| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Remove License From Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/remove-license-from-shared-mailbox.md | Shared mailboxes usually don't require a license. Follow these instructions to r > - The shared mailbox has more than 50 GB of storage in use. > - The shared mailbox uses in-place archiving. > - The shared mailbox is placed in litigation hold.-> - The shared mailbox has a Microsoft 365 Defender license assigned. > > For step-by-step instructions on how to assign licenses, see [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users). |
| admin | Business Set Up | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/business-set-up.md | - Title: "Set up Microsoft 365 Business Premium"------ 'O365E_M365SetupBanner'-- 'BCS365_M365SetupBanner'---- Adm_O365-- M365-subscription-management-- TRN_SMB-- Adm_TOC--- Adm_O365-- Core_O365Admin_Migration-- MSB365-- OKR_SMB_M365-- TRN_M365B-- OKR_SMB_Videos-- seo-marvel-mar-- AdminSurgePortfolio-- adminvideo-- BCS160-- MET150 -description: "Discover the setup steps for Microsoft 365 Business Premium, including adding a domain and users, setting up security policies, and more." ---# Set up Microsoft 365 Business Premium in the setup wizard --## Watch: Overview of Microsoft 365 setup --Watch this video for an overview of Microsoft 365 Business Premium setup.<br><br> --> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4jZwg] --## Watch: Set up Microsoft 365 Business Premium --> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE471FJ?autoplay=false] --1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, and select **Go to setup**. The setup wizard will start. -1. After your setup is complete, return to the Microsoft admin center. In the admin center you can continue setting up features like Windows 10 policies, DLP, etc. on the **Setup** page. --## Add your domain, users, and set up policies --When you purchase Microsoft 365 Business Premium, you have the option of using a domain you own, or buying one during the [sign-up](../admin-overview/sign-up-for-office-365.md). --- If you purchased a new domain when you signed up, your domain is all set up and you can move to [Add users and assign licenses](#add-users-and-assign-licenses).--### Add your domain to personalize sign-in --1. Sign in to [Microsoft 365 admin center](https://admin.microsoft.com) by using your global admin credentials. --2. Choose **Go to setup** to start the wizard. --  --3. On the **Install your Office apps** page, you can optionally install the apps on your own computer. - -4. In the **Add domain** step, enter the domain name you want to use (like contoso.com). -- > [!IMPORTANT] - > If you purchased a domain during the sign-up, you will not see **Add a domain** step here. Go to [Add users](#add-users-and-assign-licenses) instead. --  -- -4. Follow the steps in the wizard to [Create DNS records at any DNS hosting provider for Microsoft 365](/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider) that verifies you own the domain. If you know your domain host, see also [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain). -- If your hosting provider is GoDaddy or another host enabled with [domain connect](/office365/admin/get-help-with-domains/domain-connect), the process is easy and you'll be automatically asked to sign in and let Microsoft authenticate on your behalf. --  --### Add users and assign licenses --You can add users in the wizard, but you can also [add users later](../add-users/add-users.md) in the admin center. Additionally, if you have a local domain controller, you can add users with [Azure AD Connect](/azure/active-directory/hybrid/how-to-connect-install-express). --#### Add users in the wizard --Any users you add in the wizard get automatically assigned a Microsoft 365 Business Premium license. -- --1. If your Microsoft 365 Business Premium subscription has existing users (for example, if you used Azure AD Connect), you get an option to assign licenses to them now. Go ahead and add licenses to them as well. --2. After you've added the users, you'll also get an option to share credentials with the new users you added. You can choose to print them out, email them, or download them. --### Connect your domain --> [!NOTE] -> If you chose to use the .onmicrosoft domain, or used Azure AD Connect to set up users, you will not see this step. - -To set up services, you have to update some records at your DNS host or domain registrar. - -1. The setup wizard typically detects your registrar and gives you a link to step-by-step instructions for updating your NS records at the registrar website. If it doesn't, [Change nameservers to set up Microsoft 365 with any domain registrar](../get-help-with-domains/change-nameservers-at-any-domain-registrar.md). -- - If you have existing DNS records, for example an existing web site, but your DNS host is enabled for [domain connect](/office365/admin/get-help-with-domains/domain-connect), choose **Add records for me**. On the **Choose your online services** page, accept all the defaults, and choose **Next**, and choose **Authorize** on your DNS host's page. - - If you have existing DNS records with other DNS hosts (not enabled for domain