Updates from: 05/25/2021 03:08:13
Category Microsoft Docs article Related commit history on GitHub Change details
admin About Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md
Before the partner can assign these roles to users, you must add the partner as
## Related content
-[Assign admin roles](assign-admin-roles.md) (article)
-
-[Azure AD roles in the Microsoft 365 admin center](azure-ad-roles-in-the-mac.md) (article)
-
-[Exchange Online admin role](about-exchange-online-admin-role.md) (article)
-
+[Assign admin roles](assign-admin-roles.md) (article)\
+[Azure AD roles in the Microsoft 365 admin center](azure-ad-roles-in-the-mac.md) (article)\
+[Exchange Online admin role](about-exchange-online-admin-role.md) (article)\
[Activity reports in the Microsoft 365 admin center](../activity-reports/activity-reports.md) (article)
admin About Guest Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-guest-users.md
To remove users in the Azure AD portal, see [remove a guest user and resources](
## Related content [Manage guest access in Microsoft 365 groups](../create-groups/manage-guest-access-in-groups.md) (article)\
-[Prevent guests from being added to a specific Microsoft 365 group or Microsoft Teams team](../../solutions/per-group-guest-access.md)
+[Prevent guests from being added to a specific Microsoft 365 group or Microsoft Teams team](../../solutions/per-group-guest-access.md) (article)
admin Assign Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md
For more information, see [About admin roles](about-admin-roles.md).
When you add new users, if you don't assign them an admin role then they are in the *user role* and don't have admin privileges to any of the Microsoft admin centers. But if you need help getting things done, you can assign an admin role to a user. For example, if you need someone to help reset passwords, you shouldn't assign them the global admin role, you should assign them the password admin role. Having too many global admins, with unlimited access to your data and online business, is a security risk.
-## Watch: Add an admin.<br><br>
+## Watch: Add an admin<br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfO]
You can check admin role permissions in 2 different ways:
## Related content
-[About Microsoft 365 admin roles](about-admin-roles.md) (article)
-
-[Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles) (article)
-
-[Assign roles to user accounts with PowerShell](../../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md) (article)
-
+[About Microsoft 365 admin roles](about-admin-roles.md) (article)\
+[Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles) (article)\
+[Assign roles to user accounts with PowerShell](../../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md) (article)\
[Authorize or remove partner relationships](../misc/add-partner.md) (article)
admin Change A User Name And Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/change-a-user-name-and-email-address.md
description: "Learn how a Microsoft 365 global admin can change a user's email a
You may need to change someone's email address and display name if, for example, they get married and their last name changes.
-Watch a short video about changing a user's email address. <br><br>
+## Watch: Change a user's name or email address
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1SJuc]
To learn how to change someone's username in Active Directory, in Windows Server
## Related content
-[Admins: Reset a password for one or more users](reset-passwords.md) (article)
-
-[Add another email address to a user](../email/add-another-email-alias-for-a-user.md) (article)
-
+[Admins: Reset a password for one or more users](reset-passwords.md) (article)\
+[Add another email address to a user](../email/add-another-email-alias-for-a-user.md) (article)\
[Create a shared mailbox](../email/create-a-shared-mailbox.md) (article)
admin Delete A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/delete-a-user.md
Here are the most common issues people encounter when deleting a user:
## Related content
-[Restore a user](restore-user.md) (article)
-
-[Permanently delete a mailbox](/exchange/permanently-delete-a-mailbox-exchange-2013-help) (article)
-
-[Remove a former employee from Office 365](remove-former-employee.md) (article)
-
-[Add a new employee to Office 365](add-new-employee.md) (article)
-
+[Restore a user](restore-user.md) (article)\
+[Permanently delete a mailbox](/exchange/permanently-delete-a-mailbox-exchange-2013-help) (article)\
+[Remove a former employee from Office 365](remove-former-employee.md) (article)\
+[Add a new employee to Office 365](add-new-employee.md) (article)\
[Delete a User Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753730(v=ws.11)): Use these instructions if your business uses **Active Directory** that is synchronizing with Azure AD. You can't do it through Office 365. (article)
admin Give Mailbox Permissions To Another User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/give-mailbox-permissions-to-another-user.md
There are a few different ways you can access a mailbox once you've been given a
## Related content
-[Manage another person's mail and calendar items](https://support.microsoft.com/office/afb79d6b-2967-43b9-a944-a6b953190af5) (article)
-
-[Send email from another person or group](https://support.microsoft.com/office/0f4964af-aec6-484b-a65c-0434df8cdb6b) (article)
-
+[Manage another person's mail and calendar items](https://support.microsoft.com/office/afb79d6b-2967-43b9-a944-a6b953190af5) (article)\
+[Send email from another person or group](https://support.microsoft.com/office/0f4964af-aec6-484b-a65c-0434df8cdb6b) (article)\
[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (video)
admin Let Users Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
These steps turn on self-service password reset for everyone in your business.
## Related content
-[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)
-
-[Set an individual user's password to never expire](set-password-to-never-expire.md) (article)
-
+[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)\
+[Set an individual user's password to never expire](set-password-to-never-expire.md) (article)\
[Microsoft 365 Business training videos](../../business-video/index.yml) (link page)
admin Remove Former Employee Step 4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-4.md
To give access to the email messages, calendar, tasks, and contacts of the forme
## Related content
-[Add and remove admins on a OneDrive account](/sharepoint/manage-user-profiles#add-and-remove-admins-for-a-users-onedrive) (article)
-
-[Restore a deleted OneDrive](/onedrive/restore-deleted-onedrive) (article)
-
+[Add and remove admins on a OneDrive account](/sharepoint/manage-user-profiles#add-and-remove-admins-for-a-users-onedrive) (article)\
+[Restore a deleted OneDrive](/onedrive/restore-deleted-onedrive) (article)\
[OneDrive retention and deletion](/onedrive/retention-and-deletion) (article)
admin Remove Former Employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee.md
You need to be a global administrator to complete the steps in this solution.
## Related content
-[Restore a user](restore-user.md) (article)
+[Restore a user](restore-user.md) (article)\
+[Add a new employee to Microsoft 365](add-new-employee.md) (article)\
+[Assign licenses to users](../manage/assign-licenses-to-users.md) (article)\
+[Unassign licenses from users](../manage/remove-licenses-from-users.md) (article)
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
Try this article: [I forgot the username or password for the account I use with
## Related content
-[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)
-
-[Reset passwords](../add-users/reset-passwords.md) (article)
-
-[Set an individual user's password to never expire](set-password-to-never-expire.md) (article)
-
-[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)
-
+[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)\
+[Reset passwords](../add-users/reset-passwords.md) (article)\
+[Set an individual user's password to never expire](set-password-to-never-expire.md) (article)\
+[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)\
[Microsoft 365 for business training videos](../../business-video/index.yml) (link page)
admin Set Password To Never Expire https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md
Run one of the following commands:
## Related content
-[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)
-
-[Reset passwords](../add-users/reset-passwords.md) (article)
+[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)\
+[Reset passwords](../add-users/reset-passwords.md) (article)\
+[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)
admin Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md
Users with Android or iOS devices are required to install the Company Portal app
## Related content
-[Capabilities of Basic Mobility and Security](capabilities.md) (article)
-
+[Capabilities of Basic Mobility and Security](capabilities.md) (article)\
[Create device security policies in Basic Mobility and Security](create-device-security-policies.md) (article)
admin Add Or Remove Members From Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/add-or-remove-members-from-groups.md
By default, the person who created the group is the group owner. Often a group w
5. Select **Save**.
-## More on managing membership
+## Next steps
- [Manage groups dynamically in Azure Active Directory](/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal): see the section "How can I manage the membership of a group dynamically?"
By default, the person who created the group is the group owner. Often a group w
## Related content
-[Upgrade distribution lists to Microsoft 365 groups in Outlook](../manage/upgrade-distribution-lists.md) (article)
-
-[Why you should upgrade your distribution lists to groups in Outlook](https://support.microsoft.com/office/7fb3d880-593b-4909-aafa-950dd50ce188) (article)
-
-[Manage guest access in Microsoft 365 groups](manage-guest-access-in-groups.md) (article)
-
-[Manage Microsoft 365 groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md): this article introduces you to key cmdlets and provides examples (article)
-
+[Upgrade distribution lists to Microsoft 365 groups in Outlook](../manage/upgrade-distribution-lists.md) (article)\
+[Why you should upgrade your distribution lists to groups in Outlook](https://support.microsoft.com/office/7fb3d880-593b-4909-aafa-950dd50ce188) (article)\
+[Manage guest access in Microsoft 365 groups](manage-guest-access-in-groups.md) (article)\
+[Manage Microsoft 365 groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md): this article introduces you to key cmdlets and provides examples (article)\
[Microsoft 365 groups naming policy](../../solutions/groups-naming-policy.md) (article)
admin Compare Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
Currently it's not possible to migrate a shared mailbox to a Microsoft 365 group
## Related content
-[Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2) (article)
-
+[Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2) (article)\
[Why you should upgrade your distribution lists to groups in Outlook](https://support.microsoft.com/office/7fb3d880-593b-4909-aafa-950dd50ce188) (article)
admin Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
A member can delete an email conversation from the Group inbox if they initiated
When an email is deleted from the group mailbox, it is not deleted from any of the group members' personal mailboxes.
-## Next step: manage your group
+## Next steps
After creating a new group and adding members, you can further configure your group, such as editing the group name or description, changing owners or members, and specifying whether external senders can email the group and whether to send copies of group conversations to members. See [Manage a Microsoft 365 group](manage-groups.md) for information. ## Related content
-[Manage guest access to Microsoft 365 groups](https://support.microsoft.com/office/bfc7a840-868f-4fd6-a390-f347bf51aff6) (article)
-
-[Choose the domain to use when creating Microsoft 365 groups](../../solutions/choose-domain-to-create-groups.md) (article)
-
+[Manage guest access to Microsoft 365 groups](https://support.microsoft.com/office/bfc7a840-868f-4fd6-a390-f347bf51aff6) (article)\
+[Choose the domain to use when creating Microsoft 365 groups](../../solutions/choose-domain-to-create-groups.md) (article)\
[Upgrade distribution lists to Microsoft 365 groups](../manage/upgrade-distribution-lists.md) (article)
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
If you want to edit any of a guest's information, you can [Add or update a user'
## Related content
-[Block guest users from a specific group](../../solutions/per-group-guest-access.md) (article)
-
-[Manage group membership in the Microsoft 365 admin center](add-or-remove-members-from-groups.md) (article)
-
-[Azure Active Directory access reviews](/azure/active-directory/active-directory-azure-ad-controls-perform-access-review) (article)
-
+[Block guest users from a specific group](../../solutions/per-group-guest-access.md) (article)\
+[Manage group membership in the Microsoft 365 admin center](add-or-remove-members-from-groups.md) (article)\
+[Azure Active Directory access reviews](/azure/active-directory/active-directory-azure-ad-controls-perform-access-review) (article)\
[Set-AzureADUser](/powershell/module/azuread/set-azureaduser) (article)
admin Office 365 Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
Microsoft 365 groups work with Azure Active Directory. The groups features you g
## Related content
-[Learn about Microsoft 365 Groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2) (article)
-
-[Upgrade distribution lists to Microsoft 365 Groups](../manage/upgrade-distribution-lists.md) (article)
-
-[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md) (article)
-
-[SharePoint Online Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits) (article)
-
+[Learn about Microsoft 365 Groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2) (article)\
+[Upgrade distribution lists to Microsoft 365 Groups](../manage/upgrade-distribution-lists.md) (article)\
+[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md) (article)\
+[SharePoint Online Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits) (article)\
[Organize groups and channels in Microsoft Stream](/stream/groups-channels-organization) (article)
admin Restore Deleted Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/restore-deleted-group.md
Visit the [Microsoft Tech Community](https://techcommunity.microsoft.com/t5/Offi
## Related content
-[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md) (article)
-
-[Delete groups using the Remove-UnifiedGroup cmdlet](/powershell/module/exchange/remove-unifiedgroup) (article)
-
-[Manage your group-connected team site settings](https://support.microsoft.com/office/8376034d-d0c7-446e-9178-6ab51c58df42) (article)
-
+[Manage Microsoft 365 Groups with PowerShell](../../enterprise/manage-microsoft-365-groups-with-powershell.md) (article)\
+[Delete groups using the Remove-UnifiedGroup cmdlet](/powershell/module/exchange/remove-unifiedgroup) (article)\
+[Manage your group-connected team site settings](https://support.microsoft.com/office/8376034d-d0c7-446e-9178-6ab51c58df42) (article)\
[Delete a group in Outlook](https://support.microsoft.com/office/ca7f5a9e-ae4f-4cbe-a4bc-89c469d1726f) (article)
admin About Shared Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md
Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some
## Related content
-[Create a shared mailbox](create-a-shared-mailbox.md) (article)
-
-[Configure a shared mailbox](configure-a-shared-mailbox.md) (article)
-
-[Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md) (article)
-
-[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)
-
+[Create a shared mailbox](create-a-shared-mailbox.md) (article)\
+[Configure a shared mailbox](configure-a-shared-mailbox.md) (article)\
+[Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md) (article)\
+[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)\
[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md) (article)
admin Add User Or Contact To Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-user-or-contact-to-distribution-list.md
Learn to [send email as a distribution group in Microsoft 365](../manage/send-em
## Related content
-[Manage clutter for your organization](configure-clutter.md) (article)
-
+[Manage clutter for your organization](configure-clutter.md) (article)\
[Create a shared mailbox](create-a-shared-mailbox.md) (article)
admin Change Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/change-email-address.md
You'll be guided to get everything set up correctly with your domain in Microsof
## Related content
-[Buy a custom domain using Microsoft 365](../get-help-with-domains/buy-a-domain-name.md) (article)
+[Buy a custom domain using Microsoft 365](../get-help-with-domains/buy-a-domain-name.md) (article)\
+[Manage domains](../get-help-with-domains/index.yml) (link page)\
+[Domains FAQ](../setup/domains-faq.yml) (article)
admin Configure A Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md
If you choose not to show the shared mailbox in the global address list, the mai
## Related content
-[About shared mailboxes](about-shared-mailboxes.md) (article)
-
-[Create a shared mailbox](create-a-shared-mailbox.md) (article)
-
-[Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md) (article)
-
-[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)
-
+[About shared mailboxes](about-shared-mailboxes.md) (article)\
+[Create a shared mailbox](create-a-shared-mailbox.md) (article)\
+[Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md) (article)\
+[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)\
[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md) (article)
admin Configure Email Forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-email-forwarding.md
You must be an Exchange administrator or Global administrator in Microsoft 365 t
## Related content
-[Create a shared mailbox](../email/create-a-shared-mailbox.md) (article)
-
-[Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e) (article)
-
+[Create a shared mailbox](../email/create-a-shared-mailbox.md) (article)\
+[Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e) (article)\
[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (article)
admin Convert User Mailbox To Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/convert-user-mailbox-to-shared-mailbox.md
description: "Learn to convert a private mailbox to a shared mailbox that can be
When you convert a user's mailbox to a shared mailbox, all of the existing email and calendar is retained. Only now it's in a shared mailbox where several people will be able to access it instead of one person. At a later date, you can convert a shared mailbox back to a user (private) mailbox.
+## Before you begin
+ **Here are some really important things that you need to know:** - The user mailbox you're converting needs a license assigned to it before you convert it to a shared mailbox. Otherwise, you won't see the option to convert the mailbox. If you've removed the license, add it back so you can convert the mailbox. After converting the mailbox to a shared one, you can remove the license from the user's account.
For everything else you need to know about shared mailboxes, see [About shared m
> [!NOTE] > Shared mailboxes donΓÇÖt require a separate license. However, if you want to enable In-Place Archive or put an In-Place Hold or a Litigation Hold on a shared mailbox, you must assign an Exchange Online Plan 1 with Exchange Online Archiving or Exchange Online Plan 2 license to the mailbox. - ## Convert the mailbox of a deleted user Let's say you've deleted a user account and now you want to convert their old mailbox to a share mailbox. Here's what you need to do:
Let's say you've deleted a user account and now you want to convert their old ma
7. Add members to the shared mailbox. - ## Convert a shared mailbox back to a user's (private) mailbox 1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>.
For more info about converting a user mailbox to a shared mailbox in an Exchange
## Related content
-[About shared mailboxes](about-shared-mailboxes.md) (article)
-
-[Create a shared mailbox](create-a-shared-mailbox.md) (article)
-
-[Configure a shared mailbox](configure-a-shared-mailbox.md) (article)
-
-[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)
-
+[About shared mailboxes](about-shared-mailboxes.md) (article)\
+[Create a shared mailbox](create-a-shared-mailbox.md) (article)\
+[Configure a shared mailbox](configure-a-shared-mailbox.md) (article)\
+[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)\
[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md) (article)
admin Create A Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-a-shared-mailbox.md
When you created the shared mailbox, you automatically created a shared calendar
## Related content
-[About shared mailboxes](about-shared-mailboxes.md) (article)
-
-[Configure a shared mailbox](configure-a-shared-mailbox.md) (article)
-
-[Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md) (article)
-
-[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)
-
+[About shared mailboxes](about-shared-mailboxes.md) (article)\
+[Configure a shared mailbox](configure-a-shared-mailbox.md) (article)\
+[Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md) (article)\
+[Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)\
[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md) (article)
admin Buy A Domain Name https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/buy-a-domain-name.md
After you register your domain (at a domain registrar), you sign in to Microsoft
## Related content
-[Add a domain to Microsoft 365](../setup/add-domain.md) (article)
-
-[Domains FAQ](../setup/domains-faq.yml) (article)
-
+[Add a domain to Microsoft 365](../setup/add-domain.md) (article)\
+[Domains FAQ](../setup/domains-faq.yml) (article)\
[Update DNS records to keep your website with your current hosting provider](../dns/update-dns-records-to-retain-current-hosting-provider.md) (article)
admin Change Nameservers At Any Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/change-nameservers-at-any-domain-registrar.md
After the nameserver records are updated to point to Microsoft, your domain setu
## Related content
-[Add DNS records to connect your domain](create-dns-records-at-any-dns-hosting-provider.md) (article)
-
-[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)
-
+[Add DNS records to connect your domain](create-dns-records-at-any-dns-hosting-provider.md) (article)\
+[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)\
[Manage domains](index.yml) (link page)
admin Dns Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/dns-basics.md
description: "The domain name system maps computer hostnames to IP addresses and
::: moniker range="o365-worldwide" Domain names, like contoso.com, are managed by using a worldwide system of domain registrars and databases. The Domain Name System (DNS) provides a mapping between human-readable computer hostnames and the IP addresses used by networking equipment. An understanding of DNS and domain registrar basics can help you manage domains.+
+## Watch: Domains & DNS: An overview
> [!VIDEO https://www.microsoft.com/videoplayer/embed/c005f2a4-90ad-46fe-b1ab-90f41f2a9d53?autoplay=false]
Domain names, like contoso.com, are managed by using a worldwide system of domai
::: moniker range="o365-germany" Domain names, like contoso.com, are managed by using a worldwide system of domain registrars and databases. The Domain Name System (DNS) provides a mapping between human-readable computer hostnames and the IP addresses used by networking equipment. An understanding of DNS and domain registrar basics can help you manage domains.+
+## Watch: Domains & DNS: An overview
> [!VIDEO https://www.microsoft.com/videoplayer/embed/c005f2a4-90ad-46fe-b1ab-90f41f2a9d53?autoplay=false]
You can [find a list of values](information-for-dns-records.md) to set up your d
Or, if you're planning a deployment, you may want to review a list of all the DNS records required for Microsoft 365, what their function is, and example values. Check out [External Domain Name System records for Microsoft 365](../../enterprise/external-domain-name-system-records.md).
-## How can I learn more?
+## Next steps
Check out one of the following:
Check out one of the following:
## Related content
-[Domains FAQ](../setup/domains-faq.yml) (article)
-
-[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)
-
+[Domains FAQ](../setup/domains-faq.yml) (article)\
+[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)\
[Manage domains](index.yml) (link page)
admin Information For Dns Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/information-for-dns-records.md
description: "Gather the values/information you need to create DNS records to co
## Related content
-[Domains FAQ](../setup/domains-faq.yml) (article)
-
-[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)
-
+[Domains FAQ](../setup/domains-faq.yml) (article)\
+[Find and fix issues after adding your domain or DNS records](find-and-fix-issues.md) (article)\
[Manage domains](index.yml) (link page)
admin Remove A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/remove-a-domain.md
Still not working? Your domain might need to be manually removed. [Give us a cal
## Related content
-[Domains FAQ](../setup/domains-faq.yml) (article)
-
-[Switch to a different Microsoft 365 for business plan](../../commerce/subscriptions/switch-to-a-different-plan.md) (article)
-
+[Domains FAQ](../setup/domains-faq.yml) (article)\
+[Switch to a different Microsoft 365 for business plan](../../commerce/subscriptions/switch-to-a-different-plan.md) (article)\
[Cancel your subscription](../../commerce/subscriptions/cancel-your-subscription.md) (article)
admin Centralized Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-of-add-ins.md
If you or your users encounter problems loading the add-in while using Office ap
## Related content
-[Deploy add-ins in the admin center](../manage/manage-deployment-of-add-ins.md) (article)
-
-[Manage add-ins in the admin center](manage-addins-in-the-admin-center.md) (article)
-
-[Centralized Deployment FAQ](../manage/centralized-deployment-faq.md) (article)
-
+[Deploy add-ins in the admin center](../manage/manage-deployment-of-add-ins.md) (article)\
+[Manage add-ins in the admin center](manage-addins-in-the-admin-center.md) (article)\
+[Centralized Deployment FAQ](../manage/centralized-deployment-faq.md) (article)\
[Upgrade your Microsoft 365 for business users to the latest Office client](../setup/upgrade-users-to-latest-office-client.md) (article)
admin Change Address Contact And More https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/change-address-contact-and-more.md
You can change your email signature in Outlook Web App. For more information, se
## Related content
-[Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e) (article)
-
-[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (article)
-
+[Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e) (article)\
+[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (article)\
[Configure email forwarding in Microsoft 365](../email/configure-email-forwarding.md) (article)
admin Language Translation For Message Center Posts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/language-translation-for-message-center-posts.md
To set Message center posts to automatically machine-translate and display in yo
## Related content
-[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)
-
-[What subscription do I have?](../admin-overview/what-subscription-do-i-have.md) (article)
-
+[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)\
+[What subscription do I have?](../admin-overview/what-subscription-do-i-have.md) (article)\
[Stay on top of changes](../manage/stay-on-top-of-updates.md) (article)
admin Manage Addins In The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-addins-in-the-admin-center.md
If the deployed add-in doesn't support add-in commands or if you want to view al
## Related content
-[Deploy add-ins in the admin center](./manage-deployment-of-add-ins.md) (article)
-
-Learn more about creating and building [Office Add-ins](/office/dev/add-ins/overview/office-add-ins) (article)
-
-[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md) (article)
-
-[Troubleshoot: User not seeing add-ins](/office365/troubleshoot/access-management/user-not-seeing-add-ins) (article)
-
+[Deploy add-ins in the admin center](./manage-deployment-of-add-ins.md) (article)\
+Learn more about creating and building [Office Add-ins](/office/dev/add-ins/overview/office-add-ins) (article)\
+[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md) (article)\
+[Troubleshoot: User not seeing add-ins](/office365/troubleshoot/access-management/user-not-seeing-add-ins) (article)\
[Minors and acquiring add-ins from the Microsoft Store](./minors-and-acquiring-addins-from-the-store.md) (article)
admin Manage Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
Updates for add-ins happen as follows:
## Related content
-[Manage add-ins in the admin center](manage-addins-in-the-admin-center.md) (article)
-
-[Build your first Word task pane add-in](/office/dev/add-ins/quickstarts/word-quickstart?tabs=yeomangenerator) (article)
-
-[Minors and acquiring add-ins from the store](minors-and-acquiring-addins-from-the-store.md) (article)
-
-[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md) (article)
-
+[Manage add-ins in the admin center](manage-addins-in-the-admin-center.md) (article)\
+[Build your first Word task pane add-in](/office/dev/add-ins/quickstarts/word-quickstart?tabs=yeomangenerator) (article\
+[Minors and acquiring add-ins from the store](minors-and-acquiring-addins-from-the-store.md) (article)\
+[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md) (article)\
[Troubleshoot: User not seeing add-ins](/office365/troubleshoot/access-management/user-not-seeing-add-ins) (article)
admin Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
For an overview of Message center, see [Message center in Microsoft 365](message
## Related content
-[Set up the Standard or Targeted release options](../manage/release-options-in-office-365.md) (article)
-
-[Manage which Office features appear in What's New](../manage/show-hide-new-features.md) (article)
-
-[Business subscriptions and billing documentation](../../commerce/index.yml) (links)
+[Set up the Standard or Targeted release options](../manage/release-options-in-office-365.md) (article)\
+[Manage which Office features appear in What's New](../manage/show-hide-new-features.md) (article)\
+[Business subscriptions and billing documentation](../../commerce/index.yml) (link page)
admin Send Email As Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/send-email-as-distribution-list.md
Before you perform these steps, make sure you've been added to a Microsoft 365 d
[Create, edit, or delete a security group in the Microsoft 365 admin center](../email/create-edit-or-delete-a-security-group.md) (article)\ [Email collaboration](../email/email-collaboration.md) (article)\
-[Add a user or contact to a distribution group](../email/add-user-or-contact-to-distribution-list.md)
+[Add a user or contact to a distribution group](../email/add-user-or-contact-to-distribution-list.md) (article)
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
Follow the steps below if you want to set user passwords to expire after a speci
## Important things you need to know about the password expiration feature -- People who only use the Outlook app won't be forced to reset their Microsoft 365 password until it expires in the cache. This can be several days after the actual expiration date. There's no workaround for this at the admin level.
+People who only use the Outlook app won't be forced to reset their Microsoft 365 password until it expires in the cache. This can be several days after the actual expiration date. There's no workaround for this at the admin level.
## Prevent last password from being used again
To learn how to update password policy for a specific domain or tenant, see [Set
## Related content
-[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)
-
+[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)\
[Reset passwords](../add-users/reset-passwords.md) (article)
admin Share Calendars With External Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/share-calendars-with-external-users.md
You can enable calendar sharing for all users in your organization in the Micros
## Invite people to access calendars
-Once sharing is enabled, calendar owners can extend invitations to specific users. See [Sharing your calendar in Outlook Web App](https://support.microsoft.com/office/7ecef8ae-139c-40d9-bae2-a23977ee58d5) for instructions.
+Once sharing is enabled, calendar owners can extend invitations to specific users. For instructions, see [Sharing your calendar in Outlook Web App](https://support.microsoft.com/office/7ecef8ae-139c-40d9-bae2-a23977ee58d5).
## Related content
-[Turn external sharing on or off for a site](/sharepoint/change-external-sharing-site) (article)
-
-[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)
-
+[Turn external sharing on or off for a site](/sharepoint/change-external-sharing-site) (article)\
+[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)\
[Manage email and calendars](../email/index.yml) (link page)
admin Upgrade Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
There are some cases in which though DL is eligible but could not be upgraded. T
### What happens to the DL if the upgrade from EAC fails? The upgrade will happen only when the call is submitted to the server. If the upgrade fails, your DLs will be intact. They will work like they used to.+
+## Related content
+
+[Compare groups](../create-groups/compare-groups.md) (article)\
+[Explaining Microsoft 365 Groups to your users](../create-groups/explain-groups-knowledge-worker.md) (article)\
+[Add or remove members from Microsoft 365 groups using the admin center](../create-groups/add-or-remove-members-from-groups.md)
admin Use Qr Code Download Outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md
description: "Learn how to use a QR code to authenticate and download Outlook mo
# Use a QR code to sign-in to the Outlook mobile apps > [!IMPORTANT]
-> This feature is only available to organizations who have turned on Targeted Release in the Microsoft 365 admin center. To turn on Targeted release and learn more about how it works, see [Set up the Standard or Targeted release options](release-options-in-office-365.md). WeΓÇÖll be expanding to more organizations in the coming weeks through public preview. Public preview provides early access to Microsoft 365 features.
+> This feature is only available to organizations that have turned on Targeted Release in the Microsoft 365 admin center. To turn on Targeted release and learn more about how it works, see [Set up the Standard or Targeted release options](release-options-in-office-365.md). WeΓÇÖll be expanding to more organizations in the coming weeks through public preview. Public preview provides early access to Microsoft 365 features.
As the Microsoft 365 administrator, you can enable your users to sign in to Outlook for Android or iOS app on their mobile devices without having to enter their username and password. By scanning a QR code, users can securely authenticate and sign in to Outlook mobile. In Outlook on the web or other desktop Outlook applications, users may see notifications informing them that they can use Outlook on their mobile device. These notifications can be managed by the administrator using Exchange Powershell. If users choose to send themselves an SMS text message to download the app on their mobile device, a QR code will appear on their computer. They will be able to scan the QR code to log into Outlook on their phone or tablet. This QR code is a short lived token that can only be redeemed once. > [!NOTE]
-> In some cases, your users will have to re-authenticate on their computer to generate the QR code.
+> In some cases, your users must re-authenticate on their computer to generate the QR code.
## Use Exchange PowerShell This feature is on by default. To disable this feature, follow the steps below. 1. [Connect to Exchange PowerShell](/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps).
-2. Using PowerShell, you can disable the notifications informing your users about the Outlook mobile apps. This will also prevent the QR code sign-in flow from being shown.
+2. Using PowerShell, you can disable the notifications informing your users about the Outlook mobile apps. This also prevents the QR code sign-in flow from being shown.
```powershell Set-OrganizationConfig -MobileAppEducationEnabled <Boolean> ```
-Related topics
+## Related content
-[Set-OrganizationConfig](/powershell/module/exchange/set-organizationconfig?view=exchange-ps)
+[Set up the Standard or Targeted release options](release-options-in-office-365.md) (article)\
+[Set-OrganizationConfig](/powershell/module/exchange/set-organizationconfig?view=exchange-ps) (article)
admin Become The Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/become-the-admin.md
If you are an admin and want to take over an unmanaged tenant created by a self-
## Related content
-YouTube: [3 steps to do an IT Admin Takeover for Power BI and Microsoft 365](https://www.youtube.com/watch?v=xt5EsrQBZZk) (video)
-
-[Admin takeover in Azure AD](/azure/active-directory/users-groups-roles/domains-admin-takeover) (article)
-
-[Using self-service sign up in your organization](self-service-sign-up.md) (article)
-
+YouTube: [3 steps to do an IT Admin Takeover for Power BI and Microsoft 365](https://www.youtube.com/watch?v=xt5EsrQBZZk) (video)\
+[Admin takeover in Azure AD](/azure/active-directory/users-groups-roles/domains-admin-takeover) (article)\
+[Using self-service sign up in your organization](self-service-sign-up.md) (article)\
[Understanding the Power BI service administrator role](/power-bi/service-admin-role) (article)
admin Cortana Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
For services governed by the [Microsoft Services Agreement](https://go.microsoft
## Related content
-[Cortana voice assistance in Teams](/microsoftteams/cortana-in-teams) (article)
-
-[Configure Cortana in Windows 10](/windows/configuration/cortana-at-work/cortana-at-work-overview) (article)
-
+[Cortana voice assistance in Teams](/microsoftteams/cortana-in-teams) (article)\
+[Configure Cortana in Windows 10](/windows/configuration/cortana-at-work/cortana-at-work-overview) (article)\
[What can you do with Play My Emails from Cortana?](https://support.microsoft.com/help/4558256)
admin Mailbox Not Found Error https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/mailbox-not-found-error.md
Your admin can assign a license to your account by following these steps:
## Related content
-[Add another email alias for a user](../email/add-another-email-alias-for-a-user.md) (article)
-
-[Configure email forwarding in Microsoft 365](../email/configure-email-forwarding.md) (article)
-
+[Add another email alias for a user](../email/add-another-email-alias-for-a-user.md) (article)\
+[Configure email forwarding in Microsoft 365](../email/configure-email-forwarding.md) (article)\
[Create a shared mailbox](../email/create-a-shared-mailbox.md) (article)
admin Password Policy Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md
To learn more, see [Set up multi-factor authentication](../security-and-complian
Risk-based multi-factor authentication ensures that when our system detects suspicious activity, it can challenge the user to ensure that they are the legitimate account owner.
-## Want to know more? Recommended reading
+## Next steps
+
+Want to know more about managing passwords? Here is some recommended reading:
- [Do Strong Web Passwords Accomplish Anything?](https://go.microsoft.com/fwlink/p/?linkid=861008)
Risk-based multi-factor authentication ensures that when our system detects susp
## Related content
-[Reset passwords](../add-users/reset-passwords.md) (article)
-
-[Set an individual user's password to never expire](../add-users/set-password-to-never-expire.md) (article)
-
-[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)
-
+[Reset passwords](../add-users/reset-passwords.md) (article)\
+[Set an individual user's password to never expire](../add-users/set-password-to-never-expire.md) (article)\
+[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)\
[Resend a user's password - Admin Help](../add-users/resend-user-password.md) (article)
admin Pilot Microsoft 365 From My Custom Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/pilot-microsoft-365-from-my-custom-domain.md
localization_priority: Priority - Adm_O365-+ search.appverid: - BCS160 - MET150
Follow these steps to set up a Microsoft 365 pilot:
3. Select the services you want to test with your domain, like email and instant messaging.
-5. On the **Verify** domain page, follow the step-by-step instructions, amd then select **Verify**.
+4. On the **Verify** domain page, follow the step-by-step instructions, amd then select **Verify**.
It takes between a few minutes and 72 hours for DNS changes to take effect.
Follow these steps to set up a Microsoft 365 pilot:
1. In the Exchange admin center, in the **Mail flow** section, select **Accepted domains**, and then select the domain you want to modify.
-2. Double-click to open the window, and then select **Internal Relay**.
+2. Double-click to open the window, and then select **Internal Relay**.
3. Select **Save**.
Follow these steps to set up a Microsoft 365 pilot:
Microsoft 365 uses Exchange Online Protection (EOP) for spam protection. EOP might block your existing mail server if it detects a high volume of spam being forwarded by your current mail server. If you trust the spam protection for your other email provider, you can unblock the server in Microsoft 365. > [!NOTE]
-> Unblocking your existing email server allows any spam that arrives through your original server to come to the Microsoft 365 mailboxes, and you canΓÇÖt evaluate how well Microsoft 365 prevents spam.
+> Unblocking your existing email server allows any spam that arrives through your original server to come to the Microsoft 365 mailboxes, and you can't evaluate how well Microsoft 365 prevents spam.
1. In the Exchange admin center navigation pane, select **Protection**, and then select **Connection filter**.
-2. In the **IP Allow list**, select **+**, and add the mail server IP address for your current email provider.
+2. In the **IP Allow list**, select **+**, and add the mail server IP address for your current email provider.
### Step 5: Create user accounts and set the primary reply-to address
Microsoft 365 uses Exchange Online Protection (EOP) for spam protection. EOP mig
For each account, select **+ Add a user**, and fill out the required information, including the password method you want to test.
- To ensure a userΓÇÖs email stays the same, the **User name** field must match the userΓÇÖs current email address.
+ To ensure a user's email stays the same, the **User name** field must match the user's current email address.
-3. Choose the appropriate license, click **Next**, and then click **Finish adding**.
+3. Choose the appropriate license, click **Next**, and then click **Finish adding**.
-4. Next to **User name**, select your custom domain name from the drop-down list.
+4. Next to **User name**, select your custom domain name from the drop-down list.
5. Select **Create** > **Close**.
There are two steps for this:
Make sure you have completed the following in Microsoft 365 or Office 365:
-1. To set up connectors, you need permissions assigned before you can begin. To check what permissions you need, see the Microsoft 365 and Office 365 connectors entry in the [Feature permissions in EOP](https://docs.microsoft.com/microsoft-365/security/office-365-security/feature-permissions-in-eop) topic.
+1. To set up connectors, you need permissions assigned before you can begin. To check what permissions you need, see the Microsoft 365 and Office 365 connectors entry in the [Feature permissions in Exchange Online](/exchange/permissions-exo/feature-permissions) topic.
2. If you want EOP or Exchange Online to relay email from your email servers to the Internet, either:
When you complete this step, all email sent to usera@yourcompany.com and userb@y
Because you are moving only two test users, and User A and User B are both using Outlook, you can move the email by opening the old .PST file in the new Outlook profile and copying the messages, calendar items, contacts, and so on. For more information, see [Import email, contacts, and calendar from an Outlook .pst file](https://support.microsoft.com/office/import-email-contacts-and-calendar-from-an-outlook-pst-file-431a8e9a-f99f-4d5f-ae48-ded54b3440ac).
-After theyΓÇÖre imported to the appropriate locations in the Microsoft 365 mailbox, the items can be accessed from any device, anywhere.
+After they're imported to the appropriate locations in the Microsoft 365 mailbox, the items can be accessed from any device, anywhere.
admin Enable Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/enable-modern-authentication.md
To disable modern authentication on a device, set the following registry keys on
## Related content
-[Sign in to Office 2013 with a second verification method](https://support.microsoft.com/office/2b856342-170a-438e-9a4f-3c092394d3cb) (article)
-
+[Sign in to Office 2013 with a second verification method](https://support.microsoft.com/office/2b856342-170a-438e-9a4f-3c092394d3cb) (article)\
[Outlook prompts for password and doesn't use Modern Authentication to connect to Office 365](/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled) (article)
admin Multi Factor Authentication Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
In the Azure portal, you can:
In the Microsoft 365 admin center, you can configure per-user and service MFA settings.
-## Your next step
+## Next steps
[Set up MFA for Microsoft 365](set-up-multi-factor-authentication.md)
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
For more information, see [Safe Links in Microsoft Defender for Office 365](../.
## Related content
-[Multi-factor authentication for Microsoft 365](multi-factor-authentication-microsoft-365.md) (article)
-
-[Manage and monitor priority accounts](../setup/priority-accounts.md) (article)
-
-[Microsoft 365 Reports in the admin center](../activity-reports/activity-reports.md) (video)
+[Multi-factor authentication for Microsoft 365](multi-factor-authentication-microsoft-365.md) (article)\
+[Manage and monitor priority accounts](../setup/priority-accounts.md) (article)\
+[Microsoft 365 Reports in the admin center](../activity-reports/activity-reports.md) (video)
admin Set Up Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md
If you have previously turned on per-user MFA, you must turn it off before enabl
## Related content
-[Turn on multi-factor authentication](../../business-video/turn-on-mfa.md) (video)
-
+[Turn on multi-factor authentication](../../business-video/turn-on-mfa.md) (video)\
[Turn on multi-factor authentication for your phone](../../business-video/set-up-mfa.md) (video)
admin Add Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-domain.md
If you have a website that you use with your business, it will keep working wher
## Related content
-[Domains FAQ](domains-faq.yml) (article)
-
-[What is a domain?](../get-help-with-domains/what-is-a-domain.md) (article)
-
-[Buy a domain name in Microsoft 365](../get-help-with-domains/buy-a-domain-name.md) (article)
-
+[Domains FAQ](domains-faq.yml) (article)\
+[What is a domain?](../get-help-with-domains/what-is-a-domain.md) (article)\
+[Buy a domain name in Microsoft 365](../get-help-with-domains/buy-a-domain-name.md) (article)\
[Set up your domain](../get-help-with-domains/set-up-your-domain-host-specific-instructions.md) (article)
admin Create Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md
Check out [Distribution group issues](/office365/troubleshoot/groups/distributio
## Related content
-[User email settings](../email/office-365-user-email-settings.md) (article)
-
-[Create, edit, or delete a security group in the Microsoft 365 admin center](../email/create-edit-or-delete-a-security-group.md) (article)
-
+[User email settings](../email/office-365-user-email-settings.md) (article)\
+[Create, edit, or delete a security group in the Microsoft 365 admin center](../email/create-edit-or-delete-a-security-group.md) (article)\
[Create a shared mailbox](../email/create-a-shared-mailbox.md) (article)
admin Create Signatures And Disclaimers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md
description: "Manage email signatures, including legal disclaimers or disclosure
You can manage email signatures by adding an email signature, legal disclaimer, or disclosure statement to the email messages that enter or leave your organization. You can set it up to apply to all incoming and outgoing messages as shown below. Or you can apply it to certain messages like those containing specific words or text patterns.
- Watch a short video about creating a company-wide email signature. <br><br>
+## Watch: Create a company-wide email signature
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1IEWf]
For information about using PowerShell, see [Organization-wide message disclaime
## Related content
-[Migrate email and contacts to Microsoft 365](migrate-email-and-contacts-admin.md) (video)
-
-[User email settings](../email/office-365-user-email-settings.md) (article)
-
+[Migrate email and contacts to Microsoft 365](migrate-email-and-contacts-admin.md) (video)\
+[User email settings](../email/office-365-user-email-settings.md) (article)\
[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)
admin Customize Sign In Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-sign-in-page.md
The following figure shows which parts of the sign-in page can be modified in Az
In addition to the sign-in page, you can customize the Access Panel page in Azure.
+## Next steps
+ If you are ready to add branding, explore the customization options in the Azure content set: [Add company branding to your Sign-in and Access Panel pages](/azure/active-directory/fundamentals/customize-branding). ## Related content
admin Customize Your Organization Theme https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-your-organization-theme.md
The recommended contrast ratio between text, icon or button color and background
### If I define a theme, which places in Microsoft 365 will this be used?
-Any theme will be appear in the top navigation bar for everyone in the organization as part of the Microsoft 365 suite header.
+Any theme appears in the top navigation bar for everyone in the organization as part of the Microsoft 365 suite header.
## Related content
-[Add custom tiles to the My apps page and app launcher](../manage/customize-the-app-launcher.md) (article)
-
+[Add custom tiles to the My apps page and app launcher](../manage/customize-the-app-launcher.md) (article)\
[Overview of Microsoft 365 Groups for administrators](../create-groups/office-365-groups.md) (article)
admin Migrate Email And Contacts Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/migrate-email-and-contacts-admin.md
search.appverid:
- MOL140 - MOW150 ms.assetid: a3e3bddb-582e-4133-8670-e61b9f58627e
-description: Learn to import contacts, calendars, and emails from Gmail or another email provider and migrate them to Microsoft 365.
+description: "Learn to import contacts, calendars, and emails from Gmail or another email provider and migrate them to Microsoft 365."
# Migrate email and contacts to Microsoft 365
Follow these steps to import or migrate email, contacts, and calendar from Gmail
- [Import contacts to Outlook](https://support.microsoft.com/office/bb796340-b58a-46c1-90c7-b549b8f3c5f8) - [Import Google Calendar](https://support.microsoft.com/office/098ed60c-936b-41fb-83d6-7e3786437330)+
+## Watch: Import calendars
> [!VIDEO https://www.microsoft.com/videoplayer/embed/c1e45708-9a92-475b-910b-f5aa40614d92?autoplay=false]
Need more detailed steps? See [Add an account](https://support.microsoft.com/off
## Multiple mailboxes: Admins can bulk import email, contacts, and calendars to Microsoft 365
-Depending on your source email system, you can choose from several bulk migration methods. Read [Ways to migrate multiple email accounts to Microsoft 365](/Exchange/mailbox-migration/mailbox-migration) to decide which method works for you.
+Depending on your source email system, you can choose from several bulk migration methods. Read [Ways to migrate multiple email accounts to Microsoft 365](/Exchange/mailbox-migration/mailbox-migration) to decide which method works for you.
+
+## Related content
+
+[Plan your setup of Microsoft 365 for business](plan-your-setup.md) (article)\
+[Install Office applications](install-applications.md) (link page)\
+[Overview of the Microsoft 365 admin center](../../business-video/admin-center-overview.md) (video)
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
description: Learn how to use OneDrive and a team site for Microsoft 365 storage
One of the best ways to set up file storage and sharing for your business is to use OneDrive and a team site together. This is ideal if you have a small business with a few employees.
-Watch a short video about storing files in the Microsoft 365 cloud.<br><br>
+## Watch: Where to store files in Office 365
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FTHX]
You can enable third-party storage for your users in Microsoft 365 so they can s
## Related content
-[Add storage space for your subscription](../../commerce/add-storage-space.md) (article)
-
-[Share files and folders with Microsoft 365 Business](https://support.microsoft.com/office/share-files-and-folders-with-microsoft-365-business-72f26d6c-bf9e-432c-8b96-e3c2437f5b65) (video)
-
+[Add storage space for your subscription](../../commerce/add-storage-space.md) (article)\
+[Share files and folders with Microsoft 365 Business](https://support.microsoft.com/office/share-files-and-folders-with-microsoft-365-business-72f26d6c-bf9e-432c-8b96-e3c2437f5b65) (video)\
[Customize your team site for file storage and sharing](customize-team-site.md) (article)
admin Setup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md
To set up services, you have to update some records at your DNS host or domain r
3. Enter your Microsoft email address and select **Connect**.
+## Watch: Set up Outlook for email
+ > [!VIDEO https://www.microsoft.com/videoplayer/embed/9fe86884-8a83-42cc-bca9-61a12e6dad31?autoplay=false] More at [Set up Outlook for email](https://support.microsoft.com/office/f5bf0cd1-e1f3-4b0d-a022-ecab17efe86f).
If you were using Outlook with another email account, you can import your previo
This time, select **Import from another program or file** and follow the steps to import the backup file you created when you exported your old email.
+## Watch: Import and redirect email
+ > [!VIDEO https://www.microsoft.com/videoplayer/embed/40f7df36-9e24-44e5-8791-e9ed0dd8fd21?autoplay=false] More at [Import email with Outlook](https://support.microsoft.com/office/6a3771d4-4c1d-4a25-92a6-0b8e476335de).
Microsoft 365 doesn't include a public website for your business. If you want to
2. Select **Learn more** under one of the options, and then sign up with a website partner and use their tools to set up and design your site.
+## Watch: Create your business website
+ > [!VIDEO https://www.microsoft.com/videoplayer/embed/4839abc6-9323-4cbf-a79d-2907235f9ebb] ## Related content
admin Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup.md
Not a business? See [Set up for Microsoft 365 Family or Microsoft 365 Personal](
- [Set up Microsoft Business Standard](setup-business-standard.md) - [Set up Microsoft 365 Business Premium](../../business/set-up.md) - [Set up Microsoft 365 Apps for business](setup-apps-for-business.md)+
+## Related content
+
+[Get started](../setup/index.yml) (link page)\
+[How to sign up - Admin Help](../admin-overview/sign-up-for-office-365.md) (video)\
+[Try or buy a Microsoft 365 for business subscription](../../commerce/try-or-buy-microsoft-365.md) (article)
admin Azerbaijan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/support/azerbaijan.md
## Phone number 01 24 37 35 55
-Select option 9
+Press 2 for business
-Enter code 7706
+Press 1 for Microsoft 365
## Hours ### Billing Support:
admin Belarus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/support/belarus.md
## Phone number 8 820 0071 0003
-Select option 9
+Press 2 for business
-Enter code 7707
+Press 1 for Microsoft 365
## Hours ### Billing Support:
admin Georgia https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/support/georgia.md
## Phone number 032 297 0124
-Select option 2
+Press 2 for business
-Select option 9
-
-Enter code 7700
+Press 1 for Microsoft 365
## Hours ### Billing Support:
admin Kenya https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/support/kenya.md
## Phone number 020 286 8800
-Select option 9
+Press 2 for business
-Enter code 7704
+Press 1 for Microsoft 365
## Hours ### Billing Support:
admin Nigeria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/support/nigeria.md
## Phone number 01 912 5070
-Select option 9
+Press 2 for business
-Enter code 7705
+Press 1 for Microsoft 365
## Hours ### Billing Support:
admin Enable Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/enable-usage-analytics.md
description: "Learn how to start collecting data for your tenant by using the Mi
Microsoft 365 usage analytics is not yet available for Microsoft 365 US Government Community.
-## Steps to enable Microsoft 365 usage analytics
+## Before you begin
To get started with Microsoft 365 usage analytics you must first make the data available in the Microsoft 365 admin center, then initiate the template app in Power BI.
-### Get Power BI
+## Get Power BI
If you don't already have Power BI, you can [sign up for Power BI Pro](https://go.microsoft.com/fwlink/p/?linkid=845347). Select **Try free** to sign up for a trial, or **Buy now** to get Power BI Pro.
