
+> *Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free?* Use the 90-day Defender for Office 365 trial at the [Microsoft 365 Defender portal trials hub](https://security.microsoft.com/trialHorizontalHub?sku=MDO&ref=DocsRef). Learn about who can sign up and trial terms [here](../office-365-security/try-microsoft-defender-for-office-365.md).
security Admin Review Reported Message https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-review-reported-message.md
ms.prod: m365-security
# Admin review for reported messages **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
ms.prod: m365-security
# Use the Submissions portal to submit suspected spam, phish, URLs, and files to Microsoft **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Advanced Spam Filtering Asf Options https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/advanced-spam-filtering-asf-options.md
ms.prod: m365-security
# Advanced Spam Filter (ASF) settings in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Air Remediation Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-remediation-actions.md
ms.prod: m365-security
# Remediation actions in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Air Report False Positives Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-report-false-positives-negatives.md
ms.technology: mdo
# How to report false positives/negatives in automated investigation and response capabilities **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection.md
ms.prod: m365-security
# Anti-malware protection in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Anti Phishing Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-protection.md
ms.prod: m365-security
# Anti-phishing protection in Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Anti Spam Message Headers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-message-headers.md
ms.prod: m365-security
# Anti-spam message headers in Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Anti Spam Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-protection.md
ms.prod: m365-security
# Anti-spam protection in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Anti Spoofing Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spoofing-protection.md
ms.prod: m365-security
# Anti-spoofing protection in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Attack Simulation Training Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-get-started.md
ms.prod: m365-security
# Get started using Attack simulation training in Defender for Office 365 **Applies to** [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Automated Investigation Response Office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/automated-investigation-response-office.md
ms.prod: m365-security
# How automated investigation and response works in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Azure Ip Protection Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/azure-ip-protection-features.md
ms.prod: m365-security
# Protection features in Azure Information Protection rolling out to existing tenants **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Backscatter Messages And Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/backscatter-messages-and-eop.md
ms.prod: m365-security
# Backscatter in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Bulk Complaint Level Values https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/bulk-complaint-level-values.md
ms.prod: m365-security
# Bulk complaint level (BCL) in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/campaigns.md
ms.prod: m365-security
# Campaign Views in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Configuration Analyzer For Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies.md
ms.prod: m365-security
# Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Configure Anti Malware Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-anti-malware-policies.md
ms.prod: m365-security
# Configure anti-malware policies in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Configure Anti Phishing Policies Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop.md
ms.prod: m365-security
# Configure anti-phishing policies in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Configure Global Settings For Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links.md
ms.prod: m365-security
# Configure global settings for Safe Links in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Configure Junk Email Settings On Exo Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-junk-email-settings-on-exo-mailboxes.md
ms.prod: m365-security
# Configure junk email settings on Exchange Online mailboxes **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Configure Mdo Anti Phishing Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies.md
ms.prod: m365-security
# Configure anti-phishing policies in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Configure Review Priority Account https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-review-priority-account.md
ms.prod: m365-security
# Configure and review priority accounts in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Configure The Connection Filter Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-the-connection-filter-policy.md
ms.prod: m365-security
# Configure connection filtering **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Configure The Outbound Spam Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy.md
ms.prod: m365-security
# Configure outbound spam filtering in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Configure Your Spam Filter Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-your-spam-filter-policies.md
ms.prod: m365-security
# Configure anti-spam policies in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Create Block Sender Lists In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365.md
ms.prod: m365-security
# Create blocked sender lists in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Create Safe Sender Lists In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365.md
ms.prod: m365-security
# Create safe sender lists in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365.md
ms.prod: m365-security
# Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Detect And Remediate Illicit Consent Grants https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants.md
ms.prod: m365-security
# Detect and Remediate Illicit Consent Grants **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Detect And Remediate Outlook Rules Forms Attack https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack.md
ms.prod: m365-security
# Detect and Remediate Outlook Rules and Custom Forms Injections Attacks **Summary** Learn how to recognize and remediate the Outlook rules and custom Forms injections attacks in Office 365.