connect), you'll want to manage your own DNS records to make sure the existing services stay connected. See [domain basics](/office365/admin/get-help-with-domains/dns-basics) for more info. --  --2. Follow the steps in the wizard and email and other services will be set up for you. --### Protect your organization --The policies you set up in the wizard are applied automatically to a [Security group](/office365/admin/create-groups/compare-groups#security-groups) called *All Users*. You can also create additional groups to assign policies to in the admin center. --1. On the **Increase protection from advanced cyber threats**, it is recommended that you accept the defaults to let [Office 365 Advance Threat Protection](../../security/office-365-security/defender-for-office-365.md) scan files and links in Office apps. --  ---2. On the **Prevent leaks of sensitive data** page, accept the defaults to turn on Microsoft Purview Data Loss Prevention to track sensitive data in Office apps and prevent the accidental sharing of these outside your organization. --3. On the **Protect data in Office for mobile** page, leave mobile app management on, expand the settings and review them, and then select **Create mobile app management policy**. --  ---## Secure Windows 10 PCs --On the left nav, select **Setup** and then, under **Sign-in and security**, choose **Secure your Windows 10 computers**. Choose **View** to get started. See [secure your Windows 10 computers](secure-win-10-pcs.md) for complete instructions. --## Deploy Office 365 client apps --If you chose to automatically install Office apps during setup, the apps will install on the Windows 10 devices once the users have signed in to Azure AD from their Windows devices, using their work credentials. --To install Office on mobile iOS or Android devices, see [Set up mobile devices for Microsoft 365 Business Premium users](set-up-mobile-devices.md). --You can also install Office individually. See [install Office on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) for instructions. --## Related content --[Microsoft 365 for business training videos](../../business-video/index.yml) (link page) |
| admin | Secure Win 10 Pcs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/secure-win-10-pcs.md | description: "Learn how to secure Windows 10 PCs after you have set up Microsoft This article applies to Microsoft 365 Business Premium. -After you have [set up](business-set-up.md) Microsoft 365 Business Premium, it is time to protect the Windows 10 computers in your org from theft, and malicious threats like viruses and malware. +After you have [set up](/microsoft-365/business-premium/m365bp-setup) Microsoft 365 Business Premium, it is time to protect the Windows 10 computers in your org from theft, and malicious threats like viruses and malware. ## Watch: Secure your Windows 10 PCs |
| bookings | Bookings In Outlook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-in-outlook.md | Use the **Get-CASMailbox** and **Set-CASMailbox** commands to check user status 2. Check the individualΓÇÖs **EwsApplicationAccessPolicy** by running the following command: ```PowerShell- Get-CASMailbox -Identity adam@contoso.com| Format-List EwsApplicationAccessPolicy,Ews*List + Get-CASMailbox -Identity adam@contoso.com | Format-List EwsApplicationAccessPolicy,Ews*List ``` **A**. If the value of **EwsApplicationAccessPolicy** is **EnforceAllowList**, only the applications specified in EwsAllowList are allowed to access EWS and REST. Use the **Get-CASMailbox** and **Set-CASMailbox** commands to check user status - To turn off Bookings in Outlook for this user, add **MicrosoftOWSPersonalBookings** to **EnforceBlockList** by running the following command: ```PowerShell- Set-CASMailbox -Identity adam@contoso.com -EwsApplicationAccessPolicy EnforceBlockList @{Add="MicrosoftOWSPersonalBookings"} + Set-CASMailbox -Identity adam@contoso.com -EwsBlockList @{Add="MicrosoftOWSPersonalBookings"} ``` - To turn on Bookings in Outlook for this user, remove **MicrosoftOWSPersonalBookings**, if present from EnforceBlockList by running the following command: Use the **Get-CASMailbox** and **Set-CASMailbox** commands to check user status - To turn off Bookings in Outlook for this user, set the **EnforceBlockList** policy and add **MicrosoftOWSPersonalBookings** to EWSBlockList by running the following command: ```PowerShell- Set-CASMailbox -Identity Adam -EwsApplicationAccessPolicy EnforceBlockList -EWSBlockList @{Add="MicrosoftOWSPersonalBookings"} + Set-CASMailbox -Identity adam@contoso.com -EwsApplicationAccessPolicy EnforceBlockList -EWSBlockList @{Add="MicrosoftOWSPersonalBookings"} ``` |