You can also expand **Products** to buy a version of Power BI.
To share your data, both you and the people who you share the data with, need a Power BI Pro license, or the content needs to be in a workspace in a [Power BI premium service](/power-bi/service-premium-what-is).
-### Enable the template app
+## Enable the template app
To enable the template app, you have to be a **Global administrator**.
See [about admin roles](../add-users/about-admin-roles.md) for more information.
The data collection process will complete in two to 48 hours depending on the size of your tenant. The **Go to Power BI** button will be enabled (no longer gray) when data collection is complete.
-### Start the template app
+## Start the template app
To start the template app, you have to be either a **global administrator**, **report reader**, **Exchange administrator**, **Skype for Business administrator**, or **SharePoint administrator**.
To make the data that is collected for all reports anonymous, you have to be a g
## Related content
-[About usage analytics](usage-analytics.md) (article)
-
-[Get the latest version of usage analytics](get-the-latest-version-of-usage-analytics.md) (article)
-
+[About usage analytics](usage-analytics.md) (article)\
+[Get the latest version of usage analytics](get-the-latest-version-of-usage-analytics.md) (article)\
[Navigate and utilize the reports in Microsoft 365 usage analytics](navigate-and-utilize-reports.md) (article)
admin Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/usage-analytics.md
Yes, see [Make the collected data anonymous](enable-usage-analytics.md#make-the-
## Related content
-[Enable Microsoft 365 usage analytics](enable-usage-analytics.md) (article)
-
-[Navigate and utilize the reports in Microsoft 365 usage analytics](navigate-and-utilize-reports.md) (article)
-
+[Enable Microsoft 365 usage analytics](enable-usage-analytics.md) (article)\
+[Navigate and utilize the reports in Microsoft 365 usage analytics](navigate-and-utilize-reports.md) (article)\
[Review usage reports in Microsoft 365](../../business-video/act-on-report.md) (video)
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
And if you'd like to know what's new with other Microsoft cloud
- [Office updates](/OfficeUpdates/) - [How to check Windows release health](/windows/deployment/update/check-release-health)
+## May 2021
+
+### Admin mobile app
+
+### Keep track of support ticket updates using the Admin mobile app
+
+For all the service requests created in your tenant you can now keep track of the ticket status, view ticket details and provide / request additional information by adding notes & attachments.
++
+### Stay on top of all the major updates to the app and your Microsoft 365 subscription
+
+- Stay on top of all the major updates to your Microsoft 365 subscription through Message Center push notifications (now enabled by default).
+
+- Keep track of the latest features available in the app using the **What's New** section. Go to **Settings** > **WhatΓÇÖs new?**
++ ## April 2021 ### Admin mobile app
business-video Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/get-help-support.md
description: "You must be an admin for a business subscription to get admin help
# Get support
+## Watch: Get help or support
+ > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOgo?autoplay=false] Need to speak to someone right away? Admins, have your account details ready when you call Support.
You can also [search the Microsoft 365 for business community forums](https://go
## Related content
-[Find docs and training](find-help-answers.md) (article)
-
-[Employee quick setup](employee-quick-setup.md) (article)
-
+[Find docs and training](find-help-answers.md) (article)\
+[Employee quick setup](employee-quick-setup.md) (article)\
[Overview of Microsoft 365 Business Premium setup](setup-overview.md) (video)
business Add Autopilot Devices And Profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/add-autopilot-devices-and-profile.md
Devices must meet these requirements:
## Use the setup guide to create devices and profiles
-[![Label to let you know the admin center is changing and you can find more details at aka.ms/aboutM365preview.](../media/m365admincenterchanging.png)](/office365/admin/microsoft-365-admin-center-preview)
- If you haven't created device groups or profiles yet, the best way to get started is by using the step-by-step guide. You can also [add devices](create-and-edit-autopilot-devices.md) and [assign profiles](create-and-edit-autopilot-profiles.md) to them without using the guide. 1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">https://admin.microsoft.com</a>.
business Manage Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/manage-windows-devices.md
description: "Learn how to enable Microsoft 365 to protect local Active-Director
If your organization uses Windows Server Active Directory on-premises, you can set up Microsoft 365 Business Premium to protect your Windows 10 devices, while still maintaining access to on-premises resources that require local authentication. To set up this protection, you can implement **Hybrid Azure AD joined devices**. These devices are joined to both your on-premises Active Directory and your Azure Active Directory.
+## Watch: Configure Hybrid Azure Active Directory join
+ This video describes the steps for how to set this up for the most common scenario, which is also detailed in the steps that follow. > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3C9hO]
+## Before you begin
-## Before you get started, make sure you complete these steps:
- Synchronize users to Azure AD with Azure AD Connect. - Complete Azure AD Connect Organizational Unit (OU) sync. - Make sure all the domain users you sync have licenses to Microsoft 365 Business Premium.
At this point you should be able to see the policy **Enable automatic MDM enroll
## Related content
-[Synchronize domain users to Microsoft 365](manage-domain-users.md) (article)
-
-[Create a group in the admin center](../admin/create-groups/create-groups.md) (article)
-
+[Synchronize domain users to Microsoft 365](manage-domain-users.md) (article)\
+[Create a group in the admin center](../admin/create-groups/create-groups.md) (article)\
[Tutorial: Configure hybrid Azure Active Directory join for managed domains](/azure/active-directory/devices/hybrid-azuread-join-managed-domains.md) (article)
business Set Up Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/set-up-windows-devices.md
For more information on how to upgrade Windows devices to Windows 10 Pro Creator
See [Verify the device is connected to Azure AD](#verify-the-device-is-connected-to-azure-ad) to verify you have the upgrade, or to make sure the upgrade worked.
-Watch a short video about connecting Windows to Microsoft 365.<br><br>
+## Watch: Connect your PC to Microsoft 365 Business
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3yXh3]
commerce Add Storage Space https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/add-storage-space.md
Office 365 Extra File Storage is available for the following subscriptions:
## Related content [Manage site storage limits](/sharepoint/manage-site-collection-storage-limits) (article)\
-[Set the default storage space for OneDrive users](/onedrive/set-default-storage-space)(article)
+[Set the default storage space for OneDrive users](/onedrive/set-default-storage-space) (article)
commerce Understand Your Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
Payment instructions depend on your payment method and are provided at the botto
### Why don't I see Azure prepayment as a payment method?
-Azure prepayment is available as a payment method only for eligible Azure product and services.
-
-## Related content
-
-[Understand your bill or invoice for Microsoft 365 for business](understand-your-invoice2.md) (article)
-
-[Track Microsoft Customer Agreement Azure credit balance](/azure/billing/billing-mca-check-azure-credits-balance) (article)
-
-[Review your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/review-customer-agreement-bill) (article)
-
-[Get started with your Microsoft Customer Agreement billing account](/azure/billing/billing-mca-overview) (article)
-
+Azure prepayment is available as a payment method only for eligible Azure product and services
## Need help? Contact support If you have questions or need help with your Azure credits, <a href="https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest" target="_blank">create a support request with Azure support</a>. If you have questions or need help with your invoice in Microsoft 365 admin center, [contact support for business products](../../business-video/get-help-support.md).+
+## Related content
+
+[Understand your bill or invoice for Microsoft 365 for business](understand-your-invoice2.md) (article)\
+[Track Microsoft Customer Agreement Azure credit balance](/azure/billing/billing-mca-check-azure-credits-balance) (article)\
+[Review your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/review-customer-agreement-bill) (article)\
+[Get started with your Microsoft Customer Agreement billing account](/azure/billing/billing-mca-overview) (article)
commerce Understand Your Invoice2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md
If you pay by invoice, you can add or change the purchase order (PO) number for
## Related content
-[Learn how to find and view your bill or invoice](view-your-bill-or-invoice.md) (article)
-
-[Change your billing addresses](change-your-billing-addresses.md) (article)
-
-[Change your organization's address, technical contact email, and other information](../../admin/manage/change-address-contact-and-more.md) (article)
-
-[Pay for your Microsoft 365 for business subscription](pay-for-your-subscription.md) (article)
-
+[Learn how to find and view your bill or invoice](view-your-bill-or-invoice.md) (article)\
+[Change your billing addresses](change-your-billing-addresses.md) (article)\
+[Change your organization's address, technical contact email, and other information](../../admin/manage/change-address-contact-and-more.md) (article)\
+[Pay for your Microsoft 365 for business subscription](pay-for-your-subscription.md) (article)\
[Minecraft: Education Edition payment options](/education/windows/school-get-minecraft) (article)
commerce Enter Your Product Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/enter-your-product-key.md
If you purchased Microsoft 365 Business Standard from a retail store, this artic
To extend the expiration date or add a license to your existing Microsoft 365 Business Standard subscription, use a new and unused key for the same Microsoft 365 plan. Entering your original Microsoft 365 product key won't work because a key that has already been redeemed can't be used again. See [Add licenses to or extend a subscription paid for using a product key](licenses/add-licenses-using-product-key.md).
-## What's next?
+## Next steps
If you're new to Microsoft 365 for business, learn how to [set up Microsoft 365](../admin/setup/setup.md).
-
-## Still having trouble with product keys?
Check out this list of common errors and solutions: [Problems with your Microsoft 365 for business product key?](product-key-errors-and-solutions.md)
Or, [call Microsoft Support](../business-video/get-help-support.md).
## Related content
-[Upgrade to a different plan](./subscriptions/upgrade-to-different-plan.md) (article)
-
-[What happens to my data and access when my Microsoft 365 for business subscription ends?](./subscriptions/what-if-my-subscription-expires.md) (article)
-
+[Upgrade to a different plan](./subscriptions/upgrade-to-different-plan.md) (article)\
+[What happens to my data and access when my Microsoft 365 for business subscription ends?](./subscriptions/what-if-my-subscription-expires.md) (article)\
[Understand subscriptions and licenses in Microsoft 365 for business](./licenses/subscriptions-and-licenses.md) (article)
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
The table also indicates the Office 365 Enterprise and Office 365 US Government
| Default alert policy | Description | Category | Enterprise subscription | |:--|:--|:--|:--| |**A potentially malicious URL click was detected**|Generates an alert when a user protected by [Safe Links](../security/office-365-security/safe-links.md) in your organization clicks a malicious link. This event is triggered when URL verdict changes are identified by Microsoft Defender for Office 365 or when users override the Safe Links pages (based on your organization's Microsoft 365 for business Safe Links policy). This alert policy has a **High** severity setting. For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md). For more information on events that trigger this alert, see [Set up Safe Links policies](../security/office-365-security/set-up-safe-links-policies.md).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Admin Submission result completed**|Generates an alert when an [Admin Submission](../security/office-365-security/admin-submission.md) completes the rescan of the submitted entity. An alert will be triggered every time a rescan result is rendered from an Admin Submission. These alerts are meant to remind you to [review the results of previous submissions](https://protection.office.com/reportsubmission), submit user reported messages to get the latest policy check and rescan verdicts, and help you determine if the filtering policies in your organization are having the intended impact. This policy has a **Low** severity setting.|Threat management|E1/F1, E3/F3, or E5|
-|**Admin triggered manual investigation of email**|Generates an alert when an admin triggers the manual investigation of an email from Threat Explorer. For more information, see [Example: A security administrator triggers an investigation from Threat Explorer] (https://docs.microsoft.com/microsoft-365/security/office-365-security/automated-investigation-response-office#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). This alert notifies your organization that the investigation was started. The alert provides information about who triggered it and includes a link to the investigation. This policy has an **Informational** severity setting.|Threat management| E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|
-|**Creation of forwarding/redirect rule**|Generates an alert when someone in your organization creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell. This policy has a **Low** severity setting. For more information about using inbox rules to forward and redirect email in Outlook on the web, see [Use rules in Outlook on the web to automatically forward messages to another account](https://support.office.com/article/1433e3a0-7fb0-4999-b536-50e05cb67fed).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
-|**eDiscovery search started or exported**|Generates an alert when someone uses the Content search tool in the Security and compliance center. An alert is triggered when the following content search activities are performed: <br/><br/>* A content search is started<br/>* The results of a content search are exported<br/>* A content search report is exported<br/><br/>Alerts are also triggered when the previous content search activities are performed in association with an eDiscovery case. This policy has a **Medium** severity setting. For more information about content search activities, see [Search for eDiscovery activities in the audit log](search-for-ediscovery-activities-in-the-audit-log.md#ediscovery-activities).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Admin Submission result completed**|Generates an alert when an [Admin Submission](../security/office-365-security/admin-submission.md) completes the rescan of the submitted entity. An alert will be triggered every time a rescan result is rendered from an Admin Submission. These alerts are meant to remind you to [review the results of previous submissions](https://protection.office.com/reportsubmission), submit user reported messages to get the latest policy check and rescan verdicts, and help you determine if the filtering policies in your organization are having the intended impact. This policy has a **Informational** severity setting.|Threat management|E1/F1, E3/F3, or E5|
+|**Admin triggered manual investigation of email**|Generates an alert when an admin triggers the manual investigation of an email from Threat Explorer. For more information, see [Example: A security administrator triggers an investigation from Threat Explorer](../security/office-365-security/automated-investigation-response-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). This alert notifies your organization that the investigation was started. The alert provides information about who triggered it and includes a link to the investigation. This policy has an **Informational** severity setting.|Threat management| E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|
+|**Creation of forwarding/redirect rule**|Generates an alert when someone in your organization creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell. This policy has a **Informational** severity setting. For more information about using inbox rules to forward and redirect email in Outlook on the web, see [Use rules in Outlook on the web to automatically forward messages to another account](https://support.office.com/article/1433e3a0-7fb0-4999-b536-50e05cb67fed).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**eDiscovery search started or exported**|Generates an alert when someone uses the Content search tool in the Security and compliance center. An alert is triggered when the following content search activities are performed: <br/><br/>* A content search is started<br/>* The results of a content search are exported<br/>* A content search report is exported<br/><br/>Alerts are also triggered when the previous content search activities are performed in association with an eDiscovery case. This policy has a **Informational** severity setting. For more information about content search activities, see [Search for eDiscovery activities in the audit log](search-for-ediscovery-activities-in-the-audit-log.md#ediscovery-activities).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
|**Elevation of Exchange admin privilege**|Generates an alert when someone is assigned administrative permissions in your Exchange Online organization. For example, when a user is added to the Organization Management role group in Exchange Online. This policy has a **Low** severity setting.|Permissions|E1/F1/G1, E3/F3/G3, or E5/G5| |**Email messages containing malware removed after delivery**|Generates an alert when any messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md).|Threat management|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription| |**Email messages containing phish URLs removed after delivery**|Generates an alert when any messages containing phish are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Email reported by user as malware or phish**|Generates an alert when users in your organization report messages as phishing email using the Report Message add-in. This policy has an **Informational** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Email reported by user as malware or phish**|Generates an alert when users in your organization report messages as phishing email using the Report Message add-in. This policy has an **Low** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
|**Email sending limit exceeded**|Generates an alert when someone in your organization has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too much email or that the account may be compromised. This policy has a **Medium** severity setting. If you get an alert generated by this alert policy, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5| |**Form blocked due to potential phishing attempt**|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior. This policy has a **High severity** setting.|Threat management|E1, E3/F3, or E5| |**Form flagged and confirmed as phishing**|Generates an alert when a form created in Microsoft Forms from within your organization has been identified as potential phishing through Report Abuse and confirmed as phishing by Microsoft. This policy has a **High** severity setting.|Threat management|E1, E3/F3, or E5|
The table also indicates the Office 365 Enterprise and Office 365 US Government
|**Phish delivered due to an IP allow policy**|Generates an alert when Microsoft detects an IP allow policy that allowed delivery of a high confidence phishing message to a mailbox. This policy has an **Informational** severity setting. For more information about the IP allow policy (connection filtering), see [Configure the default connection filter policy - Office 365](../security/office-365-security/configure-the-connection-filter-policy.md).|Threat management|E5/G5 or Defender for Office 365 P1 or P2 add-on subscription| |**Phish not zapped because ZAP is disabled**| Generates an alert when Microsoft detects delivery of a high confidence phishing message to a mailbox because Zero-Hour Auto Purge for Phish messages is disabled. This policy has an **Informational** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription| |**Phish delivered due to tenant or user override**<sup>1</sup>|Generates an alert when Microsoft detects an admin or user override allowed the delivery of a phishing message to a mailbox. Examples of overrides include an inbox or mail flow rule that allows messages from a specific sender or domain, or an anti-spam policy that allows messages from specific senders or domains. This policy has a **High** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Suspicious email forwarding activity**|Generates an alert when someone in your organization has autoforwarded email to a suspicious external account. This is an early warning for behavior that may indicate the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. It's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Suspicious email forwarding activity**|Generates an alert when someone in your organization has autoforwarded email to a suspicious external account. This is an early warning for behavior that may indicate the account is compromised, but not severe enough to restrict the user. This policy has a **High** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. It's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
|**Suspicious email sending patterns detected**|Generates an alert when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that may indicate that the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5 | |**Tenant restricted from sending email**|Generates an alert when most of the email traffic from your organization has been detected as suspicious and Microsoft has restricted your organization from sending email. Investigate any potentially compromised user and admin accounts, new connectors, or open relays, and then contact Microsoft Support to unblock your organization. This policy has a **High** severity setting. For more information about why organizations are blocked, see [Fix email delivery issues for error code 5.7.7xx in Exchange Online](/Exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-5-7-700-through-5-7-750).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5| |**Unusual external user file activity**|Generates an alert when an unusually large number of activities are performed on files in SharePoint or OneDrive by users outside of your organization. This includes activities such as accessing files, downloading files, and deleting files. This policy has a **High** severity setting.|Information governance|E5/G5, Microsoft Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual volume of external file sharing**|Generates an alert when an unusually large number of files in SharePoint or OneDrive are shared with users outside of your organization. This policy has a **Medium** severity setting.|Information governance|E5/G5, Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual volume of file deletion**|Generates an alert when an unusually large number of files are deleted in SharePoint or OneDrive within a short time frame. This policy has a **Medium** severity setting.|Information governance|E5/G5, Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription|
-|**Unusual increase in email reported as phish**|Generates an alert when there's a significant increase in the number of people in your organization using the Report Message add-in in Outlook to report messages as phishing mail. This policy has a **High** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
+|**Unusual increase in email reported as phish**|Generates an alert when there's a significant increase in the number of people in your organization using the Report Message add-in in Outlook to report messages as phishing mail. This policy has a **Medium** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
|**User impersonation phish delivered to inbox/folder**<sup>1,</sup><sup>2</sup>|Generates an alert when Microsoft detects that an admin or user override has allowed the delivery of a user impersonation phishing message to the inbox (or other user-accessible folder) of a mailbox. Examples of overrides include an inbox or mail flow rule that allows messages from a specific sender or domain, or an anti-spam policy that allows messages from specific senders or domains. This policy has a **Medium** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription| |**User restricted from sending email**|Generates an alert when someone in your organization is restricted from sending outbound mail. This typically results when an account is compromised, and the user is listed on the **Restricted Users** page in the Security & Compliance Center. (To access this page, go to **Threat management > Review > Restricted Users**). This policy has a **High** severity setting. For more information about restricted users, see [Removing a user, domain, or IP address from a block list after sending spam email](/office365/securitycompliance/removing-user-from-restricted-users-portal-after-spam).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5| |**User restricted from sharing forms and collecting responses**|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior. This policy has a **High** severity setting.|Threat management|E1, E3/F3, or E5|
compliance Communication Compliance Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-configure.md
Use the following chart to help you configure groups in your organization for co
| **Policy Member** | **Supported Groups** | **Unsupported Groups** | |:--|:--|:--|
-|Supervised users <br> Non-supervised users | Distribution groups <br> Microsoft 365 Groups | Dynamic distribution groups <br> Nested distribution groups <br> Mail-enabled security groups <br> Microsoft 365 groups with dynamic membership |
+|Supervised users <br> Excluded users | Distribution groups <br> Microsoft 365 Groups | Dynamic distribution groups <br> Nested distribution groups <br> Mail-enabled security groups <br> Microsoft 365 groups with dynamic membership |
| Reviewers | None | Distribution groups <br> Dynamic distribution groups <br> Nested distribution groups <br> Mail-enabled security groups | When you assign a distribution group in the policy, the policy monitors all emails and Teams chats from each user in distribution group. When you assign a Microsoft 365 group in the policy, the policy monitors all emails and Teams chats sent to that group, not the individual emails and chats received by each group member.
compliance Compliance Extensibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-extensibility.md
For the licensing requirements for Advanced eDiscovery and the API, see the "eDi
Enterprise Information Archiving (EIA) for Microsoft Teams is a key scenario for our customers as it allows them to solve for regulatory requirements. In addition to our built-in capabilities for archiving content in Microsoft Teams, customers and partners can now use Teams Export APIs to solve for custom application and integration scenarios. The Teams Export APIs support bulk-export (up to 200 requests per second/per app/per tenant) of Teams messages and message attachments. Deleted messages are also accessible by the API for up to 30 days after they are deleted. For more information about these Teams Export APIs and how to use them in your applications, see [Export content with the Microsoft Teams Export APIs](/microsoftteams/export-teams-content).
-For the licensing requirements for the use of the Teams Export APIs, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+For the licensing requirements for the use of the Teams Export APIs, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+
+### Microsoft Graph Connector APIs (preview)
+
+With [Microsoft Graph connectors](/microsoftsearch/connectors-overview), organizations can index third-party data so it appears in Microsoft Search results. This feature expands the types of content sources that are searchable in your Microsoft 365 productivity apps and the broader Microsoft ecosystem. The third-party data can be hosted on-premises or in public or private clouds. Starting with Advanced eDiscovery, we're enabling developer preview of built-in compliance value of Microsoft 365 connected apps. This enables compliance for apps integrating into the Microsoft 365 ecosystem to empower users with seamless compliance experiences. To learn more about to how to incorporate Microsoft Graph Connector APIs in your apps view, see [Create, update, and delete connections in the Microsoft Graph](/graph/search-index-manage-connections).
+
compliance Define Mail Flow Rules To Encrypt Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email.md
If you haven't yet moved your organization to the new OME capabilities, Microsof
[Add branding to encrypted messages](add-your-organization-brand-to-encrypted-messages.md) [Mail flow rules (transport rules) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules)-
-[Mail flow rules (transport rules) in Exchange Online Protection](../security/office-365-security/mail-flow-rules-transport-rules-0.md)
compliance Dlp On Premises Scanner Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-on-premises-scanner-get-started.md
Last updated audience: ITPro-+ f1_keywords: - 'ms.o365.cc.DLPLandingPage'
compliance Dlp On Premises Scanner Use https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-on-premises-scanner-use.md
Last updated audience: ITPro-+ f1_keywords: - 'ms.o365.cc.DLPLandingPage'
compliance Retention Policies Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
To retain this content when a user attempts to change or delete it, a check is m
A timer job periodically cleans up the Preservation Hold library. For content that has been in the Preservation Hold library for more than 30 days, this job compares the content to all queries used by the retention settings for that content. Content that is older than their configured retention period is then deleted from the Preservation Hold library, and the original location if it is still there. This timer job runs every seven days, which means that together with the minimal 30 days, it can take up to 37 days for content to be deleted from the Preservation Hold library.
-While files are retained in the Preservation Hold library, administrators won't be able to delete the content's SharePoint site or OneDrive account.
- This behavior for copying files into the Preservation Hold library applies to content that exists when the retention settings were applied. In addition, for retention policies, any new content that's created or added to the site after it was included in the policy will be retained in the Preservation Hold library. However, new content isn't copied to the Preservation Hold library the first time it's edited, only when it's deleted. To retain all versions of a file, you must turn on [versioning](#how-retention-works-with-document-versions). Users see an error message if they try to delete a library, list, folder, or site that's subject to retention. They can delete a folder if they first move or delete any files in the folder that are subject to retention.
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
You apply Preservation Lock after the retention policy or retention label policy
Providing your policies for retention don't have a Preservation Lock, you can delete your policies at any time, which effectively turns off the previously applied retention settings. You can also keep the policy, but remove a site for SharePoint or an account for OneDrive, or change the location status to off, or disable the policy.
-When you do any of these actions, any SharePoint or OneDrive content that's subject to retention from the policy continues to be retained for 30 days to prevent inadvertent data loss. During this 30-day grace period, you can't delete the site, deleted files are still retained (files continue to be added to the Preservation Hold library), but the timer job that periodically cleans up the Preservation Hold library is suspended for these files so you can restore them if necessary.
+When you do any of these actions, any SharePoint or OneDrive content that's subject to retention from the policy continues to be retained for 30 days to prevent inadvertent data loss. During this 30-day grace period deleted files are still retained (files continue to be added to the Preservation Hold library), but the timer job that periodically cleans up the Preservation Hold library is suspended for these files so you can restore them if necessary.
For more information about the Preservation Hold library, see [How retention works for SharePoint and OneDrive](retention-policies-sharepoint.md#how-retention-works-for-sharepoint-and-onedrive).
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application version required for each
|[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Let users assign permissions: <br /> - Prompt users](encryption-sensitivity-labels.md#let-users-assign-permissions) |2004+ | 16.35+ | Under review | Under review | Under review | |[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | 16.43+ | 2.46+ | Rolling out: 16.0.13628+ | Yes <sup>\*</sup> |
-|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | 2101+ | Rolling out: 16.45+ | Rolling out: 2.47+ | Rolling out: 16.0.13628+ | Rolling out
+|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | 2101+ | 16.45+ | 2.47+ | 16.0.13628+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md)
|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | Rolling out: 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
When you configure a label policy, you can:
After you create a label policy that assigns new sensitivity labels to users and groups, users start to see those labels in their Office apps. Allow up to 24 hours for the latest changes to replicate throughout your organization.
-There is no limit to the number of sensitivity labels that you can create and publish, with one exception: If the label applies encryption, there is a maximum of 500 labels that you can create. However, as a best practice to lower admin overheads and reduce complexity for your users, try to keep the number of labels to a minimum. Real-world deployments have proved effectiveness to be noticeably reduced when users have more than five main labels or more than five sublabels per main label.
+There is no limit to the number of sensitivity labels that you can create and publish, with one exception: If the label applies encryption that specifies the users and permissions, there is a maximum of 500 labels supported with this configuration. However, as a best practice to lower admin overheads and reduce complexity for your users, try to keep the number of labels to a minimum. Real-world deployments have proved effectiveness to be noticeably reduced when users have more than five main labels or more than five sublabels per main label.
### Label policy priority (order matters)
If you are new to Azure Information Protection, or if you are an existing Azure
> [!NOTE] > Label management for Azure Information Protection labels in the Azure portal was deprecated **March 31, 2021**. Learn more from the official [deprecation notice](https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179).
-If your tenant isn't yet on the [unified labeling platform](https://docs.microsoft.com/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform), you must first activate unified labeling before you can use sensitivity labels. For instructions, see [How to migrate Azure Information Protection labels to unified sensitivity labels](/azure/information-protection/configure-policy-migrate-labels).
+If your tenant isn't yet on the [unified labeling platform](/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform), you must first activate unified labeling before you can use sensitivity labels. For instructions, see [How to migrate Azure Information Protection labels to unified sensitivity labels](/azure/information-protection/configure-policy-migrate-labels).
## Sensitivity labels and the Microsoft Information Protection SDK
compliance Set Up Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-encryption.md
description: "With Office 365, some encryption capabilities are turned on by def
# Set up encryption in Office 365 Enterprise Encryption can protect your content from being read by unauthorized users. Because [encryption in Office 365](encryption.md) can be done using various technologies and methods, there isn't one single place where you turn on or set up encryption. This article provides information about various ways you can set up or configure encryption as part of your information protection strategy.
-
+ > [!TIP] > If you are looking for more technical details about encryption, see [Technical reference details about encryption in Office 365](technical-reference-details-about-encryption.md).
-
+ With Office 365, several encryption capabilities are available by default. Additional encryption capabilities can be configured to meet certain compliance or legal requirements. The following table describes several encryption methods for different scenarios.
-
-|**Scenario**|**Encryption Methods**|
-|:--|:--|
-|Files are saved on Windows computers <br/> |Encryption at the computer level can be done using BitLocker on Windows devices. As an enterprise administrator or IT Pro, you can set this up using the Microsoft Deployment Toolkit (MDT). See [Set up MDT for BitLocker](/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker). <br/> |
-|Files are saved on mobile devices <br/> |Some kinds of mobile devices encrypt files that are saved to those devices by default. With [Capabilities of built-in Mobile Device Management for Office 365](https://support.microsoft.com/en-us/office/capabilities-of-built-in-mobile-device-management-for-microsoft-365-a1da44e5-7475-4992-be91-9ccec25905b0), you can set policies that determine whether to allow mobile devices to access data in Office 365. For example, you can set a policy that allows only devices that encrypt content to access Office 365 data. See [Create and deploy device security policies](https://support.microsoft.com/office/create-and-deploy-device-security-policies-d310f556-8bfb-497b-9bd7-fe3c36ea2fd6). <br/> For additional control over how mobile devices interact with Office 365, you can consider adding [Microsoft Intune](/mem/intune/fundamentals/setup-steps). <br/> |
-|You need control over the encryption keys used to encrypt your data in Microsoft's data centers <br/> | As an Office 365 administrator, you can control your organization's encryption keys and then configure Office 365 to use them to encrypt your data at rest in Microsoft's data centers. <br/> [Service encryption with Customer Key in Office 365](customer-key-overview.md) <br/> |
-|People are communicating via email (Exchange Online) <br/> | As an Exchange Online administrator, you have several options for configuring email encryption. These include: <br/> Using [Office 365 message encryption (OME)](set-up-new-message-encryption-capabilities.md) with Azure Rights Management (Azure RMS) to enable people to send encrypted messages inside or outside your organization <br/> Using [S/MIME for message signing and encryption](../security/office-365-security/s-mime-for-message-signing-and-encryption.md) to encrypt and digitally sign email messages <br/> Using TLS to [set up connectors for secure mail flow with another organization](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner) <br/> See [Email encryption in Office 365](./email-encryption.md). <br/> |
-|Files are accessed from team sites or document libraries (OneDrive for Business or SharePoint Online) <br/> |When people are working with files saved to OneDrive for Business or SharePoint Online, TLS connections are used. This is built into Office 365 automatically. See [Data Encryption in OneDrive for Business and SharePoint Online](./data-encryption-in-odb-and-spo.md). <br/> |
-|Files are shared in online meetings and IM conversations (Skype for Business Online) <br/> |When people are working with files using Skype for Business Online, TLS is used for the connection. This is built into Office 365 automatically. See [Security and Archiving (Skype for Business Online)](/office365/servicedescriptions/skype-for-business-online-service-description/skype-for-business-online-features). <br/> |
-|Files are shared in online meetings and IM conversations (Microsoft Teams) <br/> |When people are working with files using Microsoft Teams, TLS is used for the connection. This is built into Office 365 automatically. Microsoft Teams does not currently support inline rendering of encrypted email. To prevent encrypted email from landing in Microsoft Teams as encrypted, see [Message Encryption FAQ](./ome-faq.yml?view=o365-worldwide&preserve-view=true#can-i-automatically-remove-encryption-on-incoming-and-outgoing-mail-). <br/>
+
+<br>
+
+****
+
+|Scenario|Encryption Methods|
+|||
+|Files are saved on Windows computers|Encryption at the computer level can be done using BitLocker on Windows devices. As an enterprise administrator or IT Pro, you can set this up using the Microsoft Deployment Toolkit (MDT). See [Set up MDT for BitLocker](/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker).|
+|Files are saved on mobile devices|Some kinds of mobile devices encrypt files that are saved to those devices by default. With [Capabilities of built-in Mobile Device Management for Office 365](https://support.microsoft.com/office/capabilities-of-built-in-mobile-device-management-for-microsoft-365-a1da44e5-7475-4992-be91-9ccec25905b0), you can set policies that determine whether to allow mobile devices to access data in Office 365. For example, you can set a policy that allows only devices that encrypt content to access Office 365 data. See [Create and deploy device security policies](https://support.microsoft.com/office/create-and-deploy-device-security-policies-d310f556-8bfb-497b-9bd7-fe3c36ea2fd6). <p> For additional control over how mobile devices interact with Office 365, you can consider adding [Microsoft Intune](/mem/intune/fundamentals/setup-steps).|
+|You need control over the encryption keys used to encrypt your data in Microsoft's data centers|As an Office 365 administrator, you can control your organization's encryption keys and then configure Office 365 to use them to encrypt your data at rest in Microsoft's data centers. <p> [Service encryption with Customer Key in Office 365](customer-key-overview.md)|
+|People are communicating via email (Exchange Online)|As an Exchange Online administrator, you have several options for configuring email encryption. These include: <ul><li>Using [Office 365 message encryption (OME)](set-up-new-message-encryption-capabilities.md) with Azure Rights Management (Azure RMS) to enable people to send encrypted messages inside or outside your organization</li><li>Using [S/MIME](/exchange/security-and-compliance/smime-exo/smime-exo) to encrypt and digitally sign email messages</li><li>Using TLS to [set up connectors for secure mail flow with another organization](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner)</li></ul> <p> See [Email encryption in Office 365](./email-encryption.md).|
+|Files are accessed from team sites or document libraries (OneDrive for Business or SharePoint Online)|When people are working with files saved to OneDrive for Business or SharePoint Online, TLS connections are used. This is built into Office 365 automatically. See [Data Encryption in OneDrive for Business and SharePoint Online](./data-encryption-in-odb-and-spo.md).|
+|Files are shared in online meetings and IM conversations (Skype for Business Online)|When people are working with files using Skype for Business Online, TLS is used for the connection. This is built into Office 365 automatically. See [Security and Archiving (Skype for Business Online)](/office365/servicedescriptions/skype-for-business-online-service-description/skype-for-business-online-features).|
+|Files are shared in online meetings and IM conversations (Microsoft Teams)|When people are working with files using Microsoft Teams, TLS is used for the connection. This is built into Office 365 automatically. Microsoft Teams does not currently support inline rendering of encrypted email. To prevent encrypted email from landing in Microsoft Teams as encrypted, see [Message Encryption FAQ](./ome-faq.yml?view=o365-worldwide&preserve-view=true#can-i-automatically-remove-encryption-on-incoming-and-outgoing-mail-).|
+|
## Additional information
contentunderstanding Solution Manage Contracts In Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/solution-manage-contracts-in-microsoft-365.md
audience: admin Previously updated : 05/10/2021 Last updated : ms.prod: microsoft-365-enterprise search.appverid: localization_priority: None-
-description: "Learn how to manage contracts using a Microsoft 365 solution of SharePoint Syntex, Microsoft Teams, and Power Automate."
+ROBOTS:
+description: "Learn how to manage contracts using a Microsoft 365 solution of SharePoint Syntex, SharePoint Lists, Microsoft Teams, and Power Automate."
# Manage contracts using a Microsoft 365 solution
contentunderstanding Solution Manage Contracts Step1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/solution-manage-contracts-step1.md
audience: admin Previously updated : 05/17/2021 Last updated : ms.prod: microsoft-365-enterprise search.appverid: localization_priority: None-
+ROBOTS:
description: "Learn how to use SharePoint Syntex to identify contract files and extract data by using a Microsoft 365 solution."
contentunderstanding Solution Manage Contracts Step2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/solution-manage-contracts-step2.md
audience: admin Previously updated : 05/19/2021 Last updated : ms.prod: microsoft-365-enterprise search.appverid: localization_priority: None-
+ROBOTS:
description: "Learn how to use Microsoft Teams to create your contract management channel by using a Microsoft 365 solution."
contentunderstanding Solution Manage Contracts Step3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/solution-manage-contracts-step3.md
audience: admin Previously updated : 05/19/2021 Last updated : ms.prod: microsoft-365-enterprise search.appverid: localization_priority: None-
+ROBOTS:
description: "Learn how to use Power Automate to create your flow to process your contracts by using a Microsoft 365 solution."
enterprise Configure Services And Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-services-and-applications.md
If you want help getting Microsoft 365 set up, use **[FastTrack](https://www.mic
|**Services & applications**|**Resources**| |:--|:--| |**Microsoft 365 Suite** |- [Add your company branding to Microsoft 365 Sign In Page](https://support.office.com/article/Add-your-company-branding-to-Office-365-Sign-In-Page-a1229cdb-ce19-4da5-90c7-2b9b146aef0a) <br> - [Add customized help desk info to the Microsoft 365 help pane](https://support.office.com/article/Add-customized-help-desk-info-to-the-Office-365-help-pane-9dd9b104-68f7-4d49-9a30-82561c7d79a3) <br> - [Add integration with Azure AD and other applications](https://support.office.com/article/Integrated-Apps-and-Azure-AD-for-Office-365-administrators-cb2250e3-451e-416f-bf4e-363549652c2a). <br> - [Learn more about using groups](https://support.office.com/Article/Learn-more-about-groups-b565caa1-5c40-40ef-9915-60fdb2d97fa2) to collaborate with email, calendar, documents, and chat <br> - [Activate and use mobile device management in Microsoft 365](https://support.office.microsoft.com/article/Manage-mobile-devices-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd) <br> - [Monitor Microsoft 365 connectivity](monitor-connectivity.md) |
-|**Email** <br> (Exchange Online) | - Get ready to migrate with [Exchange Hybrid using the Exchange Deployment Assistant](https://technet.microsoft.com/exdeploy2013) <br> - Use the [Exchange migration advisor](https://aka.ms/office365setup) to get customized set up guidance <br> - [Set up Exchange Online Protection](../security/office-365-security/set-up-your-eop-service.md) |
+|**Email** <br> (Exchange Online) | - Get ready to migrate with [Exchange Hybrid using the Exchange Deployment Assistant](https://technet.microsoft.com/exdeploy2013) <br> - Use the [Exchange migration advisor](https://aka.ms/office365setup) to get customized set up guidance <br> - [Set up Exchange Online Protection](/exchange/standalone-eop/set-up-your-eop-service) |
|**Sites** <br> (SharePoint Online) | -Configure hybrid functionality for [SharePoint Server 2013](/SharePoint/hybrid/hybrid)<br> - [Create and use site templates](https://support.office.com/article/Create-and-use-site-templates-60371B0F-00E0-4C49-A844-34759EBDD989) to customize the look and feel of SharePoint Online <br> - Use the [SharePoint Online Planning Guide](https://support.office.com/article/SharePoint-Online-Planning-Guide-for-Office-365-for-business-d5089cdf-3fd2-4230-acbd-20ecda2f9bb8) or the [SharePoint Online deployment advisor](https://aka.ms/spoguidance) to plan and configure additional features <br> - Manage your [Video portal](https://support.office.com/article/Manage-your-Office-365-Video-portal-c059465b-eba9-44e1-b8c7-8ff7793ff5da) | |**IM and online meetings** <br> (Skype for Business Online) | - Configure hybrid functionality for [Lync Server 2013](/previous-versions/office/lync-server-2013/lync-server-2013-lync-server-2013-hybrid) or [Skype for Business 2015](/skypeforbusiness/hybrid/plan-hybrid-connectivity?bc=%2fSkypeForBusiness%2fbreadcrumb%2ftoc.json&toc=%2fSkypeForBusiness%2ftoc.json)<br> - [Set up Skype for Business Online](https://support.office.com/article/Set-up-Skype-for-Business-Online-40296968-e779-4259-980b-c2de1c044c6e) and configure common features such as call routing, conference calling, and sharing <br> - Use the [Skype for Business deployment advisor](/MicrosoftTeams/faq-journey) to get customized set up guidance | | **File storage & sharing** <br> (OneDrive for Business and SharePoint Online) | - [Set up Microsoft 365 file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_WhatDif): Learn when you should use OneDrive for Business to store files and when you should use ShharePoint Online team sites <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_MoveDocsVideo): See how easy it is to upload files in OneDrive for Business and your SharePoint team site <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_Store): Get all the steps for uploading files to OneDrive for Business and your team site. Learn tips for file sharing <br> - Use the [OneDrive for Business setup guide](https://aka.ms/OD4Bguidance) to get customized set up guidance |
enterprise During And After Your Data Move https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/during-and-after-your-data-move.md
The following search features are affected:
- Data Loss Protection (DLP): Policies aren't enforced on items that change until crawling picks up the changes.
+As part of the migration, the default region will change and all new content will be stored at rest in the new default region. Existing content will move in the background with no impact to you for up to 90 days after the first change to the SharePoint Online data location in the admin center.
+ ## Microsoft Teams In addition to Exchange Online, SharePoint Online, and OneDrive for Business, Microsoft will migrate Teams chat service data to the local datacenter.
Skype for Business moves are no longer available. [Skype for Business Online wi
[New datacenter geos for Microsoft Dynamics CRM Online](/power-platform/admin/new-datacenter-regions)
-[Azure services by region](https://azure.microsoft.com/regions/)
+[Azure services by region](https://azure.microsoft.com/regions/)
knowledge Manage Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/manage-topics.md
Knowledge managers help to guide discovered topics through the various topic lif
- **Suggested**: A topic has been identified by AI and has enough supporting resources, connections, and properties. (These are marked as a **Suggested Topic** in the UI.) -- **Confirmed**: A topic that has been suggested by AI is validated. Topic validation must be confirmed by a knowledge manager. For a topic to be confirmed, there must be a net of two positive votes received from users who voted using the feedback mechanism on the topic card. For example, if one user voted positive and one user voted negative for a particular topic, you would still need two more positive votes for the topic to be confirmed.
+- **Confirmed**: A topic that has been discovered by AI and has been validated. Topic validation occurs when either:
+
+ - A knowledge manager confirms a topic. A knowledge manager [confirms a topic](manage-topics.md#confirmed-topics) on the **Manage topics** page.
+
+ - Multiple users confirm a topic. There must be a net of two positive votes received from users who voted using the feedback mechanism on the topic card. For example, if one user voted positive and one user voted negative for a particular topic, you would still need two more positive votes for the topic to be confirmed.
-- **Published**: A confirmed topic that has been curated: manual edits have been made to improve its quality.
+- **Published**: A topic that has been curated. Manual edits have been made to improve its quality, or it has been created by a user.
+
+- **Removed**: A topic that has been rejected and will no longer be visible to viewers. A topic can be removed in any state (suggested, confirmed, or published). Topic removal occurs when either:
+
+ - A knowledge manager removes a topic. A knowledge manager removes a topic on the **Manage topics** page.
+
+ - Multiple users cast negative votes using the feedback mechanism on the topic card. For a topic to be removed, there must be a net of two negative votes received from users. For example, if one user voted negative and one user voted positive for a particular topic, you would still need two more negative votes for the topic to be removed.
-- **Removed**: A topic is rejected by a knowledge manager and will no longer be visible to viewers. A topic can be removed in any state (suggested, confirmed, or published). For a topic to be removed, there must be a net of two negative votes received from users who voted using the feedback mechanisms on the topic card. For example, if one user voted negative and one user voted positive for a particular topic, you would still need two more negative votes for the topic to be removed. When a published topic is removed, the page with the curated details will need to be deleted manually through the Pages Library of the topic center.
+ When a published topic is removed, the page with the curated details will need to be deleted manually through the Pages Library of the topic center.
> [!Note] > On the **Manage topics** page, each knowledge manager will only be able to see topics where they have access to the underlying files and pages connected to the topic. This permission trimming will be reflected in the list of topics that appear in the **Suggested**, **Confirmed**, **Published**, and **Removed** tabs. The topic counts, however, show the total counts in the organization regardless of permissions.
learning Set Up Teams Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/learning/set-up-teams-admin-center.md
Previously updated : 05/12/2021 Last updated : 05/24/2021 audience: admin
description: "Learn how to configure Microsoft Viva Learning (Preview) in the Te
The Teams admin installs Viva Learning (Preview) and applies permission policies through the Teams admin center.
+1. For Viva Learning (Preview), you must first set the Update policy in Teams. For more information, see [Microsoft Teams Public Preview](/MicrosoftTeams/public-preview-doc-updates).
+
+ 1. Sign in to the Teams admin center.
+
+ 2. Select **Teams** > **Update policies**.
+
+ 3. Select **Add**.
+
+ 4. Name the update policy, add a policy, and turn on **Show preview features**.
+
+2. The admin must notify users of the policy update so that they move their build into the Public Preview for Teams.
+
+ 1. Users must select their profile image > **About** > **Public Preview**.
+
+ ![Upper navigation in the Teams application showing user's profile](../media/learning/learning-app-select-profile-teams.png)
+
+ 2. Users must accept the **Public preview** terms and conditions.
+
+ ![Switch to public preview build](../media/learning/learning-app-switch-to-public-preview.png)
+
+3. For organizations that have restrictive policies and need to enable Viva Learning (Preview), follow the process in the next section.
+ ## Manage settings for Viva Learning (Preview) You must be an administrator in the Teams admin center to perform these tasks.
To make Viva Learning (Preview) available for users in your organization, follow
## Next step
-[Configure learning content sources for Viva Learning (Preview) in the Microsoft 365 admin center](content-sources-365-admin-center.md)
+[Configure learning content sources for Viva Learning (Preview) in the Microsoft 365 admin center](content-sources-365-admin-center.md)
security Command Line Arguments Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus.md
Previously updated : 05/17/2021 Last updated : 05/24/2021 ms.technology: mde
- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
-You can perform various Microsoft Defender Antivirus functions with the dedicated command-line tool **mpcmdrun.exe**. This utility is useful when you want to automate Microsoft Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
+You can perform various functions in Microsoft Defender Antivirus using the dedicated command-line tool **mpcmdrun.exe**. This utility is useful when you want to automate Microsoft Defender Antivirus tasks. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. Run it from a command prompt.
-> [!NOTE]
-> You might need to open an administrator-level version of the command prompt. When you search for **Command Prompt** on the Start menu, choose **Run as administrator**.
-> If you're running an updated Microsoft Defender Platform version, run `**MpCmdRun**` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<antimalware platform version>`.
-> For more information about the antimalware platform, see [Microsoft Defender Antivirus updates and baselines](manage-updates-baselines-microsoft-defender-antivirus.md).
+> [!TIP]
+> You might need to open an administrator-level version of the command prompt. When you search for **Command Prompt** on the Start menu, choose **Run as administrator**. If you're running an updated Microsoft Defender Platform version, run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<antimalware platform version>`. For more information about the antimalware platform, see [Microsoft Defender Antivirus updates and baselines](manage-updates-baselines-microsoft-defender-antivirus.md).
The MpCmdRun utility uses the following syntax:
Here's an example:
MpCmdRun.exe -Scan -ScanType 2 ```
+In our example, the MpCmdRun utility starts a full antivirus scan on the device.
+
+## Commands
+ | Command | Description | |:-|:-|
-| `-?` **or** `-h` | Displays all available options for this tool |
-| `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are:<p>**0** Default, according to your configuration<p>**-1** Quick scan<p>**-2** Full scan<p>**-3** File and directory custom scan.<p>CpuThrottling will honor the configured CPU throttling from policy |
+| `-?` **or** `-h` | Displays all available options for the MpCmdRun tool |
+| `-Scan [-ScanType [<value>]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are:<p>**0** Default, according to your configuration<p>**1** Quick scan<p>**2** Full scan<p>**3** File and directory custom scan.<p>CpuThrottling runs according to policy configurations |
| `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing | | `-GetFiles [-SupportLogLocation <path>]` | Collects support information. See '[collecting diagnostic data](collect-diagnostic-data.md)' | | `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
MpCmdRun.exe -Scan -ScanType 2
| `-CheckExclusion -path <path>` | Checks whether a path is excluded | | `-ValidateMapsConnection` | Verifies that your network can communicate with the Microsoft Defender Antivirus cloud service. This command will only work on Windows 10, version 1703 or higher.| - ## Common errors in running commands via mpcmdrun.exe
-|Error message | Possible reason
+The following table lists common errors that can occur while using the MpCmdRun tool.