security Email Analysis Investigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-analysis-investigations.md
ms.prod: m365-security
# Email analysis in investigations for Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Email Validation And Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-validation-and-authentication.md
ms.prod: m365-security
# Email authentication in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Enable The Report Message Add In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-message-add-in.md
ms.prod: m365-security
# Enable the Report Message or the Report Phishing add-ins **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Exchange Online Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/exchange-online-protection-overview.md
ms.prod: m365-security
# Exchange Online Protection overview **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security External Email Forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/external-email-forwarding.md
ms.prod: m365-security
# Control automatic external email forwarding in Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Find And Release Quarantined Messages As A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user.md
ms.prod: m365-security
# Find and release quarantined messages as a user in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Grant Access To The Security And Compliance Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/grant-access-to-the-security-and-compliance-center.md
ms.prod: m365-security
# Give users access to the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Help And Support For Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/help-and-support-for-eop.md
# Help and support for EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security High Risk Delivery Pool For Outbound Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages.md
ms.prod: m365-security
# Outbound delivery pools **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security How Office 365 Uses Spf To Prevent Spoofing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing.md
ms.prod: m365-security
# How Microsoft 365 uses Sender Policy Framework (SPF) to prevent spoofing **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security How Office 365 Validates The From Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-office-365-validates-the-from-address.md
ms.prod: m365-security
# How EOP validates the From address to prevent phishing **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security How Policies And Protections Are Combined https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined.md
ms.prod: m365-security
# Order and precedence of email protection **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Impersonation Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/impersonation-insight.md
ms.prod: m365-security
# Impersonation insight in Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Integrate Office 365 Ti With Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/integrate-office-365-ti-with-mde.md
ms.prod: m365-security
# Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint [Microsoft Defender for Office 365](defender-for-office-365.md) can be configured to work with [Microsoft Defender for Endpoint](/windows/security/threat-protection).
security Investigate Malicious Email That Was Delivered https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered.md
ms.prod: m365-security
# Investigate malicious email that was delivered in Microsoft 365 **Applies to:**
security Learn About Spoof Intelligence https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/learn-about-spoof-intelligence.md
ms.prod: m365-security
# Spoof intelligence insight in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mail Flow In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-in-eop.md
# Mail flow in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mail Flow Insights V2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-insights-v2.md
ms.prod: m365-security
# Mail flow insights in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mail Flow Intelligence In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365.md
# Mail flow intelligence in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Manage Quarantined Messages And Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files.md
ms.prod: m365-security
# Manage quarantined messages and files as an admin in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Manage Tenant Allows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-tenant-allows.md
ms.prod: m365-security
# Add allows in the Tenant Allow/Block List **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Manage Tenant Blocks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-tenant-blocks.md
ms.prod: m365-security
# Add blocks in the Tenant Allow/Block List **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mdo For Spo Odb And Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-for-spo-odb-and-teams.md
ms.prod: m365-security
# Safe Attachments for SharePoint, OneDrive, and Microsoft Teams **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Message Trace Scc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-trace-scc.md
ms.prod: m365-security
# Message trace in the Microsoft 365 Defender portal **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Auto Forwarded Messages Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-auto-forwarded-messages-report.md
# Auto-forwarded messages insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Domain Mail Flow Status Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-domain-mail-flow-status-insight.md
ms.prod: m365-security
# Top domain mail flow status insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Mail Flow Map Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-mail-flow-map-report.md
ms.prod: m365-security
# Mail flow map in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Mail Loop Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-mail-loop-insight.md
ms.prod: m365-security
# Fix possible mail loop insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi New Domains Being Forwarded Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email.md
# New domains being forwarded email insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi New Users Forwarding Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-new-users-forwarding-email.md
# New users forwarding email insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Non Accepted Domain Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-non-accepted-domain-report.md
ms.prod: m365-security
# Non-accepted domain report in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Non Delivery Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-non-delivery-report.md
ms.prod: m365-security
# Non-delivery report in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Outbound And Inbound Mail Flow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-outbound-and-inbound-mail-flow.md
ms.prod: m365-security
# Outbound and inbound mail flow insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Queue Alerts And Queues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues.md
# Queues insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Slow Mail Flow Rules Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight.md
ms.prod: m365-security
# Fix slow mail flow rules insight in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Mfi Smtp Auth Clients Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-smtp-auth-clients-report.md
ms.prod: m365-security
# SMTP Auth clients insight and report in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Modify Remove Entries Tenant Allow Block https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/modify-remove-entries-tenant-allow-block.md
ms.prod: m365-security
# Modify and remove entries in the Tenant Allow/Block List **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Monitor For Leaks Of Personal Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/monitor-for-leaks-of-personal-data.md
ms.prod: m365-security
# Monitor for leaks of personal data There are many tools that can be used to monitor the use and transport of personal data. This topic describes three tools that work well.