| bookings | Turn Bookings On Or Off | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/turn-bookings-on-or-off.md | You can disable Bookings for individual users. ## Allow only selected users to create Bookings calendars -By using policy restrictions, you can restrict licensed users from being able to create Bookings calendars. You must first enable Bookings for your entire organization. All users in your organization will have Bookings licenses, but only those included in the policy can create Bookings calendars and have full control over who can access the calendars they create. +By using policy restrictions, you can restrict licensed users from being able to create Bookings calendars. All users in your organization will have Bookings licenses, but only those included in the policy can create Bookings calendars and have full control over who can access the calendars they create. Users who are included in this policy can create new Bookings calendars and can be added as staff in any capacity (including the administrator role) to existing Bookings calendars. Users who aren't included in this policy won't be able to create new Bookings calendars and will receive an error message if they try to do so. |
| commerce | Change Payment Frequency | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/change-payment-frequency.md | -When you buy a subscription, you choose monthly or annual billing. To change how often you are billed for a subscription, use the following steps. +When you buy a subscription, you select a billing frequency. To change how often you are billed for a subscription, use the following steps. 1. In the admin center, go to the **Billing**\> <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page. 2. On the **Products** tab, select the subscription that you want to change. When you buy a subscription, you choose monthly or annual billing. To change how [View your bill or invoice](../../commerce/billing-and-payments/view-your-bill-or-invoice.md) (article)\ [Paying for your subscription](../../commerce/billing-and-payments/pay-for-your-subscription.md) (article)\ [Learn how to find and view your bill or invoice](view-your-bill-or-invoice.md) (article)\-[Change your billing addresses](change-your-billing-addresses.md) (article) +[Change your billing addresses](change-your-billing-addresses.md) (article) |
| commerce | Understand Your Invoice2 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md | Your bill or invoice provides a summary of charges for your subscription and inc ## How often and when am I billed? -Depending on the billing frequency you chose when you bought your subscription, you receive an invoice either monthly or annually. If you chose annual billing, you only receive one invoice a year, unless activity for your subscription adds a new charge or a credit. --The amount of time since the last invoice date is called the *Billing Period* and is on page one of the invoice. This time represents the date range during which charges accrue for the current invoice. If you made a change to your subscription outside of this date range, like adding or removing licenses, the associated charges appear on the invoice for the next billing period. +Depending on the billing frequency you chose when you bought your subscription, you receive an invoice either monthly, quarterly, semi-annually, or annually. The amount of time since the last invoice date is called the *Billing Period* and is on page one of the invoice. This time represents the date range during which charges accrue for the current invoice. If you made a change to your subscription outside of this date range, like adding or removing licenses, the associated charges appear on the invoice for the next billing period. Starting on page two of the invoice, you see the charges grouped by their *Service Period*. The service period is the date range during which you're charged to use the service. |
| commerce | Manage Billing Accounts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-billing-accounts.md | You can provide others with access to the billing account in the <a href="https: - **Billing account reader** — Can view accounts. > [!Note]-> Billing account roles only apply to billing accounts, and don't apply to other Microsoft 365 admin center scenarios. +> - Billing account roles only apply to billing accounts, and don't apply to other Microsoft 365 admin center scenarios. +> - For billing accounts created inside of Microsoft 365 sign-up, new Global, Billing and Global Reader Administrators are automatically granted distinct levels of access. You can manage this access from the **Billing** > **Billing accounts** page by explicitly removing those users from the role assignment section at the bottom of the page. ## Related content |
| commerce | Manage Self Service Purchases Admins | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins.md | f1.keywords: -+ audience: Admin You can use the **MSCommerce** PowerShell module to: - View a list of applicable products and whether self-service purchase is enabled or disabled - View or modify the current setting for a specific product to either enable or disable it +> [!IMPORTANT] +> When you use the **AllowSelfServicePurchase** policy, it enables or disables both self-service purchases and self-service trials. For a list of the products available for self-service purchase, see [View a list of self-service purchase products and their status](allowselfservicepurchase-powershell.md#view-a-list-of-self-service-purchase-products-and-their-status). Only Project and Visio are available for trial subscriptions. + For more information, see [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](allowselfservicepurchase-powershell.md). ## Centralize licenses under a single subscription |