+
+|Error message | Possible reason |
|:-|:-|
-| `ValidateMapsConnection failed (800106BA) or 0x800106BA` | The Microsoft Defender Antivirus service is disabled. Enable the service and try again. <br> **Note:** In Windows 10 1909 or older, and Windows Server 2019 or older, the service used to be called the *Windows Defender Antivirus* service.|
-| `0x80070667` | You're running the `-ValidateMapsConnection` command from a computer that is Windows 10 version 1607 or older, or Windows Server 2016 or older. Run the command from a machine that is Windows 10 version 1703 or newer, or Windows Server 2019 or newer.|
-| `'MpCmdRun' is not recognized as an internal or external command, operable program or batch file.` | The tool needs to be run from either: `%ProgramFiles%\Windows Defender` or `C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2012.4-0` (where `2012.4-0` might differ since platform updates are monthly except for March)|
-| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80070005 httpcode=450)` | Not enough privileges. Use the command prompt (cmd.exe) as an administrator.|
-| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80070006 httpcode=451)` | The firewall is blocking the connection or conducting SSL inspection. |
-| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80004005 httpcode=450)` | Possible network-related issues, like name resolution problems|
-| `ValidateMapsConnection failed to establish a connection to MAPS (hr=0x80508015` | The firewall is blocking the connection or conducting SSL inspection. |
-| `ValidateMapsConnection failed to establish a connection to MAPS (hr=800722F0D` | The firewall is blocking the connection or conducting SSL inspection. |
-| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80072EE7 httpcode=451)` | The firewall is blocking the connection or conducting SSL inspection. |
+| **ValidateMapsConnection failed (800106BA)** or **0x800106BA** | The Microsoft Defender Antivirus service is disabled. Enable the service and try again. If you need help re-enabling Microsoft Defender Antivirus, see [Reinstall/enable Microsoft Defender Antivirus on your endpoints](switch-to-microsoft-defender-setup.md#reinstallenable-microsoft-defender-antivirus-on-your-endpoints).<p> **TIP** In Windows 10 1909 or older, and Windows Server 2019 or older, the service was formerly called *Windows Defender Antivirus*. |
+| **0x80070667** | You're running the `-ValidateMapsConnection` command from a computer that is Windows 10 version 1607 or older, or Windows Server 2016 or older. Run the command from a machine that is Windows 10 version 1703 or newer, or Windows Server 2019 or newer.|
+| **MpCmdRun is not recognized as an internal or external command, operable program, or batch file.** | The tool must be run from either `%ProgramFiles%\Windows Defender` or `C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2012.4-0` (where `2012.4-0` might differ since platform updates are monthly except for March)|
+| **ValidateMapsConnection failed to establish a connection to MAPS (hr=80070005 httpcode=450)** | The command was attempted using insufficient privileges. Use the command prompt (cmd.exe) as an administrator.|
+| **ValidateMapsConnection failed to establish a connection to MAPS (hr=80070006 httpcode=451)** | The firewall is blocking the connection or conducting SSL inspection. |
+| **ValidateMapsConnection failed to establish a connection to MAPS (hr=80004005 httpcode=450)** | Possible network-related issues, like name resolution problems|
+| **ValidateMapsConnection failed to establish a connection to MAPS (hr=0x80508015** | The firewall is blocking the connection or conducting SSL inspection. |
+| **ValidateMapsConnection failed to establish a connection to MAPS (hr=800722F0D** | The firewall is blocking the connection or conducting SSL inspection. |
+| **ValidateMapsConnection failed to establish a connection to MAPS (hr=80072EE7 httpcode=451)** | The firewall is blocking the connection or conducting SSL inspection. |
## See also - [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md)-- [Manage Microsoft Defender Antivirus in your business](configuration-management-reference-microsoft-defender-antivirus.md)
+- [Configure and validate Microsoft Defender Antivirus network connections](configure-network-connections-microsoft-defender-antivirus.md)
- [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md)-- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
security Device Discovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery.md
There are two modes of discovery:
> [!IMPORTANT]
-> Discovery is set to basic mode. You can choose to retain this configuration through the settings page. Standard discovery will be the default mode for all preview customers starting May 10, 2021 - unless modified through the settings page before this date.
+> Discovery is set to basic mode. You can choose to retain this configuration through the settings page. Standard discovery will be the default mode for all customers starting July 19, 2021 - unless modified through the settings page before this date.
### Basic discovery
security Ios Install https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install.md
ms.technology: mde
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
-This topic describes deploying Defender for Endpoint on iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll iOS/iPadOS devices in Intune](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll).
+This topic describes deploying Defender for Endpoint on iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll iOS/iPadOS devices in Intune](/mem/intune/enrollment/ios-enroll).
## Before you begin - Ensure you have access to [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -- Ensure iOS enrollment is done for your users. Users need to have a Defender for Endpoint license assigned in order to use Defender for Endpoint on iOS. Refer to [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign) for instructions on how to assign licenses.
+- Ensure iOS enrollment is done for your users. Users need to have a Defender for Endpoint license assigned in order to use Defender for Endpoint on iOS. Refer to [Assign licenses to users](/azure/active-directory/users-groups-roles/licensing-groups-assign) for instructions on how to assign licenses.
> [!NOTE] > Microsoft Defender for Endpoint on iOS is now available in the [Apple App Store](https://aka.ms/mdatpiosappstore).
Deploy Defender for Endpoint on iOS via Intune Company Portal.
Admins can configure auto-setup of VPN profile. This will automatically setup the Defender for Endpoint VPN profile without having the user to do so while onboarding. Note that VPN is used in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
-1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Configuration Profiles** -> **Create** -> **iOS store app** and click **Select**.
+1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Configuration Profiles** -> **Create Profile**.
1. Choose **Platform** as **iOS/iPadOS** and **Profile type** as **VPN**. Click **Create**. 1. Type a name for the profile and click **Next**. 1. Select **Custom VPN** for Connection Type and in the **Base VPN** section, enter the following:
Intune allows you to configure the Defender for iOS app through an App Configura
1. Click **Next** to open the **Scope tags** page. Scope tags are optional. Click **Next** to continue.
-1. On the **Assignments** page, select the groups that will receive this profile. For this scenario, it is best practice to target **All Devices**. For more information on assigning profiles, see [Assign user and device profiles](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).
+1. On the **Assignments** page, select the groups that will receive this profile. For this scenario, it is best practice to target **All Devices**. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
When deploying to user groups, a user must sign in to a device before the policy applies.
security Ios Troubleshoot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-troubleshoot.md
Title: Troubleshoot issues on Microsoft Defender for Endpoint on iOS
+ Title: Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS
description: Troubleshooting and FAQ - Microsoft Defender for Endpoint on iOS keywords: microsoft, defender, Microsoft Defender for Endpoint, ios, troubleshoot, faq, how to search.product: eADQiWindows 10XVcnh
ms.technology: mde
-# Troubleshoot issues on Microsoft Defender for Endpoint on iOS
+# Troubleshoot issues and find answers to FAQs on Microsoft Defender for Endpoint on iOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Manage Protection Updates Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md
Set up a network file share (UNC/mapped drive) to download security intelligence
C:\Tool\PS-Scripts\
- ΓÇ£.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $true -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1ΓÇ¥
+ ".\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $true -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1"
``` - For x64 full:
Set up a network file share (UNC/mapped drive) to download security intelligence
C:\Tool\PS-Scripts\
- ΓÇ£.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $false -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1ΓÇ¥
+ ".\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $false -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1"
``` - For x86 delta:
Set up a network file share (UNC/mapped drive) to download security intelligence
C:\Tool\PS-Scripts\
- ΓÇ£.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $true -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1ΓÇ¥
+ ".\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $true -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1"
``` - For x86 full:
Set up a network file share (UNC/mapped drive) to download security intelligence
C:\Tool\PS-Scripts\
- ΓÇ£.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $false -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1ΓÇ¥
+ ".\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $false -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1"
``` > [!NOTE]
Set up a network file share (UNC/mapped drive) to download security intelligence
If the scheduled task fails, run the following commands: ```DOS
- C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $False -destDir C:\Temp\TempSigs\x64″
+ C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command "&\"C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\" -action run -arch x64 -isDelta $False -destDir C:\Temp\TempSigs\x64"
- C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $True -destDir C:\Temp\TempSigs\x64″
+ C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command "&\"C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\" -action run -arch x64 -isDelta $True -destDir C:\Temp\TempSigs\x64"
- C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $False -destDir C:\Temp\TempSigs\x86″
+ C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command "&\"C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\" -action run -arch x86 -isDelta $False -destDir C:\Temp\TempSigs\x86"
- C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $True -destDir C:\Temp\TempSigs\x86″
+ C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command "&\"C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\" -action run -arch x86 -isDelta $True -destDir C:\Temp\TempSigs\x86"
``` > [!NOTE] > Issues could also be due to execution policy. 10. Create a share pointing to C:\Temp\TempSigs (e.g. \\server\updates). > [!NOTE]
- > At a minimum, authenticated users must have ΓÇ£ReadΓÇ¥ access.
+ > At a minimum, authenticated users must have "Read" access.
11. Set the share location in the policy to the share. > [!NOTE]
Set up a network file share (UNC/mapped drive) to download security intelligence
- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) - [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) - [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)-- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
+- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preview.md
The following features are included in the preview release:
- [Device discovery](device-discovery.md) <br> Helps you find unmanaged devices connected to your corporate network without the need for extra appliances or cumbersome process changes. Using onboarded devices, you can find unmanaged devices in your network and assess vulnerabilities and risks. You can then onboard discovered devices to reduce risks associated with having unmanaged endpoints in your network. > [!IMPORTANT]
- > Standard discovery will be the default mode for all preview customers starting May 10, 2021. You can choose to retain the basic mode through the settings page.
+ > Standard discovery will be the default mode for all customers starting July 19, 2021. You can choose to retain the basic mode through the settings page.
- [Web Content Filtering](web-content-filtering.md) <br> Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
security Production Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/production-deployment.md
To gain access into which licenses are provisioned to your company, and to check
## Tenant Configuration
+Onboarding to Microsoft Defender for Endpoint is easy. From the navigation menu, select any item under the Endpoints section, or any Microsoft 365 Defender feature such as Incidents, Hunting, Action center, or Threat analytics to initiate the onboarding process.
-When accessing Microsoft Defender Security Center for the first time, a wizard that will guide you through some initial steps. At the end of the setup wizard, there will be a dedicated cloud instance of Defender for Endpoint created. The easiest method is to perform these steps from a Windows 10 client device.
-
-1. From a web browser, navigate to <https://securitycenter.windows.com>.
-
- ![Image of Set up your permissions for Microsoft Defender for Endpoint](images/atp-setup-permissions-wdatp-portal.png)
-
-2. If going through a TRIAL license, go to the link (<https://signup.microsoft.com/Signup?OfferId=6033e4b5-c320-4008-a936-909c2825d83c&dl=WIN_DEF_ATP&pc=xxxxxxx-xxxxxx-xxx-x>)
-
- Once the authorization step is completed, the **Welcome** screen will be displayed.
-3. Go through the authorization steps.
-
- ![Image of Welcome screen for portal set up](images/welcome1.png)
-
-4. Set up preferences.
-
- **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You can't change the location after this set up and Microsoft won't transfer the data from the specified geolocation.
-
- **Data retention** - The default is six months.
-
- **Enable preview features** - The default is on, can be changed later.
-
- ![Image of geographic location in set up](images/setup-preferences.png)
-
-5. Select **Next**.
-
- ![Image of final preference set up](images/setup-preferences2.png)
-
-6. Select **Continue**.
-
+From a web browser, navigate to the [Microsoft 365 Security Center](https://security.microsoft.com).
## Network configuration If the organization doesn't require the endpoints to use a Proxy to access the
security Troubleshoot Performance Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-performance-issues.md
Alternatively, you can also use the command-line tool *wpr.exe*, which is availa
![UAC](images/wpt-yes.png)
-4. Next, download the [Microsoft Defender for Endpoint analysis](https://github.com/YongRhee-MDE/Scripts/blob/master/MDAV.wprp) profile and save as `WD.wprp` to a folder like `C:\temp`.
+4. Next, download the [Microsoft Defender for Endpoint analysis](https://github.com/YongRhee-MDE/Scripts/blob/master/MDAV.wprp) profile and save as `MDAV.wprp` to a folder like `C:\temp`.
5. On the WPR dialog box, select **More options**. ![Select more options](images/wpr-03.png)
-6. Select **Add Profiles...** and browse to the path of the `WD.wprp` file.
+6. Select **Add Profiles...** and browse to the path of the `MDAV.wprp` file.
7. After that, you should see a new profile set under *Custom measurements* named *Microsoft Defender for Endpoint analysis* underneath it.
Alternatively, you can also use the command-line tool *wpr.exe*, which is availa
The command-line tool *wpr.exe* is part of the operating system starting with Windows 8. To collect a WPR trace using the command-line tool wpr.exe:
-1. Download **[Microsoft Defender for Endpoint analysis](https://github.com/YongRhee-MDE/Scripts/blob/master/MDAV.wprp)** profile for performance traces to a file named `WD.wprp` in a local directory such as `C:\traces`.
+1. Download **[Microsoft Defender for Endpoint analysis](https://github.com/YongRhee-MDE/Scripts/blob/master/MDAV.wprp)** profile for performance traces to a file named `MDAV.wprp` in a local directory such as `C:\traces`.
3. Right-click the **Start Menu** icon and select **Windows PowerShell (Admin)** or **Command Prompt (Admin)** to open an Admin command prompt window.
The command-line tool *wpr.exe* is part of the operating system starting with Wi
5. At the elevated prompt, run the following command to start a Microsoft Defender for Endpoint performance trace: ```console
- wpr.exe -start C:\traces\WD.wprp!WD.Verbose -filemode
+ wpr.exe -start C:\traces\MDAV.wprp!WD.Verbose -filemode
``` >[!WARNING]
security Incident Queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incident-queue.md
This table lists the filter names that are available.
After you've determined which incident requires the highest priority, select it and: - [Manage](manage-incidents.md) the properties of the incident for tags, assignment, immediate resolution for false positive incidents, and comments.-- Begin your [investigation](investigate-incidents.md).
+- Begin your [investigations](investigate-incidents.md).
## See also - [Incidents overview](incidents-overview.md)-- [Investigate incidents](investigate-incidents.md) - [Manage incidents](manage-incidents.md)
+- [Investigate incidents](investigate-incidents.md)
security M365d Enable https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/m365d-enable.md
Microsoft 365 Defender aggregates data from the various supported services that
To get the best protection and optimize Microsoft 365 Defender, we recommend deploying all applicable supported services on your network. For more information, [read about deploying supported services](deploy-supported-services.md). ## Onboard to the service
-Onboarding to Microsoft 365 Defender is simple. From the navigation menu, select any item under the Endpoints section, such as Incidents, Hunting, Action center, or Threat analytics to initiate the onboarding process.
+Onboarding to Microsoft 365 Defender is simple. From the navigation menu, select any Microsoft 365 Defender items, such as Incidents, Hunting, Action center, or Threat analytics to initiate the onboarding process.
### Data center location
security Microsoft 365 Security Center Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-mde.md
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365)
+## Quick reference
+
+The image and the table below lists the changes in navigation between the Microsoft Defender Security Center and the Microsoft 365 security center.
+
+> [!div class="mx-imgBorder"]
+> ![Image of what moved to where](../../media/mde-m3d-security-center.png)
+
+| Microsoft Defender Security Center | Microsoft 365 security center |
+|||
+| Dashboards <ul><li>Security Operations</li><li>Threat Analytics</li></ul> |Home <ul><li>Threat analytics</li></ul> |
+| Incidents | Incidents & alerts |
+| Device inventory | Device inventory |
+| Alerts queue | Incidents & alerts |
+| Automated investigations | Action center |
+| Advanced hunting | Hunting |
+| Reports | Reports |
+| Partners & APIs | Partners & APIs |
+| Threat & Vulnerability Management | Vulnerability management |
+| Evaluation and tutorials | Evaluation & tutorials |
+| Configuration management | Configuration management |
+| Settings | Settings |
+ The improved [Microsoft 365 security center](overview-security-center.md) at [https://security.microsoft.com](https://security.microsoft.com) combines security capabilities that protect, detect, investigate, and respond to email, collaboration, identity, and device threats. This security center brings together functionality from existing Microsoft security portals, including Microsoft Defender Security Center and the Office 365 Security & Compliance center. If you're familiar with the Microsoft Defender Security Center, this article helps describe some of the changes and improvements in the improved Microsoft 365 security center. However there are some new and updated elements to be aware of.
This table is a quick reference of the changes between the Microsoft Defender Se
### Alerts and actions
-|**Area** |**Description of change** |
+| Area | Description of change |
||| | [Incidents & alerts](incidents-overview.md) | In the Microsoft 365 security center, you can manage incidents and alerts across all of your endpoints, email, and identities. We've converged the experience to help you find related events more easily. For more information, see [Incidents Overview](incidents-overview.md). | | [Hunting](advanced-hunting-overview.md) | Modifying custom detection rules created in Microsoft Defender for Endpoint to include identity and email tables automatically moves them to Microsoft 365 Defender. Their corresponding alerts will also appear in Microsoft 365 Defender. For more details about these changes, read [Migrate custom detection rules](advanced-hunting-migrate-from-mde.md#migrate-custom-detection-rules). <br><br>The `DeviceAlertEvents` table for advanced hunting isn't available in Microsoft 365 Defender. To query device-specific alert information in Microsoft 365 Defender, you can use the `AlertInfo` and `AlertEvidence` tables to accommodate even more information from a diverse set of sources. Craft your next device-related query by following [Write queries without DeviceAlertEvents](advanced-hunting-migrate-from-mde.md#write-queries-without-devicealertevents).|
This table is a quick reference of the changes between the Microsoft Defender Se
### Endpoints
-|**Area** |**Description of change** |
+| Area | Description of change |
||| |Search | Instead of being in the heading, Microsoft Defender for Endpoint search bar is moving under the Endpoints section. You can continue to search for devices, files, users, URLs, IPs, vulnerabilities, software, and recommendations. | |[Dashboard](/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) | This is your security operations dashboard. See an overview of how many active alerts were triggered, which devices are at risk, which users are at risk, and severity level for alerts, devices, and users. You can also see if any devices have sensor issues, your overall service health, and how any unresolved alerts were detected. |
This table is a quick reference of the changes between the Microsoft Defender Se
### Access and reporting
-|**Area** |**Description of change** |
+| Area | Description of change |
||| | Reports | See reports for endpoints and email & collaboration, including Threat protection, Device health and compliance, and Vulnerable devices. | | Health | Currently links out to the "Service health" page in the [Microsoft 365 admin center](https://admin.microsoft.com/). |
Proactively search for threats, malware, and malicious activity across your endp
Action center shows you the investigations created by automated investigation and response capabilities. This automated, self-healing in Microsoft 365 Defender can help security teams by automatically responding to specific events.
-[Learn more about the Action center](m365d-action-center.md)
+[Learn more about the Action center](m365d-action-center.md).
### Threat Analytics
Get threat intelligence from expert Microsoft security researchers. Threat Analy
You can access threat analytics either from the upper left navigation bar in the Microsoft 365 security center, or from a dedicated dashboard card that shows the top threats for your organization.
-Learn more about how to [track and respond to emerging threats with threat analytics](./threat-analytics.md)
+Learn more about how to [track and respond to emerging threats with threat analytics](./threat-analytics.md).
### Endpoints section
You can continue to use email alerts for Defender for Endpoint. We've added new
- [Microsoft 365 security center](overview-security-center.md) - [Microsoft Defender for Endpoint in the Microsoft 365 security center](microsoft-365-security-center-mde.md)-- [Redirecting accounts from Microsoft Defender for Endpoint to the Microsoft 365 security center](microsoft-365-security-mde-redirection.md)
+- [Redirecting accounts from Microsoft Defender for Endpoint to the Microsoft 365 security center](microsoft-365-security-mde-redirection.md)
security Anti Spam And Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection.md
The following table contains links to topics that explain how anti-spam protecti
|[Bulk complaint level (BCL) in EOP](bulk-complaint-level-values.md)|Learn about the threshold that determines whether bulk email is spam.| |[What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md)|Explains the difference between junk email and bulk email messages the controls that are available for both in EOP.| |[Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md)|Learn about the junk email rule in all mailboxes that's responsible for moving messages into the Junk Email folder.|
-|[Use mail flow rules to set the spam confidence level (SCL) in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md)|Learn how to use mail flow rules (also known as transport rules) to set the SCL in messages before spam filtering.|
+|[Use mail flow rules to set the spam confidence level (SCL) in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl)|Learn how to use mail flow rules (also known as transport rules) to set the SCL in messages before spam filtering.|
|[Advanced Spam Filter (ASF) settings in EOP](advanced-spam-filtering-asf-options.md)|Learn about the ASF settings that are available in anti-spam policies.| |
security Anti Spam Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-protection.md
The anti-spam settings in EOP are made of the following technologies:
- **Spam filtering (content filtering)**: EOP uses the spam filtering verdicts **Spam**, **High confidence spam**, **Bulk email**, **Phishing email** and **High confidence phishing email** to classify messages. You can configure the actions to take based on these verdicts, and you can configure the end-user notification options for messages that were quarantined instead of delivered. For more information, see [Configure anti-spam policies in Microsoft 365](configure-your-spam-filter-policies.md). > [!NOTE]
- > By default, spam filtering is configured to send messages that were marked as spam to the recipient's Junk Email folder. However, in hybrid environments where EOP protects on-premises Exchange mailboxes, you need to configure two mail flow rules (also known as transport rules) in your on-premises Exchange organization to recognize the EOP spam headers that are added to messages. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
+ > By default, spam filtering is configured to send messages that were marked as spam to the recipient's Junk Email folder. However, in hybrid environments where EOP protects on-premises Exchange mailboxes, you need to configure two mail flow rules (also known as transport rules) in your on-premises Exchange organization to recognize the EOP spam headers that are added to messages. For details, see [Configure EOP to deliver spam to the Junk Email folder in hybrid environments](/exchange/standalone-eop/configure-eop-spam-protection-hybrid).
- **Outbound spam filtering**: EOP also checks to make sure that your users don't send spam, either in outbound message content or by exceeding outbound message limits. For more information, see [Configure outbound spam filtering in Microsoft 365](configure-the-outbound-spam-policy.md).
Here are some best practices that apply to either scenario:
- **Unsubscribe from bulk email** If the message was something that the user signed up for (newsletters, product announcements, etc.) and contains an unsubscribe link from a reputable source, consider asking them to simply unsubscribe. -- **Standalone EOP: create mail flow rules in on-premises Exchange for EOP spam filtering verdicts**: In standalone EOP environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
+- **Standalone EOP: create mail flow rules in on-premises Exchange for EOP spam filtering verdicts**: In EOP environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure EOP to deliver spam to the Junk Email folder in hybrid environments](/exchange/standalone-eop/configure-eop-spam-protection-hybrid).
### Prevent good email from being identified as spam
Here are some steps that you can take to help prevent false positives:
- **Verify users are within the sending and receiving limits** as described in [Receiving and sending limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#receiving-and-sending-limits) in the Exchange Online service description. -- **Standalone EOP: use directory synchronization**: If you use standalone EOP to help protect your on-premises Exchange organization, you should sync user settings with the service by using directory synchronization. Doing this ensures that your users' Safe Senders lists are respected by EOP. For more information, see [Use directory synchronization to manage mail users](manage-mail-users-in-eop.md#use-directory-synchronization-to-manage-mail-users).
+- **Standalone EOP: use directory synchronization**: If you use standalone EOP to help protect your on-premises Exchange organization, you should sync user settings with the service by using directory synchronization. Doing this ensures that your users' Safe Senders lists are respected by EOP. For more information, see [Use directory synchronization to manage mail users](/exchange/standalone-eop/manage-mail-users-in-eop#synchronize-directories-with-azure-active-directory-connect-aad-connect).
## Anti-spam legislation
security Attack Simulator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulator.md
If your organization has Microsoft Defender for Office 365 Plan 2, which include
## What do you need to know before you begin? -- To open the Security & Compliance Center, go to <https://protection.office.com/>. Attack simulator is available at **Threat management** \> **Attack simulator**. Go go directly to attack simulator, open <https://protection.office.com/attacksimulator>.
+- To open the Security & Compliance Center, go to <https://protection.office.com/>. Attack simulator is available at **Threat management** \> **Attack simulator**. To go directly to attack simulator, open <https://protection.office.com/attacksimulator>.
- For more information about the availability of Attack Simulator across different Microsoft 365 subscriptions, see [Microsoft Defender for Office 365 service description](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description).
The following information is available on the **Attack details** page for each c
- **Successful attempts**: The number of users who were found to be using the specified password. -- **Overall Success Rate**: A percentage that's calculated by **Successful attempts** / **Total users targeted**.
+- **Overall Success Rate**: A percentage that's calculated by **Successful attempts** / **Total users targeted**.
security Auditing Reports In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/auditing-reports-in-eop.md
- Title: Auditing reports in standalone EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-description: Admins can learn about the administrator auditing reports that are available in Exchange Online Protection (EOP)
--
-# Auditing reports in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, auditing reports can help you meet regulatory, compliance, and litigation requirements for your organization. You can obtain auditing reports at any time to determine the changes that have been made to your EOP configuration. These reports can help you troubleshoot configuration issues or find the cause of security-related or compliance-related problems.
-
-There are two auditing reports available in standalone EOP:
--- **Administrator role group report**: The administrator role group report lets you view when a user is added to or removed from membership in an administrator role group. You can use this report to monitor changes to the administrative permissions assigned to users in your organization. For more information, see [Run an administrator role group report in standalone EOP](run-an-administrator-role-group-report-in-eop-eop.md).--- **Administrator audit log**: The administrator audit log records any action (based on standalone EOP PowerShell cmdlets) by an admin or a user with administrative privileges. For more information, see [View the Administrator Audit Log in Exchange Online](/exchange/security-and-compliance/exchange-auditing-reports/view-administrator-audit-log).
security Best Practices For Configuring Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/best-practices-for-configuring-eop.md
- Title: Best practices for configuring EOP
- - NOCSH
-----
-localization_priority: Normal
-description: Follow these best-practice recommendations for standalone Exchange Online Protection (EOP) in order to set yourself up for success and avoid common configuration errors.
--
-# Best practices for configuring standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-Follow these best-practice recommendations for standalone Exchange Online Protection (EOP) in order to set yourself up for success and avoid common configuration errors. This topic assumes that you've already completed the setup process. If you haven't completed EOP setup, see [Set up your EOP service](set-up-your-eop-service.md).
-
-## Use a test domain
-
-We recommend that you use a test domain, subdomain, or low volume domain for trying out service features before implementing them on your higher-volume, production domains.
-
-## Synchronize recipients
-
-If your organization has existing user accounts in an on-premises Active Directory environment, you can synchronize those accounts to Azure Active Directory in the cloud. Using directory synchronization is recommended. To learn more about the benefits of using directory synchronization, and the steps for setting it up, see [Manage mail users in EOP](manage-mail-users-in-eop.md).
-
-## Recommended settings
-
-We empower security admins to customize their security settings to satisfy the needs of their organization. Although, as a general rule, there are two security levels in EOP and Microsoft Defender for Office 365 that we recommend: Standard and Strict. These settings are listed in the [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md).
-
-### Miscellaneous/non-policy settings
-
-These settings cover a range of features that are outside of security policies.
-
-<br>
-
-****
-
-|Security feature name|Standard|Strict|Comment|
-|||||
-|[Set up SPF to help prevent spoofing](set-up-spf-in-office-365-to-help-prevent-spoofing.md)|Yes|Yes||
-|[Use DKIM to validate outbound email sent from your custom domain in Office 365](use-dkim-to-validate-outbound-email.md)|Yes|Yes||
-|[Use DMARC to validate email in Office 365](use-dmarc-to-validate-email.md)|Yes|Yes|Use `action=quarantine` for Standard, and `action=reject` for Strict.|
-|Deploy the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md) to improve end-user reporting of suspicious email|Yes|Yes||
-|Schedule Malware and Spam Reports|Yes|Yes||
-|Auto-forwarding to external domains should be disallowed or monitored|Yes|Yes||
-|Unified Auditing should be enabled|Yes|Yes||
-|[IMAP connectivity to mailbox](/Exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access)|Disabled|Disabled||
-|[POP connectivity to mailbox](/Exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access)|Disabled|Disabled||
-|Authenticated SMTP submission|Disabled|Disabled|Authenticated client SMTP submission (also known as client SMTP submission or SMTP AUTH) is required for POP3 and IMAP4 clients and applications and devices that generate and send email. <p> For instructions to enable and disable SMTP AUTH globally or selectively, see [Enable or disable authenticated client SMTP submission in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).|
-|EWS connectivity to mailbox|Disabled|Disabled|Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing. If you can't disable EWS globally, you have the following options: <ul><li>Use [Authentication policies](/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online) to prevent EWS from using Basic authentication if your clients support modern authentication (modern auth).</li><li>Use [Client Access Rules](/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules) to limit EWS to specific users or source IP addresses.</li><li>Control EWS access to specific applications globally or per user. For instructions, see [Control access to EWS in Exchange](/exchange/client-developer/exchange-web-services/how-to-control-access-to-ews-in-exchange).</li></ul> <p> The [Report message add-in](enable-the-report-message-add-in.md) and the [Report phishing add-in](enable-the-report-phish-add-in.md) uses REST by default in supported environments, but will fall back to EWS if REST isn't available. The supported environments that use REST are:<ul><li>Exchange Online</li><li>Exchange 2019 or Exchange 2016</li><li>Current Outlook for Windows from a Microsoft 365 subscription or one-time purchase Outlook 2019.</li><li>Current Outlook for Mac from a Microsoft 365 subscription or one-time purchase Outlook for Mac 2016 or later.</li><li>Outlook for iOS and Android</li><li>Outlook on the web</li></ul>|
-|[PowerShell connectivity](/powershell/exchange/disable-access-to-exchange-online-powershell)|Disabled|Disabled|Available for mailbox users or mail users (user objects returned by the [Get-User](/powershell/module/exchange/get-user) cmdlet).|
-|Use the [spoof intelligence insight](learn-about-spoof-intelligence.md) and the [Tenant Allow/Block List](tenant-allow-block-list.md)to add senders to your allow list|Yes|Yes||
-|[Directory-Based Edge Blocking (DBEB)](/Exchange/mail-flow-best-practices/use-directory-based-edge-blocking)|Enabled|Enabled|Domain Type = Authoritative|
-|[Set up multi-factor authentication for all admin accounts](../../admin/security-and-compliance/set-up-multi-factor-authentication.md)|Enabled|Enabled||
-|
-
-## Troubleshooting
-
-Troubleshoot general issues and trends by using the reports in the admin center. Find single point specific data about a message by using the message trace tool. Learn more about reporting at [Reporting and message trace in Exchange Online Protection](reporting-and-message-trace-in-exchange-online-protection.md). Learn more about the message trace tool at [Message trace in the Security & Compliance Center](message-trace-scc.md).
-
-## Report false positives and false negatives to Microsoft
-
-To help improve spam filtering in the service for everyone, you should report false positives (good email marked as bad) and false negatives (bad email allowed) to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
-
-## Create mail flow rules
-
-Create mail flow rules (also known as transport rules) or custom filters to meet your business needs.
-
-When you deploy a new rule to production, select one of the test modes first to see the effect of the rule. Once you are satisfied that the rule is working in the manner intended, change the rule mode to **Enforce**.
-
-When you deploy new rules, consider adding the additional action of **Generate Incident Report** to monitor the rule in action.
-
-In hybrid environments where your organization includes both on-premises Exchange and Exchange Online, consider the conditions that you use in mail flow rules. If you want the rules to apply to the entire organization, be sure to use conditions that are available in both on-premises Exchange and in Exchange Online. While most conditions are available in both environments, there are a few that are only available in one environment or the other. Learn more at [Mail flow rules (transport rules) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules).
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
In addition to the two scenarios that the advanced delivery policy can help you
- **Third-party filters**: If your domain's MX record *doesn't* point to Office 365 (messages are routed somewhere else first), [secure by default](secure-by-default.md) *is not available*.
- To bypass Microsoft filtering for messages that have already been evaluated by third-party filtering, use mail flow rules (also known as transport rules), see [Use mail flow rules to set the SCL in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md).
+ To bypass Microsoft filtering for messages that have already been evaluated by third-party filtering, use mail flow rules (also known as transport rules), see [Use mail flow rules to set the SCL in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl.md).
- **False positives under review**: You might want to temporarily allow certain messages that are still being analyzed by Microsoft via [admin submissions](admin-submission.md) to report known good messages that are incorrectly being marked as bad to Microsoft (false positives). As with all overrides, it is ***highly recommended*** that these allowances be made temporarily.
security Configure Anti Malware Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-anti-malware-policies.md
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
Admins can view, edit, and configure (but not delete) the default anti-malware policy to meet the needs of their organizations. For greater granularity, you can also create custom anti-malware policies that apply to specific users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies.
-You can configure anti-malware policies in the Security & Compliance Center or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes).
+You can configure anti-malware policies in the Microsoft 365 security center or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes).
## What do you need to know before you begin? -- You open the Security & Compliance Center at <https://protection.office.com/>. To go directly to the **Anti-malware** page, use <https://protection.office.com/antimalware>.
+- You open the security center at <https://security.microsoft.com/>. To go directly to the **Anti-malware** page, use <https://security.microsoft.com/antimalwarev2>.
- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).
You can configure anti-malware policies in the Security & Compliance Center or i
- For our recommended settings for anti-malware policies, see [EOP anti-malware policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-malware-policy-settings).
-## Use the Security & Compliance Center to create anti-malware policies
+## Use the security center to create anti-malware policies
-Creating a custom anti-malware policy in the Security & Compliance Center creates the malware filter rule and the associated malware filter policy at the same time using the same name for both.
+Creating a custom anti-malware policy in the security center creates the malware filter rule and the associated malware filter policy at the same time using the same name for both.
-1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**, and then click **New** ![Add Icon](../../media/ITPro-EAC-AddIcon.png).
-
-2. In the **New anti-malware policy** page that opens, configure these settings:
+1. In the security center, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Anti-Malware**, and then click ![Create icon](../../media/m365-cc-sc-create-icon.png) **Create**.
+2. The policy wizard opens. On the **Name your policy page**, configure these settings:
- **Name**: Enter a unique, descriptive name for the policy.- - **Description**: Enter an optional description for the policy.
- - **Malware detection response**: Select one of these values for the **Do you want to notify recipients if their messages are quarantined?** setting:
-
- - **No**: The message is quarantined with no notification to the intended recipients. This is the default value.
-
- - **Yes and use the default notification text**: The message is quarantined. A copy of the message is delivered to the recipients, but *all* attachments (not just the detected ones) are replaced with a single text file named **Malware Alert Text.txt** that contains the default text. For the default text, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).
+ When you're finished, click **Next**.
- - **Yes and use the custom notification text**: The message is quarantined. A copy of the message is delivered to the recipients, but *all* attachments (not just the detected ones) are replaced with a single text file named **Malware Alert Text.txt** contains custom text you specify in the **Custom alert text** box.
+3. On the **Users and domains** page that appears, identify the internal recipients that the policy applies to (the conditions of the policy):
+ - **Users**: The specified mailboxes, mail users, or mail contacts in your organization.
+ - **Groups**: The specified distribution groups, mail-enabled security groups, or Microsoft 365 Groups in your organization.
+ - **Domains**: All recipients in the specified [accepted domains](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains) in your organization.
- - **Common Attachment Types Filter**: Select one of these values for **blocking attachment types that may harm your computer.**:
+ Click in the appropriate box, start typing a value, and select the value that you want from the results. Repeat this process as many times as necessary. To remove an existing value, click remove ![Remove icon](../../media/m365-cc-sc-remove-selection-icon.png) next to the value.
- - **Off**
+ For users or groups, you can use most identifiers (name, display name, alias, email address, account name, etc.), but the corresponding display name is shown in the results. For users, enter an asterisk (\*) by itself to see all available values.
- - **On**: Messages with the specified attachments are treated as malware detections and are automatically quarantined. You can modify the list by clicking the **Add** and **Remove** buttons.
+ Multiple values in the same condition use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_).
- - **Malware Zero-hour Auto Purge**: Malware ZAP quarantines messages that have already been delivered. For more information, see [Zero-hour auto purge (ZAP) in Exchange Online](zero-hour-auto-purge.md). Select one of these values:
+ - **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to, select this option and configure the exceptions. The settings and behavior are exactly like the conditions.
- - **Off**
+ When you're finished, click **Next**.
- - **On (Recommended)**
+4. On the **Protection settings** page that appears, configure the following settings:
- - **Notification**: The settings in this section control sender and admin notifications when malware is detected in a message.
+ - **Enable the common attachments filter**: If you select this option, messages with the specified attachments are treated as malware and are automatically quarantined. You can modify the default list by selecting **Customize file types**.
- - **Sender Notifications**: Select one or both of these options:
+ - **Enable zero-hour auto purge for malware**: If you select this option, ZAP quarantines malware messages that have already been delivered. For more information, see [Zero-hour auto purge (ZAP) in Exchange Online](zero-hour-auto-purge.md). Select one of these values:
- - **Notify internal senders**: An internal sender is inside the organization.
+ - **Notify recipients when messages are quarantined as malware**:
+ - If you select this option, the message is quarantined with no notification to the intended recipients.
+ - If you don't select this option, the message is quarantined. A copy of the message is delivered to the recipients, but *all* attachments (not just the detected ones) are replaced with a single text file named **Malware Alert Text.txt**.
- - **Notify external senders**: An external sender is outside the organization.
+ The default text in the replacement text file is described in [Anti-malware policies](anti-malware-protection.md#anti-malware-policies). To use custom text instead, enter the text in the **Custom notification text to recipient** box.
- - **Administrator Notifications**: Select one or both of these options:
+ - **Sender Notifications**: Select none, one, or both of these options:
+ - **Notify internal senders when messages are quarantined as malware**: An internal sender is inside the organization.
+ - **Notify external senders when messages are quarantined as malware**: An external sender is outside the organization.
- - **Notify administrator about undelivered messages from internal senders**: If you select this option, enter a notification email address in the **Administrator email address** box.
-
- - **Notify administrator about undelivered messages from external senders**: If you select this option, enter a notification email address in the **Administrator email address** box.
-
- - **Customize Notifications**: These settings replace the default notification text that's used for senders or administrators. For more information about the default values, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).
+ - **Admin notifications**: Select none, one, or both of these options:
+ - **Notify an admin about undelivered messages from internal senders**: If you select this option, enter a notification email address in the **Admin email address** box that appears.
+ - **Notify an admin about undelivered messages from external senders**: If you select this option, enter a notification email address in the **Admin email address** box that appears.
+ - **Customize notifications**: These settings replace the default notification text that's used for senders or admins. For more information about the default values, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).
- **Use customized notification text**: If you select this option, you need to use the **From name** and **From address** boxes to specify the sender's name and email address that's used in the customized notification message.
+ - **Customize notifications for messages from internal senders**: If you chose to notify senders or admins about undeliverable messages from internal senders, you need to use the **Subject** and **Message** boxes to specify the subject and message body of the custom notification message.
+ - **Customize notifications for messages from external senders**: If you chose to notify senders or admins about undeliverable messages from external senders, you need to use the **Subject** and **Message** boxes to specify the subject and message body of the custom notification message.
- - **Messages from internal senders**: If you elected to notify senders or administrators about undeliverable messages from internal senders, you need to use the **Subject** and **Message** boxes to specify the subject and message body of the custom notification message.
-
- - **Messages from external senders**: If you elected to notify senders or administrators about undeliverable messages from external senders, you need to use the **Subject** and **Message** boxes to specify the subject and message body of the custom notification message.
+ When you're finished, click **Next**.
- - **Applied to**: The settings in this section identify the internal recipients that the policy applies to.
+5. On the **Review** page that appears, review your settings. You can select **Edit** in each section to modify the settings within the section.
- - **If**: Click on the **Select one** drop-down, and select conditions for the rule:
+ When you're finished, click **Submit**.
- - **The recipient is**: Specifies one or more mailboxes, mail users, or mail contacts in your organization. In the **Select members** dialog box that appears, select one or more recipients from the list, and then click **add -\>**. In the **Check names** box, you can use wildcards for multiple email addresses (for example: \*@fabrikam.com). When you're finished, click **OK**.
+6. On the confirmation page that appears, click **Done**.
- - **The recipient domain is**: Specifies recipients in one or more of the configured accepted domains your organization. In the dialog box that appears, select one or more domains, and then click **add -\>**. When you're finished, click **OK**.
+## Use the security center to view anti-malware policies
- - **The recipient is a member of**: Specifies one or more groups in your organization. In the **Select members** dialog box that appears, select one or more groups from the list, and then click **add -\>**. When you're finished, click **OK**.
+1. In the security center, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Anti-Malware**.
- You can only use a condition once, but you can specify multiple values for the condition. Multiple values of the same condition use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_). To add more conditions, click **Add condition** and select from the remaining options.
+ The following properties are displayed on the page:
- - **Except if**: To add exceptions for the rule, click **Add exception**, click on the **Select one** drop-down, and configure the exceptions. The settings and behavior are exactly like the conditions.
+ - **Name**
+ - **Status**
+ - **Priority**
-3. When you're finished, click **Save**.
+2. When you select a policy, the policy settings are displayed in a flyout.
-## Use the Security & Compliance Center to view anti-malware policies
+## Use the security center to modify anti-malware policies
-1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+1. In the security center, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Anti-Malware**.
-2. When you select a policy, information about the policy is displayed in the details pane. To see more information about the policy, click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png).
+2. Select a policy from the list by clicking on the name of the policy. In the policy details flyout that appears, select **Edit** in each section to modify the settings within the section. For more information about the settings, see the previous [Use the security center to create anti-malware policies](#use-the-security-center-to-create-anti-malware-policies) section in this article.
- - The **Enabled** property value, the **Priority** property value, and the settings on the **Applied to** tab are in the malware filter rule.
+ **Note**: You can't rename the default policy.
- - The settings on the **General** and **Settings** tabs are in the malware filter policy.
+## Use the security center to enable or disable anti-malware policies
-## Use the Security & Compliance Center to modify anti-malware policies
+You can't disable the default anti-malware policy.
-1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+1. In the security center, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Anti-Malware**.
-2. Select the policy, and then click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png). For information about the settings, see the [Use the Security & Compliance Center to create anti-malware policies](#use-the-security--compliance-center-to-create-anti-malware-policies) section in this article.
+2. Select a custom policy from the list by clicking on the name of the policy. At the top of the policy details flyout that appears, you'll see one of the following values:
+ - **Policy off**: To turn on the policy, click ![Turn on icon](../../media/m365-cc-sc-turn-on-off-icon.png) **Turn on** .
+ - **Policy on**: To turn off the policy, click ![Turn off icon](../../media/m365-cc-sc-turn-on-off-icon.png) **Turn off**.
- **Notes**:
+3. In the confirmation dialog that appears, click **Turn on** or **Turn off**.
- - Instead of everything on one page, the settings are divided among the **General**, **Settings**, and **Applied to** tabs. The **Applied to** tab isn't available in the default policy named Default (which is automatically applied to everyone).
+4. Click **Close** in the policy details flyout.
- - You can't rename the default policy.
+Back on the main policy page, the **Status** value will be **On** or **Off**.
-## Use the Security & Compliance Center to enable or disable anti-malware policies
+## Use the security center to set the priority of custom anti-malware policies
-1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+By default, anti-malware policies are given a priority that's based on the order they were created in (newer policies are lower priority than older policies). A lower priority number indicates a higher priority for the policy (0 is the highest), and policies are processed in priority order (higher priority policies are processed before lower priority policies). No two policies can have the same priority, and policy processing stops after the first policy is applied.
-2. Select the policy from the list, and then configure one of the following settings:
-
- - **Disable the policy**: Clear the check box in the **Enabled** column. By default, anti-malware policies are enabled when you create them in the Security & Compliance Center.
-
- - **Enable the policy**: Select the check box in the **Enabled** column.
-
-## Use the Security & Compliance Center to set the priority of custom anti-malware policies
-
-By default, anti-malware policies are given a priority that's based on the order they were created in (newer polices are lower priority than older policies). A lower priority number indicates a higher priority for the policy, and policies are processed in priority order (higher priority policies are processed before lower priority policies). No two policies can have the same priority, and policy processing stops after the first policy is applied.
+To change the priority of a policy, you click **Increase priority** or **Decrease priority** in the properties of the policy (you can't directly modify the **Priority** number in the Security & Compliance Center). Changing the priority of a policy only makes sense if you have multiple policies.
**Notes**: -- In the Security & Compliance Center, you can only change the priority of the anti-malware policy after you create it. In PowerShell, you can override the default priority when you create the malware filter rule (which can affect the priority of existing rules).
+- In the security center, you can only change the priority of the anti-malware policy after you create it. In PowerShell, you can override the default priority when you create the malware filter rule (which can affect the priority of existing rules).
+- Anti-malware policies are processed in the order that they're displayed (the first policy has the **Priority** value 0). The default anti-malware policy named Default has the priority value **Lowest**, and you can't change it.
-- In the Security & Compliance Center, anti-malware policies are processed in the order that they're displayed (the first policy has the **Priority** value 0). The default anti-malware policy named Default has the priority value **Lowest**, and you can't change it.
+1. In the security center, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Anti-Malware**.
-To change the priority of a policy, move the policy up or down in the list (you can't directly modify the **Priority** number in the Security & Compliance Center).
+2. Select a custom policy from the list by clicking on the name of the policy. At the top of the policy details flyout that appears, you'll see **Increase priority** or **Decrease priority** based on the current priority value and the number of custom policies:
+ - The anti-malware policy with the **Priority** value **0** has only the **Decrease priority** option available.
+ - The anti-malware policy with the lowest **Priority** value (for example, **3**) has only the **Increase priority** option available.
+ - If you have three or more anti-malware policies, policies between the highest and lowest priority values have both the **Increase priority** and **Decrease priority** options available.
-1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+3. Click ![Increase priority icon](../../media/m365-cc-sc-increase-icon.png) **Increase priority** or ![Decrease priority icon](../../media/m365-cc-sc-decrease-icon.png) **Decrease priority** to change the **Priority** value.
-2. Select a policy, and then click **Move up** ![Up Arrow icon](../../media/ITPro-EAC-UpArrowIcon.png) or **Move down** ![Down Arrow icon](../../media/ITPro-EAC-DownArrowIcon.png) to move the rule up or down in the list.
+4. When you're finished, click **Close** in the policy details flyout.
-## Use the Security & Compliance Center to remove anti-malware policies
+## Use the security center to remove anti-malware policies
-When you use the Security & Compliance Center to remove an anti-malware policy, the malware filter rule and the corresponding malware filter policy are both deleted.
+When you use the security center to remove an anti-malware policy, the malware filter rule and the corresponding malware filter policy are both deleted.
-1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+1. In the security center, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Anti-Malware**.
-2. Select the anti-malware policy you want to remove from the list, and then click **Delete** ![Delete icon](../../media/ITPro-EAC-DeleteIcon.png).
+2. Select a custom policy from the list by clicking on the name of the policy. At the top of the policy details flyout that appears, click ![More actions icon](../../media/m365-cc-sc-more-actions-icon.png) **More actions** \> ![Delete policy icon](../../media/m365-cc-sc-delete-icon.png) **Delete policy**.
+
+3. In the confirmation dialog that appears, click **Yes**.
## Use Exchange Online PowerShell or standalone EOP PowerShell to configure anti-malware policies
When you use the Security & Compliance Center to remove an anti-malware policy,
Creating an anti-malware policy in PowerShell is a two-step process: 1. Create the malware filter policy.- 2. Create the malware filter rule that specifies the malware filter policy that the rule applies to. **Notes**: - You can create a new malware filter rule and assign an existing, unassociated malware filter policy to it. A malware filter rule can't be associated with more than one malware filter policy.--- There are two settings that you can configure on new anti-malware policies in PowerShell that aren't available in the Security & Compliance Center until after you create the policy:-
+- There are two settings that you can configure on new anti-malware policies in PowerShell that aren't available in the security center until after you create the policy:
- Create the new policy as disabled (_Enabled_ `$false` on the **New-MalwareFilterRule** cmdlet).- - Set the priority of the policy during creation (_Priority_ _\<Number\>_) on the **New-MalwareFilterRule** cmdlet).--- A new malware filter policy that you create in PowerShell isn't visible in the Security & Compliance Center until you assign the policy to a malware filter rule.