security Office 365 Air https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-air.md
ms.prod: m365-security
# Automated investigation and response (AIR) in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Office 365 Ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-ti.md
ms.prod: m365-security
# Threat investigation and response **Applies To** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Office365 Security Incident Response Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office365-security-incident-response-overview.md
ms.prod: m365-security
# Security Incident Response **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Outbound Spam Controls https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/outbound-spam-controls.md
ms.prod: m365-security
# Outbound spam protection in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Permissions In The Security And Compliance Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center.md
ms.prod: m365-security
# Permissions in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Permissions Microsoft 365 Security Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/permissions-microsoft-365-security-center.md
ms.prod: m365-security
# Permissions in the Microsoft 365 Defender portal **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Preset Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/preset-security-policies.md
ms.prod: m365-security
# Preset security policies in EOP and Microsoft Defender for Office 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Protect Against Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protect-against-threats.md
ms.prod: m365-security
# Protect against threats **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Quarantine Email Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-email-messages.md
ms.prod: m365-security
# Quarantined email messages in EOP and Defender for Office 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Recommended Settings For Eop And Office365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md
ms.prod: m365-security
# Recommended settings for EOP and Microsoft Defender for Office 365 security **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Recover From Ransomware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recover-from-ransomware.md
ms.prod: m365-security
# Recover from a ransomware attack in Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Reference Policies Practices And Guidelines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reference-policies-practices-and-guidelines.md
ms.prod: m365-security
# Reference: Policies, practices, and guidelines **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Remediate Malicious Email Delivered Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365.md
ms.prod: m365-security
# Remediate malicious email delivered in Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Remove Blocked Connectors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remove-blocked-connectors.md
ms.prod: m365-security
# Remove blocked connectors from the Restricted entities portal **Applies to**
security Removing User From Restricted Users Portal After Spam https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam.md
ms.prod: m365-security
# Remove blocked users from the Restricted users portal in Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Report False Positives And False Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-false-positives-and-false-negatives.md
ms.prod: m365-security
# Report false positives and false negatives in Outlook **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Report Junk Email Messages To Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
ms.prod: m365-security
# Report messages and files to Microsoft **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Reporting And Message Trace In Exchange Online Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reporting-and-message-trace-in-exchange-online-protection.md
ms.prod: m365-security
# Reporting and message trace in EOP **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Reports And Insights In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance.md
Title: Smart reports, insights - Microsoft 365 Security & Compliance Center
+ Title: Smart reports and insights
f1.keywords: - NOCSH
search.appverid:
ms.assetid: e3e95f68-36e9-4256-bcca-78fe7fe5ea5d - M365-security-compliance
-description: Learn about the smart reports and insights available in the Security & Compliance Center, and how to use them to view and explore data and take quick actions.
+description: Learn about the smart reports and insights, and how to use them to view and explore data and take quick actions.
ms.technology: mdo ms.prod: m365-security
ms.prod: m365-security
# Smart reports and insights in the Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md) - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
-If you are part of your organization's Microsoft for 365 for business security team and have the necessary [permissions assigned in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md), you can access various reports, including smart reports and insights. Read this article to get an overview of these reports and insights, and where to go to learn more about specific reports.
+If you have the necessary [permissions assigned](permissions-in-the-security-and-compliance-center.md) you can access smart reports and insights.
## Smart reports and insights overview
-Monitoring capabilities available in the Security & Compliance Center include smart reports and insights that enable your compliance and security admins to focus on high-priority issues, such as security attacks or increased suspicious activity. In a dashboard, smart reports and insights resemble the following image:
+Monitoring capabilities include smart reports and insights that enable your compliance and security admins to focus on high-priority issues, such as security attacks or increased suspicious activity. In a dashboard, smart reports and insights resemble the following image:
In addition to highlighting problem areas, smart reports and insights include recommendations and links to view and explore data and also take quick actions. For example, if your organization suddenly has a high number of email messages being marked as spam by end users, you might be advised to revisit your anti-spam policies to ensure the right level of protection is in place.