| compliance | Customer Key Manage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-manage.md | To create a DEP to use with a mailbox, follow these steps: New-DataEncryptionPolicy -Name USA_mailboxes -Description "Root key for mailboxes in USA and its territories" -AzureKeyIDs https://contoso_EastUSvault02.vault.azure.net/keys/USA_key_01, https://contoso_CentralUSvault02.vault.azure.net/keys/USA_Key_02 ``` -For detailed syntax and parameter information, see [New-DataEncryptionPolicy](/powershell/module/exchange/new-data-encryptionpolicy). +For detailed syntax and parameter information, see [New-DataEncryptionPolicy](/powershell/module/exchange/new-dataencryptionpolicy). ### Assign a DEP to a mailbox |
| compliance | Dlp Learn About Dlp | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-learn-about-dlp.md | While in test mode, monitor the outcomes of the policy and fine-tune it so that - add new restricted apps - add new restricted sites +> [!NOTE] +> _Stop processing more rules_ doesn't work in test mode, even when it's turned on. + #### Enable the control and tune your policies Once the policy meets all your objectives, turn it on. Continue to monitor the outcomes of the policy application and tune as needed. |
| compliance | Double Key Encryption | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/double-key-encryption.md | -> *Applies to: Microsoft Purview Double Key Encryption, [Microsoft Purview](https://www.microsoft.com/microsoft-365/business/compliance-management), [Azure Information Protection](https://azure.microsoft.com/pricing/details/information-protection)* +> *Applies to: Microsoft Purview Double Key Encryption, [Microsoft Purview](https://www.microsoft.com/microsoft-365/business/compliance-management), [Azure Information Protection](https://azure.microsoft.com/pricing/)* > > *Instructions for: [Azure Information Protection unified labeling client for Windows](/azure/information-protection/faqs#whats-the-difference-between-the-azure-information-protection-classic-and-unified-labeling-clients)* |
| compliance | Use Notifications And Policy Tips | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-notifications-and-policy-tips.md | For each rule in a DLP policy, you can: - Customize the text that's included in the notification by using HTML or tokens. See the section below for more information. > [!NOTE]-> Email notifications can be sent only to individual recipientsΓÇönot groups or distribution lists. Only new content will trigger an email notification. Editing existing content will trigger policy tips, but not an email notification. +> +> - Email notifications can be sent only to individual recipients, not groups or distribution lists. +> - Only new content will trigger an email notification. Editing existing content will trigger policy tips, but not email notifications. +> - External senders don't receive notifications. Notifications go only to internal users.  |
| compliance | Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md | To meet the challenges of today's decentralized, data-rich workplace, we're intr - [Working with improvement actions](compliance-manager-improvement-actions.md), [Get started with Compliance Manager](compliance-manager-setup.md) - added information about more improvement actions that can be automatically monitored and tested ("continuous compliance assessment"); this includes new abilities to parent the testing status of an action to that of another action. -### Data Classification +### Data classification - [Get Started with Content Explorer](data-classification-content-explorer.md) - Teams guidance added, licensing section pointed to service descriptions. To meet the challenges of today's decentralized, data-rich workplace, we're intr - [Configure endpoint data loss prevention settings](dlp-configure-endpoint-settings.md) - new for public preview of restricted app groups. - [Data loss prevention policy reference](dlp-policy-reference.md) - updated for public preview of restricted app groups. - [Get started with data loss prevention for Power BI](dlp-powerbi-get-started.md) - new for public preview.+- +### Information protection +- [Support for double byte character set release notes](mip-dbcs-relnotes.md) - added guidance for macOS. +- ### Insider risk management - [Get started with insider risk management](insider-risk-management-configure.md) - added new tasks for the Recommended actions guidance. - [Get started with insider risk management settings](insider-risk-management-settings.md) - new updates for the notification and email alerts features, new updates for analytics notifications. -### Microsoft Information Protection --- [Support for double byte character set release notes](mip-dbcs-relnotes.md) - added guidance for macOS.- ### Microsoft Priva - [Configure Priva settings](/privacy/priva/priva-settings) - updated clarifying information about data retention periods for subject rights requests; added details about managing and applying data review tags for subject rights requests. |