+- A new malware filter policy that you create in PowerShell isn't visible in the security center until you assign the policy to a malware filter rule.
#### Step 1: Use PowerShell to create a malware filter policy
-**Note**: In EOP, the _Action_ parameter values `DeleteMessage`, `DeleteAttachmentAndUseDefaultAlert`, and `DeleteAttachmentAndUseCustomAlert` don't delete messages. Instead, the messages are quarantined. For more information about retrieving quarantined messages, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md).
+**Note**: In the cloud-based service, the _Action_ parameter values `DeleteMessage`, `DeleteAttachmentAndUseDefaultAlert`, and `DeleteAttachmentAndUseCustomAlert` don't delete messages. Instead, the messages are quarantined. For more information about retrieving quarantined messages, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md).
To create a malware filter policy, use this syntax:
New-MalwareFilterPolicy -Name "<PolicyName>" [-Action <DeleteMessage | DeleteAtt
This example creates a new malware filter policy named Contoso Malware Filter Policy with these settings: - Quarantine messages that contain malware without notifying the recipients (we aren't using the _Action_ parameter, and the default value is `DeleteMessage`).- - Don't notify the message sender when malware is detected in the message (we aren't using the _EnableExternalSenderNotifications_ or _EnableInternalSenderNotifications_ parameters, and the default value for both is `$false`).- - Notify the administrator admin@contoso.com when malware is detected in a message from an internal sender. ```PowerShell
New-MalwareFilterRule -Name "<RuleName>" -MalwareFilterPolicy "<PolicyName>" <Re
This example creates a new malware filter rule named Contoso Recipients with these settings: - The malware filter policy named Contoso Malware Filter Policy is associated with the rule.- - The rule applies to recipients in the contoso.com domain. ```PowerShell
For detailed syntax and parameter information, see [Get-MalwareFilterRule](/powe
Other than the following items, the same settings are available when you modify a malware filter policy in PowerShell as when you create the policy as described in the [Step 1: Use PowerShell to create a malware filter policy](#step-1-use-powershell-to-create-a-malware-filter-policy) section earlier in this article. - The _MakeDefault_ switch that turns the specified policy into the default policy (applied to everyone, unmodifiable **Lowest** priority, and you can't delete it) is only available when you modify a malware filter policy in PowerShell.--- You can't rename a malware filter policy (the **Set-MalwareFilterPolicy** cmdlet has no _Name_ parameter). When you rename an anti-malware policy in the Security & Compliance Center, you're only renaming the malware filter _rule_.
+- You can't rename a malware filter policy (the **Set-MalwareFilterPolicy** cmdlet has no _Name_ parameter). When you rename an anti-malware policy in the security center, you're only renaming the malware filter _rule_.
To modify a malware filter policy, use this syntax:
Set-MalwareFilterRule -Identity "Marketing Department" -Priority 2
**Notes**: - To set the priority of a new rule when you create it, use the _Priority_ parameter on the **New-MalwareFilterRule** cmdlet instead.- - The default malware filter policy doesn't have a corresponding malware filter rule, and it always has the unmodifiable priority value **Lowest**. ### Use PowerShell to remove malware filter policies
For detailed syntax and parameter information, see [Remove-MalwareFilterRule](/p
In your desktop anti-virus program, be sure to exclude the EICAR.TXT from scanning (otherwise, the file will be quarantined). 3. Send an email message that contains the EICAR.TXT file as an attachment, using an email client that won't automatically block the file. Use your anti-malware policy settings to determine the following scenarios to test:- - Email from an internal mailbox to an internal recipient.- - Email from an internal mailbox to an external recipient.- - Email from an external mailbox to an internal recipient. 4. Verify that the message was quarantined, and verify the recipient and sender notification results based on your anti-malware policy settings. For example: - Recipients aren't notified, or recipients receive the original message with the EICAR.TXT attachment replaced by **Malware Alert Text.txt** that contains the default or customized text.- - Internal or external senders are notified with the default or customized notification messages.- - The admin email address that you specified is notified for internal or external message senders, with the default or customized notification messages.
-5. Delete the EICAR.TXT file after your testing is complete (so other users aren't unnecessarily alarmed by it).
+5. Delete the EICAR.TXT file after your testing is complete (so other users aren't unnecessarily alarmed by it).
security Configure Junk Email Settings On Exo Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-junk-email-settings-on-exo-mailboxes.md
Admins can use Exchange Online PowerShell to disable, enable, and view the statu
- You need to be assigned permissions in Exchange Online before you can do the procedures in this article. Specifically, you need the **Mail Recipients** role (which is assigned to the **Organization Management**, **Recipient Management**, and **Custom Mail Recipients** role groups by default) or the **User Options** role (which is assigned to the **Organization Management** and **Help Desk** role groups by default). To add users to role groups in Exchange Online, see [Modify role groups in Exchange Online](/Exchange/permissions-exo/role-groups#modify-role-groups). Note that users with default permissions can do these same procedures on their own mailbox, as long as they have [access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell). -- In standalone EOP environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
+- In hybrid environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure EOP to deliver spam to the Junk Email folder in hybrid environments](/exchange/standalone-eop/configure-eop-spam-protection-hybrid).
- Safe Senders for shared mailboxes are not synchronized to Azure AD and EOP by design.
security Configure S Mime Settings For Outlook Web App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-s-mime-settings-for-outlook-web-app.md
- Title: Configure S/MIME settings - Exchange Online for Outlook on web
- - NOCSH
-----
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
-description: A brief description of what Exchange Online admins need to do to view and configure the S/MIME settings in Outlook on the web in Exchange Online.
---
-# Configure S/MIME settings in Exchange Online for Outlook on the web
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-As an admin for Exchange Online, you can set up Outlook on the web (formerly known as Outlook Web App) to allow sending and receiving S/MIME-protected messages. Use the **Get-SmimeConfig** and **Set-SmimeConfig** cmdlets to view and manage this feature in Exchange Online PowerShell. To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
-
-For detailed syntax and parameter information, see [Get-SmimeConfig](/powershell/module/exchange/get-smimeconfig) and [Set-SmimeConfig](/powershell/module/exchange/set-smimeconfig).
-
-## Considerations for new Microsoft Edge (Chromium-based)
-
-To use S/MIME in Outlook on the web in the new [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) web browser, you (or another admin) must set and configure the Microsoft Edge browser policy named **ExtensionInstallForcelist** to install the Microsoft S/MIME extension in the new Microsoft Edge. The policy value is `maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx`. And note that applying this policy requires domain-joined or Azure AD-joined devices, so using S/MIME in the new Microsoft Edge browser effectively requires domain-joined or Azure AD-joined devices.
-
-For details about the **ExtensionInstallForcelist** policy, see [ExtensionInstallForcelist](/DeployEdge/microsoft-edge-policies#extensioninstallforcelist).
-
-This step is a prerequisite for using new Microsoft Edge; it does not replace the S/MIME control that's installed by users. Users are prompted to download and install the S/MIME control in Outlook on the web during their first use of S/MIME. Or, users can proactively go to **S/MIME** in their Outlook on the web settings to get the download link for the control.
-
-## Considerations for Chrome
-
-To use S/MIME in Outlook on the web in the Google Chrome web browser, you (or another admin) must set and configure the Chromium policy named **ExtensionInstallForcelist** to install the Microsoft S/MIME extension in Chrome. The policy value is `maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx`. And note that applying this policy requires domain-joined computers, so using S/MIME in Chrome effectively requires domain-joined computers.
-
-For details about the **ExtensionInstallForcelist** policy, see [ExtensionInstallForcelist](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallForcelist).
-
-This step is a prerequisite for using Chrome; it does not replace the S/MIME control that's installed by users. Users are prompted to download and install the S/MIME control in Outlook on the web during their first use of S/MIME. Or, users can proactively go to **S/MIME** in their Outlook on the web settings to get the download link for the control.
-
-## For more information
-
-[S/MIME for message signing and encryption](s-mime-for-message-signing-and-encryption.md)
security Configure Your Spam Filter Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-your-spam-filter-policies.md
Creating a custom anti-spam policy in the Security & Compliance Center creates t
> <sup>1</sup> In Exchange Online, the message is moved to the Junk Email folder if the junk email rule is enabled on the mailbox (it's enabled by default). For more information, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md). >
- > In standalone EOP environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
+ > In hybrid environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure EOP to deliver spam to the Junk Email folder in hybrid environments](/exchange/standalone-eop/configure-eop-spam-protection-hybrid).
> > <sup>2</sup> You can this use value as a condition in mail flow rules to filter or route the message.
security Create Block Sender Lists In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365.md
The maximum limit for these lists is approximately 1000 entries.
If you need to block messages that are sent to specific users or across the entire organization, you can use mail flow rules. Mail flow rules are more flexible than block sender lists or blocked sender domain lists because they can also look for keywords or other properties in the unwanted messages.
-Regardless of the conditions or exceptions that you use to identify the messages, you configure the action to set the spam confidence level (SCL) of the message to 9, which marks the message a **High confidence spam**. For more information, see [Use mail flow rules to set the SCL in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md).
+Regardless of the conditions or exceptions that you use to identify the messages, you configure the action to set the spam confidence level (SCL) of the message to 9, which marks the message a **High confidence spam**. For more information, see [Use mail flow rules to set the SCL in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl).
> [!IMPORTANT] > It's easy to create rules that are *overly* aggressive, so it's important that you identify only the messages you want to block using using very specific criteria. Also, be sure to enable auditing on the rule and test the results of the rule to ensure everything works as expected.
security Enable The Report Phish Add In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-phish-add-in.md
To review messages that users report to Microsoft, you have these options:
- Use the Admin Submissions portal. For more information, see [View user submissions to Microsoft](admin-submission.md#view-user-submissions-to-microsoft). -- Create a mail flow rule (also known as a transport rule) to send copies of reported messages. For instructions, see [Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md).
+- Create a mail flow rule (also known as a transport rule) to send copies of reported messages. For instructions, see [Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft).
security Ensure That Spam Is Routed To Each User S Junk Email Folder https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md
- Title: Configure EOP to junk spam in hybrid environments
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
-description: Admins can learn how to route spam to user Junk Email folders in an Exchange Online Protection hybrid environment.
---
-# Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-> [!IMPORTANT]
-> This topic is only for standalone EOP customers in hybrid environments. This topic does not apply to Microsoft 365 customers with Exchange Online mailboxes.
-
-If you're a standalone Exchange Online Protection (EOP) customer in a hybrid environment, you need to configure your on-premises Exchange organization to recognize and translate the spam filtering verdicts of EOP, so the junk email rule in the on-premises mailbox can move messages to the Junk Email folder.
-
-Specifically, you need to create mail flow rules (also known as transport rules) in your on-premises Exchange organization with conditions that find messages with any of the following EOP anti-spam headers and values, and actions that set the spam confidence level (SCL) of those messages to 6:
--- `X-Forefront-Antispam-Report: SFV:SPM` (message marked as spam by spam filtering)--- `X-Forefront-Antispam-Report: SFV:SKS` (message marked as spam by mail flow rules in EOP before spam filtering)--- `X-Forefront-Antispam-Report: SFV:SKB` (message marked as spam by spam filtering due to the sender's email address or email domain being in the blocked sender list or the blocked domain list in EOP)-
-For more information about these header values, see [Anti-spam message headers](anti-spam-message-headers.md).
-
-This topic describes how to create these mail flow rules the Exchange admin center (EAC) and in the Exchange Management Shell (Exchange PowerShell) in the on-premises Exchange organization.
-
-> [!TIP]
-> Instead of delivering the messages to the on-premises user's Junk Email folder, you can configure anti-spam policies in EOP to quarantine spam messages in EOP. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
-
-## What do you need to know before you begin?
--- You need to be assigned permissions in the on-premises Exchange environment before you can do these procedures. Specifically, you need to be assigned the **Transport Rules** role, which is assigned to the **Organization Management**, **Compliance Management**, and **Records Management** roles by default. For more information, see [Add members to a role group](/Exchange/permissions/role-group-members#add-members-to-a-role-group).--- If and when a message is delivered to the Junk Email folder in an on-premises Exchange organization is controlled by a combination of the following settings:-
- - The _SCLJunkThreshold_ parameter value on the [Set-OrganizationConfig](/powershell/module/exchange/set-organizationconfig) cmdlet in the Exchange Management Shell. The default value is 4, which means an SCL of 5 or higher should deliver the message to the user's Junk email folder.
-
- - The _SCLJunkThreshold_ parameter value on the [Set-Mailbox](/powershell/module/exchange/set-mailbox) cmdlet in the Exchange Management Shell. The default value is blank ($null), which means the organization setting is used.
-
- For details, see [Exchange spam confidence level (SCL) thresholds](/Exchange/antispam-and-antimalware/antispam-protection/scl).
-
- - Whether the junk email rule is enabled on the mailbox (the _Enabled_ parameter value is $true on the [Set-MailboxJunkEmailConfiguration](/powershell/module/exchange/set-mailboxjunkemailconfiguration) cmdlet in the Exchange Management Shell). It's the junk email rule that actually moves the message to the Junk Email folder after delivery. By default, the junk email rule is enabled on mailboxes. For more information, see [Configure Exchange antispam settings on mailboxes](/Exchange/antispam-and-antimalware/antispam-protection/configure-antispam-settings).
--- To open the EAC on an Exchange Server, see [Exchange admin center in Exchange Server](/Exchange/architecture/client-access/exchange-admin-center). To open the Exchange Management Shell, see [Open the Exchange Management Shell](/powershell/exchange/open-the-exchange-management-shell).--- For more information about mail flow rules in on-premises Exchange, see the following topics:-
- - [Mail flow rules in Exchange Server](/Exchange/policy-and-compliance/mail-flow-rules/mail-flow-rules)
-
- - [Mail flow rule conditions and exceptions (predicates) in Exchange Server](/Exchange/policy-and-compliance/mail-flow-rules/conditions-and-exceptions)
-
- - [Mail flow rule actions in Exchange Server](/Exchange/policy-and-compliance/mail-flow-rules/actions)
-
-## Use the EAC to create mail flow rules that set the SCL of EOP spam messages
-
-1. In the EAC, go to **Mail flow** \> **Rules**.
-
-2. Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png) and select **Create a new rule** in the drop-down that appears.
-
-3. In the **New rule** page that opens, configure the following settings:
-
- - **Name**: Enter a unique, descriptive name for the rule. For example:
-
- - EOP SFV:SPM to SCL 6
-
- - EOP SFV:SKS to SCL 6
-
- - EOP SFV:SKB to SCL 6
-
- - Click **More Options**.
-
- - **Apply this rule if**: Select **A message header** \> **includes any of these words**.
-
- In the **Enter text header includes Enter words** sentence that appears, do the following steps:
-
- - Click **Enter text**. In the **Specify header name** dialog that appears, enter **X-Forefront-Antispam-Report** and then click **OK**.
-
- - Click **Enter words**. In the **Specify words or phrases** dialog that appears, enter one of the EOP spam header values (**SFV:SPM**, **SFV:SKS**, or **SFV:SKB**), click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png), and then click **OK**.
-
- - **Do the following**: Select **Modify the message properties** \> **Set the spam confidence level (SCL)**.
-
- In the **Specify SCL** dialog that appears, select **6** (the default value is **5**).
-
- When you're finished, click **Save**
-
-Repeat these steps for the remaining EOP spam verdict values (**SFV:SPM**, **SFV:SKS**, or **SFV:SKB**).
-
-## Use the Exchange Management Shell to create mail flow rules that set the SCL of EOP spam messages
-
-Use the following syntax to create the three mail flow rules:
-
-```Powershell
-New-TransportRule -Name "<RuleName>" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "<EOPSpamFilteringVerdict>" -SetSCL 6
-```
-
-For example:
-
-```Powershell
-New-TransportRule -Name "EOP SFV:SPM to SCL 6" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "SFV:SPM" -SetSCL 6
-```
-
-```Powershell
-New-TransportRule -Name "EOP SFV:SKS to SCL 6" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "SFV:SKS" -SetSCL 6
-```
-
-```Powershell
-New-TransportRule -Name "EOP SFV:SKB to SCL 6" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "SFV:SKB" -SetSCL 6
-```
-
-For detailed syntax and parameter information, see [New-TransportRule](/powershell/module/exchange/new-transportrule).
-
-## How do you know this worked?
-
-To verify that you've successfully configured standalone EOP to deliver spam to the Junk Email folder in hybrid environment, do any of the following steps:
--- In the EAC, go to **Mail flow** \> **Rules**, select the rule, and then click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png) to verify the settings.--- In the Exchange Management Shell, replace \<RuleName\> with the name of the mail flow rule, and rul the following command to verify the settings:-
- ```powershell
- Get-TransportRule -Identity "<RuleName>" | Format-List
- ```
--- In an external email system **that doesn't scan outbound messages for spam**, send a Generic Test for Unsolicited Bulk Email (GTUBE) message to an affected recipient, and confirm that it's delivered to their Junk Email folder. A GTUBE message is similar to the European Institute for Computer Antivirus Research (EICAR) text file for testing malware settings.-
- To send a GTUBE message, include the following text in the body of an email message on a single line, without any spaces or line breaks:
-
- ```text
- XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
- ```
security Eop Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-features.md
ms.prod: m365-security
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)] **Applies to**-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
-The following table provides a list of features that are available in the Exchange Online Protection (EOP) hosted email filtering service.
+The following table provides a list of features that are available in the Exchange Online Protection (EOP) email filtering service.
> [!TIP] > The [Microsoft 365 for business roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=O365) is a good resource for finding out information about upcoming new features. For a broader view about what features are available with the different EOP subscription plans, see [Exchange Online Protection Service Description](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description).
+<br>
+ **** |Feature|Description| ||| |**Anti-spam protection**||
-|Inbound spam detection|For more information, see [Anti-spam protection in Microsoft 365](anti-spam-protection.md). <p> In standalone EOP environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md)|
+|Inbound spam detection|For more information, see [Anti-spam protection in Microsoft 365](anti-spam-protection.md). <p> In hybrid environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure EOP to deliver spam to the Junk Email folder in hybrid environments](/exchange/standalone-eop/configure-eop-spam-protection-hybrid).|
|Outbound spam detection|Outbound anti-spam protection is always enabled if you use the service for sending outbound mail. For more information, see [Outbound spam protection](outbound-spam-controls.md).| |Backscatter protection|For more information, see [Backscatter and EOP](backscatter-messages-and-eop.md).| |Bulk mail filtering|EOP uses the bulk complaint threshold (BCL) to mark bulk email messages as spam. For more information, see the following topics: <p> [What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md) <p> [Bulk complaint level (BCL) in EOP](bulk-complaint-level-values.md) <p> [Configure anti-spam policies](configure-your-spam-filter-policies.md)|
The following table provides a list of features that are available in the Exchan
|Create custom anti-spam policies|For greater granularity, you can create custom anti-spam policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies. For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).| |Configure the actions on spam-filtered messages|For example, you can delete content-filtered messages or send them to the Junk Email folder or the quarantine. For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).| |International spam filtering|You can configure anti-spam filtering to filter messages written in specific languages or sent from specific countries or regions. For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).|
-|Manage spam via Outlook or Outlook on the web (formerly known as Outlook Web App)|Admins and end users can create safe sender lists and blocked sender lists. For more information, see [About junk email settings in Outlook](configure-junk-email-settings-on-exo-mailboxes.md#about-junk-email-settings-in-outlook). <p> If you're using EOP to help protect on-premises mailboxes, be sure to use directory synchronization to help ensure that these settings are synced to the service. For more information about setting up directory synchronization, see "Use directory synchronization to manage mail users" in [Manage mail users in EOP](manage-mail-users-in-eop.md).|
+|Manage spam via Outlook or Outlook on the web (formerly known as Outlook Web App)|Admins and end users can create safe sender lists and blocked sender lists. For more information, see [About junk email settings in Outlook](configure-junk-email-settings-on-exo-mailboxes.md#about-junk-email-settings-in-outlook). <p> If you're using EOP to help protect on-premises mailboxes, be sure to use directory synchronization to help ensure that these settings are synced to the service. For more information about setting up directory synchronization, see "Use directory synchronization to manage mail users" in [Manage mail users in standalone EOP](/exchange/standalone-eop/manage-mail-users-in-eop).|
|Report false positives and false negatives to Microsoft.|For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).| |End-user spam quarantine notifications|For more information, see [End-user spam notifications](use-spam-notifications-to-release-and-report-quarantined-messages.md) and [Configure end-user spam notifications](configure-your-spam-filter-policies.md#configure-end-user-spam-notifications).| |View, find, and manage messages in the quarantine portal.|For more information, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md) or [Find and release quarantined messages as a user](find-and-release-quarantined-messages-as-a-user.md).|
The following table provides a list of features that are available in the Exchan
|Redirect or copy messages|Mail flow rules can redirect, add recipients by Cc or Bcc, simply add recipients, and other options. For more information, see [Mail flow rule actions in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rule-actions).| |Adjust rule priority across multiple rules|Use the Exchange admin center to change the order in which rules are processed.| |Filter messages and then change the routing or attributes of a message|You can filter messages based on a wide variety of conditions and then apply a series of actions to each message. For more information, see [Mail flow rules (transport rules) in Exchange Online Protection](mail-flow-rules-transport-rules-0.md).|
-|Change the spam confidence level (SCL) of a message by rule.|You can inspect an in-transit message and assign a spam confidence level to it based on criteria that you choose. For more information, see [Use mail flow rules to set the spam confidence level (SCL) in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md).|
+|Change the spam confidence level (SCL) of a message by rule.|You can inspect an in-transit message and assign a spam confidence level to it based on criteria that you choose. For more information, see [Use mail flow rules to set the spam confidence level (SCL) in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl).|
|Inspect message attachments|You can examine the content of an attachment or the characteristics of an attached file and define an action to take based on what is found. For more information, see [Using mail flow rules to inspect message attachments in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments).| |**Administration**||
-|Web-based administration|Admins can manage the service in the Exchange admin center (EAC), which is supported in 60 languages. For more information, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).|
-|Directory synchronization|Directory synchronization is available via the Azure Active Directory Sync tool. For more information, see the "Use directory synchronization to manage mail users" section in [Manage mail users in EOP](manage-mail-users-in-eop.md).|
+|Web-based administration|Most features are managed in the [Security & Compliance Center](grant-access-to-the-security-and-compliance-center.md). <p> Other features require management in the Exchange admin center (EAC). For more information, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center) or [Exchange admin center in standalone EOP](/exchange/standalone-eop/exchange-admin-center-eop).|
+|Directory synchronization|Directory synchronization is available via the Azure Active Directory Sync tool. For more information, see the "Use directory synchronization to manage mail users" section in [Manage mail users in standalone EOP](/exchange/standalone-eop/manage-mail-users-in-eop).|
|Directory Based Edge Blocking (DBEB)|The DBEB feature lets you reject messages for invalid recipients at the service network perimeter. DBEB lets admins add mail-enabled recipients to Microsoft 365 and block all messages sent to email addresses that aren't present in Microsoft 365. For more information about configuring DBEB, see [Use Directory Based Edge Blocking to reject messages sent to invalid recipients](/exchange/mail-flow-best-practices/use-directory-based-edge-blocking).| |PowerShell|Full EOP functionality is available in standalone EOP PowerShell. For more information, see [Exchange Online Protection PowerShell](/powershell/exchange/exchange-online-protection-powershell).| |**Reporting and logging**|| |Message trace|Admins can follow email messages as they pass through the service. You can determine whether a targeted email message was received, rejected, deferred, or delivered by the service. This lets you efficiently answer your users' questions, troubleshoot mail flow issues, validate policy changes, and alleviates the need to contact technical support for assistance. For more information, see [Message trace in the Security & Compliance Center](message-trace-scc.md).| |Web-based reports|The mail protection reports in the Security & Compliance Center provide messaging data. For example, you can monitor how much spam and malware is being detected or how often your mail flow rules are being matched. With these interactive reports, you can quickly get a visual report of summary data and drill down into details about individual messages, for as far back as 90 days. For more information, see [Use mail protection reports to view data about malware, spam, and rule detections](/exchange/monitoring/use-mail-protection-reports).|
-|Audit logging|The administrator role group report and the administrator audit log are available for EOP admins. For more information, see [Auditing reports in EOP](auditing-reports-in-eop.md).|
+|Audit logging|For more information, see [Auditing reports in Exchange Online](/exchange/security-and-compliance/exchange-auditing-reports/exchange-auditing-reports).|
|**Service Level Agreements (SLAs) and support**|| |Spam effectiveness SLA|\> 99%| |False positive ratio SLA|\< 1:250,000|
The following table provides a list of features that are available in the Exchan
|A geo-redundant global network of servers|EOP runs on a worldwide network of datacenters that are designed to help provide the best availability. For more information, see the "EOP data centers" section in [Exchange Online Protection overview](exchange-online-protection-overview.md).| |Message queuing when the on-premises server cannot accept mail|Messages in deferral remain in our queues for one day. Message retry attempts are based on the error we get back from the recipient's mail system. On average, messages are retried every 5 minutes. For more information, see [EOP queued, deferred, and bounced messages FAQ](eop-queued-deferred-and-bounced-messages-faq.yml).| |Office 365 Message Encryption available as an add-on service|For more information, see [Encryption in Office 365](../../compliance/encryption.md).|
-|
+|
security Exchange Admin Center In Exchange Online Protection Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/exchange-admin-center-in-exchange-online-protection-eop.md
- Title: Exchange admin center in standalone EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
-description: Learn about the web management interface in standalone Exchange Online Protection (EOP).
--
-# Exchange admin center in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-The Exchange admin center (EAC) is a web-based management console for standalone Exchange Online Protection (EOP).
-
-Looking for the Exchange Online version of this topic? See [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
-
-## Open the EAC in EOP
-
-Standalone EOP customers can access the EAC by using the following methods:
--- **From the Microsoft 365 admin center**:-
- 1. Go to <https://admin.microsoft.com> and click **Show all**.
-
- ![Click Show all in the Microsoft 365 admin center](../../media/m365-center-show-all.png)
-
- 2. In the **Admin centers** section that appears, click **All admin centers**.
-
- ![Click All admin centers in the Microsoft 365 admin center](../../media/m365-center-select-all-admin-centers.png)
-
- 3. On the **All admin centers** page that appears, click **Exchange Online Protection**.
--- Go directly to `https://admin.protection.outlook.com/ecp/`.-
-## Common user interface elements in the EAC in EOP
-
-This section describes the user interface elements that are found in the EAC.
-
-![The Exchange admin center in Exchange Online Protection](../../media/EOP-AdminCenter.png)
-
-### Feature Pane
-
-This is the first level of navigation for most of the tasks you'll perform in the EAC. The feature pane is organized by feature areas.
--- **Recipients**: This is where you'll view groups and external contacts.--- **Permissions**: This where you'll manage admin roles.--- **Compliance Management**: This is where you'll find the administrator role group report and the admin audit log report.--- **Protection**: This is where you can manage anti-malware policies, the default connection filter policy, and DKIM.-
- > [!NOTE]
- > You should manage anti-malware policies and the default connection filter policy in the Security & Compliance Center. For more information, see [Configure anti-malware policies in EOP](configure-anti-malware-policies.md) and [Configure connection filtering in EOP](configure-the-connection-filter-policy.md).
--- **Mail Flow**: This is where you'll manage mail flow rules (also known as transport rules), accepted domains, and connectors, as well as where you can go to run message trace.--- **Hybrid**: This is where you can run the [Hybrid Configuration Wizard](/Exchange/hybrid-configuration-wizard), and where you can install the [Exchange Online PowerShell module](/powershell/exchange/mfa-connect-to-exchange-online-powershell).-
-### Tabs
-
-The tabs are your second level of navigation. Each of the feature areas contains various tabs, each representing a feature.
-
-### Toolbar
-
-When you click most tabs, you'll see a toolbar. The toolbar has icons that perform a specific action. The following table describes the icons and their actions.
-
-****
-
-|Icon|Name|Action|
-||||
-|![Add Icon](../../media/ITPro-EAC-AddIcon.gif)|Add, New|Use this icon to create a new object. Some of these icons have an associated down arrow you can click to show additional objects you can create.|
-|![Edit icon](../../media/ITPro-EAC-EditIcon.gif)|Edit|Use this icon to edit an object.|
-|![Delete icon](../../media/ITPro-EAC-DeleteIcon.gif)|Delete|Use this icon to delete an object. Some delete icons have a down arrow you can click to show additional options.|
-|![Search icon](../../media/ITPro-EAC-.gif)|Search|Use this icon to open a search box in which you can type the search phrase for an object you want to find.|
-|![Refresh Icon](../../media/ITPro-EAC-RefreshIcon.gif)|Refresh|Use this icon to refresh the list view.|
-|![More Options Icon](../../media/ITPro-EAC-MoreOptionsIcon.gif)|More options|Use this icon to view more actions you can perform for that tab's objects. For example, in **Recipients \> Users** clicking this icon shows the option to perform an **Advanced Search**.|
-|![Up Arrow Icon](../../media/ITPro-EAC-UpArrowIcon.gif)![Down Arrow Icon](../../media/ITPro-EAC-DownArrowIcon.gif)|Up arrow and down arrow|Use these icons to move an object's priority up or down.|
-|![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif)|Remove|Use this icon to remove objects from a list.|
-|
-
-### List View
-
-When you select a tab, in most cases you'll see a list view. The viewable limit with the EAC list view is approximately 10,000 objects. In addition, paging is included so that you can page to results.
-
-### Details Pane
-
-When you select an object from the list view, information about that object is displayed in the details pane. In some cases the details pane includes management tasks.
-
-### Me tile and Help
-
-The **Me** tile allows you to sign out the EAC and sign in as a different user. From the **Help**![Help Icon](../../media/ITPro-EAC-HelpIcon.gif) drop-down menu, you can do the following actions:
--- **Help**: Click ![Help Icon](../../media/ITPro-EAC-HelpIcon.gif) to view the online help content.-- **Feedback**: Leave feedback.-- **Community**: Post a question for find answers in the community forums.-- **Disable Help bubble**: The Help bubble displays contextual help for fields when you create or edit an object. You can turn off the Help bubble or turn it on if it has been disabled.-- **Show Command Logging**: A new window opens that shows the equivalent PowerShell commands based on what you configured in EAC.-
-## Supported Browsers
-
-For the best experience using the EAC, we recommend that you always use the latest browsers, Office clients, and apps. We also recommend that you install software updates when they become available. For more information about the supported browsers and system requirements for the service, see [System requirements for Office](https://products.office.com/office-system-requirements).
-
-## Supported languages
-
-The following languages are supported and available for the EAC in standalone EOP.
--- Amharic-- Arabic-- Basque (Basque)-- Bengali (India)-- Bulgarian-- Catalan-- Chinese (Simplified)-- Chinese (Traditional)-- Croatian-- Czech-- Danish-- Dutch-- English-- Estonian-- Filipino (Philippines)-- Finnish-- French-- Galician-- German-- Greek-- Gujarati-- Hebrew-- Hindi-- Hungarian-- Icelandic-- Indonesian-- Italian-- Japanese-- Kannada-- Kazakh-- Kiswahili-- Korean-- Latvian-- Lithuanian-- Malay (Brunei Darussalam)-- Malay (Malaysia)-- Malayalam-- Marathi-- Norwegian (Bokmål)-- Norwegian (Nynorsk)-- Oriya-- Persian-- Polish-- Portuguese (Brazil)-- Portuguese (Portugal)-- Romanian-- Russian-- Serbian (Cyrillic, Serbia)-- Serbian (Latin)-- Slovak-- Slovenian-- Spanish-- Swedish-- Tamil-- Telugu-- Thai-- Turkish-- Ukrainian-- Urdu-- Vietnamese-- Welsh
security Exchange Online Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/exchange-online-protection-overview.md
ms.prod: m365-security
- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
-Exchange Online Protection (EOP) is the cloud-based filtering service that helps protect your organization against spam and malware. EOP is included in all Microsoft 365 organizations with Exchange Online mailboxes. However, EOP is also available in the following on-premises scenarios:
+Exchange Online Protection (EOP) is the cloud-based filtering service that helps protect your organization against spam, malware, and other email threats. EOP is included in all Microsoft 365 organizations with Exchange Online mailboxes.
-- **In a standalone scenario**: EOP provides cloud-based email protection for your on-premises Exchange organization or for any other on-premises SMTP email solution.
+The rest of this article explains how EOP works.
-- **In a hybrid deployment**: EOP can be configured to protect your email environment and control mail routing when you have a mix of on-premises and cloud mailboxes.-
-In these scenarios, EOP can simplify the management of your email environment and alleviate many of the burdens that come with maintaining on-premises hardware and software.
-
-The rest of this topic explains how EOP works in standalone and hybrid environments.
+> [!NOTE]
+> EOP is also available by itself to protect on-premises mailboxes and in hybrid environments to protect on-premises Exchange mailboxes. For more information, see [Standalone Exchange Online Protection](/exchange/standalone-eop/standaonline-eop).
## How EOP works To understand how EOP works, it helps to see how it processes incoming email: - When an incoming message enters EOP, it initially passes through connection filtering, which checks the sender's reputation. The majority of spam is stopped at this point and rejected by EOP. For more information, see [Configure connection filtering](configure-the-connection-filter-policy.md). -- Then the message is inspected for signs of malware. If malware is found in the message or the attachment(s) the message is routed to an admin only quarantine store. You can learn more about configuring anti-malware [here](configure-anti-malware-policies.md).
+- Then the message is inspected for malware. If malware is found in the message or the attachment(s) the message is routed to an admin only quarantine store. To learn more about malware protection, see [Anti-malware protection in EOP](anti-malware-protection.md).
- Messages continue through policy filtering, where they are evaluated against custom mail flow rules (also known as transport rules) that you create or enforce from a template. For example, you can have a rule that sends a notification to a manager when mail arrives from a specific sender. Data loss prevention (DLP) checks also happen at this point (Exchange Enterprise CAL with Services). -- Next, the message passes through content filtering (also known as Anti-spam). A message that this filter determines to be spam *or phish* can be sent to quarantine, or a user's Junk Email folder, among other options. For more information see [Configure anti-spam policies](configure-your-spam-filter-policies.md) and [Configure anti-phishing policies](configure-anti-phishing-policies-eop.md).
+- Next, the message passes through anti-spam filtering where the message is check for spam, phishing, or bulk email. Detected messages can be sent to quarantine, or a user's Junk Email folder, among other options. For more information see [Configure anti-spam policies](configure-your-spam-filter-policies.md) and [Configure anti-phishing policies](configure-anti-phishing-policies-eop.md).
Any message that passes all of these protection layers successfully is delivered to the recipient.
The available EOP subscription plans are:
For information about requirements, important limits, and feature availability across all EOP subscription plans, see the [Exchange Online Protection service description](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description). > [!NOTE]
-> If you have an **Office 365 E3 subscription it includes EOP**. For steps to set up EOP security feature in your subscription, and information on the added security a Microsoft Defender for Office 365 subscription can give you, see [protect against threats](protect-against-threats.md). The recommended settings for EOP feature for setup can be found in the [Recommendations](best-practices-for-configuring-eop.md) article, where EOP settings are specifically called out.
+> If you have a Microsoft 365 or Office 365 subscription that includes Exchange Online mailboxes, you have EOP. For steps to set up EOP security features in your subscription, and information on the added security a Microsoft Defender for Office 365 subscription can give you, see [protect against threats](protect-against-threats.md). The recommended settings for EOP feature for setup can be found in [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md).
## Setting up EOP for on-premises email organizations Setting up EOP can be simple, especially in the case of a small organization with a handful of compliance rules. However, if you have a large organization with multiple domains, custom compliance rules, or hybrid mail flow, set up can take more planning and time.
-If you've already purchased EOP, see [Set up your EOP service](set-up-your-eop-service.md) to ensure that you complete all the steps necessary to configure EOP to protect your messaging environment.
+If you've already purchased EOP, see [Set up your EOP service](/exchange/standalone-eop/set-up-your-eop-service) to ensure that you complete all the steps necessary to configure EOP to protect your messaging environment.
### EOP datacenters
EOP runs on a worldwide network of datacenters that are designed to provide the
EOP performs load balancing between datacenters but only within a region. If you're provisioned in one region all your messages will be processed using the mail routing for that region. The following list shows the how regional mail routing works for the EOP datacenters: - In Europe, the Middle East, and Africa (EMEA), all Exchange Online mailboxes are located in EMEA datacenters, and all messages are routed through EMEA datacenters for EOP filtering.- - In Asia-Pacific (APAC), all Exchange Online mailboxes are located in APAC datacenters, and messages are currently routed through APAC datacenters for EOP filtering.- - In the Americas, services are distributed in the following locations:- - South America: Exchange Online mailboxes are located in datacenters in Brazil and Chile. All messages are routed through local datacenters for EOP filtering. Quarantined messages are stored in the datacenter where the tenant is located.- - Canada: Exchange Online mailboxes are located in datacenters in Canada. All messages are routed through local datacenters for EOP filtering. Quarantined messages are stored in the datacenter where the tenant is located.- - United States: Exchange Online mailboxes are located in U.S. datacenters. All messages are routed through local datacenters for EOP filtering. Quarantined messages are stored in the datacenter where the tenant is located.- - For the Government Community Cloud (GCC), all Exchange Online mailboxes are located in U.S. datacenters and all messages are routed through U.S. datacenters for EOP filtering. ## EOP Help for admins
The Help content for EOP administrators consists of the following top-level cate
- [EOP features](eop-features.md): Provides a list of features that are available in EOP. -- [Set up your EOP service](set-up-your-eop-service.md): Provides steps for setting up your EOP service, and links to additional information.
+- [Set up your EOP service](/exchange/standalone-eop/set-up-your-eop-service): Provides steps for setting up your EOP service, and links to additional information.
- [Switch to EOP from Google Postini, the Barracuda Spam and Virus Firewall, or Cisco IronPort](switch-to-eop-from-google-postini-the-barracuda-spam-and-virus-firewall-or-cisco.md): Describes the process for switching to EOP from another email protection product. -- [Manage recipients in standalone EOP](manage-recipients-in-eop.md): Describes how to manage mail users and groups in EOP.
+- [Manage recipients in standalone EOP](/exchange/standalone-eop/manage-recipients-in-eop): Describes how to manage mail users and groups in standalone EOP.
- [Mail flow in EOP](mail-flow-in-eop.md): Describes how to configure custom mail flow scenarios using connectors, how to manage domains associated with the service, and how to enable the Directory Based Edge Blocking (DBEB) feature. -- [Best practices for configuring EOP](best-practices-for-configuring-eop.md): Describes recommended configuration settings and considerations for after you set up and provision your service.
+- [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md): Describes recommended configuration settings and considerations for after you set up and provision your service.
-- [Auditing reports in standalone EOP](auditing-reports-in-eop.md): Describes how to use auditing reports to track configuration changes to the service.
+- [Auditing reports in Exchange Online](/exchange/security-and-compliance/exchange-auditing-reports/exchange-auditing-reports): Describes how to use auditing reports to track configuration changes to the service.
- [Anti-spam and anti-malware protection in EOP](anti-spam-and-anti-malware-protection.md): Describes spam filtering and malware filtering and shows how to customize them to best meet the needs of your organization. Also describes tasks that administrators and end users can perform on quarantined messages. - [Reporting and message trace in Exchange Online Protection](reporting-and-message-trace-in-exchange-online-protection.md): Describes the reports and troubleshooting tools that are available. -- [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md): Describes how to access and navigate through the Exchange admin center (EAC) management interface in order to manage your EOP service.
+- [Exchange admin center in Exchange Online](/exchange/exchange-admin-center) or [Exchange admin center in standalone EOP](/exchange/standalone-eop/exchange-admin-center-eop): Describes how to access and navigate through the Exchange admin center (EAC) management interface in order to manage related EOP features.
- [Exchange Online Protection PowerShell](/powershell/exchange/exchange-online-protection-powershell): Provides information about remote PowerShell, which lets you manage your EOP service from the command line.
security Feature Permissions In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/feature-permissions-in-eop.md
- Title: Feature permissions in EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-description: Learn about the permission that are required for tasks in standalone Exchange Online Protection
--
-# Permissions in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-Standalone Exchange Online Protection (EOP) without Exchange Online mailboxes uses the Role Based Access Control (RBAC) permissions model to easily grant permissions to your admins. You can use the permission features in standalone EOP to get your new organization up and running quickly.
-
-To grant permissions to users, see [Manage admin role groups in EOP](manage-admin-role-group-permissions-in-eop.md).
-
-For more information about permissions across Microsoft 365, see [About admin roles](../../admin/add-users/about-admin-roles.md).
-
-## Role-based permissions
-
-The admin permissions that you grant to users are based on management roles. A management role defines the cmdlets that are available for a set of given tasks. Because the Exchange admin center (EAC) and standalone EOP PowerShell both use cmdlets, granting access to a cmdlet gives the user permission to do the related tasks in the EAC or in standalone EOP PowerShell. For example, the Mail Recipients role defines the cmdlets that are required to modify mail users.
-
-In standalone EOP, administrative roles are the only type of management role that's available (there are no end-user roles or role assignment policies).
-
-## Role groups
-
-To make it easier to assign roles to users, standalone EOP uses role groups. Management roles are assigned to role groups, and the role group members get the permissions that are associated with the roles. In other words, management roles aren't directly assigned to users; they're assigned to role group. This model allows you to assign many roles to many role group members at once. Role group members can be mail users, mail-enabled security groups, users from the Microsoft 365 admin center, and other role groups.
-
-The following figure shows the relationship between users, role groups, and roles.
-
-![Role, role group and member relationship](../../media/ITPro_Security_RBAC_EXO_SimplifiedRoleGroupRelationship.png)
-
-The available role groups in standalone EOP are described in the following table.
-
-****
-
-|Role group|Description|Default roles assigned|
-||||
-|ComplianceManagement|Configure and manage compliance settings within the organization, including data loss prevention (DLP) if your subscription has DLP capabilities. <p> Members of the [Compliance Administrator](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#compliance-administrator) role in Azure AD automatically get the permissions of this role group.|Audit Logs <p> Compliance Administration <p> Information Rights Management <p> Retention Management <p> View-Only Audit Logs <p> View-Only Configuration <p> View-Only Recipients|
-|ContentExplorerContentViewer|Not used.|Data Classification Content Viewer|
-|ContentExplorerListViewer|Not used.|Data Classification List Viewer|
-|HelpDesk|View and manage mail users.|Reset Password <p> User Options <p> View-Only Recipients|
-|HygieneManagement|Manage protection features (anti-spam, anti-malware, etc.).|Transport Hygiene <p> View-Only Configuration <p> View-Only Recipients|
-|MailFlowAdministrator|View and manage accepted domains and connectors|Remote and Accepted Domains <p> View-Only Recipients|
-|OrganizationManagement|Admin access to the entire organization and the ability to perform almost any task. <p> Members of the [Global Administrator](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#global-administrator--company-administrator) role in Azure AD automatically get the permissions of this role group. <p> **Important**: Because the OrganizationManagement role group is a powerful role, only users that perform organizational-level administrative tasks should be members of this role group.|AntiMalware <p> AntiSpam <p> Audit Logs <p> Compliance Administrator <p> Distribution Groups <p> Information Rights Management <p> Mail Recipient Creation <p> Mail Recipients <p> Message Tracking <p> Migration <p> Organization Client Access <p> Organization Configuration <p> Organization Transport Settings <p> Quarantine <p> Recipient Policies <p> Remote and Accepted Domains <p> Reset Password <p> Retention Management <p> Role Management <p> Security Administrator <p> Security Group Creation and Membership <p> Security Reader <p> Sensitivity Label Administrator <p> Supervision <p> Transport Hygiene <p> Transport Rules <p> User Options <p> View-Only AntiMalware <p> View-Only AntiSpam <p> View-Only Audit Logs <p> View-Only Configuration <p> View-Only Quarantine <p> View-Only Recipients <p> View-Only Threat Intelligence|
-|QuarantineAdministrator|Manage quarantined messages for all recipients.|Quarantine|
-|RecipientManagement|Create, manage, and remove recipient objects in the organization.|Distribution Groups <p> Mail Recipient Creation <p> Mail Recipients <p> Message Tracking <p> Migration <p> Recipient Policies <p> Reset Password|
-|RecordsManagement|Configure compliance features, such as retention policy tags, message classifications, and mail flow rules (also known as transport rules).|Message Tracking <p> Retention Management <p> Transport Rules|
-|SecurityAdministrator|Configure all aspects of protection in the organization (anti-spam, anti-malware, anti-spoofing, quarantine, etc.). <p> Members of the [Security Administrator](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#security-administrator) role in Azure AD automatically get the permissions of this role group.|AntiMalware <p> AntiSpam <p> Audit Logs <p> Quarantine <p> Security Administrator <p> Sensitivity Label Administrator <p> View-Only AntiMalware <p> View-Only AntiSpam <p> View-Only Audit Logs <p> View-Only Quarantine <p> View-Only Threat Intelligence|
-|SecurityReader|View-only access to all aspects of protection in the organization (anti-spam, anti-malware, anti-spoofing, quarantine, etc.). <p> Members of the [Security Reader](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#security-reader) role in Azure AD automatically get the permissions of this role group.|Security Reader <p> View-Only AntiMalware <p> View-Only AntiSpam <p> View-Only Quarantine <p> View-Only Threat Intelligence|
-|TenantAdmins|Membership in this role group is synchronized across services and managed centrally. By default, this role group is not assigned any roles. However, it will be a member of the Organization Management role group and will inherit those permissions.|none|
-|ViewOnlyOrganizationManagement|View recipient, protection, and configuration objects and their properties in the organization.|Compliance Administrator <p> Security Administrator <p> Security Reader <p> Sensitivity Label Administrator <p> View-Only Configuration <p> View-Only Recipients|
-|
-
-If you work in a small organization that has only a few admins, you might need to add those users to the Organization Management role group only, and you may never need to use the other role groups. If you work in a larger organization, you might have admins who perform specific tasks, such as recipient configuration. In those cases, you might add one admin to the Recipient Management role group, and another admin to the Organization Management role group. Those admins can then manage their specific areas, but they won't have permissions to manage areas they're not responsible for.
-
-If the built-in role groups in Exchange Online don't match the job function of your administrators, you can create role groups and add roles to them. For more information, see [Manage role groups in standalone EOP](manage-admin-role-group-permissions-in-eop.md).
-
-## Roles
-
-The built-in roles that are available in standalone EOP are described in the following table.