-## Types of reports in the Security & Compliance Center
-
-A wide variety of reports are available in the Security & Compliance Center. (Go to **Reports** > **Security report** to get an all-up view.) The following table lists available reports with links to learn more:
-
-|Type of information|How to get there|Where to go to learn more|
-||||
-|**Security & Compliance Center reports** (all up) <p> Top insights and recommendations, and links to Security & Compliance reports, including Microsoft Purview Data Loss Prevention reports, labels, email security reports, Defender for Office 365 reports, and more|In the Security & Compliance Center, go to **Reports** \> **Dashboard**|[Reports in the Security & Compliance Center](../../compliance/reports-in-security-and-compliance.md)|
-|**Data loss prevention** <p> Data loss prevention policy matches, false positives and overrides, and links to create or edit policies|In the Security & Compliance Center, go to **Data loss prevention** \> **Policy**|[View the reports for data loss prevention](../../compliance/view-the-dlp-reports.md)|
-|**Data governance** <p> Information about how labels are applied, labels classified as records, label trends, and more|In the Security & Compliance Center, go to **Information governance** \> **Dashboard**|[View the data governance reports](../../compliance/view-the-data-governance-reports.md)|
-|**Threat management dashboard** (this is also referred to as the Security dashboard) <p> Threat detections, malware trends, top targeted users, details about sent and received email messages, and more|In the Security & Compliance Center, go to **Vulnerability Management** \> **Dashboard**|[View reports for Defender for Office 365](view-reports-for-mdo.md)|
-|**Explorer** (also referred to as Threat explorer) or **Real-time detections** <p> Suspected malware detected in email and files in Microsoft 365|In the Security & Compliance Center, go to **Vulnerability Management** \> **Explorer** or **Real-time detections**<br> |[Threat Explorer (or real-time detections)](threat-explorer.md)|
-|**Defender for Office 365 and email security reports** <p> Email security and threat protection reports (including malware, spam, phishing, and spoofing reports)|In the Security & Compliance Center, go to **Reports** > **Email & collaboration** > **[Email & collaboration reports](https://security.microsoft.com/emailandcollabreport)**|[View reports for Defender for Office 365](view-reports-for-mdo.md) <p> [View email security reports in the Security & Compliance Center](view-email-security-reports.md)|
-|**Mail flow** <p> Information about sent and received email messages, recent alerts, top senders and recipients, email forwarding reports, and more|In the Security & Compliance Center, go to **Mail flow** \> **Dashboard** and **Reports** \> **Dashboard**|[Mail flow insights in the Security & Compliance Center](mail-flow-insights-v2.md) <p> [View mail flow reports in the Security & Compliance Center](view-mail-flow-reports.md)|
-|**GDPR compliance** <p> Information about GDPR compliance, including links to data subjects, label trends, and active & closed cases|In the Security & Compliance Center, go to **Data privacy** \> **GDPR dashboard**|[General Data Protection Regulation Summary](/compliance/regulatory/gdpr)|
-|**Audit log** <p> Information about Microsoft 365 activities, users, files or folders, and more|In the Security & Compliance Center, go to **Search & investigation** \> **Audit log search**|[Search the audit log in the Security & Compliance Center](../../compliance/search-the-audit-log-in-security-and-compliance.md)|
-|**Compliance reports** <p> FedRAMP reports, governance, risk and compliance reports, ISO information security management reports, and Service Organization Controls audit and assessment reports|In the Security & Compliance Center, go to **Service assurance** \> **Compliance reports**|[Plan for security & compliance in Office 365](../../compliance/plan-for-security-and-compliance.md)|
+A wide variety of reports are available. (Go to **Reports** \> **Security report** to get an all-up view).
## Related topics
security Respond Compromised Connector https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/respond-compromised-connector.md
ms.prod: m365-security
# Respond to a compromised connector **Applies to**
security Responding To A Compromised Email Account https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account.md
ms.prod: m365-security
# Responding to a Compromised Email Account **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Safe Attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-attachments.md
ms.prod: m365-security
# Safe Attachments in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Safe Docs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-docs.md
ms.prod: m365-security
# Safe Documents in Microsoft 365 A5 or E5 Security **Applies to** - [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
security Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links.md
ms.prod: m365-security
# Safe Links in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
Safe Links protection is available in the following locations:
For more information about Safe Links protection in Teams, see the [Safe Links settings for Microsoft Teams](#safe-links-settings-for-microsoft-teams) section later in this article.
+ > [!NOTE]
+ > Currently, Safe Links protection for Microsoft Teams is not available in Microsoft 365 GCC High or Microsoft 365 DoD.
+ - **Office 365 apps**: Safe Links protection for Office 365 apps is available in supported desktop, mobile, and web apps. You **configure** Safe Links protection for Office 365 apps in the global setting that are **outside** of Safe Links policies. For instructions, see [Configure global settings for Safe Links settings in Microsoft Defender for Office 365](configure-global-settings-for-safe-links.md). Safe Links protection for Office 365 apps is applied to all users in the organization who are licensed for Defender for Office 365, regardless of whether the users are included in active Safe Links policies or not.