| enterprise | Modern Desktop Deployment And Management Lab | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab.md | Detailed lab guides take you through multiple deployment and management scenario - BitLocker - Microsoft Defender Antivirus - Windows Hello for Business+- Windows Defender Credential Guard +- Microsoft Defender Application Guard +- Windows Defender Exploit Guard +- Windows Defender Application Control +- Microsoft Defender for Endpoint + > [!NOTE]-> Please use a broadband internet connection to download this content and allow approximately 30 minutes for automatic provisioning. The lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available memory and 300 GB of free space is recommended. The Windows 10 lab expires August 11, 2022. The Windows 11 lab expires August 7, 2022. New versions will be published prior to expiration. +> Please use a broadband internet connection to download this content and allow approximately 30 minutes for automatic provisioning. The lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available memory and 300 GB of free space is recommended. The evaluation software in these labs expires 90-120 days after activation. New versions of the labs will be published in August, 2022. ## Additional guidance |
| enterprise | View Directory Synchronization Status | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-directory-synchronization-status.md | If you have integrated your on-premises Active Directory Domain Services (AD DS) ## View directory synchronization status - Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) and choose **DirSync Status** on the home page.-- Alternately, you can go to **Users** \> **Active users**, and on the **Active users** page, choose **More** \> **Directory synchronization**. On the **Directory Synchronization** pane, choose **Go to DirSync management**.+- Alternately, you can go to **Users** \> **Active users**, and on the **Active users** page, select the **Elipse** \> **Directory synchronization**. On the **Directory Synchronization** pane, choose **Go to DirSync management**. ## Information on the Manage directory synchronization page The key design decision of how to use Azure AD Connect Health is based on how yo When complete, youΓÇÖll have: - The Azure AD Connect Health agent installed on your on-premises identity provider servers.-- The Azure AD Connect Health portal displaying the current state of your on-premises infrastructure and synchronization activities with the Azure AD tenant for your Microsoft 365 subscription.+- The Azure AD Connect Health portal displaying the current state of your on-premises infrastructure and synchronization activities with the Azure AD tenant for your Microsoft 365 subscription. |
| lti | Onedrive Lti | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/onedrive-lti.md | Integrating Microsoft OneDrive LTI with Canvas is a two-step process. The first > > For more information on how educators can modify their course navigation links, see [How do I manage Course Navigation links?](https://community.canvaslms.com/t5/Instructor-Guide/How-do-I-manage-Course-Navigation-links/ta-p/1020) -7. Save the key, and it becomes available in Canvas in an **Off** state. Turn the key **On** and copy the key given in the **Details** column to be used in the next step. +7. Next, expand the **Additional settings** dropdown and set the **Privacy Level** to **Public**. + + Setting the **Privacy Level** to **Public** allows course members' names to appear to other members for collaboration. ++8. Save the key, and it becomes available in Canvas in an **Off** state. Turn the key **On** and copy the key given in the **Details** column to be used in the next step. :::image type="content" source="media/OneDrive-LTI-19.png" alt-text="The Canvas page with the key set in an off state. It will need to be turned on and the key will need to be copied from the details column on this page."::: -8. Return to the Microsoft OneDrive LTI Registration portal and paste the key in the **Canvas Client ID** field. Select **Next** when you're ready. +9. Return to the Microsoft OneDrive LTI Registration portal and paste the key in the **Canvas Client ID** field. Select **Next** when you're ready. :::image type="content" source="media/OneDrive-LTI-20.png" alt-text="The LTI tenant registration page, which shows the JSON text and the text box the key should be copied into."::: -9. Review and save your changes. A message will be displayed on successful registration. +10. Review and save your changes. A message will be displayed on successful registration. -10. Your registration details can also be reviewed by selecting the **View LTI Tenants** button on the home page. +11. Your registration details can also be reviewed by selecting the **View LTI Tenants** button on the home page. Future releases may require additional admin consent. In those cases, you'll need to repeat only steps 1 and 2. |