-
-****
-
-|Role**|Description|Default role group assignments|
-||||
-|AntiMalware|View and modify the configuration and reports for anti-malware features.|OrganizationManagement <p> SecurityAdministrator|
-|AntiSpam|View and modify the configuration and reports for anti-spam features.|OrganizationManagement <p> SecurityAdministrator|
-|Audit Logs|Search the administrator audit log and view the results.|ComplianceManagement <p> OrganizationManagement <p> SecurityAdministrator|
-|Compliance Administrator<sup>\*</sup>||ComplianceManagement <p> OrganizationManagement <p> ViewOnlyOrganizationManagement|
-|Data Classification Content Viewer<sup>\*</sup>||ContentExplorerContentViewer|
-|Data Classification List Viewer<sup>\*</sup>||
-|Distribution Groups|Create and manage all distribution groups, mail-enabled security groups, and members.|OrganizationManagement <p> RecipientManagement|
-|Information Rights Management<sup>\*</sup>||ComplianceManagement <p> OrganizationManagement|
-|Mail Recipient Creation|Create and remove mail users.|OrganizationManagement <p> RecipientManagement|
-|Mail Recipients|Modify existing mail users.|OrganizationManagement <p> RecipientManagement|
-|Message Tracking<sup>\*</sup>||OrganizationManagement <p> RecipientManagement <p> Records Management|
-|Migration<sup>\*</sup>||OrganizationManagement <p> RecipientManagement|
-|MyBaseOptions|Allows users to view their own quarantined messages. <p> This role is automatically assigned to users, and you can't assign it manually.|none|
-|Organization Client Access<sup>\*</sup>||OrganizationManagement|
-|Organization Configuration|View reports.|OrganizationManagement|
-|Organization Transport Settings<sup>\*</sup>||OrganizationManagement|
-|Quarantine|Manage all types of quarantined message for all recipients.|OrganizationManagement <p> QuarantineAdministrator <p> SecurityAdministrator|
-|Recipient Policies<sup>\*</sup>||OrganizationManagement <p> RecipientManagement|
-|Remote and Accepted Domains|Manage remote domains, accepted domains, and connectors.|MailFlowAdministrator <p> OrganizationManagement|
-|Reset Password<sup>\*</sup>||HelpDesk <p> OrganizationManagement <p> RecipientManagement|
-|Retention Management<sup>\*</sup>||ComplianceManagement <p> OrganizationManagement <p> RecordsManagement|
-|Role Management|Create and manage role groups.|OrganizationManagement|
-|Security Administrator|Manage the configuration and reports for all security and protection features.|OrganizationManagement <p> SecurityAdministrator <p> ViewOnlyOrganizationManagement|
-|Security Group Creation and Membership|Create and manage mail-enabled security groups.|OrganizationManagement|
-|Security Reader|View the configuration and reports for security and protection features.|Organization Management <p> SecurityReader <p> ViewOnlyOrganizationManagement|
-|Sensitivity Label Administrator<sup>\*</sup>||OrganizationManagement <p> SecurityAdministrator <p> ViewOnlyOrganizationManagement|
-|Supervision<sup>\*</sup>||OrganizationManagement|
-|Transport Hygiene|Manage anti-malware, anti-spam features, and anti-spoofing features.|HygieneManagement <p> OrganizationManagement|
-|Transport Rules|Create and manage mail flow rules (also known as transport rules).|OrganizationManagement <p> RecordsManagement|
-|User Options|Modify existing mail users.|HelpDesk <p> OrganizationManagement|
-|View-Only AntiMalware|View the configuration and reports for anti-malware features.|OrganizationManagement <p> SecurityAdministrator <p> SecurityReader|
-|View-Only AntiSpam|View the configuration and reports for anti-spam features.|OrganizationManagement <p> SecurityAdministrator <p> SecurityReader|
-|View-Only Audit Logs|Search the administrator audit log and view the results.|ComplianceManagement <p> OrganizationManagement <p> SecurityAdministrator|
-|View-Only Configuration|View all of the organization and mail flow (non-recipient) settings in the organization.|ComplianceManagement <p> HygieneManagement <p> OrganizationManagement <p> ViewOnlyOrganizationManagement|
-|View-Only Quarantine|View all quarantined messages for all recipients.|OrganizationManagement <p> SecurityAdministrator <p> SecurityReader|
-|View-Only Recipients|View recipient properties and run message trace.|ComplianceManagement <p> HelpDesk <p> HygieneManagement <p> MailFlowAdministrator <p> OrganizationManagement <p> ViewOnlyOrganizationManagement|
-|View-Only Threat Intelligence<sup>\*</sup>||OrganizationManagement <p> SecurityAdministrator <p> SecurityReader|
-|
-
-<sup>\*</sup> Although this role is available, it basically does nothing useful in standalone EOP.
-
-## Microsoft 365 permissions in standalone EOP
-
-When you create a user in the Microsoft 365 admin center, you can choose whether to assign various administrative roles, such as Global admin, Service admin, Password admin, and so on, to the user. Some, but not all, Microsoft 365 roles grant the user administrative permissions in EOP.
-
-> [!NOTE]
-> The account you used to create your standalone EOP organization is automatically assigned to the Global admin role.
-
-The following table lists the Microsoft 365 roles and the standalone EOP role groups that they correspond to. For more information about these roles, see [About admin roles](../../admin/add-users/about-admin-roles.md).
-
-****
-
-|Microsoft 365 role|EOP role group|
-|||
-|Exchange admin|OrganizationManagement|
-|Global admin|OrganizationManagement <p> **Note**: The Global admin role and the OrganizationManagement role group are tied together using a special Company Administrator role group. The Company Administrator role group is managed internally and can't be modified directly.|
-|Password admin|HelpDesk|
-|Global reader|ViewOnlyOrganizationManagement|
-|Security admin|SecurityAdministrator|
-|Security reader|SecurityReader|
-|
-
-Other Microsoft 365 roles don't have a corresponding EOP role group and won't grant administrative permissions in EOP. For more information about assigning a Microsoft 365 role to a user, see [Assign admin roles](../../admin/add-users/assign-admin-roles.md).
-
-Users can be granted administrative rights in EOP without adding them to Microsoft 365 roles. You do this by adding the user as a member of an EOP role group. The user will get permissions in EOP, but they won't get permissions in other Microsoft 365 workloads.
-
-### How do you know this worked?
-
-To verify that you've successfully copied a role group, do either of the following steps:
--- In the EAC, go to **Permissions** \> **Admin Roles**, and verify the role group is listed (or not listed). Select the role group, and verify the settings in the Details pane or click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png) to verify the settings.--- In Exchange Online PowerShell, replace \<Role Group Name\> with the name of the role group, and run the following command to verify the role group exists (or doesn't exist) and verify the settings:-
- ```PowerShell
- Get-RoleGroup -Identity "<Role Group Name>" | Format-List
- ```
security Mail Flow In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-in-eop.md
If you add subdomains to your organization, your EOP service can help you manage
[Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) describes how to configure connectors if your mail is routed to a service or device before EOP.
-In standalone EOP organizations, you need to perform a couple configuration steps to ensure that junk email is routed correctly to each user's junk-email folder. These are detailed in [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md). If you do not want to move messages to each user's junk-email folder, you may choose another action by editing your anti-spam policies (also known as content filter policies). For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).
+In hybrid environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure EOP to deliver spam to the Junk Email folder in hybrid environments](/exchange/standalone-eop/configure-eop-spam-protection-hybrid). If you don't want to move messages to each user's Junk Email folder, you may choose another action by editing your anti-spam policies (also known as content filter policies). For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).
## Verify mail flow
-To verify that your EOP setup, including your connector configuration, is working correctly, see the "How do you know this task worked?" section in [Set up your EOP service](set-up-your-eop-service.md).
+To verify that your EOP setup, including your connector configuration, is working correctly, see the "How do you know this task worked?" section in [Set up your EOP service](/exchange/standalone-eop/set-up-your-eop-service).
-[Test mail flow by validating your Microsoft 365 connectors](/exchange/mail-flow-best-practices/test-mail-flow) provides instructions for testing that your mail flow is set up correctly.
+[Test mail flow by validating your Microsoft 365 connectors](/exchange/mail-flow-best-practices/test-mail-flow) provides instructions for testing that your mail flow is set up correctly.
security Mail Flow Rules Transport Rules 0 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-rules-transport-rules-0.md
- Title: Mail flow rules in EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-description: You can use mail flow rules (transport rules) to identify and take action on messages that flow through your organization.
--
-# Mail flow rules (transport rules) in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can use mail flow rules (also known as transport rules) to identify and take action on messages that flow through your organization.
-
-This topic explains the components of mail flow rules, and how they work.
-
-For steps to create, copy, and manage mail flow rules, see [Manage mail flow rules in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules). For each rule, you have the option of enforcing it, testing it, or testing it and notifying the sender. To learn more about the testing options, see [Test mail flow rules](/exchange/security-and-compliance/mail-flow-rules/test-mail-flow-rules) and [Policy Tips in Exchange Online](/exchange/security-and-compliance/data-loss-prevention/policy-tips).
-
-For summary and detail reports about messages that matched mail flow rules, see [Use mail protection reports to view data about malware, spam, and rule detections](/exchange/monitoring/use-mail-protection-reports).
-
-To implement specific messaging policies by using mail flow rules, see these topics:
--- [Use mail flow rules to inspect message attachments in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments)--- [Set up encryption in Office 365 Enterprise](../../compliance/set-up-encryption.md)--- [Organization-wide message disclaimers, signatures, footers, or headers in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/disclaimers-signatures-footers-or-headers)--- [Use mail flow rules to set the spam confidence level (SCL) in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md)--- [Create block sender lists in EOP](create-block-sender-lists-in-office-365.md)--- [Reducing malware threats through file attachment blocking in Exchange Online Protection](reducing-malware-threats-through-file-attachment-blocking-in-exchange-online-pro.md)--- [Define rules to encrypt or decrypt email messages in Office 365](../../compliance/define-mail-flow-rules-to-encrypt-email.md)-
-The following video provides a demonstration of setting up mail flow rules in standalone EOP.
-
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/7cdcd2cb-9382-4065-98e1-81257b32a189?autoplay=false]
-
-## Mail flow rule components
-
-A mail flow rule is made of conditions, exceptions, actions, and properties:
--- **Conditions**: Identify the messages that you want to apply the actions to. Some conditions examine message header fields (for example, the To, From, or Cc fields). Other conditions examine message properties (for example, the message subject, body, attachments, message size, or message classification). Most conditions require you to specify a comparison operator (for example, equals, doesn't equal, or contains) and a value to match. If there are no conditions or exceptions, the rule is applied to all messages.-
-For more information about mail flow rule conditions in standalone EOP, see [Mail flow rule conditions and exceptions (predicates) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/conditions-and-exceptions).
--- **Exceptions**: Optionally identify the messages that the actions shouldn't apply to. The same message identifiers that are available in conditions are also available in exceptions. Exceptions override conditions and prevent the rule actions from being applied to a message, even if the message matches all of the configured conditions.--- **Actions**: Specify what to do to messages that match the conditions in the rule, and don't match any of the exceptions. There are many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the message body.-
-For more information about mail flow rule actions that are available in standalone EOP, see [Mail flow rule actions in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rule-actions).
--- **Properties**: Specify other rules settings that aren't conditions, exceptions or actions. For example, when the rule should be applied, whether to enforce or test the rule, and the time period when the rule is active.-
- For more information, see the [Mail flow rule properties](#mail-flow-rule-properties) section in this article.
-
-### Multiple conditions, exceptions, and actions
-
-The following table shows how multiple conditions, condition values, exceptions, and actions are handled in a rule.
-
-****
-
-|Component|Logic|Comments|
-||||
-|Multiple conditions|AND|A message must match all the conditions in the rule. If you need to match one condition or another, use separate rules for each condition. For example, if you want to add the same disclaimer to messages with attachments and messages that contain specific text, create one rule for each condition. In the EAC, you can easily copy a rule.|
-|One condition with multiple values|OR|Some conditions allow you to specify more than one value. The message must match any one (not all) of the specified values. For example, if an email message has the subject Stock price information, and the **The subject includes any of these words** condition is configured to match the words Contoso or stock, the condition is satisfied because the subject contains at least one of the specified values.|
-|Multiple exceptions|OR|If a message matches any one of the exceptions, the actions are not applied to the message. The message doesn't have to match all the exceptions.|
-|Multiple actions|AND|Messages that match a rule's conditions get all the actions that are specified in the rule. For example, if the actions **Prepend the subject of the message with** and **Add recipients to the Bcc box** are selected, both actions are applied to the message. <p> Keep in mind that some actions, such as the **Delete the message without notifying anyone** action, prevent subsequent rules from being applied to a message. Other actions such as **Forward the message** do not allow additional actions. <p> You can also set an action on a rule so that when that rule is applied, subsequent rules are not applied to the message.|
-|
-
-### Mail flow rule properties
-
-The following table describes the rule properties that are available in mail flow rules.
-
-****
-
-|Property name in the EAC|Parameter name in PowerShell|Description|
-||||
-|**Priority**|_Priority_|Indicates the order that the rules are applied to messages. The default priority is based on when the rule is created (older rules have a higher priority than newer rules, and higher priority rules are processed before lower priority rules). <p> You change the rule priority in the EAC by moving the rule up or down in the list of rules. In PowerShell, you set the priority number (0 is the highest priority). <p> For example, if you have one rule to reject messages that include a credit card number, and another one requiring approval, you'll want the reject rule to happen first, and stop applying other rules. |
-|**Mode**|_Mode_|You can specify whether you want the rule to start processing messages immediately, or whether you want to test rules without affecting the delivery of the message (with or without Data Loss Prevention or DLP Policy Tips). <p> Policy Tips present a brief note in Outlook or Outlook on the web that provides information about possible policy violations to the person that's creating the message. For more information, see **Policy Tips**. <p> For more information about the modes, see **Test a mail flow rule**.|
-|**Activate this rule on the following date** <p> **Deactivate this rule on the following date**|_ActivationDate_ <p> _ExpiryDate_|Specifies the date range when the rule is active.|
-|**On** check box selected or not selected|New rules: _Enabled_ parameter on the **New-TransportRule** cmdlet. <p> Existing rules: Use the **Enable-TransportRule** or **Disable-TransportRule** cmdlets. <p> The value is displayed in the **State** property of the rule.|You can create a disabled rule, and enable it when you're ready to test it. Or, you can disable a rule without deleting it to preserve the settings.|
-|**Defer the message if rule processing doesn't complete**|_RuleErrorAction_|You can specify how the message should be handled if the rule processing can't be completed. By default, the rule will be ignored, but you can choose to resubmit the message for processing.|
-|**Match sender address in message**|_SenderAddressLocation_|If the rule uses conditions or exceptions that examine the sender's email address, you can look for the value in the message header, the message envelope, or both.|
-|**Stop processing more rules**|_SenderAddressLocation_|This is an action for the rule, but it looks like a property in the EAC. You can choose to stop applying additional rules to a message after a rule processes a message.|
-|**Comments**|_Comments_|You can enter descriptive comments about the rule.|
-|
-
-## How mail flow rules are applied to messages
-
-All messages that flow through your organization are evaluated against the enabled mail flow rules in your organization. Rules are processed in the order listed on the **Mail flow** \> **Rules** page in EAC, or based on the corresponding _Priority_ parameter value in PowerShell.
-
-Each rule also offers the option of stopping processing more rules when the rule is matched. This setting is important for messages that match the conditions in multiple mail flow rules (which rule do you want applied to the message? All? Just one?).
-
-### Differences in processing based on message type
-
-There are several types of messages that pass through an organization. The following table shows which messages types can be processed by mail flow rules.
-
-****
-
-|Type of message|Can a rule be applied?|
-|||
-|**Regular messages**: Messages that contain a single rich text format (RTF), HTML, or plain text message body or a multipart or alternative set of message bodies.|Yes|
-|**Office 365 Message Encryption**: Messages encrypted by Office 365 Message Encryption in Office 365. For more information, see [Encryption in Office 365](../../compliance/encryption.md).|Rules can always access envelope headers and process messages based on conditions that inspect those headers. <p> For a rule to inspect or modify the contents of an encrypted message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional). For more information, see [Define rules to encrypt or decrypt email messages in Office 365](../../compliance/define-mail-flow-rules-to-encrypt-email.md).|
-|**S/MIME encrypted messages**|Rules can only access envelope headers and process messages based on conditions that inspect those headers. <p> Rules with conditions that require inspection of the message's content, or actions that modify the message's content can't be processed.|
-|**RMS protected messages**: Messages that had an Active Directory Rights Management Services (AD RMS) or Azure Rights Management (RMS) policy applied.|Rules can always access envelope headers and process messages based on conditions that inspect those headers. <p> For a rule to inspect or modify the contents of an RMS protected message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional).|
-|**Clear-signed messages**: Messages that have been signed but not encrypted.|Yes|
-|**UM messages**: Messages that are created or processed by the Unified Messaging service, such as voice mail, fax, missed call notifications, and messages created or forwarded by using Microsoft Outlook Voice Access.|Yes|
-|**Anonymous messages**: Messages sent by anonymous senders.|Yes|
-|**Read reports**: Reports that are generated in response to read receipt requests by senders. Read reports have a message class of `IPM.Note*.MdnRead` or `IPM.Note*.MdnNotRead`.|Yes|
-|
-
-## What else should I know?
--- The **Version** or **RuleVersion** property value for a rule isn't important in Exchange Online Protection.--- After you create or modify a mail flow rule, it can take up to 30 minutes for the new or updated rule to be applied to messages.-
-## For more information
-
-[Use mail flow rules to inspect message attachments in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments)
-
-[Email encryption in Office 365](../../compliance/email-encryption.md)
-
-[Journal, transport, and inbox rule limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#journal-transport-and-inbox-rule-limits)
security Manage Admin Role Group Permissions In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-admin-role-group-permissions-in-eop.md
- Title: Manage role groups in EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-description: Admins can learn how to assign or remove permissions in the Exchange admin center (EAC) in Exchange Online Protection.
--
-# Manage role groups in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can use the Exchange admin center (EAC) to add users to role groups. Adding a users to a role group gives the user permissions to do specific admin tasks. You can also remove users from role groups.
-
-For more information about roles and role groups, see [Permissions in standalone EOP](feature-permissions-in-eop.md).
-
-## What do you need to know before you begin?
--- To open the Exchange admin center (EAC), see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To open standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- You need to be assigned permissions in Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Role Management** role, which is assigned to the **Organization Management** role group by default. For more information, see [Permissions in standalone EOP](feature-permissions-in-eop.md) and [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups).--- For information about keyboard shortcuts that may apply to the procedures in this article, see [Keyboard shortcuts for the Exchange admin center in Exchange Online](/Exchange/accessibility/keyboard-shortcuts-in-admin-center).-
-> [!TIP]
-> Having problems? Ask for help in the [Exchange Online Protection](https://social.technet.microsoft.com/Forums/forefront/home?forum=FOPE) forum.
-
-## Use the EAC to manage role groups
-
-### Use the EAC to view role groups
-
-1. In the EAC, go to **Permissions** \> **Admin roles**. All of the role groups in your organization are listed here.
-
-2. Select a role group. The Details pane shows the **Name**, **Description**, **Assigned roles**, and **Managed by** of the role group. You can also see this information by clicking **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png).
-
-### Use the EAC to create role groups
-
-When you create a new role group, you can configure all of the settings yourself (during the creation of the group or after). Or, you can copy an existing role group and modify it.
-
-1. In the EAC, go to **Permissions** \> **Admin roles**, and then do one of the following steps:
-
- - **Manually create a new role group**: Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png).
-
- - **Copy an existing role group**: Select the role group that you want to copy and then click **Copy** ![Copy icon](../../media/ITPro-EAC-CopyIcon.png).
-
-2. In the **New role group** window that appears, configure the following settings:
-
- - **Name**: Enter a unique name for the role group.
-
- - **Description**: Enter an optional description for the role group.
-
- - **Roles**: Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png) or **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif) to select or modify the roles that are assigned to the role group.
-
- - **Members**: Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png) or **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif) to modify the role group membership.
-
-3. When you're finished, click **Save** to create the role group.
-
-### Use the EAC to modify role groups
-
-In the EAC, go to **Permissions** \> **Admin roles**, select the role group you want to modify, and then click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png).
-
-The same options are available when you modify role groups as when you create role groups. You can:
--- Change the name and description.--- Add and remove management roles (create or remove role assignments).--- Add and remove members.-
-**Note**: Some role groups (for example, Organization Management) restrict the roles that you can remove from group.
-
-#### Use the EAC modify the list of members in role groups
-
-1. In the EAC, go to **Permissions** \> **Admin roles**, select the role group that you want to modify, and then click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png).
-
-2. In the role group properties page that opens, in the **Members** section, do either of the following steps:
-
- - Click **Add** ![Add Icon](../../media/ITPro-EAC-AddIcon.png). In the page that appears, find the user that wou want to add, and then click **add ->**. Select users and click **add ->** many times as necessary. When you're finished, click **OK**.
-
- - Select the users that you want to remove, and then click **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif).
-
-3. When you're finished, click **Save**.
-
- > [!NOTE]
- > Users may have to sign out and sign in again to see the change in their administrative rights after you add or remove members from the role group.
-
-### Use the EAC to remove role groups
-
-You can't remove built-in role groups, but you can remove custom role groups that you've created.
-
-1. In the EAC, go to **Permissions** \> **Admin roles**.
-
-2. Select the role group you want to remove and then click **Delete** ![Delete icon](../../media/ITPro-EAC-DeleteIcon.png).
-
-3. Click **Yes** in the confirmation window that appears.
-
-## Use PowerShell to manage role groups
-
-### Use standalone EOP PowerShell to view role groups
-
-To view a role group, use the following syntax:
-
-```PowerShell
-Get-RoleGroup [-Identity "<Role Group Name>"] [-Filter <Filter>]
-```
-
-This example returns a summary list of all role groups.
-
-```PowerShell
-Get-RoleGroup
-```
-
-This example returns detailed information for the role group named Recipient Administrators.
-
-```PowerShell
-Get-RoleGroup -Identity "Recipient Administrators" | Format-List
-```
-
-This example returns all role groups where the user Julia is a member. You need to use the DistinguishedName (DN) value for Julia, which you can find by running the command: `Get-User -Identity Julia | Format-List DistinguishedName`.
-
-```PowerShell
-Get-RoleGroup -Filter "Members -eq 'CN=Julia,OU=contoso.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=NAMPR001,DC=PROD,DC=OUTLOOK,DC=COM'"
-```
-
-For detailed syntax and parameter information, see [Get-RoleGroup](/powershell/module/exchange/Get-RoleGroup).
-
-### Use standalone EOP PowerShell to create role groups
-
-When you create a new role group, you can configure all of the settings manually (during the creation of the group or after). Or, you can copy an existing role group and modify it.
--- To manually create a new role group, use the following syntax:-
- ```PowerShell
- New-RoleGroup -Name "Unique Name" -Description "Descriptive text" -Roles <"Role1","Role2"...>
- ```
-
- - The _Roles_ parameter specifies the management roles to assign to the role group by using the following syntax `"Role1","Role1",..."RoleN"`. You can see the available roles by using the **Get-ManagementRole** cmdlet.
-
- - The _Members_ parameter specifies the members of the role group by using the following syntax: `"Member1","Member2",..."MemberN"`. You can specify users, mail-enabled universal security groups (USGs), or other role groups (security principals).
-
- This example creates a new role group named "Limited Recipient Management" with the following settings:
-
- - The Mail Recipients role is assigned to the role group.
-
- - The users Kim and Martin are added as members.
-
- ```PowerShell
- New-RoleGroup -Name "Limited Recipient Management" -Roles "Mail Recipients" -Members "Kim","Martin"
- ```
--- To copy an existing role group, do the following steps:-
- 1. Store the role group that you want to copy in a variable using the following syntax:
-
- ```PowerShell
- $RoleGroup = Get-RoleGroup "<Existing Role Group Name>"
- ```
-
- 2. Create the new role group using the following syntax:
-
- ```PowerShell
- New-RoleGroup -Name "<Unique Name>" -Roles $RoleGroup.Roles [-Members <Members>]
- ```
-
- The _Members_ parameter specifies the members of the role group by using the following syntax: `"Member1","Member2",..."MemberN"`. You can specify users, mail-enabled universal security groups (USGs), or other role groups (security principals).
-
- This example copies the Organization Management role group to the new role group named "Limited Organization Management". The role group members are Isabelle, Carter, and Lukas.
-
- ```PowerShell
- $RoleGroup = Get-RoleGroup "Organization Management"
- New-RoleGroup "Limited Organization Management" -Roles $RoleGroup.Roles -Members "Isabelle","Carter","Lukas"
- ```
-
-For detailed syntax and parameter information, [New-RoleGroup](/powershell/module/exchange/New-RoleGroup).
-
-### Use standalone EOP PowerShell modify the list of members in role groups
--- The **Add-RoleGroupMember** and **Remove-RoleGroupMember** cmdlets add or remove individual members one at a time. The **Update-RoleGroupMember** cmdlet can replace or modify the existing list of members.--- The members of a role group can be users, mail-enabled universal security groups (USGs), or other role groups (security principals).-
-To modify the members of a role group, use the following syntax:
-
-```PowerShell
-Update-RoleGroupMember -Identity "<Role Group Name>" -Members <Members>
-```
--- To _replace_ the existing list of members with the values you specify, use the following syntax: `"Member1","Member2",..."MemberN"`.--- To _selectively modify_ the existing list of members, use the following syntax: `@{Add="Member1","Member2"...; Remove="Member3","Member4"...}`.-
-This example replaces all current members of the Help Desk role group with the specified users.
-
-```PowerShell
-Update-RoleGroupMember -Identity "Help Desk" -Members "Gabriela Laureano","Hyun-Ae Rim","Jacob Berger"
-```
-
-This example adds Daigoro Akai and removes Valeria Barrio from the list of members on the Help Desk role group.
-
-```PowerShell
-Update-RoleGroupMember -Identity "Help Desk" -Members @{Add="Daigoro Akai"; Remove="Valeria Barrios"}
-```
-
-For detailed syntax and parameter information, see [Update-RoleGroupMember](/powershell/module/exchange/Update-RoleGroupMember).
-
-### Use standalone EOP PowerShell to remove role groups
-
-You can't remove built-in role groups, but you can remove custom role groups that you've created.
-
-To remove a custom role group, use the following syntax:
-
-```PowerShell
-Remove-RoleGroup -Identity "<Role Group Name>" [-BypassSecurityGroupManagerCheck]
-```
-
-This example removes the Training Administrators role group.
-
-```PowerShell
-Remove-RoleGroup -Identity "Training Administrators"
-```
-
-For detailed syntax and parameter information, see [Remove-RoleGroup](/powershell/module/exchange/Remove-RoleGroup).
-
-### How do you know these procedures worked?
-
-To verify that you've successfully copied a role group, do either of the following steps:
--- In the EAC, go to **Permissions** \> **Admin roles**, and verify the role group is listed (or not listed). Select the role group, and verify the settings in the Details pane or click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png) to verify the settings.--- In Exchange Online PowerShell, replace \<Role Group Name\> with the name of the role group, and run the following command to verify the role group exists (or doesn't exist) and verify the settings:-
- ```PowerShell
- Get-RoleGroup -Identity "<Role Group Name>" | Format-List
- ```
security Manage Groups In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-groups-in-eop.md
- Title: Manage groups in EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: Admins in standalone Exchange Online Protection (EOP) organizations can learn how to create, modify, and remove distribution groups and mail-enabled security groups in the Exchange admin center (EAC) and in standalone Exchange Online Protection (EOP) PowerShell.
--
-# Manage groups in EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can create, modify, and remove the following types of groups:
--- **Distribution groups**: A collection of mail users or other distribution groups. For example, teams or other ad hoc groups who need to receive or send email in a common area of interest. Distribution groups are exclusively for distributing email messages, and are not security principals (they can't have permissions assigned to them).--- **Mail-enabled security groups**: A collection of mail users and other security groups who need access permissions for admin roles. For example, you might want to give specific group of users admin permissions so they can configure anti-spam and anti-malware settings.-
- > [!NOTE]
- >
- > - By default, new mail-enabled security groups reject messages from external (unauthenticated) senders.
- >
- > - Don't add distribution groups to mail-enabled security groups.
-
-You can manage groups in the Exchange admin center (EAC) and in standalone EOP PowerShell.
-
-## What do you need to know before you begin?
--- To open the Exchange admin center, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- When you manage groups in standalone EOP PowerShell, you might encounter throttling. The PowerShell procedures in this article use a batch processing method that results in a propagation delay of a few minutes before the results of the commands are visible.--- You need to be assigned permissions in Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Distribution Groups** role, which is assigned to the **Organization Management** and **Recipient Management** role groups by default. For more information, see [Permissions in standalone EOP](feature-permissions-in-eop.md) and [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups).--- For information about keyboard shortcuts that may apply to the procedures in this article, see [Keyboard shortcuts for the Exchange admin center in Exchange Online](/Exchange/accessibility/keyboard-shortcuts-in-admin-center).-
-> [!TIP]
-> Having problems? Ask for help in the [Exchange Online Protection](https://social.technet.microsoft.com/Forums/forefront/home?forum=FOPE) forum.
-
-## Use the Exchange admin center to manage distribution groups
-
-### Use the EAC to create groups
-
-1. In the EAC, go to **Recipients** \> **Groups**.
-
-2. Click **New** ![New icon](../../media/ITPro-EAC-AddIcon.png), and then select one of the following options:
-
- - **Distribution group**
-
- - **Mail-enabled security group**
-
-3. In the new group page that opens, configure the following settings. Settings marked with an <sup>\*</sup> are required.
-
- - <sup>\*</sup>**Display name**: This name appears in your organization's address book, on the To: line when email is sent to this group, and in the **Groups** list in the EAC. The display name is required, must be unique, and should be user-friendly so people recognize what it is.
-
- - <sup>\*</sup>**Alias**: Use this box to type the name of the alias for the group. The alias can't exceed 64 characters and must be unique. When a user types the alias in the To line of an email message, it resolves to the group's display name.
-
- - <sup>\*</sup>**Email address**: The email address consists of the alias on the left side of the at (@) symbol, and a domain on the right side. By default, the value of **Alias** is used for the alias value, but you can change it. For the domain value, click the drop down and select and accepted domain in your organization.
-
- - **Description**: This description appears in the address book and in the Details pane in the EAC.
-
- - <sup>\*</sup>**Owners**: A group owner can manage group membership. By default, the person who creates a group is the owner. All groups must have at least one owner.
-
- To add owners, click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png). In the dialog that appears, find and select a recipient or group, and then click **add ->**. Repeat this step as many times as necessary. When you're finished, click **OK**.
-
- To remove an owner, select the owner, and then click **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif).
-
- - **Members**: Add and remove group members.
-
- To add members, click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png). In the dialog that appears, find and select a recipient or group, and then click **add ->**. Repeat this step as many times as necessary. When you're finished, click **OK**.
-
- To remove a member, select the member, and then click **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif).
-
-4. When you're finished, click **Save** to create the distribution group.
-
-### Use the EAC to modify distribution groups
-
-1. In the EAC, go to **Recipients** \> **Groups**.
-
-2. In the list of groups, select the distribution group or mail-enabled security group that you want to modify, and then click **Edit** ![Edit icon](../../media/ITPro-EAC-AddIcon.png).
-
-3. On the distribution group properties page that opens, click one of the following tabs to view or change properties.
-
- When you're finished, click **Save**.
-
-#### General
-
-Use this tab to view or change basic information about the group.
--- **Display name**: This name appears in the address book, on the To line when email is sent to this group, and in the **Groups list**. The display name is required and should be user-friendly so people recognize what it is. It also has to be unique in your domain.-
- If you've implemented a group naming policy, the display name has to conform to the naming format defined by the policy.
--- **Alias**: This is the portion of the email address that appears to the left of the at (@) symbol. If you change the alias, the primary SMTP address for the group will also be changed, and contain the new alias. Also, the email address with the previous alias will be kept as a proxy address for the group.--- **Email address**: The email address consists of the alias on the left side of the at (@) symbol, and a domain on the right side. By default, the value of **Alias** is used for the alias value, but you can change it. For the domain value, click the drop down and select and accepted domain in your organization.--- **Description**: This description appears in the address book and in the Details pane in the EAC.-
-#### Ownership
-
-Use this tab to assign group owners. A group owner can manage group membership. By default, the person who creates a group is the owner. All groups must have at least one owner.
-
-To add owners, click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png). In the dialog that appears, find and select a recipient, and then click **add ->**. Repeat this step as many times as necessary. When you're finished, click **OK**.
-
-To remove an owner, select the owner, and then click **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif).
-
-#### Membership
-
-Use this tab to add or remove group members. Group owners don't need to be members of the group.
-
-To add members, click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png). In the dialog that appears, find and select a recipient or group, and then click **add ->**. Repeat this step as many times as necessary. When you're finished, click **OK**.
-
-To remove a member, select the member, and then click **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif).
-
-### Use the EAC to remove groups
-
-1. In the EAC, go to **Recipients** \> **Groups**.
-
-2. In the list of groups, select the distribution group that you want to remove, and then click **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif).
-
-## Use PowerShell to manage groups
-
-### Use standalone EOP PowerShell to view groups
-
-To return a summary list of all distribution groups and mail-enabled security groups in standalone EOP PowerShell, run the following command:
-
-```powershell
-Get-Recipient -RecipientType MailUniversalDistributionGroup,MailUniversalSecurityGroup -ResultSize unlimited
-```
-
-To return the list of group members, replace \<GroupIdentity\> with the name, alias, or email address of the group, and run the following command:
-
-```powershell
-Get-DistributionGroupMember -Identity <GroupIdentity>
-```
-
-For detailed syntax and parameter information, see [Get-Recipient](/powershell/module/exchange/get-recipient) and [Get-DistributionGroupMember](/powershell/module/exchange/get-distributiongroupmember).
-
-### Use standalone EOP PowerShell to create groups
-
-To create distribution groups or mail-enabled security groups in standalone EOP PowerShell, use the following syntax:
-
-```PowerShell
-New-EOPDistributionGroup -Name "<Unique Name>" -ManagedBy @("UserOrGroup1","UserOrGroup2",..."UserOrGroupN">) [-Alias <text>] [-DisplayName "<Descriptive Name>"] [-Members @("UserOrGroup1","UserOrGroup2",..."UserOrGroupN">)] [-Notes "<Optional Text>"] [-PrimarySmtpAddress <SmtpAddress>] [-Type <Distribution | Security>]
-```
-
-**Notes**:
--- The _Name_ parameter is required, has a maximum length of 64 characters, and must be unique. If you don't use the _DisplayName_ parameter, the value of the _Name_ parameter is used for the display name.--- If you don't use the _Alias_ parameter, the _Name_ parameter is used for the alias value. Spaces are removed and unsupported characters are converted to question marks (?).--- If you don't use the _PrimarySmtpAddress_ parameter, the alias value is used in the _PrimarySmtpAddress_ parameter.--- If you don't use the _Type_ parameter, the default value is Distribution.-
-This example creates a distribution group named IT Administrators with the specified properties.
-
-```PowerShell
-New-EOPDistributionGroup -Name "IT Administrators" -Alias itadmin -Members @("michelle@contoso.com","laura@contoso.com","julia@contoso.com") -ManagedBy "chris@contoso.com"
-```
-
-For detailed syntax and parameter information, see [New-EOPDistributionGroup](/powershell/module/exchange/New-EOPDistributionGroup).
-
-### Use standalone EOP PowerShell to modify groups
-
-To modify groups in standalone EOP PowerShell, use the following syntax:
-
-```powershell
-Set-EOPDistributionGroup -Identity <GroupIdentity> [-Alias <Text>] [-DisplayName <Text>] [-ManagedBy @("User1","User2",..."UserN")] [-PrimarySmtpAddress <SmtpAddress>]
-
-```powershell
-Update-EOPDistributionGroupMember -Identity <GroupIdentity> -Members @("User1","User2",..."UserN")
-```
-
-This example uses changes the primary SMTP address (also called the reply address) for the Seattle Employees group to sea.employees@contoso.com.
-
-```PowerShell
-Set-EOPDistributionGroup "Seattle Employees" -PrimarySmtpAddress "sea.employees@contoso.com"
-```
-
-This example replaces the current members of the Security Team group with Kitty Petersen and Tyson Fawcett.
-
-```powershell
-Update-EOPDistributionGroupMember -Identity "Security Team" -Members @("Kitty Petersen","Tyson Fawcett")
-```
-
-This example adds a new user named Tyson Fawcett to the group named Security Team while preserving the current members of the group.
-
-```powershell
-$CurrentMemberObjects = Get-DistributionGroupMember "Security Team"
-$CurrentMemberNames = $CurrentMemberObjects | % {$_.name}
-$CurrentMemberNames += "Tyson Fawcett"
-Update-EOPDistributionGroupMember -Identity "Security Team" -Members $CurrentMemberNames
-```
-
-For detailed syntax and parameter information, see [Set-EOPDistributionGroup](/powershell/module/exchange/set-eopdistributiongroup) and [Update-EOPDistributionGroupMember](/powershell/module/exchange/update-eopdistributiongroupmember).
-
-### Remove a group using remote Windows PowerShell
-
-This example uses removes the distribution group named IT Administrators.
-
-```PowerShell
-Remove-EOPDistributionGroup -Identity "IT Administrators"
-```
-
-For detailed syntax and parameter information, see [Remove-EOPDistributionGroup](/powershell/module/exchange/remove-eopdistributiongroup).
-
-## How do you know these procedures worked?
-
-To verify that you've successfully created, modified, or removed a distribution group or a mail-enabled security group, do any of the following steps:
--- In the EAC, go to **Recipients** \> **Groups**. Verify that the group is listed (or not listed), and verify the **Group Type** value. Select the group and view the information in the Details pane, or click **Edit** ![Edit icon](../../media/ITPro-EAC-AddIcon.png) to view the settings.--- In standalone EOP PowerShell, run the following command to verify the group is listed (or isn't listed):-
- ```PowerShell
- Get-Recipient -RecipientType MailUniversalDistributionGroup,MailUniversalSecurityGroup -ResultSize unlimited
- ```
--- Replace \<GroupIdentity\> with the name, alias, or email address of the group and run the following command to verify the settings:-
- ```PowerShell
- Get-Recipient -Identity <GroupIdentity> | Format-List
- ```
--- To view the group members, replace \<GroupIdentity\> with the name, alias, or email address of the group and run the following command:-
- ```PowerShell
- Get-DistributionGroupMember -Identity "<GroupIdentity>"
- ```
security Manage Mail Users In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-mail-users-in-eop.md
- Title: Manage mail users in standalone EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-description: Learn about how to manage mail users in Exchange Online Protection (EOP), including using directory synchronization, EAC, and PowerShell to manage users.
---
-# Manage mail users in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, mail users are the fundamental type of user account. A mail user has account credentials in your standalone EOP organization, and can access resources (have permissions assigned). A mail user's email address is external (for example, in your on-premises email environment).
-
-> [!NOTE]
-> When you create a mail user, the corresponding user account is available in the Microsoft 365 admin center. When you create a user account in the Microsoft 365 admin center, you can't use that account to create a mail user.
-
-The recommended method to create and manage mail users in standalone EOP is to use directory synchronization as described in the [Use directory synchronization to manage mail users](#use-directory-synchronization-to-manage-mail-users) section later in this article.
-
-For standalone EOP organizations with a small number of users, you can add and manage mail users in the Exchange admin center (EAC) or in standalone EOP PowerShell as described in this article.
-
-## What do you need to know before you begin?
--- To open the Exchange admin center (EAC), see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- When you create mail users in EOP PowerShell, you might encounter throttling. Also, the EOP PowerShell cmdlets use a batch processing method that results in a propagation delay of a few minutes before the results of the commands are visible.--- You need to be assigned permissions in Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Mail Recipient Creation** (create) and **Mail Recipients** (modify) roles, which are assigned to the **Organization Management** (global admins) and **Recipient Management** role groups by default. For more information, see [Permissions in standalone EOP](feature-permissions-in-eop.md) and [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups).--- For information about keyboard shortcuts that may apply to the procedures in this article, see [Keyboard shortcuts for the Exchange admin center in Exchange Online](/Exchange/accessibility/keyboard-shortcuts-in-admin-center).-
-> [!TIP]
-> Having problems? Ask for help in the Exchange forums. Visit the [Exchange Online Protection](https://social.technet.microsoft.com/Forums/forefront/home?forum=FOPE) forum.
-
-## Use the Exchange admin center to manage mail users
-
-### Use the EAC to create mail users
-
-1. In the EAC, go to **Recipients** \> **Contacts**
-
-2. Click **New** ![New icon](../../media/ITPro-EAC-AddIcon.png). In the **New mail user** page that opens, configure the following settings. Settings marked with an <sup>\*</sup> are required.
-
- - **First name**
-
- - **Initials**: The person's middle initial.
-
- - **Last name**
-
- - <sup>\*</sup>**Display name**: By default, this box shows the values from the **First name**, **Initials**, and **Last name** boxes. You can accept this value or change it. The value should be unique, and has a maximum length of 64 characters.
-
- - <sup>\*</sup>**Alias**: Enter a unique alias, using up to 64 characters, for the user
-
- - **External email address**: Enter the user's email address. The domain should be external to your cloud-based organization.
-
- - <sup>\*</sup>**User ID**: Enter the account that the person will use to sign in to the service. The user ID consists of a username on the left side of the at (@) symbol (@) and a domain on the right side.
-
- - <sup>\*</sup>**New password** and <sup>\*</sup>**Confirm password**: Enter and reenter the account password. Verify that the password complies with the password length, complexity, and history requirements of your organization.
-
-3. When you've finished, click **Save** to create the mail user.
-
-### Use the EAC to modify mail users
-
-1. In the EAC, go to **Recipients** \> **Contacts**.
-
-2. Select the mail user that you want to modify, and then click **Edit** ![Edit icon](../../media/ITPro-EAC-AddIcon.png).
-
-3. On the mail user properties page that opens, click one of the following tabs to view or change properties.
-
- When you're finished, click **Save**.
-
-#### General
-
-Use the **General** tab to view or change basic information about the mail user.
--- **First name**--- **Initials**--- **Last name**--- **Display name**: This name appears in your organization's address book, on the To: and From: lines in email, and in the list of contacts in the EAC. This name can't contain empty spaces before or after the display name.--- **User ID**: This is the user's account in Microsoft 365. You can't modify this value here.-
-#### Contact information
-
-Use the **Contact information** tab to view or change the user's contact information. The information on this page is displayed in the address book.
--- **Street**-- **City**-- **State/Province**-- **ZIP/Postal code**-- **Country/Region**-- **Work phone**-- **Mobile phone**-- **Fax**-- **More options**-
- - **Office**
- - **Home phone**
- - **Web page**
- - **Notes**
-
-#### Organization
-
-Use the **Organization** tab to record detailed information about the user's role in the organization.
--- **Title**-- **Department**-- **Company**-
-### Use the EAC to remove mail users
-
-1. In the EAC, go to **Recipients** \> **Contacts**.
-
-2. Select the mail user that you want to remove, and then click **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif).
-
-## Use PowerShell to manage mail users
-
-### Use standalone EOP PowerShell to view mail users
-
-To return a summary list of all mail users in standalone EOP PowerShell, run the following command:
-
-```powershell
-Get-Recipient -RecipientType MailUser -ResultSize unlimited
-```
-
-To view detailed information about a specific mail user, replace \<MailUserIdentity\> with the name, alias, or account name of the mail user, and run the following commands:
-
-```powershell
-Get-Recipient -Identity <MailUserIdentity> | Format-List
-```
-
-```powershell
-Get-User -Identity <MailUserIdentity> | Format-List
-```
-
-For detailed syntax and parameter information, see [Get-Recipient](/powershell/module/exchange/get-recipient) and [Get-User](/powershell/module/exchange/get-user).
-
-### Use standalone EOP PowerShell to create mail users
-
-To create mail users in standalone EOP PowerShell, use the following syntax:
-
-```powershell
-New-EOPMailUser -Name "<UniqueName>" -MicrosoftOnlineServicesID <Account> -Password (ConvertTo-SecureString -String '<password>' -AsPlainText -Force) [-Alias <AliasValue>] [-DisplayName "<Display Name>"] [-ExternalEmailAddress <ExternalEmailAddress>] [-FirstName <Text>] [-Initials <Text>] [-LastName <Text>]
-```
-
-**Notes**:
--- The _Name_ parameter is required, has a maximum length of 64 characters, and must be unique. If you don't use the _DisplayName_ parameter, the value of the _Name_ parameter is used for the display name.-- If you don't use the _Alias_ parameter, the left side of the _MicrosoftOnlineServicesID_ parameter is used for the alias.-- If you don't use the _ExternalEmailAddress_ parameter, the _MicrosoftOnlineServicesID_ value is used for the external email address.-
-This example creates a mail user with the following settings:
--- The name is JeffreyZeng and the display name is Jeffrey Zeng.-- The first name is Jeffrey and the last name is Zeng.-- The alias is jeffreyz.-- The external email address is jzeng@tailspintoys.com.-- The account name is jeffreyz@contoso.onmicrosoft.com.-- The password is Pa$$word1.-
-```PowerShell
-New-EOPMailUser -Name JeffreyZeng -MicrosoftOnlineServicesID jeffreyz@contoso.onmicrosoft.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force) -ExternalEmailAddress jeffreyz@tailspintoys.com -DisplayName "Jeffrey Zeng" -Alias jeffreyz -FirstName Jeffrey -LastName Zeng
-```
-
-For detailed syntax and parameter information, see [New-EOPMailUser](/powershell/module/exchange/new-eopmailuser).
-
-### Use standalone EOP PowerShell to modify mail users
-
-To modify existing mail users in standalone EOP PowerShell, use the following syntax:
-
-```powershell
-Set-EOPMailUser -Identity <MailUserIdentity> [-Alias <Text>] [-DisplayName <Text>] [-EmailAddresses <ProxyAddressCollection>] [-MicrosoftOnlineServicesID <SmtpAddress>]
-```
-
-```powershell
-Set-EOPUser -Identity <MailUserIdentity> [-City <Text>] [-Company <Text>] [-CountryOrRegion <CountryInfo>] [-Department <Text>] [-Fax <PhoneNumber>] [-FirstName <Text>] [-HomePhone <PhoneNumber>] [-Initials <Text>] [-LastName <Text>] [-MobilePhone <PhoneNumber>] [-Notes <Text>] [-Office <Text>] [-Phone <PhoneNumber>] [-PostalCode <String>] [-StateOrProvince <String>] [-StreetAddress <Tet>] [-Title <Text>] [-WebPage <Text>]
-```
-
-This example sets the external email address for Pilar Pinilla.
-
-```PowerShell
-Set-EOPMailUser -Identity "Pilar Pinilla" -EmailAddresses pilarp@tailspintoys.com
-```
-
-This example sets the Company property for all mail users to Contoso.
-
-```PowerShell
-$Recip = Get-Recipient -RecipientType MailUser -ResultSize unlimited
-$Recip | foreach {Set-EOPUser -Identity $_.Alias -Company Contoso}
-```
-
-For detailed syntax and parameter information, see [Set-EOPMailUser](/powershell/module/exchange/set-eopmailuser).
-
-### Use standalone EOP PowerShell to remove mail users
-
-To remove mail users in standalone EOP PowerShell, replace \<MailUserIdentity\> with the name, alias, or account name of the mail user, and run the following command:
-
-```PowerShell
-Remove-EOPMailUser -Identity <MailUserIdentity\>
-```
-
-This example removes the mail user for Jeffrey Zeng.
-
-```PowerShell
-Remove-EOPMailUser -Identity "Jeffrey Zeng"
-```
-
-For detailed syntax and parameter information, see [Remove-EOPMailUser](/powershell/module/exchange/remove-eopmailuser).
-
-## How do you know these procedures worked?
-
-To verify that you've successfully created, modified, or removed mail users in standalone EOP, use any of the following procedures:
--- In the EAC, go to **Recipients** \> **Contacts**. Verify that the mail user is listed (or isn't listed). Select the mail user and view the information in the Details pane, or click **Edit** ![Edit icon](../../media/ITPro-EAC-AddIcon.png) to view the settings.--- In standalone EOP PowerShell, run the following command to verify the mail user is listed (or isn't listed):-
- ```powershell
- Get-Recipient -RecipientType MailUser -ResultSize unlimited
- ```
--- Replace \<MailUserIdentity\> with the name, alias, or account name of the mail user, and run the following commands to verify the settings:-
- ```powershell
- Get-Recipient -Identity <MailUserIdentity> | Format-List
- ```
-
- ```powershell
- Get-User -Identity <MailUserIdentity> | Format-List
- ```
-
-## Use directory synchronization to manage mail users
-
-In standalone EOP, directory synchronization is available for customers with on-premises Active Directory. You can synchronize those accounts to Azure Active Directory (Azure AD), where copies of the accounts are stored in the cloud. When you synchronize your existing user accounts to Azure Active Directory, you can view those users in the **Recipients** pane of the Exchange admin center (EAC) or in standalone EOP PowerShell.