You enable or disable Safe Links protection for Microsoft Teams in Safe Links po
> [!NOTE] > When you turn on or turn off Safe Links protection for Teams, it might take up to 24 hours for the change to take effect.
+>
+> Currently, Safe Links protection for Microsoft Teams is not available in Microsoft 365 GCC High or Microsoft 365 DoD.
The following settings in Safe Links policies that apply to links in email messages also apply to links in Teams:
security Secure By Default https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-by-default.md
ms.prod: m365-security
# Secure by default in Office 365 [!INCLUDE [Prerelease information](../includes/prerelease.md)] **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Security Dashboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/security-dashboard.md
ms.prod: m365-security
# Security dashboard in the Security & Compliance Center ## Basic functions and how to open Security dashboard
security Security Roadmap https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/security-roadmap.md
ms.prod: m365-security
# Security roadmap - Top priorities for the first 30 days, 90 days, and beyond This article includes top recommendations from Microsoft's cybersecurity team for implementing security capabilities to protect your Microsoft 365 environment. This article is adapted from a Microsoft Ignite session ΓÇö [Secure Microsoft 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days, and beyond](https://www.youtube.com/watch?v=luignzNyR-o). This session was developed and presented by Mark Simos and Matt Kemelhar, Enterprise Cybersecurity Architects.
security Sending Mail To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/sending-mail-to-office-365.md
ms.prod: m365-security
# Sending mail to Microsoft 365 These articles help external senders improve their reputation and increase their ability to deliver email to users at Microsoft 365. They also provide some information about how you can report junk email and phishing attempts even if you aren't a Microsoft 365 user yourself.
security Services For Non Customers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/services-for-non-customers.md
ms.prod: m365-security
# Services for non-customers sending mail to Microsoft 365 Email abuse, junk email, and fraudulent emails (phishing) continue to burden the entire email ecosystem. To help maintain user trust in the use of email, Microsoft has put various policies and technologies in place to help protect our users. However, Microsoft understands that legitimate email should not be negatively affected. Therefore, we have established a suite of services to help senders improve their ability to deliver email to Microsoft 365 users by proactively managing their sending reputation.
security Set Up Anti Phishing Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-anti-phishing-policies.md
ms.prod: m365-security
# Anti-phishing policies in Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Set Up Safe Attachments Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-safe-attachments-policies.md
ms.prod: m365-security
# Set up Safe Attachments policies in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Set Up Safe Links Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-safe-links-policies.md
ms.prod: m365-security
# Set up Safe Links policies in Microsoft Defender for Office 365 **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
You can also use the procedures in this article to create Safe Links policies th
> > You configure the global settings for Safe Links protection **outside** of Safe Links policies. For instructions, see [Configure global settings for Safe Links in Microsoft Defender for Office 365](configure-global-settings-for-safe-links.md). >
-> Admins should consider the different configuration settings for Safe Links. One of the available options is to include user identifiable information in Safe Links. This feature enables security operations (SecOps)teams to investigate potential user compromise, take corrective action, and limit costly breaches.
+> Admins should consider the different configuration settings for Safe Links. One of the available options is to include user identifiable information in Safe Links. This feature enables security operations (SecOps) teams to investigate potential user compromise, take corrective action, and limit costly breaches.
You can configure Safe Links policies in the Microsoft 365 Defender portal or in PowerShell (Exchange Online PowerShell for eligible Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes, but with Microsoft Defender for Office 365 add-on subscriptions).
Creating a custom Safe Links policy in the Microsoft 365 Defender portal creates
- **Wait for URL scanning to complete before delivering the message**: Select this option to wait for real-time URL scanning to complete before delivering the message. - **Apply Safe Links to email messages sent within the organization**: Select this option to apply the Safe Links policy to messages between internal senders and internal recipients. - **Select the action for unknown or potentially malicious URLs within Microsoft Teams**: Select **On** to enable Safe Links protection for links in Teams. Note that this setting might take up to 24 hours to take effect.+
+ > [!NOTE]
+ > Currently, Safe Links protection for Microsoft Teams is not available in Microsoft 365 GCC High or Microsoft 365 DoD.