| scheduler | Scheduler Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-preferences.md | + + Title: "Adjust scheduling preferences for Scheduler for Microsoft 365 Overview" ++++audience: Admin +++ms.localizationpriority: medium +description: "Learn how to adjust scheduling preferences for Scheduler for Microsoft 365." +++Scheduling Preferences +====================== ++Scheduler takes into account several Outlook preferences to schedule a meeting for an organizer. Any changes to their preference settings via Outlook clients will automatically be reflected in how Scheduler handles the subsequent requests sent to Cortana. For instance, if an organizer changes their time zone preference on the Settings page in Outlook Web, all subsequent requests by the organizer will default to the new time zone value. ++Supported Settings +++Time zone +++The time zone used when determining an appropriate time to schedule meetings. See [Add, remove, or change time zones](https://support.microsoft.com/en-us/office/add-remove-or-change-time-zones-5ab3e10e-5a6c-46af-ab48-156fedf70c04) documentation. ++Work hours and days +- ++For most meeting types, Scheduler will schedule a time according to the organizer's work week and meeting hours preferences. See [Change your work hours and days in Outlook](https://support.microsoft.com/en-us/office/change-your-work-hours-and-days-in-outlook-a27f261d-0681-415f-8ac1-388ab21e833f) documentation. ++Online meetings +++You can turn on a Calendar option so that all the meetings you schedule from Outlook and Scheduler will be held online with conference details. Scheduler currently supports Teams and Skype as meeting providers. See [Make all meetings Teams meetings](https://support.microsoft.com/en-us/office/schedule-a-teams-meeting-from-outlook-883cc15c-580f-441a-92ea-0992c00a9b0f#bkmk_makeallteamsmtngs) documentation. ++Default meeting duration +++If the organizer does not specify the desired meeting duration in the request, Scheduler will use the preferred meeting duration for the request. This setting is only available in the Windows Outlook client. ++1. Click on **File** > **Options** ++2. Select **Calendar** in the **Navigation Pane**. ++3. The default duration setting is located under **Calendar** **Options**. ++ ++Avoid back-to-back meetings +++Outlook now has a setting that automatically starts meetings late or ends meetings early to avoid back-to-back meetings. If set, Scheduler will also shorten the meeting duration according to the preference setting. See [Change default meeting length](https://techcommunity.microsoft.com/t5/hybrid-work/change-default-meeting-length-in-outlook-avoid-back-to-back/m-p/1247361) in Outlook documentation. ++##Additional Note ++- If you use the Windows client, you must set the following option to ensure that your preferences are synced across Scheduler and other Outlook clients: ++ |
| security | Microsoft 365 Zero Trust | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/Microsoft-365-zero-trust.md | Use this article together with this poster. | Item | Description | |:--|:--|-|[</li></ul> +|[</li></ul> ## Zero Trust security architecture |
| security | Compare Mdb M365 Plans | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/compare-mdb-m365-plans.md | Defender for Business brings enterprise-grade capabilities of Defender for Endpo |[Cross-platform support](../defender-endpoint/minimum-requirements.md) <br/>(Windows, macOS, iOS, and Android OS)|Yes <sup>[[6](#fn6)]</sup>|Yes|Yes| |[Microsoft Threat Experts](../defender-endpoint/microsoft-threat-experts.md)|No|No|Yes| |Partner APIs|Yes|Yes|Yes|-|[Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants)|Yes|No|No| +|[Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants)|Yes |Yes <sup>[[7](#fn7)]</sup>|Yes <sup>[[7](#fn7)]</sup>| (<a id="fn1">1</a>) Onboard and manage devices in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or with Microsoft Intune, managed in the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)). Defender for Business brings enterprise-grade capabilities of Defender for Endpo (<a id="fn6">6</a>) See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md). +(<a id="fn7">7</a>) The ability to view incidents across tenants using Defender for Endpoint is new! + ## Next steps - [See the requirements for Microsoft Defender for Business](mdb-requirements.md) |
| security | Get Defender Business | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/get-defender-business.md | If you have signed up for a trial, after you receive your acceptance email, you ## Get Microsoft 365 Business Premium -*Beginning March 1, 2022, Defender for Business is rolling out as part of Microsoft 365 Business Premium*. +*As of March 1, 2022, Defender for Business is included in Microsoft 365 Business Premium*. 1. Visit the [Microsoft 365 Business Premium product page](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium?activetab=pivot%3aoverviewtab). |
| security | Mdb Lighthouse Integration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-lighthouse-integration.md | If you're a Microsoft Cloud Solution Provider (CSP) and you have [Microsoft 365 To access the list of incidents, in Microsoft 365 Lighthouse, on the home page, find the **Security incidents** card, and then select **View all incidents**. -> [!IMPORTANT] -> Capabilities are still rolling out. If you don't have these capabilities yet, you should have them soon. - ## Learn more about Microsoft 365 Lighthouse Microsoft 365 Lighthouse enables Microsoft Cloud Service Providers to secure and manage devices, data, and users at scale for small- and medium-sized business customers who are using one of the following subscriptions: |