-
-**Notes**:
--- If you use directory synchronization to manage your recipients, you can still add and manage users in the Microsoft 365 admin center, but they will not be synchronized with your on-premises Active Directory. This is because directory synchronization only syncs recipients from your on-premises Active Directory to the cloud.--- Using directory synchronization is recommended for use with the following features:-
- - **Outlook Safe Sender lists and Blocked Sender lists**: When synchronized to the service, these lists will take precedence over spam filtering in the service. This lets users manage their own Safe Sender list and Blocked Sender list with individual sender and domain entries. For more information, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md).
-
- - **Directory Based Edge Blocking (DBEB)**: For more information about DBEB, see [Use Directory Based Edge Blocking to reject messages sent to invalid recipients](/Exchange/mail-flow-best-practices/use-directory-based-edge-blocking).
-
- - **End user access to quarantine**: To access their quarantined messages, recipients must have a valid user ID and password in the service. For more information about quarantine, see [Find and release quarantined messages as a user](find-and-release-quarantined-messages-as-a-user.md).
-
- - **Mail flow rules (also known as transport rules)**: When you use directory synchronization, your existing Active Directory users and groups are automatically uploaded to the cloud, and you can then create mail flow rules that target specific users and/or groups without having to manually add them in the service. Note that [dynamic distribution groups](/Exchange/recipients-in-exchange-online/manage-dynamic-distribution-groups/manage-dynamic-distribution-groups) can't be synchronized via directory synchronization.
-
-Get the necessary permissions and prepare for directory synchronization, as described in [What is hybrid identity with Azure Active Directory?](/azure/active-directory/hybrid/whatis-hybrid-identity).
-
-### Synchronize directories with Azure Active Directory Connect (AAD Connect)
-
-1. Activate directory synchronization as described in [Azure AD Connect sync: Understand and customize synchronization](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
-
-2. Install and configure an on-premises computer to run AAD Connect as described in [Prerequisites for Azure AD Connect](/azure/active-directory/hybrid/how-to-connect-install-prerequisites).
-
-3. [Select which installation type to use for Azure AD Connect](/azure/active-directory/hybrid/how-to-connect-install-select-installation):
-
- - [Express](/azure/active-directory/hybrid/how-to-connect-install-express)
-
- - [Custom](/azure/active-directory/hybrid/how-to-connect-install-custom)
-
- - [Pass-through authentication](/azure/active-directory/hybrid/how-to-connect-pta-quick-start)
-
-> [!IMPORTANT]
-> When you finish the Azure Active Directory Sync Tool Configuration Wizard, the **MSOL_AD_SYNC** account is created in your Active Directory forest. This account is used to read and synchronize your on-premises Active Directory information. In order for directory synchronization to work correctly, make sure that TCP 443 on your local directory synchronization server is open.
-
-After configuring your sync, be sure to verify that AAD Connect is synchronizing correctly. In the EAC, go to **Recipients** \> **Contacts** and view that the list of users was correctly synchronized from your on-premises environment.
security Manage Recipients In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-recipients-in-eop.md
- Title: Manage recipients in standalone EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: Admins can learn about the different types of recipient objects in standalone Exchange Online Protection (EOP).
--
-# Manage recipients in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-Standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes support the following types of recipients:
--- **Mail users**: Mail users are the fundamental type of user accounts in your standalone EOP organization. Mail users have logon credentials in your EOP organization, but they have external email addresses (their mailboxes are located outside of your EOP organization).-
- For more information about managing mail users in EOP, see [Manage mail users in EOP](manage-mail-users-in-eop.md).
--- **Groups**: You can create the following types of groups:-
- - Distribution groups
- - Mail-enabled security groups
-
- For more information about managing groups in EOP, see [Manage groups in EOP](manage-groups-in-eop.md).
security Move Domains And Settings From One Eop Organization To Another Eop Organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/move-domains-and-settings-from-one-eop-organization-to-another-eop-organization.md
- Title: Move domains & settings from one EOP organization to another
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: In this article, you'll learn how to move domains and settings from one Microsoft Exchange Online Protection (EOP) organization (tenant) to another.
--
-# Move domains and settings from one EOP organization to another
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-Changing business requirements can sometimes require splitting one Microsoft Exchange Online Protection (EOP) organization (tenant) into two separate organizations, merging two organizations into one, or moving your domains and EOP settings from one organization to another organization. Moving from one EOP organization to a second EOP organization can be challenging, but with a few basic remote Windows PowerShell scripts and a small amount of preparation, this can be achieved with a relatively small maintenance window.
-
-> [!NOTE]
->
-> - Settings can be reliably moved only from an EOP standalone (Standard) organization to either another EOP Standard or an Exchange Enterprise CAL with Services (EOP Premium) organization, or from an EOP Premium organization to another EOP Premium organization. Because some premium features are not supported in EOP Standard organizations, moves from an EOP Premium organization to an EOP Standard organization might not be successful.
->
-> - These instructions are for EOP filtering-only organizations. There are additional considerations in moving from one Exchange Online organization to another Exchange Online organization. Exchange Online organizations are out of scope for these instructions.
-
-In the following example, Contoso, Ltd. has merged with Contoso Suites. The following image shows the process of moving domains, mail users and groups, and settings from the source EOP organization (contoso.onmicrosoft.com) to the target EOP organization (contososuites.onmicrosoft.com):
-
-![Move EOP domains and settings](../../media/EOP-Move-domains-and-settings.jpg)
-
-The challenge in moving domains from one organization to another is that a verified domain can't exist in two organizations at the same time. The following steps help you work through this.
-
-## Step 1: Collect data from the source organization
-
-In order to re-create the source organization in the target organization, make sure that you collect and store the following information about the source organization:
--- Domains-- Mail users-- Groups-- Anti-spam
- - Anti-spam policies (also known as content filter policies)
- - Outbound spam filter policies
- - Connection filter policies
-- Anti-malware policies-- Connectors-- Mail flow rules (also known as transport rules)-
- > [!NOTE]
- > Cmdlet support for the export and import of the mail flow rule collection is currently only supported for EOP Premium subscription plans.
-
-The easiest way to collect all of your settings is to use PowerShell. To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).
-
-Next, you can collect all your settings and export them to an .xml file to be imported into the target tenant. In general, you can pipe the output of the **Get** cmdlet for each setting to the **Export-Clixml** cmdlet to save the settings in .xml files, as shown in the following code sample.
-
-In standalone EOP PowerShell, create a directory called Export in a location that's easy to find and change to that directory. For example:
-
-```PowerShell
-mkdir C:\EOP\Export
-```
-
-```PowerShell
-cd C:\EOP\Export
-```
-
-The following script can be used to collect all the mail users, groups, anti-spam settings, anti-malware settings, connectors, and mail flow rules in the source organization. Copy and paste the following text into a text editor like Notepad, save the file as Source_EOP_Settings.ps1 in the Export directory you just created, and run the following command:
-
-```PowerShell
-& "C:\EOP\Export\Source_EOP_Settings.ps1"
-```
-
-```PowerShell
-#****************************************************************************
-# Export Domains
-#*****************************************************************************
-Get-AcceptedDomain | Export-Clixml Domains.xml
-#****************************************************************************
-# Export mail users
-#
-#****************************************************************************
-Get-Recipient -ResultSize unlimited -RecipientTypeDetails MailUser | Export-Clixml MailUsers.xml
-#****************************************************************************
-# Groups
-#
-# If you're using directory synchronization, you can skip this step and
-# simply sync to the target
-# tenant.
-# First, you need to capture information about the distribution groups.
-#****************************************************************************
-Get-Recipient -ResultSize unlimited -RecipientTypeDetails MailUniversalDistributionGroup | Export-Clixml DistributionGroups.xml
-Get-Recipient -ResultSize unlimited -RecipientTypeDetails MailUniversalSecurityGroup | Export-Clixml SecurityGroups.xml
-#****************************************************************************
-# And then we'll use that output to loop through each group and get the
-# members.
-#****************************************************************************
-$DGs = Import-Clixml .\DistributionGroups.xml
-ForEach ($dg in $DGs) {Get-DistributionGroupMember -Identity $dg.name | Export-Clixml $dg.ExternalDirectoryObjectId}
-$SGs = Import-Clixml .\SecurityGroups.xml
-ForEach ($sg in $SGs) {Get-DistributionGroupMember -Identity $sg.name | Export-Clixml $sg.ExternalDirectoryObjectId}
-#*****************************************************************************
-# Export dynamic distribution groups - EOP Premium Only
-#
-# If you're using directory synchronization, then you can skip this step and simply
-# sync to the target tenant.
-#*****************************************************************************
-Get-DynamicDistributionGroup -ResultSize unlimited | Export-Clixml DynamicDistributionGroups.xml
-#*****************************************************************************
-# Export mail contacts - EOP Premium Only
-#
-# If you're using directory synchronization, then you can skip this step and simply
-# sync to the target tenant.
-#*****************************************************************************
-Get-MailContact -ResultSize unlimited -RecipientTypeDetails MailContact | Export-Clixml MailContacts.xml
-#****************************************************************************
-# Anti-spam
-#****************************************************************************
-Get-HostedConnectionFilterPolicy | Export-Clixml HostedConnectionFilterPolicy.xml
-Get-HostedContentFilterPolicy | Export-Clixml HostedContentFilterPolicy.xml
-Get-HostedContentFilterRule | Export-Clixml HostedContentFilterRule.xml
-Get-HostedOutboundSpamFilterPolicy | Export-Clixml HostedOutboundSpamFilterPolicy.xml
-#****************************************************************************
-# Anti-malware policies
-#****************************************************************************
-Get-MalwareFilterPolicy | Export-Clixml MalwareFilterPolicy.xml
-Get-MalwareFilterRule | Export-Clixml MalwareFilterRule.xml
-#****************************************************************************
-# Connectors
-#****************************************************************************
-Get-InboundConnector | Export-Clixml InboundConnector.xml
-Get-OutboundConnector | Export-Clixml OutboundConnector.xml
-#****************************************************************************
-# Exchange mail flow rules
-#****************************************************************************
-$file = Export-TransportRuleCollection
-Set-Content -Path ".TransportRules.xml" -Value $file.FileData -Encoding Byte
-```
-
-Run the following commands from the Export directory to update the .xml files with the target organization. Replace contoso.onmicrosoft.com and contososuites.onmicrosoft.com with your source and target organization names.
-
-```PowerShell
-$files = ls
-ForEach ($file in $files) { (Get-Content $file.Name) | Foreach-Object {$_ -replace 'contoso.onmicrosoft.com', 'contososuites.onmicrosoft.com'} | Set-Content $file.Name}
-```
-
-## Step 2: Add domains to the target organization
-
-Add domains to the target organization by using the following script. Copy and paste the text into a text editor like Notepad, save the script as C:\EOP\Export\Add_Domains.ps1, and run the following command:
-
-```PowerShell
-& "C:\EOP\Export\Add_Domains.ps1"
-```
-
-These domains won't be verified and can't be used to route mail, but after the domains are added, you can collect the information needed to verify the domains and eventually update your MX records for the new tenant.
-
-```PowerShell
-#***********************************************************************
-# Login to Azure Active Directory
-#*****************************************************************************
-$msolcred = Get-Credential
-connect-msolservice -credential $msolcred
-#****************************************************************************
-# Add domains
-#****************************************************************************
-$Domains = Import-Clixml ".\Domains.xml"
-Foreach ($domain in $Domains) {
- New-MsolDomain -Name $domain.Name
-}
-```
-
-Now you can review and collect the information from the Microsoft 365 admin center of your target organization so you can quickly verify your domains when the time comes:
-
-1. Sign in to the Microsoft 365 admin center at <https://portal.office.com>.
-
-2. Click **Domains**.
-
- If you don't see domains, click **Customize navigation**, select **Setup**, and then click **Save**.
-
-3. Click each **Start setup** link, and then proceed through the setup wizard.
-
-4. On the **Confirm ownership** page, for **See step-by-step instructions for performing this step with**, select **General instructions**.
-
-5. Record the MX record or TXT record that you'll use to verify your domain, and finish the setup wizard.
-
-6. Add the verification TXT records to your DNS records. This will let you more quickly verify the domains in the source organization after they're removed from the target organization. For more information about configuring DNS, see [Create DNS records at any DNS hosting provider for Microsoft 365](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md).
-
-## Step 3: Force senders to queue mail
-
-While moving your domains from one tenant to another, you'll need to delete the domains from the source organization and then verify them in your target organization. During this time, you won't be able to route mail through EOP.
-
-One option to force senders to queue mail is to update your MX records to point directly to your on-premises mail server.
-
-Another option is to put an invalid MX record in each domain where the DNS records for your domain are kept (also known as your DNS hosting service). This will cause the sender to queue your mail and retry (typical retry attempts are for 48 hours, but this might vary from provider to provider). You can use invalid.outlook.com as an invalid MX target. Lowering the Time to Live (TTL) value to five minutes on the MX record will help the change propagate to DNS providers more quickly.
-
-For more information about configuring DNS, see [Create DNS records at any DNS hosting provider for Microsoft 365](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md).
-
-> [!IMPORTANT]
-> Different providers queue mail for different periods of time. You'll need to set up your new tenant quickly and revert your DNS settings to avoid non-delivery reports (NDRs) from being sent to the sender if the queuing time expires.
-
-## Step 4: Remove users, groups, and domains from the source organization
-
-The following script removes users, groups, and domains from the source tenant by using Azure Active Directory PowerShell. Copy and paste the following text into a text editor like Notepad, save the file as C:\EOP\Export\Remove_Users_and_Groups.ps1, and run the following command:
-
-```PowerShell
-& "C:\EOP\Export\Remove_Users_and_Groups.ps1"
-```
-
-```PowerShell
-#*****************************************************************************
-# Login to Azure Active Directory
-#*****************************************************************************
-$msolcred= Get-Credential
-connect-msolservice -credential $msolcred
-#*****************************************************************************
-# Remove users
-#*****************************************************************************
-$Users = Get-MSOLUser -All | sort UserPrincipalName
-$user_count = $Users.count
-write-host "Removing $user_count users."
-Foreach ($User in $Users) {
-write-host $User.UserPrincipalName
-$User | Remove-MSOLUser -Force
-}
-#*****************************************************************************
-# Remove groups
-#*****************************************************************************
-Get-MSOLGroup | Remove-MSOLGroup -Force
-#*****************************************************************************
-# Remove domains
-# Note: Your onmicrosoft.com domain should be the default domain
-#*****************************************************************************
-$Domains = Get-MsolDomain
-$Domain_count = $Domains.count
-write-host "Removing $Domain_count domains."
-Foreach ($Domain in $Domains) {
-write-host $Domain.Name
-Remove-MsolDomain -DomainName $Domain.Name -Force
-}
-```
-
-## Step 5: Verify domains for the target organization
-
-1. Sign in to the admin center at <https://portal.office.com>.
-
-2. Click **Domains**.
-
-3. Click each **Start setup** link for the target domain and proceed through the setup wizard.
-
-## Step 6: Add mail users and groups to the target organization
-
-A best practice for EOP is to use Azure Active Directory to sync your on-premises Active Directory to your target tenant. For more information about how to do this, see "Use directory synchronization to manage mail users" in [Manage mail users in EOP](manage-mail-users-in-eop.md). You can also use the following script to recreate your users and groups from your source tenant. Note: User passwords cannot be moved. New user passwords are created and saved in the file named UsersAndGroups.ps1.
-
-To use the script, copy and paste the following text into a text editor like Notepad, save the file as C:\EOP\Export\Add_Users_and_Groups.ps1, and run the following command:
-
-```PowerShell
-& "C:\EOP\Export\Add_Users_and_Groups.ps1"
-```
-
-```PowerShell
-#***********************************************************************
-# makeparam helper function
-#****************************************************************************
-function makeparam ([string]$ParamName, [string[]] $ParamValue) {
- $FormattedParam = ""
- If($ParamValue.Count -gt 0) {
- $FormattedParam = " -$ParamName "
- Foreach ($value in $ParamValue) {
- If($value -eq "True") {$FormattedParam = " -$ParamName" + ":`$True,"}
- else{
- If($value -eq "False") {$FormattedParam = " -$ParamName" + ":`$False,"}
- else{$FormattedParam += "`"$value`","}
- }
- }
- $FormattedParam = $FormattedParam.TrimEnd(",")
- }
- Return $FormattedParam
- }
-#****************************************************************************
-# Variables
-#****************************************************************************
-$outfile = ".\UsersAndGroups.ps1"
-rm -erroraction 'silentlycontinue' $outfile
-#****************************************************************************
-# Add mail users
-#****************************************************************************
-$rand = New-Object System.Random -ArgumentList (get-date).millisecond
-$MailUsers = Import-Clixml ".\MailUsers.xml"
-$MailUsersCount = $MailUsers.Name.Count
-if($MailUsersCount -gt 0){
- Write-Host "Importing $MailUsersCount Mail Users"
- ForEach ($MailUser in $MailUsers) {
- $MailUsersCmdlet = "New-MailUser"
- If((Get-PSSession).ComputerName.Contains("ps.protection")) {
- $DistributionGroupsCmdlet = "New-EOPMailUser"
- }
- $MailUsersCmdlet += makeparam "LastName" $MailUser.LastName
- $MailUsersCmdlet += makeparam "FirstName" $MailUser.FirstName
- $MailUsersCmdlet += makeparam "DisplayName" $MailUser.DisplayName
- $MailUsersCmdlet += makeparam "Name" $MailUser.Name
- $MailUsersCmdlet += makeparam "Alias" $MailUser.Alias
- $MailUsersCmdlet += makeparam "MicrosoftOnlineServicesID" $MailUser.MicrosoftOnlineServicesID
- $MailUsersCmdlet += makeparam "ExternalEmailAddress" $MailUser.ExternalEmailAddress
-
- # Generate a new 10 character password
- $NewPassword = ""
- 1..10 | ForEach { $NewPassword = $NewPassword + [char]$rand.next(40,127) }
-
- $MailUsersCmdlet += " -Password (ConvertTo-SecureString -String '$NewPassword' -AsPlainText -Force)"
- Add-Content $outfile "`n$MailUsersCmdlet"
- }
-}
-#****************************************************************************
-# Add distribution groups
-#****************************************************************************
-$DistributionGroups = Import-Clixml ".\DistributionGroups.xml"
-$DistributionGroupsCount = $DistributionGroups.Name.Count
-if($DistributionGroupsCount -gt 0){
- Write-Host "Importing $DistributionGroupsCount Distribution Groups"
- ForEach ($DistributionGroup in $DistributionGroups) {
- $DistributionGroupsCmdlet = "New-DistributionGroup"
- If((Get-PSSession).ComputerName.Contains("ps.protection")) {
- $DistributionGroupsCmdlet = "New-EOPDistributionGroup"
- }
- $DistributionGroupsCmdlet += makeparam "Name" $DistributionGroup.Name
- $DistributionGroupsCmdlet += makeparam "Alias" $DistributionGroup.Alias
- $DistributionGroupsCmdlet += makeparam "DisplayName" $DistributionGroup.DisplayName
- $DistributionGroupsCmdlet += makeparam "ManagedBy" $DistributionGroup.ManagedBy
-
- $DistributionGroupsCmdlet += makeparam "Notes" $DistributionGroup.Notes
- $DistributionGroupsCmdlet += makeparam "PrimarySmtpAddress" $DistributionGroup.PrimarySmtpAddress
- $DistributionGroupsCmdlet += makeparam "Type" $DistributionGroup.Type
- $MembersCmdlet = "@("
- $memberslist = Import-Clixml $DistributionGroup.ExternalDirectoryObjectId
- ForEach ($user in $memberslist) {
- $MembersCmdlet += "`"$user.Name`","
- }
- $MembersCmdlet = $MembersCmdlet.TrimEnd(",")
- $MembersCmdlet += ")"
- }
- Add-Content $outfile "`n$DistributionGroupsCmdlet"
-}
-#****************************************************************************
-# Add security groups
-#****************************************************************************
-$SecurityGroups = Import-Clixml ".\SecurityGroups.xml"
-$SecurityGroupsCount = $SecurityGroups.Name.Count
-if($SecurityGroupsCount -gt 0){
- Write-Host "Importing $SecurityGroupsCount Security Groups"
- ForEach ($SecurityGroup in $SecurityGroups) {
- $SecurityGroupsCmdlet = "New-SecurityGroup"
- If((Get-PSSession).ComputerName.Contains("ps.protection")) {
- $DistributionGroupsCmdlet = "New-EOPSecurityGroup"
- }
- $SecurityGroupsCmdlet += makeparam "Name" $SecurityGroup.Name
- $SecurityGroupsCmdlet += makeparam "Alias" $SecurityGroup.Alias
- $SecurityGroupsCmdlet += makeparam "DisplayName" $SecurityGroup.DisplayName
- $SecurityGroupsCmdlet += makeparam "ManagedBy" $SecurityGroup.ManagedBy
-
- $SecurityGroupsCmdlet += makeparam "Notes" $SecurityGroup.Notes
- $SecurityGroupsCmdlet += makeparam "PrimarySmtpAddress" $SecurityGroup.PrimarySmtpAddress
- $SecurityGroupsCmdlet += makeparam "Type" $SecurityGroup.Type
- $MembersCmdlet = "@("
- $memberslist = Import-Clixml $SecurityGroup.ExternalDirectoryObjectId
- ForEach ($user in $memberslist) {
- $MembersCmdlet += "`"$user.Name`","
- }
- $MembersCmdlet = $MembersCmdlet.TrimEnd(",")
- $MembersCmdlet += ")"
- }
- Add-Content $outfile "`n$SecurityGroupsCmdlet"
-}
-#****************************************************************************
-# Add Dynamic Distribution Groups
-#****************************************************************************
-If((Get-PSSession).ComputerName.Contains("ps.protection")) {
- write-Host "No Synamic Distribution Groups for EOP Standard organizations."
-}else{
- $DynamicDistributionGroups = Import-Clixml ".\DynamicDistributionGroups.xml"
- $DynamicDistributionGroupsCount = $DynamicDistributionGroups.Name.Count
- if($DynamicDistributionGroupsCount -gt 0){
- Write-Host "Importing $DynamicDistributionGroupsCount Dynamic Distribution Groups"
- foreach ($DynamicDistributionGroup in $DynamicDistributionGroups) {
- $DynamicDistributionGroupsCmdlet = "New-DynamicDistributionGroup"
- $DynamicDistributionGroupsCmdlet += " -Confirm:`$False"
- $DynamicDistributionGroupsCmdlet += makeparam "DisplayName" $DynamicDistributionGroup.DisplayName
- $DynamicDistributionGroupsCmdlet += makeparam "ModeratedBy" $DynamicDistributionGroup.ModeratedBy
- $DynamicDistributionGroupsCmdlet += makeparam "ModerationEnabled" $DynamicDistributionGroup.ModerationEnabled
- $DynamicDistributionGroupsCmdlet += makeparam "Name" $DynamicDistributionGroup.Name
- $DynamicDistributionGroupsCmdlet += makeparam "PrimarySmtpAddress" $DynamicDistributionGroup.PrimarySmtpAddress
- $DynamicDistributionGroupsCmdlet += makeparam "RecipientContainer" $DynamicDistributionGroup.RecipientContainer
- $RecipientFilterParam = makeparam "RecipientFilter" $DynamicDistributionGroup.RecipientFilter
- $RecipientFilterParam = " -RecipientFilter {" + $RecipientFilterParam.Substring(19)
- $RecipientFilterParam = $RecipientFilterParam.Substring(0,$RecipientFilterParam.Length-1)
- $RecipientFilterParam += "}"
- $DynamicDistributionGroupsCmdlet += $RecipientFilterParam
- $DynamicDistributionGroupsCmdlet += makeparam "SendModerationNotifications" $DynamicDistributionGroup.SendModerationNotifications
- Add-Content $outfile "`n$DynamicDistributionGroupsCmdlet"
- }
-
- }else{
- Write-Host "No Dynamic Distribution Groups to add."
- }
-}
-#****************************************************************************
-# Add Mail Contacts
-#****************************************************************************
-If((Get-PSSession).ComputerName.Contains("ps.protection")) {
- write-Host "No Mail Contact for EOP Standard organizations."
-}else{
- $MailContacts = Import-Clixml ".\MailContacts.xml"
- $MailContactsCount = $MailContacts.Name.Count
- if($MailContactsCount -gt 0){
- Write-Host "Importing $MailContactsCount Dynamic Distribution Groups"
- foreach ($MailContact in $MailContacts) {
- $MailContactsCmdlet = "New-MailContact"
- $MailContactsCmdlet += makeparam "UsePreferMessageFormat" $MailContact.UsePreferMessageFormat
- $MailContactsCmdlet += makeparam "DisplayName" $MailContact.DisplayName
- $MailContactsCmdlet += makeparam "ModeratedBy" $MailContact.ModeratedBy
- $MailContactsCmdlet += makeparam "Name" $MailContact.Name
- $MailContactsCmdlet += makeparam "MessageBodyFormat" $MailContact.MessageBodyFormat
- $MailContactsCmdlet += makeparam "OrganizationalUnit" $MailContact.OrganizationalUnit
- $MailContactsCmdlet += makeparam "Initials" $MailContact.Initials
- $MailContactsCmdlet += makeparam "MessageFormat" $MailContact.MessageFormat
- $MailContactsCmdlet += makeparam "ModerationEnabled" $MailContact.ModerationEnabled
- $MailContactsCmdlet += makeparam "MacAttachmentFormat" $MailContact.MacAttachmentFormat
- $MailContactsCmdlet += makeparam "SendModerationNotifications" $MailContact.SendModerationNotifications
- $MailContactsCmdlet += " -Confirm:`$False"
- $MailContactsCmdlet += makeparam "ExternalEmailAddress" $MailContact.ExternalEmailAddress
- $MailContactsCmdlet += makeparam "FirstName" $MailContact.FirstName
- $MailContactsCmdlet += makeparam "Alias" $MailContact.Alias
- Add-Content $outfile "`n$MailContactsCmdlet"
- }
-
- }else{
- Write-Host "No Mail Contacts to add."
- }
-}
-#***********************************************************************
-# makeparam helper function
-#************************************************************************
- function makeparam ([string]$ParamName, [string[]] $ParamValue) {
- $FormattedParam = ""
- If($ParamValue.Count -gt 0) {
- $FormattedParam = " -$ParamName "
- Foreach ($value in $ParamValue) {
- If($value -eq "True") {$FormattedParam = " -$ParamName" + ":`$True,"}
- else{
- If($value -eq "False") {$FormattedParam = " -$ParamName" + ":`$False,"}
- else{$FormattedParam += "`"$value`","}
- }
- }
- $FormattedParam = $FormattedParam.TrimEnd(",")
- }
- Return $FormattedParam
- }
-#****************************************************************************
-# Variables
-#****************************************************************************
-$outfile = ".\UsersAndGroups.ps1"
-rm -erroraction 'silentlycontinue' $outfile
-#****************************************************************************
-# Add mail users
-#****************************************************************************
-$rand = New-Object System.Random -ArgumentList (get-date).millisecond
-$MailUsers = Import-Clixml ".\MailUsers.xml"
-$MailUsersCount = $MailUsers.Name.Count
-if($MailUsersCount -gt 0){
- Write-Host "Importing $MailUsersCount Mail Users"
- ForEach ($MailUser in $MailUsers) {
- $MailUsersCmdlet = "New-EOPMailUser"
- $MailUsersCmdlet += makeparam "LastName" $MailUser.LastName
- $MailUsersCmdlet += makeparam "FirstName" $MailUser.FirstName
- $MailUsersCmdlet += makeparam "DisplayName" $MailUser.DisplayName
- $MailUsersCmdlet += makeparam "Name" $MailUser.Name
- $MailUsersCmdlet += makeparam "Alias" $MailUser.Alias
- $MailUsersCmdlet += makeparam "MicrosoftOnlineServicesID" $MailUser.MicrosoftOnlineServicesID
- $MailUsersCmdlet += makeparam "ExternalEmailAddress" $MailUser.ExternalEmailAddress
-
- # Generate a new 10 character password
- $NewPassword = ""
- 1..10 | ForEach { $NewPassword = $NewPassword + [char]$rand.next(40,127) }
-
- $MailUsersCmdlet += " -Password (ConvertTo-SecureString -String '$NewPassword' -AsPlainText -Force)"
- Add-Content $outfile "`n$MailUsersCmdlet"
- }
-}
-#****************************************************************************
-# Add distribution groups
-#****************************************************************************
-$DistributionGroups = Import-Clixml ".\DistributionGroups.xml"
-$DistributionGroupsCount = $DistributionGroups.Name.Count
-if($DistributionGroupsCount -gt 0){
- Write-Host "Importing $DistributionGroupsCount Distribution Groups"
- ForEach ($DistributionGroup in $DistributionGroups) {
- $DistributionGroupsCmdlet = "New-EOPDistributionGroup"
- $DistributionGroupsCmdlet += makeparam "Name" $DistributionGroup.Name
- $DistributionGroupsCmdlet += makeparam "Alias" $DistributionGroup.Alias
- $DistributionGroupsCmdlet += makeparam "DisplayName" $DistributionGroup.DisplayName
- $DistributionGroupsCmdlet += makeparam "ManagedBy" $DistributionGroup.ManagedBy
-
- $DistributionGroupsCmdlet += makeparam "Notes" $DistributionGroup.Notes
- $DistributionGroupsCmdlet += makeparam "PrimarySmtpAddress" $DistributionGroup.PrimarySmtpAddress
- $DistributionGroupsCmdlet += makeparam "Type" $DistributionGroup.Type
- $MembersCmdlet = "@("
- $memberslist = Import-Clixml $DistributionGroup.ExternalDirectoryObjectId
- ForEach ($user in $memberslist) {
- $MembersCmdlet += "`"$user.Name`","
- }
- $MembersCmdlet = $MembersCmdlet.TrimEnd(",")
- $MembersCmdlet += ")"
- }
- Add-Content $outfile "`n$DistributionGroupsCmdlet"
-}
-#****************************************************************************
-# Add security groups
-#****************************************************************************
-$SecurityGroups = Import-Clixml ".\SecurityGroups.xml"
-$SecurityGroupsCount = $SecurityGroups.Name.Count
-if($SecurityGroupsCount -gt 0){
- Write-Host "Importing $SecurityGroupsCount Security Groups"
- ForEach ($SecurityGroup in $SecurityGroups) {
- $SecurityGroupsCmdlet = "New-EOPSecurityGroup"
- $SecurityGroupsCmdlet += makeparam "Name" $SecurityGroup.Name
- $SecurityGroupsCmdlet += makeparam "Alias" $SecurityGroup.Alias
- $SecurityGroupsCmdlet += makeparam "DisplayName" $SecurityGroup.DisplayName
- $SecurityGroupsCmdlet += makeparam "ManagedBy" $SecurityGroup.ManagedBy
-
- $SecurityGroupsCmdlet += makeparam "Notes" $SecurityGroup.Notes
- $SecurityGroupsCmdlet += makeparam "PrimarySmtpAddress" $SecurityGroup.PrimarySmtpAddress
- $SecurityGroupsCmdlet += makeparam "Type" $SecurityGroup.Type
- $MembersCmdlet = "@("
- $memberslist = Import-Clixml $SecurityGroup.ExternalDirectoryObjectId
- ForEach ($user in $memberslist) {
- $MembersCmdlet += "`"$user.Name`","
- }
- $MembersCmdlet = $MembersCmdlet.TrimEnd(",")
- $MembersCmdlet += ")"
- }
- Add-Content $outfile "`n$SecurityGroupsCmdlet"
-}
-#****************************************************************************
-# Add Dynamic Distribution Groups
-#****************************************************************************
-$DynamicDistributionGroups = Import-Clixml ".\DynamicDistributionGroups.xml"
-$DynamicDistributionGroupsCount = $DynamicDistributionGroups.Name.Count
-if($DynamicDistributionGroupsCount -gt 0){
- Write-Host "Importing $DynamicDistributionGroupsCount Dynamic Distribution Groups"
- foreach ($DynamicDistributionGroup in $DynamicDistributionGroups) {
- $DynamicDistributionGroupsCmdlet = "New-DynamicDistributionGroup"
- $DynamicDistributionGroupsCmdlet += " -Confirm:`$False"
- $DynamicDistributionGroupsCmdlet += makeparam "DisplayName" $DynamicDistributionGroup.DisplayName
- $DynamicDistributionGroupsCmdlet += makeparam "ModeratedBy" $DynamicDistributionGroup.ModeratedBy
- $DynamicDistributionGroupsCmdlet += makeparam "ModerationEnabled" $DynamicDistributionGroup.ModerationEnabled
- $DynamicDistributionGroupsCmdlet += makeparam "Name" $DynamicDistributionGroup.Name
- $DynamicDistributionGroupsCmdlet += makeparam "PrimarySmtpAddress" $DynamicDistributionGroup.PrimarySmtpAddress
- $DynamicDistributionGroupsCmdlet += makeparam "RecipientContainer" $DynamicDistributionGroup.RecipientContainer
- $RecipientFilterParam = makeparam "RecipientFilter" $DynamicDistributionGroup.RecipientFilter
- $RecipientFilterParam = " -RecipientFilter {" + $RecipientFilterParam.Substring(19)
- $RecipientFilterParam = $RecipientFilterParam.Substring(0,$RecipientFilterParam.Length-1)
- $RecipientFilterParam += "}"
- $DynamicDistributionGroupsCmdlet += $RecipientFilterParam
- $DynamicDistributionGroupsCmdlet += makeparam "SendModerationNotifications" $DynamicDistributionGroup.SendModerationNotifications
- Add-Content $outfile "`n$DynamicDistributionGroupsCmdlet"
- }
-
-}else{
- Write-Host "No Dynamic Distribution Groups to add."
-}
-#****************************************************************************
-# Add Mail Contacts
-#****************************************************************************
-$MailContacts = Import-Clixml ".\MailContacts.xml"
-$MailContactsCount = $MailContacts.Name.Count
-if($MailContactsCount -gt 0){
- Write-Host "Importing $MailContactsCount Dynamic Distribution Groups"
- foreach ($MailContact in $MailContacts) {
- $MailContactsCmdlet = "New-MailContact"
- $MailContactsCmdlet += makeparam "UsePreferMessageFormat" $MailContact.UsePreferMessageFormat
- $MailContactsCmdlet += makeparam "DisplayName" $MailContact.DisplayName
- $MailContactsCmdlet += makeparam "ModeratedBy" $MailContact.ModeratedBy
- $MailContactsCmdlet += makeparam "Name" $MailContact.Name
- $MailContactsCmdlet += makeparam "MessageBodyFormat" $MailContact.MessageBodyFormat
- $MailContactsCmdlet += makeparam "OrganizationalUnit" $MailContact.OrganizationalUnit
- $MailContactsCmdlet += makeparam "Initials" $MailContact.Initials
- $MailContactsCmdlet += makeparam "MessageFormat" $MailContact.MessageFormat
- $MailContactsCmdlet += makeparam "ModerationEnabled" $MailContact.ModerationEnabled
- $MailContactsCmdlet += makeparam "MacAttachmentFormat" $MailContact.MacAttachmentFormat
- $MailContactsCmdlet += makeparam "SendModerationNotifications" $MailContact.SendModerationNotifications
- $MailContactsCmdlet += " -Confirm:`$False"
- $MailContactsCmdlet += makeparam "ExternalEmailAddress" $MailContact.ExternalEmailAddress
- $MailContactsCmdlet += makeparam "FirstName" $MailContact.FirstName
- $MailContactsCmdlet += makeparam "Alias" $MailContact.Alias
- Add-Content $outfile "`n$MailContactsCmdlet"
- }
-
-}else{
- Write-Host "No Mail Contacts to add."
-}
-```
-
-## Step 7: Add protection settings to the target organization
-
-You can run the following script from the Export directory while logged in to your target organization to recreate the settings exported to .xml files earlier from the source organization.
-
-Copy and paste the script text into a text editor like Notepad, save the file as C:\EOP\Export\Import_Settings.ps1, and run the following command:
-
-```PowerShell
-& "C:\EOP\Export\Import_Settings.ps1"
-```
-
-This script imports the .xml files and create a Windows PowerShell script file called Settings.ps1 that you can review, edit, and then run to recreate your protection and mail-flow settings.
-
-```PowerShell
-#***********************************************************************
-# makeparam helper function
-#****************************************************************************
- function makeparam ([string]$ParamName, [string[]] $ParamValue) {
- $FormattedParam = ""
- If($ParamValue.Count -gt 0) {
- $FormattedParam = " -$ParamName "
- Foreach ($value in $ParamValue) {
- If($value -eq "True") {$FormattedParam = " -$ParamName" + ":`$True,"}
- else{
- If($value -eq "False") {$FormattedParam = " -$ParamName" + ":`$False,"}
- else{$FormattedParam += "`"$value`","}
- }
- }
- $FormattedParam = $FormattedParam.TrimEnd(",")
- }
- Return $FormattedParam
- }
-#****************************************************************************
-# Variables
-#****************************************************************************
-$outfile = ".\Settings.ps1"
-rm -erroraction 'silentlycontinue' $outfile
-#****************************************************************************
-# HostedContentFilterPolicy
-#****************************************************************************
-$HostedContentFilterPolicies = Import-Clixml ".\HostedContentFilterPolicy.xml"
-$HostedContentFilterPolicyCount = $HostedContentFilterPolicies.Name.Count
-if($HostedContentFilterPolicyCount -gt 0){
- Write-Host "Importing $HostedContentFilterPolicyCount Inbound Connectors"
- ForEach ($HostedContentFilterPolicy in $HostedContentFilterPolicies) {
- $HostedContentFilterPolicyCmdlet = "New-HostedContentFilterPolicy"
- if($HostedContentFilterPolicy.Name -eq "Default") {$HostedContentFilterPolicyCmdlet = "Set-HostedContentFilterPolicy -Identity Default"}
- else {
- $HostedContentFilterPolicyCmdlet += makeparam "Name" $HostedContentFilterPolicy.Name
- }
- $HostedContentFilterPolicyCmdlet += makeparam "AddXHeaderValue" $HostedContentFilterPolicy.AddXHeaderValue
- $HostedContentFilterPolicyCmdlet += makeparam "AdminDisplayName" $HostedContentFilterPolicy.AdminDisplayName
- $HostedContentFilterPolicyCmdlet += " -Confirm:`$False"
- $HostedContentFilterPolicyCmdlet += makeparam "DownloadLink" $HostedContentFilterPolicy.DownloadLink
- $HostedContentFilterPolicyCmdlet += makeparam "EnableEndUserSpamNotifications" $HostedContentFilterPolicy.EnableEndUserSpamNotifications
- $HostedContentFilterPolicyCmdlet += makeparam "EnableLanguageBlockList" $HostedContentFilterPolicy.EnableLanguageBlockList
- $HostedContentFilterPolicyCmdlet += makeparam "EnableRegionBlockList" $HostedContentFilterPolicy.EnableRegionBlockList
- if($HostedContentFilterPolicy.EndUserSpamNotificationCustomFromAddress.Length -gt 0)
- {
- $HostedContentFilterPolicyCmdlet += makeparam "EndUserSpamNotificationCustomFromAddress" $HostedContentFilterPolicy.EndUserSpamNotificationCustomFromAddress
- }
- $HostedContentFilterPolicyCmdlet += makeparam "EndUserSpamNotificationCustomFromName" $HostedContentFilterPolicy.EndUserSpamNotificationCustomFromName
- $HostedContentFilterPolicyCmdlet += makeparam "EndUserSpamNotificationCustomSubject" $HostedContentFilterPolicy.EndUserSpamNotificationCustomSubject
- $HostedContentFilterPolicyCmdlet += makeparam "EndUserSpamNotificationFrequency" $HostedContentFilterPolicy.EndUserSpamNotificationFrequency
- $HostedContentFilterPolicyCmdlet += makeparam "EndUserSpamNotificationLanguage" $HostedContentFilterPolicy.EndUserSpamNotificationLanguage
- $HostedContentFilterPolicyCmdlet += makeparam "LanguageBlockList" $HostedContentFilterPolicy.LanguageBlockList
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamBulkMail" $HostedContentFilterPolicy.MarkAsSpamBulkMail
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamEmbedTagsInHtml" $HostedContentFilterPolicy.MarkAsSpamEmbedTagsInHtml
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamEmptyMessages" $HostedContentFilterPolicy.MarkAsSpamEmptyMessages
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamFormTagsInHtml" $HostedContentFilterPolicy.MarkAsSpamFormTagsInHtml
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamFramesInHtml" $HostedContentFilterPolicy.MarkAsSpamFramesInHtml
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamFromAddressAuthFail" $HostedContentFilterPolicy.MarkAsSpamFromAddressAuthFail
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamJavaScriptInHtml" $HostedContentFilterPolicy.MarkAsSpamJavaScriptInHtml
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamNdrBackscatter" $HostedContentFilterPolicy.MarkAsSpamNdrBackscatter
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamObjectTagsInHtml" $HostedContentFilterPolicy.MarkAsSpamObjectTagsInHtml
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamSensitiveWordList" $HostedContentFilterPolicy.MarkAsSpamSensitiveWordList
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamSpfRecordHardFail" $HostedContentFilterPolicy.MarkAsSpamSpfRecordHardFail
- $HostedContentFilterPolicyCmdlet += makeparam "MarkAsSpamWebBugsInHtml" $HostedContentFilterPolicy.MarkAsSpamWebBugsInHtml
- $HostedContentFilterPolicyCmdlet += makeparam "ModifySubjectValue" $HostedContentFilterPolicy.ModifySubjectValue
- $HostedContentFilterPolicyCmdlet += makeparam "Organization" $HostedContentFilterPolicy.Organization
- $HostedContentFilterPolicyCmdlet += makeparam "QuarantineRetentionPeriod" $HostedContentFilterPolicy.QuarantineRetentionPeriod
- $HostedContentFilterPolicyCmdlet += makeparam "RedirectToRecipients" $HostedContentFilterPolicy.RedirectToRecipients
- $HostedContentFilterPolicyCmdlet += makeparam "RegionBlockList" $HostedContentFilterPolicy.RegionBlockList
- $HostedContentFilterPolicyCmdlet += makeparam "SpamAction" $HostedContentFilterPolicy.SpamAction
- $HostedContentFilterPolicyCmdlet += makeparam "TestModeBccToRecipients" $HostedContentFilterPolicy.TestModeBccToRecipients
- Add-Content $outfile "`n$HostedContentFilterPolicyCmdlet"
- }
- }else{
- Write-Host "No Hosted Content Policy Filters to add."
- }
-#****************************************************************************
-# HostedContentFilterRule
-#****************************************************************************
-$HostedContentFilterRules = Import-Clixml ".\HostedContentFilterRule.xml"
-$HostedContentFilterRuleCount = $HostedContentFilterRules.Name.Count
-if($HostedContentFilterPolicyCount -gt 0){
- Write-Host "Importing $HostedContentFilterRuleCount Hosted Content Filter Rules"
- ForEach ($HostedContentFilterRule in $HostedContentFilterRules) {
- $HostedContentFilterRuleCmdlet = "New-HostedContentFilterRule"
- if($HostedContentFilterRule.Name -eq "Default") {$HostedContentFilterRuleCmdlet = "Set-HostedContentFilterRule Default"}
- $HostedContentFilterRuleCmdlet += makeparam "Name" $HostedContentFilterRule.Name
- $HostedContentFilterRuleCmdlet += makeparam "HostedContentFilterPolicy" $HostedContentFilterRule.HostedContentFilterPolicy
- $HostedContentFilterRuleCmdlet += makeparam "Comments" $HostedContentFilterRule.Comments
- $HostedContentFilterRuleCmdlet += " -Confirm:`$False"
- $HostedContentFilterRuleCmdlet += makeparam "Enabled" $HostedContentFilterRule.Enabled
- $HostedContentFilterRuleCmdlet += makeparam "ExceptIfRecipientDomainIs" $HostedContentFilterRule.ExceptIfRecipientDomainIs
- $HostedContentFilterRuleCmdlet += makeparam "ExceptIfSentTo" $HostedContentFilterRule.ExceptIfSentTo
- $HostedContentFilterRuleCmdlet += makeparam "ExceptIfSentToMemberOf" $HostedContentFilterRule.ExceptIfSentToMemberOf
- $HostedContentFilterRuleCmdlet += makeparam "Priority" $HostedContentFilterRule.Priority
- $HostedContentFilterRuleCmdlet += makeparam "RecipientDomainIs" $HostedContentFilterRule.RecipientDomainIs
- $HostedContentFilterRuleCmdlet += makeparam "SentTo" $HostedContentFilterRule.SentTo
- $HostedContentFilterRuleCmdlet += makeparam "SentToMemberOf" $HostedContentFilterRule.SentToMemberOf
- Add-Content $outfile "`n$HostedContentFilterRuleCmdlet"
- }
- }else{
- Write-Host "No Hosted Content Filter Rules to add."
- }
-#****************************************************************************
-# HostedOutboundSpamFilterPolicy
-#****************************************************************************
-$HostedOutboundSpamFilterPolicies = Import-Clixml ".\HostedOutboundSpamFilterPolicy.xml"
-$HostedOutboundSpamFilterPolicyCount = $HostedOutboundSpamFilterPolicies.Name.Count
-if($HostedContentFilterPolicyCount -gt 0){
- Write-Host "Importing $HostedOutboundSpamFilterPolicyCount Hosted Outbound Spam Filter Policies"
- ForEach ($HostedOutboundSpamFilterPolicy in $HostedOutboundSpamFilterPolicies) {
- $HostedOutboundSpamFilterPolicyCmdlet = "Set-HostedOutboundSpamFilterPolicy Default"
- $HostedOutboundSpamFilterPolicyCmdlet += makeparam "AdminDisplayName" $HostedOutboundSpamFilterPolicy.AdminDisplayName
- $HostedOutboundSpamFilterPolicyCmdlet += makeparam "BccSuspiciousOutboundAdditionalRecipients"
- $HostedOutboundSpamFilterPolicy.BccSuspiciousOutboundAdditionalRecipients
- $HostedOutboundSpamFilterPolicyCmdlet += makeparam "BccSuspiciousOutboundMail" $HostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail
- $HostedOutboundSpamFilterPolicyCmdlet += " -Confirm:`$False"
- $HostedOutboundSpamFilterPolicyCmdlet += makeparam "NotifyOutboundSpam" $HostedOutboundSpamFilterPolicy.NotifyOutboundSpam
- $NotifyOutboundSpamRecipients += makeparam "NotifyOutboundSpamRecipients" $HostedOutboundSpamFilterPolicy.NotifyOutboundSpamRecipients
- Add-Content $outfile "`n$HostedOutboundSpamFilterPolicyCmdlet"
- }
- }else{
- Write-Host "No Hosted Outbound Spam Filter Policies to add."
- }
-#****************************************************************************
-# HostedConnectionFilterPolicy
-#****************************************************************************
-$HostedConnectionFilterPolicies = Import-Clixml ".\HostedConnectionFilterPolicy.xml"
-$HostedConnectionFilterPolicyCount = $HostedConnectionFilterPolicies.Name.Count
-if($HostedContentFilterPolicyCount -gt 0){
- Write-Host "Importing $HostedConnectionFilterPolicyCount Hosted Connection Filter Policies"
- ForEach ($HostedConnectionFilterPolicy in $HostedConnectionFilterPolicies) {
- $HostedConnectionFilterPolicyCmdlet = "Set-HostedConnectionFilterPolicy"
- $HostedConnectionFilterPolicyCmdlet += makeparam "Identity" $HostedConnectionFilterPolicy.Name
- $HostedConnectionFilterPolicyCmdlet += makeparam "AdminDisplayName" $HostedConnectionFilterPolicy.AdminDisplayName
- $HostedConnectionFilterPolicyCmdlet += " -Confirm:`$False"
- $HostedConnectionFilterPolicyCmdlet += makeparam "EnableSafeList" $HostedConnectionFilterPolicy.EnableSafeList
- $HostedConnectionFilterPolicyCmdlet += makeparam "IPAllowList" $HostedConnectionFilterPolicy.IPAllowList
- $HostedConnectionFilterPolicyCmdlet += makeparam "IPBlockList" $HostedConnectionFilterPolicy.IPBlockList
-
- Add-Content $outfile "`n$HostedConnectionFilterPolicyCmdlet"
- }
- }else{
- Write-Host "No Hosted Connection Filter Policies to add."