+ - **Track user clicks**: Leave this option selected to enable the tracking user clicks on URLs in email messages. - **Let users click through to the original URL**: Clear this option to block users from clicking through to the original URL in [warning pages](safe-links.md#warning-pages-from-safe-links). - **Do not rewrite the following URLs**: Allows access the specified URLs that would otherwise be blocked by Safe Links.
security Set Up Spf In Office 365 To Help Prevent Spoofing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md
ms.prod: m365-security
- [Troubleshooting SPF](#troubleshooting-spf) <!-- **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Siem Integration With Office 365 Ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti.md
ms.prod: m365-security
- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) If your organization is using a security information and event management (SIEM) server, you can integrate Microsoft Defender for Office 365 with your SIEM server. You can set up this integration by using the [Office 365 Activity Management API](/office/office-365-management-api/office-365-management-activity-api-reference).
security Siem Server Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/siem-server-integration.md
ms.prod: m365-security
- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) ## Summary
security Spam Confidence Levels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/spam-confidence-levels.md
ms.prod: m365-security
- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, inbound messages go through spam filtering in EOP and are assigned a spam score. That score is mapped to an individual spam confidence level (SCL) that's added to the message in an X-header. A higher SCL indicates a message is more likely to be spam. EOP takes action on the message based on the SCL.
security Submitting Malware And Non Malware To Microsoft For Analysis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis.md
ms.prod: m365-security
# Submit malware and non-malware to Microsoft for analysis **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Support For Anonymous Inbound Email Messages Over Ipv6 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/support-for-anonymous-inbound-email-messages-over-ipv6.md
ms.prod: m365-security
# Add support for anonymous inbound email over IPv6 in Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Support For Validation Of Dkim Signed Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/support-for-validation-of-dkim-signed-messages.md
ms.prod: m365-security
# Support for validation of DKIM signed messages **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Tenant Allow Block List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list.md
ms.prod: m365-security
# Manage the Tenant Allow/Block List **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Tenant Wide Setup For Increased Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security.md
ms.prod: m365-security
# Configure your Microsoft 365 tenant for increased security **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Threat Explorer Views https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-views.md
ms.prod: m365-security
# Views in Threat Explorer and real-time detections **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Threat Trackers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-trackers.md
ms.prod: m365-security
# Threat Trackers - New and Noteworthy **Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
security Troubleshooting Mail Sent To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/troubleshooting-mail-sent-to-office-365.md
ms.prod: m365-security
# Troubleshooting mail sent to Microsoft 365 **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Tuning Anti Phishing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tuning-anti-phishing.md
ms.prod: m365-security
# Tune anti-phishing protection **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Turn On Mdo For Spo Odb And Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams.md
ms.prod: m365-security
# Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Use Dkim To Validate Outbound Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email.md
ms.prod: m365-security
# Use DKIM to validate outbound email sent from your custom domain **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Use Dmarc To Validate Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-dmarc-to-validate-email.md
ms.prod: m365-security
# Use DMARC to validate email **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Use Spam Notifications To Release And Report Quarantined Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-spam-notifications-to-release-and-report-quarantined-messages.md
ms.prod: m365-security
# Use quarantine notifications to release and report quarantined messages **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Use The Delist Portal To Remove Yourself From The Office 365 Blocked Senders Lis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis.md
ms.prod: m365-security
# Use the delist portal to remove yourself from the blocked senders list and address 5.7.511 Access denied errors **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security User Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md
ms.prod: m365-security
# User reported message settings **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security View Email Security Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-email-security-reports.md
Title: View email security reports f1.keywords: - NOCSH-+ Last updated
ms.prod: m365-security
# View email security reports in the Microsoft 365 Defender portal **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security View Mail Flow Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-mail-flow-reports.md
ms.prod: m365-security
# View mail flow reports in the Reports dashboard in Security & Compliance Center **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security View Reports For Mdo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-reports-for-mdo.md
ms.prod: m365-security
# View Defender for Office 365 reports in the Microsoft 365 Defender portal **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security Virus Detection In Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/virus-detection-in-spo.md
ms.prod: m365-security
# Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Walkthrough Spoof Intelligence Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight.md
# Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight in EOP **Applies to** - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
security What S The Difference Between Junk Email And Bulk Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/what-s-the-difference-between-junk-email-and-bulk-email.md
ms.prod: m365-security
# What's the difference between junk email and bulk email in EOP? **Applies to** - [Exchange Online Protection](exchange-online-protection-overview.md)
security Whats New In Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md
ms.prod: m365-security
# What's new in Microsoft Defender for Office 365 **Applies to:**
security Zero Hour Auto Purge https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/zero-hour-auto-purge.md
ms.prod: m365-security
- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) ## Zero-hour auto purge (ZAP) basics