- }
-#****************************************************************************
-# MalwareFilterPolicy
-#****************************************************************************
-$MalwareFilterPolicies = Import-Clixml ".\MalwareFilterPolicy.xml"
-$MalwareFilterPolicyCount = $MalwareFilterPolicies.Name.Count
-if($HostedContentFilterPolicyCount -gt 0){
- Write-Host "Importing $MalwareFilterPolicyCount Malware Filter Policies"
- ForEach ($MalwareFilterPolicy in $MalwareFilterPolicies) {
- $MalwareFilterPolicyCmdlet = "New-MalwareFilterPolicy"
- if($MalwareFilterPolicy.Name -eq "Default") {$MalwareFilterPolicyCmdlet = "Set-MalwareFilterPolicy Default"}
- else {
- $MalwareFilterPolicyCmdlet += makeparam "Name" $MalwareFilterPolicy.Name
- }
- $MalwareFilterPolicyCmdlet += makeparam "Action" $MalwareFilterPolicy.Action
- $MalwareFilterPolicyCmdlet += makeparam "DeleteAttachmentAndUseDefaultAlertText" $MalwareFilterPolicy.DeleteAttachmentAndUseDefaultAlertText
- $MalwareFilterPolicyCmdlet += makeparam "DeleteAttachmentAndUseCustomAlertText" $MalwareFilterPolicy.DeleteAttachmentAndUseCustomAlertText
- $MalwareFilterPolicyCmdlet += makeparam "AdminDisplayName" $MalwareFilterPolicy.AdminDisplayName
- $MalwareFilterPolicyCmdlet += " -Confirm:`$False"
- $MalwareFilterPolicyCmdlet += makeparam "CustomAlertText" $MalwareFilterPolicy.CustomAlertText
- $MalwareFilterPolicyCmdlet += makeparam "CustomExternalBody" $MalwareFilterPolicy.CustomExternalBody
- $MalwareFilterPolicyCmdlet += makeparam "CustomExternalSubject" $MalwareFilterPolicy.CustomExternalSubject
- if($MalwareFilterPolicy.CustomFromAddress.Length -gt 0) {
- $MalwareFilterPolicyCmdlet += makeparam "CustomFromAddress" $MalwareFilterPolicy.CustomFromAddress
- }
- $MalwareFilterPolicyCmdlet += makeparam "CustomFromName" $MalwareFilterPolicy.CustomFromName
- $MalwareFilterPolicyCmdlet += makeparam "CustomInternalBody" $MalwareFilterPolicy.CustomInternalBody
- $MalwareFilterPolicyCmdlet += makeparam "CustomInternalSubject" $MalwareFilterPolicy.CustomInternalSubject
- $MalwareFilterPolicyCmdlet += makeparam "CustomNotifications" $MalwareFilterPolicy.CustomNotifications
- $MalwareFilterPolicyCmdlet += makeparam "EnableExternalSenderAdminNotifications" $MalwareFilterPolicy.EnableExternalSenderAdminNotifications
- $MalwareFilterPolicyCmdlet += makeparam "EnableExternalSenderNotifications" $MalwareFilterPolicy.EnableExternalSenderNotifications
- $MalwareFilterPolicyCmdlet += makeparam "EnableInternalSenderAdminNotifications" $MalwareFilterPolicy.EnableInternalSenderAdminNotifications
- $MalwareFilterPolicyCmdlet += makeparam "EnableInternalSenderNotifications" $MalwareFilterPolicy.EnableInternalSenderNotifications
- if($MalwareFilterPolicy.ExternalSenderAdminAddress.Length -gt 0) {
- $MalwareFilterPolicyCmdlet += makeparam "ExternalSenderAdminAddress" $MalwareFilterPolicy.ExternalSenderAdminAddress
- }
- if($MalwareFilterPolicy.InternalSenderAdminAddress.Length -gt 0) {
- $MalwareFilterPolicyCmdlet += makeparam "InternalSenderAdminAddress" $MalwareFilterPolicy.InternalSenderAdminAddress
- }
- Add-Content $outfile "`n$MalwareFilterPolicyCmdlet"
- }
- }else{
- Write-Host "No Malware Filter Policies to add."
- }
-#****************************************************************************
-# MalwareFilterRule
-#****************************************************************************
-$MalwareFilterRules = Import-Clixml ".\MalwareFilterRule.xml"
-$MalwareFilterRuleCount = $MalwareFilterRules.Name.Count
-if($HostedContentFilterPolicyCount -gt 0){
- Write-Host "Importing $MalwareFilterRuleCount Malware Filter Rules"
- ForEach ($MalwareFilterRule in $MalwareFilterRules) {
- $MalwareFilterRuleCmdlet = "New-MalwareFilterRule"
- if($MalwareFilterRule.Name -eq "Default") {$MalwareFilterRuleCmdlet = "Set-MalwareFilterPolicy Default"}
- $MalwareFilterRuleCmdlet += makeparam "Name" $MalwareFilterRule.Name
- $MalwareFilterRuleCmdlet += makeparam "MalwareFilterPolicy" $MalwareFilterRule.MalwareFilterPolicy
- $MalwareFilterRuleCmdlet += makeparam "Comments" $MalwareFilterRule.Comments
- $MalwareFilterRuleCmdlet += " -Confirm:`$False"
- $MalwareFilterRuleCmdlet += makeparam "Enabled" $MalwareFilterRule.Enabled
- $MalwareFilterRuleCmdlet += makeparam "ExceptIfRecipientDomainIs" $MalwareFilterRule.ExceptIfRecipientDomainIs
- $MalwareFilterRuleCmdlet += makeparam "ExceptIfSentTo" $MalwareFilterRule.ExceptIfSentTo
- $MalwareFilterRuleCmdlet += makeparam "ExceptIfSentToMemberOf" $MalwareFilterRule.ExceptIfSentToMemberOf
- $MalwareFilterRuleCmdlet += makeparam "RecipientDomainIs" $MalwareFilterRule.RecipientDomainIs
- $MalwareFilterRuleCmdlet += makeparam "SentTo" $MalwareFilterRule.SentTo
- $MalwareFilterRuleCmdlet += makeparam "SentToMemberOf" $MalwareFilterRule.SentToMemberOf
- Add-Content $outfile "`n$MalwareFilterRuleCmdlet"
- }
- }else{
- Write-Host "No Malware Filter Rules to add."
- }
-#****************************************************************************
-# InboundConnectors
-#****************************************************************************
-$InboundConnectors = Import-Clixml ".\InboundConnector.xml"
-$InboundConnectorCount = $InboundConnectors.Name.Count
-if($InboundConnectorCount -gt 0){
- Write-Host "Importing $InboundConnectorCount Inbound Connectors"
- ForEach ($InboundConnector in $InboundConnectors) {
- $InboundConnectorCmdlet = "New-InboundConnector"
- $InboundConnectorCmdlet += makeparam "Name" $InboundConnector.Name
- $InboundConnectorCmdlet += makeparam "SenderDomains" $InboundConnector.SenderDomains
-
- If($InboundConnector.AssociatedAcceptedDomains.Count -gt 0) {
- If($InboundConnector.AssociatedAcceptedDomains[0].Contains("/")) {
- # This connector was created in an EOP Standard tenant
- # Strip out just the domain name
- $InboundConnectorCmdlet += " -AssociatedAcceptedDomains "
- ForEach ($accepteddomain in $InboundConnectors.AssociatedAcceptedDomains) {
- $accepteddomain = $accepteddomain.SubString($accepteddomain.LastIndexOf("/")+1)
- $InboundConnectorCmdlet += "`"$accepteddomain`","
- }
- $InboundConnectorCmdlet = $InboundConnectorCmdlet.TrimEnd(",")
- }else{
- $InboundConnectorCmdlet += makeparam "AssociatedAcceptedDomains" $InboundConnector.AssociatedAcceptedDomains
- }
- }
-
- $InboundConnectorCmdlet += makeparam "CloudServicesMailEnabled" $InboundConnector.CloudServicesMailEnabled
- $InboundConnectorCmdlet += makeparam "Comment" $InboundConnector.Comment
- $InboundConnectorCmdlet += " -Confirm:`$False"
- $InboundConnectorCmdlet += makeparam "ConnectorSource" $InboundConnector.ConnectorSource
- $InboundConnectorCmdlet += makeparam "ConnectorType" $InboundConnector.ConnectorType
- $InboundConnectorCmdlet += makeparam "Enabled" $InboundConnector.Enabled
- $InboundConnectorCmdlet += makeparam "RequireTls" $InboundConnector.RequireTls
- $InboundConnectorCmdlet += makeparam "RestrictDomainsToCertificate" $InboundConnector.RestrictDomainsToCertificate
- $InboundConnectorCmdlet += makeparam "RestrictDomainsToIPAddresses" $InboundConnector.RestrictDomainsToIPAddresses
- $InboundConnectorCmdlet += makeparam "SenderIPAddresses" $InboundConnector.SenderIPAddresses
- $InboundConnectorCmdlet += makeparam "TlsSenderCertificateName" $InboundConnector.TlsSenderCertificateName
- Add-Content $outfile "`n$InboundConnectorCmdlet"
- }
-}else{
- Write-Host "No Inbound Connectors to add."
- }
-#****************************************************************************
-# OutboundConnector
-#****************************************************************************
-$OutboundConnectors = Import-Clixml ".\OutboundConnector.xml"
-$OutboundConnectorCount = $OutboundConnectors.Name.Count
-if($OutboundConnectorCount -gt 0){
- Write-Host "Importing $OutboundConnectorCount Outbound Connectors"
- ForEach ($OutboundConnector in $OutboundConnectors) {
- $OutboundConnectorCmdlet = "New-OutboundConnector"
- $OutboundConnectorCmdlet += makeparam "Name" $OutboundConnector.Name
- $OutboundConnectorCmdlet += makeparam "AllAcceptedDomains" $OutboundConnector.AllAcceptedDomains
- $OutboundConnectorCmdlet += makeparam "BypassValidation" $OutboundConnector.BypassValidation
- $OutboundConnectorCmdlet += makeparam "CloudServicesMailEnabled" $OutboundConnector.CloudServicesMailEnabled
- $OutboundConnectorCmdlet += makeparam "Comment" $OutboundConnector.Comment
- $OutboundConnectorCmdlet += " -Confirm:`$False"
- $OutboundConnectorCmdlet += makeparam "ConnectorSource" $OutboundConnector.ConnectorSource
- $OutboundConnectorCmdlet += makeparam "ConnectorType" $OutboundConnector.ConnectorType
- $OutboundConnectorCmdlet += makeparam "IsTransportRuleScoped" $OutboundConnector.IsTransportRuleScoped
- $OutboundConnectorCmdlet += makeparam "RecipientDomains" $OutboundConnector.RecipientDomains
- $OutboundConnectorCmdlet += makeparam "RouteAllMessagesViaOnPremises" $OutboundConnector.RouteAllMessagesViaOnPremises
- $OutboundConnectorCmdlet += makeparam "SmartHosts" $OutboundConnector.SmartHosts
- $OutboundConnectorCmdlet += makeparam "TlsDomain" $OutboundConnector.TlsDomain
- $OutboundConnectorCmdlet += makeparam "TlsSettings" $OutboundConnector.TlsSettings
- $OutboundConnectorCmdlet += makeparam "UseMXRecord" $OutboundConnector.UseMXRecord
- Add-Content $outfile "`n$OutboundConnectorCmdlet"
- }
- }else{
- Write-Host "No Outbound Connectors to add."
- }
-#*****************************************************************************
-# TransportRule
-#*****************************************************************************
-Add-Content $outfile "`n[Byte[]]$Data = Get-Content -Path `".TransportRules.xml`" -Encoding Byte -ReadCount 0"
-Add-Content $outfile "`nImport-TransportRuleCollection -FileData $Data"
-#****************************************************************************
-# Domain Type
-#****************************************************************************
-$Domains = Import-Clixml ".\Domains.xml"
-$DomainCount = $Domains.Name.Count
-if($HostedContentFilterPolicyCount -gt 0){
- Write-Host "Importing $DomainCount Domains"
- ForEach ($Domain in $Domains) {
- $DomainCmdlet = "Set-AcceptedDomain"
- $DomainCmdlet += makeparam "Identity" $Domain.Name
- $DomainCmdlet += makeparam "DomainType" $Domain.DomainType
- Add-Content $outfile "`n$DomainCmdlet"
- }
- }else{
- Write-Host "No Domains to add."
- }
-```
-
-## Step 8: Revert your DNS settings to stop mail queuing
-
-If you chose to set your MX records to an invalid address to cause the senders to queue mail during your transition, you'll need to set them back to the correct value as specified in the [admin center](https://admin.microsoft.com). For more information about configuring DNS, see [Create DNS records at any DNS hosting provider for Microsoft 365](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md).
security Office 365 Evaluation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-evaluation.md
With evaluation mode,ΓÇ»[Safe Attachments](safe-attachments.md),ΓÇ»[Safe Links](
As part of the setup, evaluation mode also configuresΓÇ»[Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors). It improves filtering accuracy by preserving IP address and sender information, which are otherwise lost when mail passes through an email security gateway (ESG) in front of Defender for Office 365. Enhanced Filtering for Connectors also improves the filtering accuracy for your existing Exchange Online Protection (EOP) anti-spam and anti-phishing policies.
-Enabled Enhanced Filtering for Connectors improves filtering accuracy but may alter deliverability for certain messages if you have an ESG in front of Defender for Office 365, and currently do not bypass EOP filtering. The impact is limited to EOP policies; MDO policies setup as part of the evaluation are created in non-enforcement mode. To minimize potential production impact, you can bypass all EOP filtering by creating a transport rule to set the Spam Confidence Level (SCL) to -1. See [Use the EAC to create a mail flow rule that sets the SCL of a message](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md#use-the-eac-to-create-a-mail-flow-rule-that-sets-the-scl-of-a-message) for details.
+Enabled Enhanced Filtering for Connectors improves filtering accuracy but may alter deliverability for certain messages if you have an ESG in front of Defender for Office 365, and currently do not bypass EOP filtering. The impact is limited to EOP policies; MDO policies setup as part of the evaluation are created in non-enforcement mode. To minimize potential production impact, you can bypass all EOP filtering by creating a transport rule to set the Spam Confidence Level (SCL) to -1. See [Use the EAC to create a mail flow rule that sets the SCL of a message](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl#use-the-eac-to-create-a-mail-flow-rule-that-sets-the-scl-of-a-message) for details.
When the evaluation mode is set up, you will have a report updated daily with up to 90 days of data quantifying the messages that would have been blocked if the policies were implemented (for example, delete, send to junk, quarantine). Reports are generated for all Defender for Office 365 and EOP detections. They are aggregated per detection technology (for example, impersonation) and can be filtered by time range. Additionally, message reports can be created on-demand to create custom pivots or to deep dive messages using Threat Explorer.
security Protect Against Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protect-against-threats.md
Along with configuring protection from malware, malicious URLs and files, phishi
- Spam actions are set to **Move message to Junk Email folder** in [anti-spam policies](anti-spam-protection.md). -- Users have kept their default [junk email settings](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md), and haven't turned off junk email protection.
+- Users have kept their default [junk email settings](configure-junk-email-settings-on-exo-mailboxes.md), and haven't turned off junk email protection.
To learn more, see [Zero-hour auto purge - protection against spam and malware](zero-hour-auto-purge.md).
security Protect On Premises Mailboxes With Exchange Online Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protect-on-premises-mailboxes-with-exchange-online-protection.md
- Title: Protect on-premises mailboxes in China with standalone EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - GEU150
- - GMA150
- - GPA150
- - MET150
-
- - M365-security-compliance
-
- - seo-marvel-apr2020
-description: Admins in China using Office 365 operated by 21Vianet can learn how to use standalone Exchange Online Protection (EOP) to protect their on-premises mailboxes.
--
-# Protect on-premises mailboxes in China with standalone EOP
---
-> [!NOTE]
-> This article applies only to Office 365 operated by 21Vianet in China.
-
-Even if you plan to host some or all of your mailboxes on-premises, you can still protect the mailboxes with Exchange Online Protection (EOP). To configure connectors, your account must be a global admin, or an Exchange Company Administrator (the Organization Management role group). For information about how Office 365 permissions relate to Exchange permissions, see [Assigning admin roles in Office 365 operated by 21Vianet](../../admin/add-users/assign-admin-roles.md?preserve-view=true&view=o365-21vianet). If all of your Exchange mailboxes are on-premise, follow these steps to set up your EOP service.
-
-## Step 1: Use the Microsoft 365 admin center to add and verify your domain
-
-1. In the Microsoft 365 admin center, navigate to Setup to add your domain to the service.
-
-2. Follow the steps in the portal to add the applicable DNS records to your DNS-hosting provider in order to verify domain ownership.
-
-> [!TIP]
-> [Add your domain and users to Office 365 operated by 21Vianet](../../admin/setup/add-domain.md?preserve-view=true&view=o365-21vianet) and [Create DNS records for Office 365 when you manage your DNS records](../../admin/services-in-chin?preserve-view=true&view=o365-21vianet) are helpful resources to reference as you add your domain to the service and configure DNS.
-
-### Step 2: Add recipients and configure the domain type
-
-Before configuring your mail to flow to and from the EOP service, we recommend adding your recipients to the service. There are several ways in which you can do this, as documented in [Manage mail users in EOP](manage-mail-users-in-eop.md). Also, if you want to enable Directory Based Edge Blocking (DBEB) in order to enforce recipient verification within the service after adding your recipients, you need to set your domain type to Authoritative. For more information about DBEB, see [Use Directory Based Edge Blocking to reject messages sent to invalid recipients](/exchange/mail-flow-best-practices/use-directory-based-edge-blocking).
-
-## Step 3: Use the EAC to set up mail flow
-
-Create connectors in the Exchange admin center (EAC) that enable mail flow between EOP and your on-premises mail servers. For detailed instructions, see [Configure mail flow using connectors in Office 365](/Exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/use-connectors-to-configure-mail-flow).
-
- How do you know this task worked?
-
- See [Test mail flow by validating your Office 365 connectors](/exchange/mail-flow-best-practices/test-mail-flow).
-
-## Step 4: Allow inbound port 25 SMTP access
-
-After you configured connectors, wait 72 hours to allow propagation of your DNS-record updates. Following this, restrict inbound port-25 SMTP traffic on your firewall or mail servers to accept mail only from the EOP datacenters, specifically from the IP addresses listed at [URLs and IP address ranges for Office 365](../../enterprise/managing-office-365-endpoints.md). This protects your on-premises environment by limiting the scope of inbound messages you can receive. Additionally, if you have settings on your mail server that control the IP addresses allowed to connect for mail relay, update those settings as well.
-
-> [!TIP]
-> Configure settings on the SMTP server with a connection time out of 60 seconds. This setting is acceptable for most situations, allowing for some delay in the case of a message sent with a large attachment, for instance.
-
-## Step 5: Ensure that spam is routed to each user's Junk Email folder
-
-To ensure that spam (junk) email is routed correctly to each user's Junk Email folder, you must perform a couple of configuration steps. The steps are provided in [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md). If you don't want to move messages to each user's Junk Email folder, you may choose another action by editing your anti-spam policies (also known as content filter policies). For more information, see [Configure anti-spam policies in Office 365](configure-your-spam-filter-policies.md).
-
-## Step 6: Use the Microsoft 365 admin center to point your MX record to EOP
-
-Follow the Office 365 domain configuration steps to update your MX record for your domain, so that your inbound email flows through EOP. For more information, you can again reference [Create DNS records for Office 365 when you manage your DNS records](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md?preserve-view=true&view=o365-21vianet).
-
-How do you know this task worked?
-
- See [Test mail flow by validating your Office 365 connectors](/exchange/mail-flow-best-practices/test-mail-flow).
-
-At this point, you've verified service delivery for a properly configured Outbound on-premises connector, and you've verified that your MX record is pointing to EOP. You can now choose to run the following additional tests to verify that an email will be successfully delivered by the service to your on-premises environment:
--- In the Remote Connectivity Analyzer, click the **Office 365** tab, and then run the **Inbound SMTP Email** test located under **Internet Email Tests**.--- Send an email message from any web-based email account to a mail recipient in your organization whose domain matches the domain you added to the service. Confirm delivery of the message to the on-premises mailbox using Microsoft Outlook or another email client.--- If you want to run an outbound email test, you can send an email message from a user in your organization to a web-based email account and confirm that the message is received.-
-## Less common: A hybrid setup with mailboxes on-premises and in the cloud
-
-If you have Exchange mailboxes on-premises and one or more mailboxes in the cloud in Exchange Online, you have a *hybrid* setup. In a hybrid setup, features such as free/busy calendar sharing and mail routing work together in your on-premises and cloud environments. You might have a hybrid setup in place while you transition mailboxes to Exchange Online. A hybrid environment is set up differently than EOP standalone protection.
-
-You might choose a hybrid scenario to take advantage of cloud-based email for most of your employees. You can do this while also hosting some mailboxes on-premises; for example, for your legal department.
-
-A hybrid setup can be complex, but it has many benefits. To learn more about setting up hybrid scenarios with Exchange, see [Exchange Server hybrid deployments](/Exchange/exchange-hybrid).
security Recommended Settings For Eop And Office365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md
In PowerShell, you use the [New-SafeAttachmentPolicy](/powershell/module/exchang
- Admins and users can submit false positives (good email marked as bad) and false negatives (bad email allowed) to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md). -- Use these links for info on how to **set up** your [EOP service](set-up-your-eop-service.md), and **configure** [Microsoft Defender for Office 365](defender-for-office-365.md). Don't forget the helpful directions in '[Protect Against Threats in Office 365](protect-against-threats.md)'.
+- Use these links for info on how to **set up** your [EOP service](/exchange/standalone-eop/set-up-your-eop-service), and **configure** [Microsoft Defender for Office 365](defender-for-office-365.md). Don't forget the helpful directions in '[Protect Against Threats in Office 365](protect-against-threats.md)'.
- **Security baselines for Windows** can be found here: [Where can I get the security baselines?](/windows/security/threat-protection/windows-security-baselines#where-can-i-get-the-security-baselines) for GPO/on-premises options, and [Use security baselines to configure Windows 10 devices in Intune](/intune/protect/security-baselines) for Intune-based security. Finally, a comparison between Microsoft Defender for Endpoint and Microsoft Intune security baselines is available in [Compare the Microsoft Defender for Endpoint and the Windows Intune security baselines](/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline#compare-the-microsoft-defender-atp-and-the-windows-intune-security-baselines).
security Reducing Malware Threats Through File Attachment Blocking In Exchange Online Pro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reducing-malware-threats-through-file-attachment-blocking-in-exchange-online-pro.md
- Title: Use mail flow rules to block messages with executable attachments
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: Admins can learn how to create mail flow rules (transport rules) to block messages that contain executable attachments.
--
-# Use mail flow rules to block messages with executable attachments in EOP
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP uses anti-malware policies to block harmful messages, including messages with executable attachments. For more information, see [Anti-malware protection in EOP](anti-malware-protection.md).
-
-To further enhance protection, you can use mail flow rules (also known as transport rules) to identify and block messages that contain executable attachments as described in this article.
-
-For example, following a malware outbreak, a company could apply this rule with a time limit so that affected users can get back to sending attachments after a specified length of time.
-
-## What do you need to know before you begin?
--- You need to be assigned permissions in Exchange Online or Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Transport Rules** role, which is assigned to the **Organization Management**, **Compliance Management**, and **Records Management** role groups by default.-
- For more information, see the following topics:
-
- - [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo)
- - [Permissions in standalone EOP](feature-permissions-in-eop.md)
- - [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups)
--- To open the EAC in Exchange Online, see [Exchange admin center in Exchange Online](/Exchange/exchange-admin-center). To open the EAC in standalone EOP, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- For more information about mail flow rules in Exchange Online and standalone EOP, see the following topics:-
- - [Mail flow rules (transport rules) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rules)
-
- - [Mail flow rule conditions and exceptions (predicates) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/conditions-and-exceptions)
-
- - [Mail flow rule actions in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rule-actions)
-
-## Use the EAC to create a rule that blocks messages with executable attachments
-
-1. In the EAC, go to **Mail flow** \> **Rules**.
-
-2. Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png) and then select **Create a new rule**.
-
-3. In the **New rule** page that opens, configure the following settings:
-
- - **Name**: Enter a unique, descriptive name for the rule.
-
- - Click **More Options**.
-
- - **Apply this rule if**: Select **Any attachment** \> **has executable content**.
-
- - **Do the following**: Select **Block the message** and then choose the action you want:
-
- - **reject the message and include an explanation**: In the **Specify reject reason** dialog that appears, enter the text you want to appear in the non-delivery report (also known as an NDR or bounce message). The default enhanced status code that's used is 5.7.1.
-
- - **reject the message with the enhanced status code of**: In the **Enter enhanced status code** dialog that appears, enter the enhanced status code that you want to appear in the NDR. Valid values are 5.7.1 or a value from 5.7.900 to 5.7.999. The default rejection text is: Delivery not authorized, message refused.
-
- - **reject the message without notifying anyone**
-
-4. When you're finished, click **Save**. Your attachment blocking rule is now in force.
-
-## Use PowerShell to create a rule that blocks messages with executable attachments
-
-Use the following syntax to create a rule to blocks messages that contain executable attachments:
-
-```powershell
-New-TransportRule -Name "<UniqueName>" -AttachmentHasExecutableContent $true [-RejectMessageEnhancedStatusCode <5.7.1 | 5.7.900 to 5.7.999>] [-RejectMessageReasonText "<Text>"] [-DeleteMessage $true]
-```
-
-**Notes**:
--- If you use the _RejectMessageEnhancedStatusCode_ parameter without the _RejectMessageReasonText_ parameter, the default text is: Delivery not authorized, message refused.--- If you use the _RejectMessageReasonText_ parameter without the _RejectMessageEnhancedStatusCode_ parameter, the default code is 5.7.1.-
-This example creates a new rule named Block Executable Attachments that silently deletes messages that contain executable attachments.
-
-```powershell
-New-TransportRule -Name "Block Executable Attachments" -AttachmentHasExecutableContent $true -DeleteMessage $true
-```
-
-For detailed syntax and parameter information, see [New-TransportRule](/powershell/module/exchange/new-transportrule).
-
-## How do you know this worked?
-
-To verify that you've successfully create a mail flow rule to block messages that contain executable attachments, do any of the following steps:
--- In the EAC, go to **Mail flow** \> **Rules** \> select the rule \> click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png), and verify the settings.--- In PowerShell, run the following command to verify the settings:-
- ```powershell
- Get-TransportRule -Identity "<Rule Name>" | Format-List Name,AttachmentHasExecutableContent,RejectMessage*,DeleteMessage
- ```
security Report False Positives And False Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-false-positives-and-false-negatives.md
audience: Admin
localization_priority: Normal-+ - M365-security-compliance description: Learn how to report false positives and false negatives in Outlook using the Report Message feature. ms.technology: mdo
In Microsoft 365 organizations with mailboxes in Exchange Online or on-premises
For messages in the Inbox or any other email folder except Junk Email, use the following method to report spam and phishing messages: 1. Click the **More actions** ellipses on the top-right corner of the selected message, click **Report message** from the dropdown menu, and then select **Junk** or **Phishing**.
-
+ > [!div class="mx-imgBorder"] > ![Report Message - More actions](../../media/report-message-more-actions.png)
For messages in the Inbox or any other email folder except Junk Email, use the f
- Moved to the Junk Email folder if it was reported as spam. - Deleted if it was reported as phishing.
-
+ ### Report messages that are not junk
-1. Click the **More actions** ellipses on the top-right corner of the selected message, click **Report message** from the dropdown menu, and then click **Not Junk**.
+1. Click the **More actions** ellipses on the top-right corner of the selected message, click **Report message** from the dropdown menu, and then click **Not Junk**.
> [!div class="mx-imgBorder"] > ![Report Message - More actions](../../media/report-message-more-actions.png)
To review messages that users report to Microsoft, you have these options:
- Use the Admin Submissions portal. For more information, see [View user submissions to Microsoft](admin-submission.md#view-user-submissions-to-microsoft). -- Create a mail flow rule (also known as a transport rule) to send copies of reported messages. For instructions, see [Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md).
+- Create a mail flow rule (also known as a transport rule) to send copies of reported messages. For instructions, see [Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft).
security Report Junk Email Messages To Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
ms.prod: m365-security
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, both users and admins have several different methods for reporting email messages and files to Microsoft.
+<br>
+ **** |Method|Description|
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
|[Enable the Report Message or the Report Phishing add-ins](enable-the-report-message-add-in.md)|Works with Outlook and Outlook on the web (formerly known as Outlook Web App). <p> Depending on your subscription, messages that users reported with the add-ins are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Threat Explorer](threat-explorer-views.md#email--submissions). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md). |[Report false positives and false negatives to Outlook](report-false-positives-and-false-negatives.md)|Submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) to Exchange Online Protection (EOP) using the Report Message feature.| |[Manually submit messages to Microsoft for analysis](submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis.md)|Manually send attached messages to specific Microsoft email addresses for spam, not spam, and phishing.|
-|[Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md)|Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.|
+|[Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft)|Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.|
|[Submit malware and non-malware to Microsoft for analysis](submitting-malware-and-non-malware-to-microsoft-for-analysis.md)|Use the Microsoft Security Intelligence site to submit attachments and other files.|
+|
If the spam or phishing messages were quarantined instead of delivered, users can report the messages to Microsoft from the Quarantine portal in the Security & Compliance Center. For details, see [Find and release quarantined messages as a user in Microsoft 365](find-and-release-quarantined-messages-as-a-user.md).
security Reporting And Message Trace In Exchange Online Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reporting-and-message-trace-in-exchange-online-protection.md
See [Message trace in the Security & Compliance Center](message-trace-scc.md).
## Audit logging
-Tracks specific changes made by admins to your organization. These reports can help you troubleshoot configuration issues or find the cause of security or compliance-related problems. See [Auditing reports in EOP](auditing-reports-in-eop.md).
+Tracks specific changes made by admins to your organization. These reports can help you troubleshoot configuration issues or find the cause of security or compliance-related problems. See [Auditing reports in Exchange Online](/exchange/security-and-compliance/exchange-auditing-reports/exchange-auditing-reports).
## Reporting and message trace data availability and latency
security Run An Administrator Role Group Report In Eop Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/run-an-administrator-role-group-report-in-eop-eop.md
- Title: Run an administrator role group report in standalone EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: Admins can learn how to run an administrator role group report in standalone Exchange Online Protection (EOP). This report logs when an admin adds members to or removes members from administrator role groups.
--
-# Run an administrator role group report in standalone EOP
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, when an admin adds members to or removes members from administrative role groups, the service logs each occurrence. For more information about role groups in standalone EOP, see [Permissions in standalone EOP](feature-permissions-in-eop.md).
-
-When you run an administrator role group report in the Exchange admin center (EAC), entries are displayed as search results and include the role groups affected, who changed the role group membership and when, and what membership updates were made. Use this report to monitor changes to the administrative permissions assigned to users in your organization.
-
-## What do you need to know before you begin?
--- To open the Exchange admin center, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- You need to be assigned permissions in Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Audit Logs** or **View-Only Audit Logs** role, which are assigned to the **Organization Management**, **Compliance Management**, and **Security Administrator** role groups by default. For more information, see [Permissions in standalone EOP](feature-permissions-in-eop.md) and [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups).--- For information about keyboard shortcuts that may apply to the procedures in this article, see [Keyboard shortcuts for the Exchange admin center in Exchange Online](/Exchange/accessibility/keyboard-shortcuts-in-admin-center).-
-> [!TIP]
-> Having problems? Ask for help in the [Exchange Online Protection](https://social.technet.microsoft.com/Forums/forefront/home?forum=FOPE) forum.
-
-## Use the EAC to run an administrator role group report
-
-Run the administrator role group report to find the changes to management role groups within a particular time frame.
-
-1. In the EAC, go to **Compliance management** \> **Auditing**, and then choose **Run an administrator role group report**.
-
-2. In the **Search for changes to administrator role groups** page that opens, configure the following settings:
-
- - **Start date** and **End date**: Enter a date range. By default, the report searches for changes made to administrator role groups in the past two weeks.
-
- - **Select role groups**: By default, all role groups are searched. To filter the results by specific role groups, click **Select role groups**. In the dialog that appears, select a role group and click **add ->**. Repeat this step as many times as necessary, and then click **OK** when you're finished.
-
-3. When you're finished, click **Search**.
-
-If any changes are found using the criteria you specified, they will appear in the results pane. Click a role group in the search results to see the changes in the details pane.
-
-## How do you know this worked?
-
-If you've successfully run an administrator role group report, role groups that have been changed within the date range are displayed in the search results pane. If there are no results, then no changes to role groups have taken place within the specified date range. If you think there should be results, change the date range and then run the report again.
-
-## Monitor changes to role group membership
-
-When members are added to or removed from a role group, the search results displayed in the details pane indicate that the role group membership was updated and lists the current members. The results don't explicitly state which user was added or removed.
-
-To determine if a user was added or removed, you have to compare two separate entries in the report. For example, let's look at the following log entries for the **HelpDesk** role group:
-
-> 1/27/2018 4:43 PM <br> Administrator <br> Updated members: Administrator;annb,florencef;pilarp <br> 2/06/2018 10:09 AM <br> Administrator <br> Updated members: Administrator;annb;florencef;pilarp;tonip <br> 2/19/2018 2:12 PM <br> Administrator <br> Updated members: Administrator;annb;florencef;tonip
-
-In this example, the Administrator user account made the following changes:
--- On 2/06/2018, they added the user tonip.-- On 2/19/2018, they removed the user pilarp.-
-## Use standalone Exchange Online PowerShell to search for audit log entries
-
-You can use Exchange Online PowerShell to search for audit log entries that meet the criteria you specify. For a list of search criteria, see [Search-AdminAuditLog search criteria](/Exchange/policy-and-compliance/admin-audit-logging/admin-audit-logging#search-adminauditlog-cmdlet). This procedure uses the **Search-AdminAuditLog** cmdlet and displays search results in Exchange Online PowerShell. You can use this cmdlet when you need to return a set of results that exceeds the limits defined on the **New-AdminAuditLogSearch** cmdlet or in the EAC Audit Reporting reports.
-
-To search the audit log for criteria you specify, use the following syntax.
-
-```PowerShell
-Search-AdminAuditLog - Cmdlets <cmdlet 1, cmdlet 2, ...> -Parameters <parameter 1, parameter 2, ...> -StartDate <start date> -EndDate <end date> -UserIds <user IDs> -ObjectIds <object IDs> -IsSuccess <$True | $False >
-```
-
-> [!NOTE]
-> The **Search-AdminAuditLog** cmdlet returns a maximum of 1,000 log entries by default. Use the _ResultSize_ parameter to specify up to 250,000 log entries. Or, use the value `Unlimited` to return all entries.
-
-This example performs a search for all audit log entries with the following criteria:
--- **Start date**: 08/04/2018-- **End date**: 10/03/2018-- **User IDs**: `davids`, `chrisd`, `kima`-- **Cmdlets**: **Set-Mailbox**-- **Parameters**: _ProhibitSendQuota_, _ProhibitSendReceiveQuota_, _IssueWarningQuota_, _MaxSendSize_, _MaxReceiveSize_-
-```PowerShell
-Search-AdminAuditLog -Cmdlets Set-Mailbox -Parameters ProhibitSendQuota,ProhibitSendReceiveQuota,IssueWarningQuota,MaxSendSize,MaxReceiveSize -StartDate 08/04/2018 -EndDate 10/03/2018 -UserIds davids,chrisd,kima
-```
-
-This example searches for changes made to a specific mailbox. This is useful if you're troubleshooting or you need to provide information for an investigation. The following criteria are used:
--- **Start date**: 05/01/2018-- **End date**: 10/03/2018-- **Object ID**: contoso.com/Users/DavidS-
-```PowerShell
-Search-AdminAuditLog -StartDate 05/01/2018 -EndDate 10/03/2018 -ObjectID contoso.com/Users/DavidS
-```
-
-If your searches return many log entries, we recommend that you use the procedure provided in **Use Exchange Online PowerShell to search for audit log entries and send results to a recipient** later in this article. The procedure in that section sends an XML file as an email attachment to the recipients you specify, enabling you to more easily extract the data you're interested in.
-
-For detailed syntax and parameter information, see [Search-AdminAuditLog](/powershell/module/exchange/search-adminauditlog).
-
-### View details of audit log entries
-
-The **Search-AdminAuditLog** cmdlet returns the fields described in [Audit log contents](/Exchange/policy-and-compliance/admin-audit-logging/admin-audit-logging#audit-log-contents). Of the fields returned by the cmdlet, two fields, **CmdletParameters** and **ModifiedProperties**, contain additional information that isn't viewable by default.
-
-To view the contents of the **CmdletParameters** and **ModifiedProperties** fields, use the following steps. Or, you can use the procedure in **Use Exchange Online PowerShell to search for audit log entries and send results to a recipient** later in this article to create an XML file.
-
-This procedure uses the following concepts:
--- [about_Arrays](/powershell/module/microsoft.powershell.core/about/about_arrays)--- [about_Variables](/powershell/module/microsoft.powershell.core/about/about_variables)-
-1. Decide the criteria you want to search for, run the **Search-AdminAuditLog** cmdlet, and store the results in a variable using the following command.
-
- ```PowerShell
- $Results = Search-AdminAuditLog <search criteria>
- ```
-
-2. Each audit log entry is stored as an array element in the variable `$Results`. You can select an array element by specifying its array element index. Array element indexes start at zero (0) for the first array element. For example, to retrieve the 5th array element, which has an index of 4, use the following command.
-
- ```PowerShell
- $Results[4]
- ```
-
-3. The previous command returns the log entry stored in array element 4. To see the contents of the **CmdletParameters** and **ModifiedProperties** fields for this log entry, use the following commands.
-
- ```PowerShell
- $Results[4].CmdletParameters
- $Results[4].ModifiedProperties
- ```
-
-4. To view the contents of the **CmdletParameters** or **ModifiedParameters** fields in another log entry, change the array element index.
security S Mime For Message Signing And Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/s-mime-for-message-signing-and-encryption.md
- Title: S/MIME for encryption in Exchange Online - Office 365
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-description: Admins can learn about using S/MIME (Secure/Multipurpose Internet Mail Extensions) in Exchange Online to encrypt emails and digitally sign them.
---
-# S/MIME for message signing and encryption in Exchange Online
---
-S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely accepted method (or more precisely, a protocol) for sending digitally signed and encrypted messages. S/MIME allows you to encrypt emails and digitally sign them. When you use S/MIME with an email message, it helps the people who receive that message to be certain that what they see in their inbox is the exact message that started with the sender. It will also help people who receive messages to be certain that the message came from the specific sender and not from someone pretending to be the sender. To do this, S/MIME provides for cryptographic security services such as authentication, message integrity, and non-repudiation of origin (using digital signatures). It also helps enhance privacy and data security (using encryption) for electronic messaging. For a more complete background about the history and architecture of S/MIME in the context of email, see [Understanding S/MIME](/previous-versions/tn-archive/aa995740(v=exchg.65)).
-
-As an Exchange Online admin, you can enable S/MIME-based security for the mailboxes in your organization. Use the guidance in the topics linked here along with Exchange Online PowerShell to set up S/MIME. To use S/MIME in supported email clients, the users in your organization must have certificates issued for signing and encryption purposes and data published to your on-premises Active Directory Domain Service (AD DS). Your AD DS must be located on computers at a physical location that you control and not at a remote facility or cloud-based service somewhere on the internet. For more information about AD DS, see [Active Directory Domain Services Overview](/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview).
-
-## Supported scenarios and technical considerations
-
-You can set up S/MIME to work with any of the following end points:
--- Outlook 2010 or later-- Outlook on the web (formerly known as Outlook Web App)-- Exchange ActiveSync (EAS)-
-The steps that you follow to set up S/MIME with each of these end points is slightly different. Generally, you will need to do the following steps:
-
-1. Install a Windows-based Certification Authority (CA) and set up a public key infrastructure to issue S/MIME certificates. Certificates issued by third-party certificate providers are also supported. For details, see [Active Directory Certificate Services Overview](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)).
-
- **Notes**:
-
- - Certificates issued by a third-party CA have the advantage of being automatically trusted by all clients and devices. Certificates that are issued by an internal, private CA aren't automatically trusted by clients and devices, and not all devices (for example, phones) can be configured to trust private certificates.
-
- - Consider using an intermediate certificate instead of the root certificate to issue certificates to users. That way, if you ever need to revoke and reissue certificates, the root certificate is still intact.
-
-2. Publish the user certificate in an on-premises AD DS account in the **UserSMIMECertificate** and/or **UserCertificate** attributes.
-
-3. For Exchange Online organizations, synchronize the user certificates from AD DS to Azure Active Directory by using an appropriate version of Azure AD Connect. These certificates will then get synchronized from Azure Active Directory to Exchange Online directory and will be used when encrypting a message to a recipient.
-
-4. Set up a virtual certificate collection in order to validate S/MIME. This information is used by Outlook on the web when validating the signature of an email and ensuring that it was signed by a trusted certificate.
-
-5. Set up the Outlook or EAS end point to use S/MIME.
-
-> [!NOTE]
-> You can't install S/MIME control in Outlook on the web on Mac, iOS, Android, or other non-Windows devices. For more information, see [Encrypt messages by using S/MIME in Outlook on the web](https://support.microsoft.com/office/878c79fc-7088-4b39-966f-14512658f480).
-
-## Set up S/MIME with Outlook on the web
-
-Setting up S/MIME for Exchange Online with Outlook on the web involves the following key steps:
-
-1. [Configure S/MIME settings for Outlook on the web](configure-s-mime-settings-for-outlook-web-app.md)
-2. [Set up virtual certificate collection to validate S/MIME](set-up-virtual-certificate-collection-to-validate-s-mime.md)
-3. [Sync user certificates to Office 365 for S/MIME](sync-user-certificates-to-office-365-for-s-mime.md)
-
-## Related message encryption technologies
-
-As message security becomes more important, admins need to understand the principles and concepts of secure messaging. This understanding is especially important because of the growing variety of protection-related technologies (including S/MIME) that are available. To understand more about S/MIME and how it works in context of email, see [Understanding S/MIME](/previous-versions/tn-archive/aa995740(v=exchg.65)). A variety of encryption technologies work together to provide protection for messages at rest and in-transit. S/MIME can work simultaneously with the following technologies but is not dependent on them:
--- **Transport Layer Security (TLS)** encrypts the tunnel or the route between email servers in order to help prevent snooping and eavesdropping.--- **Secure Sockets Layer (SSL)** encrypts the connection between email clients and Microsoft 365 servers.--- **BitLocker** encrypts the data on a hard drive in a datacenter so that if someone gets unauthorized access, they can't read it.-
-### S/MIME compared with Office 365 Message Encryption
-
-S/MIME requires a certificate and publishing infrastructure that is often used in business-to-business and business-to-consumer situations. The user controls the cryptographic keys in S/MIME and can choose whether to use them for each message they send. Email programs such as Outlook search a trusted root certificate authority location to perform digital signing and verification of the signature. Office 365 Message Encryption is a policy-based encryption service that can be configured by an administrator, and not an individual user, to encrypt mail sent to anyone inside or outside of the organization. It's an online service that's built on Azure Rights Management (RMS) and does not rely on a public key infrastructure. Office 365 Message Encryption also provides additional capabilities, such as the capability to customize the mail with organization's brand. For more information about Office 365 Message Encryption, see [Encryption in Office 365](../../compliance/encryption.md).
-
-## More information
-
-[Outlook on the web](/exchange/exchange-admin-center)
-
-[Secure Mail (2000)](/previous-versions/windows/it-pro/windows-2000-server/cc962043(v=technet.10))
security Safe Attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-attachments.md
There are scenarios where Dynamic Delivery is unable to replace attachments in m
- Deleted messages. - The user's mailbox search folder is in an error state. - Exchange Online organizations where Exclaimer is enabled. To resolve this issue, see [KB4014438](https://support.microsoft.com/help/4014438).-- [S/MIME)](s-mime-for-message-signing-and-encryption.md) encrypted messages.
+- [S/MIME)](/exchange/security-and-compliance/smime-exo/smime-exo) encrypted messages.
- You configured the Dynamic Delivery action in a Safe Attachments policy, but the recipient doesn't support Dynamic Delivery (for example, the recipient is a mailbox in an on-premises Exchange organization). However, [Safe Links in Microsoft Defender for Office 365](set-up-safe-links-policies.md) is able to scan Office file attachments that contain URLs (depending on how the [global settings for Safe Links](configure-global-settings-for-safe-links.md) are configured). ## Submitting files for malware analysis
security Sample Script For Applying Eop Settings To Multiple Tenants https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/sample-script-for-applying-eop-settings-to-multiple-tenants.md
- Title: Sample script for EOP settings - multiple tenants
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-
- - seo-marvel-apr2020
-description: In this article, you'll learn how to use PowerShell to apply configuration settings to your tenants in Microsoft Exchange Online Protection (EOP).
--
-# Sample script for applying EOP settings to multiple tenants
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-The following sample script lets Microsoft Exchange Online Protection (EOP) admins who manage multiple tenants (companies) use Exchange Online PowerShell to view and/or apply configuration settings to their tenants.
-
-## To run a script or cmdlet on multiple tenants
-
-1. If you haven't already, [install the Exchange Online V2 module](/powershell/exchange/exchange-online-powershell-v2#install-and-maintain-the-exo-v2-module).
-
-2. Using an spreadsheet app (for example, Excel), create a .csv file with the following details:
-
- - UserName column: The account that you'll use to connect (for example, `admin@contoso.onmicrosoft.com`).
- - Cmdlet column: The cmdlet or command to run (for example, `Get-AcceptedDomain` or `Get-AcceptedDomain | FT Name`).
-
- The file will look like this:
-
- ```text
- UserName,Cmdlet
- admin@contoso.onmicrosoft.com,Get-AcceptedDomain | FT Name
- admin@fabrikam.onmicrosoft.com,Get-AcceptedDomain | FT Name
- ```
-
-3. Save the .csv file in a location that's easy to find (for example, c:\scripts\inputfile.csv).
-
-4. Copy the [RunCmdletOnMultipleTenants.ps1](#runcmdletonmultipletenantsps1) script into Notepad, and then save the file to a location that's easy to find (for example, c:\scripts).
-
-5. Run the script by using the following syntax:
-
- ```powershell
- & "<file path>\RunCmdletOnMultipleTenants.ps1" "<file path>\inputfile.csv"
- ```
-
- Here's an example:
-
- ```powershell
- & "c:\scripts\RunCmdletOnMultipleTenants.ps1" "c:\scripts\inputfile.csv"
- ```
-
-6. Each tenant will be logged on to, and the script will be run.
-
-## RunCmdletOnMultipleTenants.ps1
-
-> [!NOTE]
-> You might need to modify the `Connect-IPPSSession` line in the script to match your environment. For example, Office 365 Germany requires a different _ConnectionUri_ value than the current value in a script. For details, see Connect to [Exchange Online Powershell](/powershell/exchange/connect-to-exchange-online-protection-powershell).
-
-```powershell
-# This script runs Windows PowerShell cmdlets on multiple tenants.
-#
-# Usage: RunCmdletOnMultipleTenants.ps1 inputfile.csv
-#
-# .csv input file sample:
-#
-# UserName,Cmdlet
-# admin@contoso.onmicrosoft.com,Get-AcceptedDomain | FT Name
-# admin@fabrikam.onmicrosoft.com,Get-AcceptedDomain | FT Name
-
-# Get the .csv file name as an argument to this script.
-$FilePath = $args[0]
-
-# Import the UserName and Cmdlet values from the .csv file.
-$CompanyList = Import-CSV $FilePath
-
-# Load the EXO V2 module
-Import-Module ExchangeOnlineManagement
-
-# Loop through each entry from the .csv file.
-ForEach ($Company in $CompanyList) {
-
-# Get the current entry's UserName.
-$UserName = $Company.UserName
-
-# Get the current entry's Cmdlet.
-$Cmdlet = $Company.Cmdlet
-
-# Connect to EOP PowerShell by using the current entry's UserName. Prompt for the password.
-Connect-IPPSSession -UserPrincipalName $UserName -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/
-
-# Here's where the script to be run on the tenant goes.
-# In this example, the cmdlet in the .csv file runs.
-Invoke-Expression $Cmdlet
-
-# End the current PowerShell session.
-Disconnect-ExchangeOnline -Confirm:$false
-}
-```
security Secure By Default https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-by-default.md
To put it another way: as a security service, we're acting on your behalf to pre
> [!NOTE] > In July 2021, secure by default will be extended to Exchange mail flow rules (also known as transport rules). If you use mail flow rules to allow third-party phishing simulations or unfiltered delivery to security operation mailboxes, you eventually need to eliminate these rules and switch to using the [advanced delivery policy](configure-advanced-delivery.md) _when the feature is available to you_.
-The only override that allows high confidence phishing message to bypass filtering is mail flow rules. To use mail flow rules to bypass filtering, see [Use mail flow rules to set the SCL in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md).
+The only override that allows high confidence phishing message to bypass filtering is mail flow rules. To use mail flow rules to bypass filtering, see [Use mail flow rules to set the SCL in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl).
You should only consider using overrides in the following scenarios:
security Send And Receive S Mime Signed And Encrypted Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/send-and-receive-s-mime-signed-and-encrypted-email.md
- Title: Send & receive S/MIME encrypted email - Exchange Online
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-description: Sending or replying to an S/MIME-encrypted message in Microsoft Outlook is very similar to the experience with a non-encrypted message.
---
-# Send and receive S/MIME signed and encrypted email in Exchange Online
---
-Sending or replying to an S/MIME-encrypted message in Microsoft Outlook is very similar to the experience with a non-encrypted message. For more information about reading or sending S/MIME-encrypted messages from an email program such as Outlook on the web (formerly known as Outlook Web App), see [Encrypt messages by using S/MIME in Outlook on the web](https://support.microsoft.com/office/878c79fc-7088-4b39-966f-14512658f480).
-
-## For more information
-
-[S/MIME for message signing and encryption](s-mime-for-message-signing-and-encryption.md)
security Set Up Virtual Certificate Collection To Validate S Mime https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-virtual-certificate-collection-to-validate-s-mime.md
- Title: Set up virtual certificate collection - Exchange Online
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-description: Admins can learn how to create a virtual certificate collection that will be used to validate S/MIME certificates in Exchange Online.
---
-# Set up virtual certificate collection in Exchange Online to validate S/MIME
---
-As an admin, you will need to configure a virtual certificate collection in Exchange Online that will be used to validate S/MIME certificates. This virtual certificate collection is set up as a certificate store with an SST filename extension. The SST file contains all the root and intermediate certificates that are used when validating an S/MIME certificate.
-
-## Create and save an SST
-
-You can create this SST certificate store file by exporting the certificates from a trusted machine using the **Export-Certificate** cmdlet in Windows PowerShell and specifying the _Type_ value as SST. For instructions, see [Export-Certificate](/powershell/module/pkiclient/export-certificate).
-
-Once you have the SST certificate store file, use the following syntax in Exchange Online PowerShell to save the SST file contents in the Exchange Online virtual certificate store. To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
-
-```PowerShell
-Set-SmimeConfig -SMIMECertificateIssuingCA (Get-Content <FileNameAndPath>.sst -Encoding Byte)
-```
-
-This example imports the SST file C:\My Documents\Exported Certificate Store.sst.
-
-```PowerShell
-Set-SmimeConfig -SMIMECertificateIssuingCA (Get-Content "C:\My Documents\Exported Certificate Store.sst" -Encoding Byte)
-```
-
-For detailed syntax and parameter information, see [Set-SmimeConfig](/powershell/module/exchange/set-smimeconfig).
-
-## Ensuring a certificate is valid
-
-In Exchange Online, only the SST is used for certificate validation.
-
-## More Information
-
-[S/MIME for message signing and encryption](s-mime-for-message-signing-and-encryption.md)
-
-[Get-SmimeConfig](/powershell/module/exchange/get-smimeconfig)
security Set Up Your Eop Service https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-your-eop-service.md
- Title: Set up your standalone EOP service
- - NOCSH
--- Previously updated : ---
- - seo-marvel-apr2020
-localization_priority: Normal
-description: Admins can learn how to set up standalone Exchange Online Protection (EOP) to protect on-premises email environments.
--
-# Set up your standalone EOP service
--
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)-
-This topic explains how to set up standalone Exchange Online Protection (EOP). If you landed here from the Office 365 domains wizard, go back to the Office 365 domains wizard if you don't want to use Exchange Online Protection. If you're looking for more information on how to configure connectors, see [Configure mail flow using connectors in Office 365](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/use-connectors-to-configure-mail-flow).
-
-> [!NOTE]
-> This topic assumes you have on-premises mailboxes and you want to protect them with EOP, which is known as a standalone scenario. If you want to host all of your mailboxes in the cloud with Exchange Online, you don't have to complete all of the steps in this article. Go to [Compare Exchange Online plans](https://products.office.com/exchange/compare-microsoft-exchange-online-plans) to sign up and purchase cloud mailboxes.
->
-> If you want to host some of your mailboxes on premises and some in the cloud, this is known as a hybrid scenario. It requires more advanced mail-flow settings. [Exchange Server hybrid deployments](/exchange/exchange-hybrid) explains hybrid mail flow and has links to resources that show how to set it up.
-
-## What do you need to know before you begin?
--- Estimated time to complete this task: 1 hour--- You need to be assigned permissions in Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Remote and Accepted Domains** role, which is assigned to the **Organization Management** (global admins) and **Mail Flow Administrator** role groups by default. For more information, see [Permissions in standalone EOP](feature-permissions-in-eop.md) and [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups).--- If you haven't signed up for EOP, visit [Exchange Online Protection](https://products.office.com/exchange/exchange-email-security-spam-protection) and choose to buy or try the service.--- For information about keyboard shortcuts that may apply to the procedures in this article, see [Keyboard shortcuts for the Exchange admin center in Exchange Online](/Exchange/accessibility/keyboard-shortcuts-in-admin-center).-
-> [!TIP]
-> Having problems? Ask for help in the [Exchange Online Protection](https://social.technet.microsoft.com/Forums/forefront/home?forum=FOPE) forum.
-
-## Step 1: Use the Microsoft 365 admin center to add and verify your domain
-
-1. In the [Microsoft 365 admin center](../../admin/admin-overview/about-the-admin-center.md), go to **Setup** to add your domain to the service.
-
-2. Follow the steps to add the applicable DNS records to your DNS-hosting provider in order to verify domain ownership.
-
-> [!TIP]
-> [Add a domain to Office 365](../../admin/setup/add-domain.md) and [Create DNS records at any DNS hosting provider for Office 365](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md) are helpful resources to reference as you add your domain to the service and configure DNS.
-
-## Step 2: Add recipients and optionally enable DBEB
-
-Before configuring your mail to flow to and from the EOP service, we recommend adding your recipients to the service. There are several ways in which you can do this, as documented in [Manage mail users in EOP](manage-mail-users-in-eop.md). Also, if you want to enable Directory Based Edge Blocking (DBEB) in order to enforce recipient verification within the service after adding your recipients, you need to set your domain type to Authoritative. For more information about DBEB, see [Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients](/exchange/mail-flow-best-practices/use-directory-based-edge-blocking).
-
-## Step 3: Use the EAC to set up mail flow
-
-Create connectors in the Exchange admin center (EAC) that enable mail flow between EOP and your on-premises mail servers. For detailed instructions, see [Set up connectors to route mail between Microsoft 365 and your own email servers](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail).
-
-### How do you know this worked?
-
-Check mail flow between the service and your environment. For more information, see [Test mail flow by validating your Microsoft 365 connectors](/exchange/mail-flow-best-practices/test-mail-flow).
-
-## Step 4: Allow inbound port 25 SMTP access
-
-After you configured connectors, wait 72 hours to allow propagation of your DNS record updates. Following this, restrict inbound port-25 SMTP traffic on your firewall or mail servers to accept mail only from the EOP datacenters, specifically from the IP addresses listed at [Exchange Online Protection IP addresses](../../enterprise/urls-and-ip-address-ranges.md). This protects your on-premises environment by limiting the scope of inbound messages you can receive. Additionally, if you have settings on your mail server that control the IP addresses allowed to connect for mail relay, update those settings as well.
-
-> [!TIP]
-> Configure settings on the SMTP server with a connection time out of 60 seconds. This setting is acceptable for most situations, allowing for some delay in the case of a message sent with a large attachment, for example.
-
-## Step 5: Ensure that spam is routed to each user's Junk Email folder
-
-To ensure that spam (junk) email is routed correctly to each user's Junk Email folder, you must perform a couple of configuration steps. The steps are provided in [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
-
-If you don't want to move messages to each user's Junk Email folder, you may choose another action by editing your anti-spam policies. For more information, see [Configure anti-spam policies in Office 365](configure-your-spam-filter-policies.md).
-
-## Step 6: Use the Microsoft 365 admin center to point your MX record to EOP
-
-Follow the domain configuration steps to update your MX record for your domain, so that your inbound email flows through EOP. Be sure to point your MX record directly to EOP as opposed to having a third-party filtering service relay email to EOP. For more information, you can again reference [Create DNS records for Office 365](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md).
-
-> [!NOTE]
-> If you must point your MX record to another server or service that sits in front of EOP, see [Enhanced Filtering for Connectors in Exchange Online](/Exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors).
-
-### How do you know this task worked?
-
-At this point, you've verified service delivery for a properly configured Outbound on-premises connector, and you've verified that your MX record is pointing to EOP. You can now choose to run the following additional tests to verify that an email will be successfully delivered by the service to your on-premises environment:
--- Check mail flow between the service and your environment. For more information, see [Test mail flow by validating your Microsoft 365 connectors](/exchange/mail-flow-best-practices/test-mail-flow).--- Send an email message from any web-based email account to a mail recipient in your organization whose domain matches the domain you added to the service. Confirm delivery of the message to the on-premises mailbox using Microsoft Outlook or another email client.--- If you want to run an outbound email test, you can send an email message from a user in your organization to a web-based email account and confirm that the message is received.-
-> [!TIP]
-> When you've completed your setup, you don't have to perform extra steps to make EOP remove spam and malware. EOP removes spam and malware automatically. However, you can fine tune your settings based on your business requirements. For more information, see [Anti-spam and anti-malware protection in EOP](anti-spam-and-anti-malware-protection.md) and [Anti-phishing protection in Microsoft 365](anti-phishing-protection.md).
->
-> Now that your service is running, we recommend reading [Best practices for configuring EOP](best-practices-for-configuring-eop.md), which describes recommended settings and considerations for after you set up EOP.
security Spam Confidence Levels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/spam-confidence-levels.md
What the SCL means and the default actions that are taken on messages are descri
You'll notice that SCL 2, 3, 4, 7, and 8 aren't used by spam filtering.
-You can use mail flow rules (also known as transport rules) to stamp the SCL on messages. If you use a mail flow rule to set the SCL, the values 5 or 6 trigger the spam filtering action for **Spam**, and the values 7, 8, or 9 trigger the spam filtering action for **High confidence spam**. For more information, see [Use mail flow rules to set the spam confidence level (SCL) in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md).
+You can use mail flow rules (also known as transport rules) to stamp the SCL on messages. If you use a mail flow rule to set the SCL, the values 5 or 6 trigger the spam filtering action for **Spam**, and the values 7, 8, or 9 trigger the spam filtering action for **High confidence spam**. For more information, see [Use mail flow rules to set the spam confidence level (SCL) in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl).
Similar to the SCL, the bulk complaint level (BCL) identifies bad bulk email (also known as _gray mail_). A higher BCL indicates a bulk mail message is more likely to generate complaints (and is therefore more likely to be spam). You configure the BCL threshold in anti-spam policies. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md), [Bulk complaint level (BCL) in EOP)](bulk-complaint-level-values.md), and [What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md).
security Submit Spam Non Spam And Phishing Scam Messages To Microsoft For Analysis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis.md
If you receive a message that passed through spam filtering that should have bee
1. Create a new, blank email message with the one of the following recipients: - **Junk**: `junk@office365.microsoft.com`- - **Phishing**: `phish@office365.microsoft.com` 2. Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers).
If you receive a message that passed through spam filtering that should have bee
> [!NOTE] > > - You can attach multiple messages in the new message. Make sure that all the messages are the same type: either phishing messages or junk email messages.
- >
> - Leave the body of the new message empty.
- >
> - Use either .msg (default Outlook format) or .eml (default Outlook on the Web format) formats for the attached messages. 3. When you're finished, click **Send**.
If you receive a message that passed through spam filtering that should have bee
> [!TIP] > Instead of using the following procedures to report false positives, users in Outlook and Outlook on the web (formerly known as Outlook Web App) can use the Report Message add-in or the Report Phishing add-in. For information about how to install and use these tools, see [Enable the Report Message add-in](enable-the-report-message-add-in.md) and [Enable the Report Phishing add-in](enable-the-report-phish-add-in.md). - If a message was incorrectly identified as spam, you can submit the message to the Microsoft Spam Analysis Team. The analysts will evaluate the message, and (depending on the results of the analysis) the service-wide filters can be adjusted to allow the message through.
-1. Create a new, blank email message with `not_junk@office365.microsoft.com` as the recipient:
+1. Create a new, blank email message with `not_junk@office365.microsoft.com` as the recipient.
2. Drag and drop the misidentified message into the new message. This will save the misidentified message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). > [!NOTE] > > - You can attach multiple messages in the new message. Make sure that all the messages are the same type: either phishing messages or junk email messages.
- >
> - Leave the body of the new message empty.
- >
> - Use either .msg (default Outlook format) or .eml (default Outlook on the Web format) formats for the attached messages. 3. When you're finished, click **Send**.
The data resides in the Office 365 compliance boundary in North American data ce
## Create a mail flow rule to receive copies of messages that are reported to Microsoft
-For instructions, see [Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md).
+For instructions, see [Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft).
security Switch To Eop From Google Postini The Barracuda Spam And Virus Firewall Or Cisco https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/switch-to-eop-from-google-postini-the-barracuda-spam-and-virus-firewall-or-cisco.md
Before you switch to EOP, it's important to think about whether you want to host
## Switch to EOP standalone
-If you currently host your mailboxes on premises and use an on-premises protection appliance or a cloud messaging-protection service, you can switch to EOP to take advantage of its protection features and availability. To set up EOP in a standalone scenario, which means you host your mailboxes on premises and use EOP to provide email protection, you can follow the steps outlined in [Set up your EOP service](set-up-your-eop-service.md). The topic outlines the steps for setting up EOP protection, which include sign up, adding your domain, and setting up mail flow with connectors.
+If you currently host your mailboxes on premises and use an on-premises protection appliance or a cloud messaging-protection service, you can switch to EOP to take advantage of its protection features and availability. To set up EOP in a standalone scenario, which means you host your mailboxes on premises and use EOP to provide email protection, you can follow the steps outlined in [Set up your EOP service](/exchange/standalone-eop/set-up-your-eop-service). The topic outlines the steps for setting up EOP protection, which include sign up, adding your domain, and setting up mail flow with connectors.
## Switch to Exchange Online
The best place to start, if you are considering a hybrid deployment, is [Exchang
When you decide to switch to EOP, make sure you give special consideration to the following areas: -- **Custom Filtering Rules**: If you have custom filtering or business-policy rules to catch specific spam, we recommend that you try EOP with the default settings for a period of time before you migrate your rules. EOP offers enterprise-level spam protection with the default settings, it may turn out that you don't need to migrate some of your rules to EOP. Of course, if you have rules in place that enforce specific custom business policies, you can create those. [Mail flow rules (transport rules) in Exchange Online Protection](mail-flow-rules-transport-rules-0.md) provides detailed instructions for creating mail flow rules in EOP.
+- **Custom Filtering Rules**: If you have custom filtering or business-policy rules to catch specific spam, we recommend that you try EOP with the default settings for a period of time before you migrate your rules. EOP offers enterprise-level spam protection with the default settings, it may turn out that you don't need to migrate some of your rules to EOP. Of course, if you have rules in place that enforce specific custom business policies, you can create those. For more information, see [Mail flow rules (transport rules) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules).
- **IP allow lists and IP block lists**: If you have per-user allow lists and block lists, allow some time to copy the lists to EOP as part of your setup process. For more information about the IP Allow List and IP Block List, see [Configure the connection filter policy](configure-the-connection-filter-policy.md). - **Secure Communication**: If you have a partner that requires encrypted messaging, we recommend that you set this up in the Exchange admin center. To configure this scenario, see [Set up connectors for secure mail flow with a partner organization](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner). > [!TIP]
-> When you switch from an on-premises appliance to EOP, it is possible to leave your appliance or a server in place that performs business rule checks. For instance, if your appliance performs custom filtering on outbound mail, and you want it to continue doing so, you can configure EOP to send mail directly to the appliance for additional filtering, before it is routed to the internet.
+> When you switch from an on-premises appliance to EOP, it is possible to leave your appliance or a server in place that performs business rule checks. For instance, if your appliance performs custom filtering on outbound mail, and you want it to continue doing so, you can configure EOP to send mail directly to the appliance for additional filtering, before it is routed to the internet.
security Sync User Certificates To Office 365 For S Mime https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/sync-user-certificates-to-office-365-for-s-mime.md
- Title: Sync user certificates to Office 365 for S/MIME
- - NOCSH
--- Previously updated : 12/09/2016--
-localization_priority: Normal
- - MET150
-
- - seo-marvel-apr2020
-description: In this article, you'll learn how to publish appropriate certificates to Office 365 before sending S/MIME-protected messages in Exchange Online.
--
-# Sync user certificates to Office 365 for S/MIME
---
-Before anyone can send S/MIME-protected messages in Exchange Online, the appropriate certificates must be set up. To send encrypted messages through Exchange Online, the sender's email app uses the public certificate of the recipient to encrypt the message. This public X.509 certificate has to be published to Office 365.
-
-## To Sync certificates that support S/MIME
-
-Begin setting up S/MIME by issuing certificates and publishing them in your local Active Directory Domain Service. For more information, see [Active Directory Certificate Services Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831740(v=ws.11)).
-
-After your certificates are published, use the Azure AD Connect tool to synchronize user data from your on-premises Exchange environment to Office 365. For more information on this process, see [Azure AD Connect sync: Understand and customize synchronization](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
-
-Along with synchronizing other directory data, for S/MIME purposes, the tool will synchronize the **userCertificate** and **userSMIMECertificate** attributes for each user object so the data can be used to sign and encrypt messages.
-
-## More Information
-
-[S/MIME for message signing and encryption](s-mime-for-message-signing-and-encryption.md)
-
-[What is Azure AD Connect?](/azure/active-directory/hybrid/whatis-azure-ad-connect)
security Use Mail Flow Rules To See What Your Users Are Reporting To Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md
- Title: Use mail flow rules to see what your users are reporting to Microsoft
- - NOCSH
-----
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
-description: Admins can learn how to use mail flow rules (also known as transport rules) to receive copies of messages that users report to Microsoft.
--
-# Use mail flow rules to see what your users are reporting to Microsoft
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, there are multiple ways for users to report messages to Microsoft for analysis as described in [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
-
-You can create a mail flow rule (also known as a transport rule) that looks for messages that users report to Microsoft, and you can configure Bcc recipients to receive copies of these reported messages.
-
-You can create the mail flow rule in the Exchange admin center (EAC) and PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes).
-
-## What do you need to know before you begin?
--- You need to be assigned permissions in Exchange Online or Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Transport Rules** role, which is assigned to the **Organization Management**, **Compliance Management** (global admins), and **Records Management** role groups by default.-
- For more information, see the following topics:
-
- - [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo)
- - [Permissions in standalone EOP](feature-permissions-in-eop.md)
- - [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups)
--- To open the EAC in Exchange Online, see [Exchange admin center in Exchange Online](/Exchange/exchange-admin-center). To open the EAC in standalone EOP, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- For more information about mail flow rules in Exchange Online and standalone EOP, see the following topics:
- - [Mail flow rules (transport rules) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rules)
- - [Mail flow rule conditions and exceptions (predicates) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/conditions-and-exceptions)
- - [Mail flow rule actions in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rule-actions)
-
-## Use the EAC to create a mail flow rule to receive copies of reported messages
-
-1. In the EAC, go to **Mail flow** \> **Rules**.
-
-2. Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png) and then select **Create a new rule**.
-
-3. In the **New rule** page that opens, configure the following settings:
-
- - **Name**: Enter a unique, descriptive name for the rule. For example, Bcc Messages Reported to Microsoft.
-
- - Click **More Options**.
-
- - **Apply this rule if**: Select **The recipient** \> **address includes any of these words**: In the **Specify words or phrases** dialog that appears, enter one of the following values, click **Add** ![Add Icon](../../media/ITPro-EAC-AddIcon.png), and repeat until you've entered all the values.
-
- - `junk@office365.microsoft.com`
- - `abuse@messaging.microsoft.com`
- - `phish@office365.microsoft.com`
- - `not_junk@office365.microsoft.com`
-
- To edit an entry, select it and click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png). To remove an entry, select it and click **Remove** ![Remove icon](../../media/ITPro-EAC-DeleteIcon.png).
-
- When you're finished, click **OK**.
-
- - **Do the following**: Select **Add recipients** \> **to the Bcc box**. In the dialog that appears, find and select the recipients that you want to add. When you're finished, click **OK**.
-
-4. You can make additional selections to audit the rule, test the rule, activate the rule during a specific time period, and other settings. We recommend testing the rule before you enforce it.
-
-5. When you're finished, click **Save**.
-
-## Use PowerShell to create a mail flow rule to receive copies of reported messages
-
-This example creates a new mail flow rule named Bcc Messages Reported to Microsoft that looks for email messages that are reported to Microsoft by using the methods described in this article, and adds the users laura@contoso.com and julia@contoso.com as Bcc recipients.
-
-```powershell
-New-TransportRule -Name "Bcc Messages Reported to Microsoft" -RecipientAddressContainsWords "junk@office365.microsoft.com","abuse@messaging.microsoft.com","phish@office365.microsoft.com","false_positive@messaging.microsoft.com" -BlindCopyTo "laura@contoso.com","julia@contoso.com".
-```
-
-For detailed syntax and parameter information, see [New-TransportRule](/powershell/module/exchange/new-transportrule).
-
-## How do you know this worked?
-
-To verify that you've configured a mail flow rules to receive copies of reported messages, do any of the following steps:
--- In the EAC, go to **Mail flow** \> **Rules** \> select the rule \> click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png), and verify the settings.--- In PowerShell, run the following command to verify the settings:-
- ```powershell
- Get-TransportRule -Identity "Bcc Messages Reported to Microsoft" | Format-List
- ```
--- Send a test messages to one of the reporting email addresses and verify the results.
security Use Mail Flow Rules To Set The Spam Confidence Level Scl In Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md
- Title: Use mail flow rules to the SCL in messages
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
-description: Learn how to create mail flow rules (transport rules) to identify messages and set the spam confidence level (SCL) of messages in Exchange Online Protection.
---
-# Use mail flow rules to set the spam confidence level (SCL) in messages in EOP
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP uses anti-spam policies (also known as spam filter policies or content filter policies) to scan inbound messages for spam. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
-
-If you want to mark specific messages as spam before they're even scanned by spam filtering, or mark messages so they'll skip spam filtering, you can create mail flow rules (also known as transport rules) to identify the messages and set the spam confidence level (SCL). For more information about the SCL, see [Spam confidence level (SCL) in EOP](spam-confidence-levels.md).
-
-## What do you need to know before you begin?
--- You need to be assigned permissions in Exchange Online or Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Transport Rules** role, which is assigned to the **Organization Management**, **Compliance Management** (global admins), and **Records Management** role groups by default.-
- For more information, see the following topics:
-
- - [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo)
- - [Permissions in standalone EOP](feature-permissions-in-eop.md)
- - [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups)
--- To open the EAC in Exchange Online, see [Exchange admin center in Exchange Online](/Exchange/exchange-admin-center). To open the EAC in standalone EOP, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- For more information about mail flow rules in Exchange Online and Exchange Online Protection, see [Mail flow rules (transport rules) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rules)-
-## Use the EAC to create a mail flow rule that sets the SCL of a message
-
-1. In the EAC, go to **Mail flow** \> **Rules**.
-
-2. Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png) and then select **Create a new rule**.
-
-3. In the **New rule** page that opens, configure the following settings:
-
- - **Name**: Enter a unique, descriptive name for the rule.
-
- - Click **More Options**.
-
- - **Apply this rule if**: Select one or more conditions to identify messages. For more information, see [Mail flow rule conditions and exceptions (predicates) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/conditions-and-exceptions).
-
- - **Do the following**: Select **Modify the message properties** \> **set the spam confidence level (SCL)**. In the **Specify SCL** dialog that appears, configure one of the following values:
-
- - **Bypass spam filtering**: The messages will skip spam filtering.
-
- > [!CAUTION]
- > Be very careful about allowing messages to skip spam filtering. Attackers can use this vulnerability to send phishing and other malicious messages into your organization. The mail flow rules requires more than just the sender's email address or domain. For more information, see [Create safe sender lists in EOP](create-safe-sender-lists-in-office-365.md).
-
- - **0 to 4**: The message is sent through spam filtering for additional processing.
-
- - **5 or 6**: The message is marked as **Spam**. The action that you've configured for **Spam** filtering verdicts in your anti-spam policies is applied to the message (the default value is **Move message to Junk Email folder**).
-
- - **7 to 9**: The message is marked as **High confidence spam**. The action that you've configured for **High confidence spam** filtering verdicts in your anti-spam policies is applied to the message (the default value is **Move message to Junk Email folder**).
-
-4. Specify any additional properties that you want for the rule. When you're finished, click **Save**.
-
-## How do you know this worked?
-
-To verify that this procedure is working correctly, send an email message to someone inside your organization, and verify that the action performed on the message is as expected. For example, if you **set the spam confidence level (SCL)** to **Bypass spam filtering**, then the message should be sent to the specified recipient's inbox. However, if you **set the spam confidence level (SCL)** to **9**, and the **High confidence spam** action for your applicable anti-spam policies is to move the message to the Junk Email folder, then the message should be sent to the specified recipient's Junk Email folder.
security Use Transport Rules To Configure Bulk Email Filtering https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-transport-rules-to-configure-bulk-email-filtering.md
- Title: Use mail flow rules to filter bulk email
- - NOCSH
-----
-localization_priority: Normal
- - MET150
-
- - M365-security-compliance
-description: Admins can learn how to use mail flow rules (transport rules) to identify and filter bulk mail (gray mail) in Exchange Online Protection (EOP).
---
-# Use mail flow rules to filter bulk email in EOP
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP uses anti-spam policies (also known as spam filter policies or content filter policies) to scan inbound messages for spam and bulk mail (also known as gray mail). For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
-
-If you want more options to filter bulk mail, you can create mail flow rules (also known as transport rules) to search for text patterns or phrases that are frequently found in bulk mail, and mark those messages as spam. For more information about bulk mail, see [What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md) and [Bulk complaint level (BCL) in EOP](bulk-complaint-level-values.md).
-
-This topic explains how create these mail flow rules in the Exchange admin center (EAC) and PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes).
-
-## What do you need to know before you begin?
--- You need to be assigned permissions in Exchange Online or Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Transport Rules** role, which is assigned to the **Organization Management**, **Compliance Management** (global admins), and **Records Management** role groups by default.-
- For more information, see the following topics:
-
- - [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo)
- - [Permissions in standalone EOP](feature-permissions-in-eop.md)
- - [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups)
--- To open the EAC in Exchange Online, see [Exchange admin center in Exchange Online](/Exchange/exchange-admin-center). To open the EAC in standalone EOP, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- For more information about mail flow rules in Exchange Online and standalone EOP, see the following topics:-
- - [Mail flow rules (transport rules) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rules)
-
- - [Mail flow rule conditions and exceptions (predicates) in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/conditions-and-exceptions)
-
- - [Mail flow rule actions in Exchange Online](/Exchange/security-and-compliance/mail-flow-rules/mail-flow-rule-actions)
--- The list of words and text patterns that are used to identify bulk mail in the examples aren't exhaustive; you can add and remove entries as necessary. However, they are a good starting point.--- The search for words or text patterns in the subject or other header fields in the message occurs *after* the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages.--- The following procedures mark a bulk message as spam for your entire organization. However, you can add another condition to apply these rules only to specific recipients, so you can use aggressive filtering on a few, highly targeted users, while the rest of your users (who mostly get the bulk email they signed up for) aren't impacted.-
-## Use the EAC to create mail flow rules that filter bulk email
-
-1. In the EAC, go to **Mail flow** \> **Rules**.
-
-2. Click **Add** ![Add icon](../../media/ITPro-EAC-AddIcon.png) and then select **Create a new rule**.
-
-3. In the **New rule** page that opens, configure the following settings:
-
- - **Name**: Enter a unique, descriptive name for the rule.
-
- - Click **More Options**.
-
- - **Apply this rule if**: Configure one of the following settings to look for content in messages using regular expressions (RegEx) or words or phrases:
-
- - **The subject or body** \> **subject or body matches these text patterns**: In the **Specify words or phrases** dialog that appears, enter one of the following values, click **Add** ![Add Icon](../../media/ITPro-EAC-AddIcon.png), and repeat until you've entered all the values.
-
- - `If you are unable to view the content of this email\, please`
- - `\>(safe )?unsubscribe( here)?\</a\>`
- - `If you do not wish to receive further communications like this\, please`
- - `<img height="?1"? width="?1"? src=.?http\://`
- - `To stop receiving these+emails\:http\://`
- - `To unsubscribe from \w+ (e\-?letter|e?-?mail|newsletter)`
- - `no longer (wish )?(to )?(be sent|receive) w+ email`
- - `If you are unable to view the content of this email\, please click here`
- - `To ensure you receive (your daily deals|our e-?mails)\, add`
- - `If you no longer wish to receive these emails`
- - `to change your (subscription preferences|preferences or unsubscribe)`
- - `click (here to|the) unsubscribe`
-
- To edit an entry, select it and click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png). To remove an entry, select it and click **Remove** ![Remove icon](../../media/ITPro-EAC-DeleteIcon.png).
-
- When you're finished, click **OK**.
-
- - **The subject or body** \> **subject or body includes any of these words**: In the **Specify words or phrases** dialog that appears, enter one of the following values, click **Add** ![Add Icon](../../media/ITPro-EAC-AddIcon.png), and repeat until you've entered all the values.
-
- - `to change your preferences or unsubscribe`
- - `Modify email preferences or unsubscribe`
- - `This is a promotional email`
- - `You are receiving this email because you requested a subscription`
- - `click here to unsubscribe`
- - `You have received this email because you are subscribed`
- - `If you no longer wish to receive our email newsletter`
- - `to unsubscribe from this newsletter`
- - `If you have trouble viewing this email`
- - `This is an advertisement`
- - `you would like to unsubscribe or change your`
- - `view this email as a webpage`
- - `You are receiving this email because you are subscribed`
-
- To edit an entry, select it and click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png). To remove an entry, select it and click **Remove** ![Remove icon](../../media/ITPro-EAC-DeleteIcon.png).
-
- When you're finished, click **OK**.
-
- - **Do the following**: Select **Modify the message properties** \> **set the spam confidence level (SCL)**. In the **Specify SCL** dialog that appears, configure one of the following settings:
-
- - To mark messages as **Spam**, select **6**. The action that you've configured for **Spam** filtering verdicts in your anti-spam policies is applied to the messages (the default value is **Move message to Junk Email folder**).
-
- - To mark messages as **High confidence spam** select **9**. The action that you've configured for **High confidence spam** filtering verdicts in your anti-spam policies is applied to the messages (the default value is **Move message to Junk Email folder**).
-
- For more information about SCL values, see [Spam confidence level (SCL) in EOP](spam-confidence-levels.md).
-
- When you're finished, click **Save**
-
-## Use PowerShell to create mail flow rules that filter bulk email
-
-Use the following syntax to create one or both of the mail flow rules (regular expressions vs. words):
-
-```powershell
-New-TransportRule -Name "<UniqueName>" [-SubjectOrBodyMatchesPatterns "<RegEx1>","<RegEx2>"...] [-SubjectOrBodyContainsWords "<WordOrPhrase1>","<WordOrPhrase2>"...] -SetSCL <6 | 9>
-```
-
-This example creates a new rule named "Bulk email filtering - RegEx" that uses the same list of regular expressions from earlier in the topic to set messages as **Spam**.
-
-```powershell
-New-TransportRule -Name "Bulk email filtering - RegEx" -SubjectOrBodyMatchesPatterns "If you are unable to view the content of this email\, please","\>(safe )?unsubscribe( here)?\</a\>","If you do not wish to receive further communications like this\, please","\<img height\="?1"? width\="?1"? src=.?http\://","To stop receiving these+emails\:http\://","To unsubscribe from \w+ (e\-?letter|e?-?mail|newsletter)","no longer (wish )?(to )?(be sent|receive) w+ email","If you are unable to view the content of this email\, please click here","To ensure you receive (your daily deals|our e-?mails)\, add","If you no longer wish to receive these emails","to change your (subscription preferences|preferences or unsubscribe)","click (here to|the) unsubscribe"... -SetSCL 6
-```
-
-This example creates a new rule named "Bulk email filtering - Words" that uses the same list of words from earlier in the topic to set messages as **High confidence spam**.
-
-```powershell
-New-TransportRule -Name "Bulk email filtering - Words" -SubjectOrBodyContainsWords "to change your preferences or unsubscribe","Modify email preferences or unsubscribe","This is a promotional email","You are receiving this email because you requested a subscription","click here to unsubscribe","You have received this email because you are subscribed","If you no longer wish to receive our email newsletter","to unsubscribe from this newsletter","If you have trouble viewing this email","This is an advertisement","you would like to unsubscribe or change your","view this email as a webpage","You are receiving this email because you are subscribed" -SetSCL 9
-```
-
-For detailed syntax and parameter information, see [New-TransportRule](/powershell/module/exchange/new-transportrule).
-
-## How do you know this worked?
-
-To verify that you've configured mail flow rules to filter bulk email, do any of the following steps:
--- In the EAC, go to **Mail flow** \> **Rules** \> select the rule \> click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png), and verify the settings.--- In PowerShell, replace \<Rule Name\> with the name of the rule, and run the following command to verify the settings:-
- ```powershell
- Get-TransportRule -Identity "<Rule Name>" | Format-List
- ```
--- From an external account, send a test messages to an affected recipient that contains one of the phrases or text patterns, and verify the results.
security User Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md
In Microsoft 365 organizations with Exchange Online mailboxes, you can specify a
- [The Report Phishing add-in](enable-the-report-phish-add-in.md) -- [Built-in reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md) (formerly known as Outlook Web App)
+- [Third-party reporting tools](#third-party-reporting-tools)
-- [Built-in reporting in Outlook for iOS and Android](report-junk-email-and-phishing-scams-in-outlook-for-iOS-and-Android.md)
+Delivering user reported messages to a custom mailbox instead of directly to Microsoft allows your admins to selectively and manually report messages to Microsoft using [Admin submission](admin-submission.md).
> [!NOTE] > If reporting has been [disabled in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md#disable-or-enable-junk-email-reporting-in-outlook-on-the-web), enabling user submissions here will override that setting and enable users to report messages in Outlook on the web again.
-You can also configure third-party message reporting tools to forward messages to the mailbox that you specify.
-
-Delivering user reported messages to a custom mailbox instead of directly to Microsoft allows your admins to selectively and manually report messages to Microsoft using [Admin submission](admin-submission.md).
- ## Custom mailbox prerequisites Use the following articles to configure the prerequisites required so user reported messages go to your custom mailbox: -- Skip spam filtering on the custom mailbox by creating an exchange mail flow rule to set the spam confidence level. See [Use the EAC to create a mail flow rule that sets the SCL of a message](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md#use-the-eac-to-create-a-mail-flow-rule-that-sets-the-scl-of-a-message) to set the SCL to **Bypass spam filtering**.
+- Skip spam filtering on the custom mailbox by creating an exchange mail flow rule to set the spam confidence level. See [Use the EAC to create a mail flow rule that sets the SCL of a message](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl#use-the-eac-to-create-a-mail-flow-rule-that-sets-the-scl-of-a-message) to set the SCL to **Bypass spam filtering**.
- Turn off scanning attachments for malware in the custom mailbox. Use [Set up Safe Attachments policies in Defender for Office 365](set-up-safe-attachments-policies.md) to create a Safe Attachments policy with the setting **Off** for **Safe Attachments unknown malware response**.
the following settings:
When you're finished, click **Confirm**.
+## Third-party reporting tools
+
+You can configure third-party message reporting tools to send reported messages to the custom mailbox. The only requirement is that the original message is included as an attachment in the message that's sent to the custom mailbox (don't just forward the original message to the custom mailbox).
+
+The message formatting requirements are described in the next section.
+ ## Message submission format
-Messages sent to custom mailboxes need to follow a specific submission mail format. The Subject (Envelope Title) of the submission should be in this format:
+To correctly identify the original attached messages, messages that are sent to the custom mailbox require specific formatting. If the messages don't use this format, the original attached messages are always identified as phishing submissions.
+
+For correct identification of the original attached messages, messages that are sent to the custom mailbox need to use the following syntax for the Subject (Envelope Title):
`SafetyAPIAction|NetworkMessageId|SenderIp|FromAddress|(Message Subject)`
where SafetyAPIAction is one of the following integer values:
- 2: Not junk - 3: Phishing
-In the following example:
+This example uses the following values:
- The message is being reported as phishing. - The Network Message ID is 49871234-6dc6-43e8-abcd-08d797f20abe.
In the following example:
`3|49871234-6dc6-43e8-abcd-08d797f20abe|167.220.232.101|test@contoso.com|(test phishing submission)`
-Messages that do not follow this format will not display properly in the Submissions portal.
+Messages that don't follow this format will not display properly in the Submissions portal.
security View The Admin Audit Log Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-the-admin-audit-log-eop.md
- Title: View the admin audit log in standalone EOP
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
-description: Admins can learn how to view and search the admin audit log in standalone Exchange Online Protection (EOP).
--
-# View the admin audit log in standalone EOP
-
-**Applies to**
-- [Exchange Online Protection standalone](exchange-online-protection-overview.md)---
-In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can use the Exchange admin center (EAC) or standalone EOP PowerShell to search for and view entries in the admin audit log.
-
-The admin audit log records specific actions, based on standalone EOP PowerShell cmdlets, done by admins and users who have been assigned administrative privileges. Entries in the admin audit log provide you with information about what cmdlet was run, which parameters were used, who ran the cmdlet, and what objects were affected.
-
-> [!NOTE]
->
-> - Admin auditing logging is enabled by default, and you can't disable it.
->
-> - The admin audit log doesn't record actions based on cmdlets that begins with the verbs **Get**, **Search**, or **Test**.
->
-> - Audit log entries are kept for 90 days. When an entry is older than 90 days, it's deleted
-
-## What do you need to know before you begin?
--- To open the Exchange admin center, see [Exchange admin center in standalone EOP](exchange-admin-center-in-exchange-online-protection-eop.md).--- To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- You need to be assigned permissions in Exchange Online Protection before you can do the procedures in this article. Specifically, you need the **Audit Logs** or **View-Only Audit Logs** role, which are assigned to the **Organization Management**, **Compliance Management**, and **Security Administrator** role groups by default. For more information, see [Permissions in standalone EOP](feature-permissions-in-eop.md) and [Use the EAC modify the list of members in role groups](manage-admin-role-group-permissions-in-eop.md#use-the-eac-modify-the-list-of-members-in-role-groups).--- For information about keyboard shortcuts that may apply to the procedures in this article, see [Keyboard shortcuts for the Exchange admin center in Exchange Online](/Exchange/accessibility/keyboard-shortcuts-in-admin-center).-
-> [!TIP]
-> Having problems? Ask for help in the [Exchange Online Protection](https://social.technet.microsoft.com/Forums/forefront/home?forum=FOPE) forum.
-
-## Use the EAC to view the admin audit log
-
-1. In the EAC, go to **Compliance management** \> **Auditing**, and then choose **Run the admin audit log report**.
-
-2. In the **Search for changes to administrator role groups** page that opens, choose a **Start date** and **End date** (the default range is the past two weeks), and then choose **Search**. All configuration changes made during the specified time period are displayed, and can be sorted, using the following information:
-
- - **Date**: The date and time that the configuration change was made. The date and time are stored in Coordinated Universal Time (UTC) format.
-
- - **Cmdlet**: The name of the cmdlet that was used to make the configuration change.
-
- - **User**: The name of the user account of the user who made the configuration change.
-
- Up to 5000 entries will be displayed on multiple pages. Specify a smaller date range if you need to narrow your results. If you select an individual search result, the following additional information is displayed in the details pane:
-
- - **Object modified**: The object that was modified by the cmdlet.
-
- - **Parameters (Parameter:Value)**: The cmdlet parameters that were used, and any value specified with the parameter.
-
-3. If you want to print a specific audit log entry, choose the **Print** button in the details pane.
-
-## Use standalone EOP PowerShell to view the admin audit log
-
-You can use standalone EOP PowerShell to search for audit log entries that meet the criteria you specify. Use the following syntax:
-
-```PowerShell
-Search-AdminAuditLog [-Cmdlets <Cmdlet1,Cmdlet2,...CmdletN>] [-Parameters <Parameter1,Parameter2,...ParameterN>] [-StartDate <UTCDateTime>] [-EndDate <UTCDateTime>] [-UserIds <"User1","User2",..."UserN">] [-ObjectIds <"Object1","Object2",..."ObjectN">] [-IsSuccess <$true | $false>]
-```
-
-**Notes**:
--- You can only use the _Parameters_ parameter together with the _Cmdlets_ parameter.--- The _ObjectIds_ parameter filters the results by the object that was modified by the cmdlet. A valid value depends on how the object is represented in the audit log. For example:-
- - Name
- - Canonical distinguished name (for example, contoso.com/Users/Akia Al-Zuhairi)
-
- You'll likely need to use other filtering parameters on this cmdlet to narrow down the results and identify the types of objects that you're interested in.
--- The _UserIds_ parameter filters the results by the user who made the change (who ran the cmdlet).--- For the _StartDate_ and _EndDate_ parameters, if you specify a date/time value without a time zone, the value is in Coordinated Universal Time (UTC). To specify a date/time value for this parameter, use either of the following options:-
- - Specify the date/time value in UTC: For example, "2016-05-06 14:30:00z".
-
- - Specify the date/time value as a formula that converts the date/time in your local time zone to UTC: For example, `(Get-Date "5/6/2016 9:30 AM").ToUniversalTime()`. For more information, see [Get-Date](/powershell/module/microsoft.powershell.utility/get-date).
--- The cmdlet returns a maximum of 1,000 log entries by default. Use the _ResultSize_ parameter to specify up to 250,000 log entries. Or, use the value `Unlimited` to return all entries.-
-This example performs a search for all audit log entries with the following criteria:
--- **Start date**: August 4, 2019-- **End date**: October 3, 2019-- **Cmdlets**: Update-RoleGroupMember-
-```PowerShell
-Search-AdminAuditLog -Cmdlets Update-RoleGroupMember -StartDate (Get-Date "08/04/2019").ToUniversalTime() -EndDate (Get-Date "10/03/2019").ToUniversalTime()
-```
-
-For detailed syntax and parameter information, see [Search-AdminAuditLog](/powershell/module/exchange/search-adminauditlog).
-
-### View details of audit log entries
-
-The **Search-AdminAuditLog** cmdlet returns the fields described in the [Audit log contents](#audit-log-contents) section later in this article. Of the fields returned by the cmdlet, two fields, **CmdletParameters** and **ModifiedProperties**, contain additional information that isn't returned by default.
-
-To view the contents of the **CmdletParameters** and **ModifiedProperties** fields, use the following steps.
-
-1. Decide the criteria you want to search for, run the **Search-AdminAuditLog** cmdlet, and store the results in a variable using the following command.
-
- ```PowerShell
- $Results = Search-AdminAuditLog <search criteria>
- ```
-
-2. Each audit log entry is stored as an array element in the variable `$Results`. You can select an array element by specifying its array element index. Array element indexes start at zero (0) for the first array element. For example, to retrieve the 5th array element, which has an index of 4, use the following command.
-
- ```PowerShell
- $Results[4]
- ```
-
-3. The previous command returns the log entry stored in array element 4. To see the contents of the **CmdletParameters** and **ModifiedProperties** fields for this log entry, use the following commands.
-
- ```PowerShell
- $Results[4].CmdletParameters
- $Results[4].ModifiedProperties
- ```
-
-4. To view the contents of the **CmdletParameters** or **ModifiedParameters** fields in another log entry, change the array element index.
-
-## Audit log contents
-
-Each audit log entry contains the information described in the following table. The audit log contains one or more audit log entries.
-
-****
-
-|Field|Description|
-|||
-|`RunspaceId`|This field is used internally by EOP.|
-|`ObjectModified`|This field contains the object that was modified by the cmdlet specified in the `CmdletName` field.|
-|`CmdletName`|This field contains the name of the cmdlet that was run by the user in the `Caller` field.|
-|`CmdletParameters`|This field contains the parameters that were specified when the cmdlet in the `CmdletName` field was run. Also stored in this field, but not visible in the default output, is the value specified with the parameter, if any.|
-|`ModifiedProperties`|This field contains the properties that were modified on the object in the `ObjectModified` field. Also stored in this field, but not visible in the default output, are the old value of the property and the new value that was stored.|
-|`Caller`|This field contains the user account of the user who ran the cmdlet in the `CmdletName` field.|
-|`ExternalAccess`|This field is used internally by EOP.|
-|`Succeeded`|This field specifies whether the cmdlet in the `CmdletName` field ran successfully. The value is either `True` or `False`.|
-|`Error`|This field contains the error message generated if the cmdlet in the `CmdletName` field failed to complete successfully.|
-|`RunDate`|This field contains the date and time when the cmdlet in the `CmdletName` field was run. The date and time are stored in Coordinated Universal Time (UTC) format.|
-|`OriginatingServer`|This field indicates the server on which the cmdlet specified in the `CmdletName` field was run.|
-|`ClientIP`|This field is used internally by EOP.|
-|`SessionId`|This field is used internally by EOP.|
-|`AppId`|This field is used internally by EOP.|
-|`ClientAppId`|This field is used internally by EOP.|
-|`Identity`|This field is used internally by EOP.|
-|`IsValid`|This field is used internally by EOP.|
-|`ObjectState`|This field is used internally by EOP.|
-|
solutions Productivity Illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md
to move your content to SharePoint, Teams, and OneDrive and how your data flows
| Item | Description | |:--|:--|
-|[![Model poster: Migrate to Microsoft 365](../media/solutions-architecture-center/msft-migration-thumb.png)](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/Migration-posters-mm-spmt.pdf) <br/>[Download as a PDF](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/m365-migration-posters-mm-spmt.pdf) | [Download as a Visio](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/m-365-migration-posters-mm-spmt.vsdx) <br/> Updated March 2021 |Includes: <ul><li> File share migration</li><li>SharePoint Server migration </li> </ul><br> For more information, see [Migrate your content to Microsoft 365](/sharepointmigration/migrate-to-sharepoint-online).|
+|[![Model poster: Migrate to Microsoft 365](../media/solutions-architecture-center/msft-migration-thumb.png)](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/Migration-posters-mm-spmt.pdf) <br/>[PDF](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/m365-migration-posters-mm-spmt.pdf)\|[Visio](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/m-365-migration-posters-mm-spmt.vsdx) <br/> Updated March 2021 |Includes: <ul><li> File share migration</li><li>SharePoint Server migration </li> </ul><br> For more information, see [Migrate your content to Microsoft 365](/sharepointmigration/migrate-to-sharepoint-online).|
## Microsoft 365 information protection and compliance capabilities