| security | Android Configure Mam | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure-mam.md | Microsoft Defender for Endpoint on Android threat information is applied by Intu Microsoft Defender for Endpoint on Android supports both the configurations of MAM - **Intune MDM + MAM**: IT administrators can only manage apps using App Protection Policies on devices that are enrolled with Intune mobile device management (MDM).-- **MAM without device enrollment**: MAM without device enrollment, or MAM-WE, allows IT administrators to manage apps using [App Protection Policies](/mem/intune/app/app-protection-policy) on devices not enrolled with Intune MDM. This provision means that apps can be managed by Intune on devices enrolled with third-party EMM providers. -To manage apps using in both the above configurations customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) +- **MAM without device enrollment**: MAM without device enrollment, or MAM-WE, allows IT administrators to manage apps using [App Protection Policies](/mem/intune/apps/app-protection-policy) on devices not enrolled with Intune MDM. This provision means that apps can be managed by Intune on devices enrolled with third-party EMM providers. +To manage apps in both these configurations customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). To enable this capability an administrator needs to configure the connection between Microsoft Defender for Endpoint and Intune, create the app protection policy, and apply the policy on targeted devices and applications. |
| security | Configure Proxy Internet | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-proxy-internet.md | Use netsh to configure a system-wide static proxy. 2. Enter the following command and press **Enter**: - ```PowerShell + ```command prompt netsh winhttp set proxy <proxy>:<port> ``` Use netsh to configure a system-wide static proxy. To reset the winhttp proxy, enter the following command and press **Enter**: -```PowerShell +```command prompt netsh winhttp reset proxy ``` Verify, the proxy configuration is completed successfully. The WinHTTP can then 4. Enter the following command and press **Enter**: - ```PowerShell + ```command prompt HardDrivePath\MDEClientAnalyzer.cmd ``` Replace *HardDrivePath* with the path, where the MDEClientAnalyzer tool was downloaded. For example: - ```PowerShell + ```command prompt C:\Work\tools\MDEClientAnalyzer\MDEClientAnalyzer.cmd ``` |
| security | Enable Attack Surface Reduction | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md | Attack surface reduction features across Windows versions You can set attack surface reduction rules for devices that are running any of the following editions and versions of Windows: +- [Windows 11 Pro](/windows/whats-new/windows-11-overview) +- [Windows 11 Enterprise](https://www.microsoft.com/microsoft-365/windows/windows-11-enterprise) - Windows 10 Pro, [version 1709](/windows/whats-new/whats-new-windows-10-version-1709) or later - Windows 10 Enterprise, [version 1709](/windows/whats-new/whats-new-windows-10-version-1709) or later - Windows Server, [version 1803 (Semi-Annual Channel)](/windows-server/get-started/whats-new-in-windows-server-1803) or later-- [Windows Server 2019](/windows-server/get-started-19/whats-new-19)-- [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) - [Windows Server 2012 R2](/windows/win32/srvnodes/what-s-new-for-windows-server-2012-r2)-- Windows Server 2022+- [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) +- [Windows Server 2019](/windows-server/get-started-19/whats-new-19) +- [Windows Server 2022](/windows-server/get-started/whats-new-in-windows-server-2022) To use the entire feature-set of attack surface reduction rules, you need: |
| security | Investigate Files | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigate-files.md | Once on the detailed profile page, you can switch between the new and old page l You can get information from the following sections in the file view: - File details, Malware detection, File prevalence+- File PE metadata (if it exists) - Deep analysis - Alerts - Observed in organization The file details, incident, malware detection, and file prevalence cards display You'll see details such as the file's MD5, the Virus Total detection ratio, and Microsoft Defender AV detection if available, and the file's prevalence. -The file prevalence card shows where the file was seen in devices in the organization and worldwide. +The file prevalence card shows where the file was seen in devices in the organization and worldwide. You can easily pivot to the first and last devices where the file was seen on, and continue the investigation in the device timeline. > [!NOTE] > Different users may see dissimilar values in the *devices in organization* section of the file prevalence card. This is because the card displays information based on the RBAC scope that a user has. Meaning, if a user has been granted visibility on a specific set of devices, they will only see the file organizational prevalence on those devices. The file prevalence card shows where the file was seen in devices in the organiz ## Alerts -The **Alerts** tab provides a list of alerts that are associated with the file. This list covers much of the same information as the Alerts queue, except for the device group, if any, the affected device belongs to. You can choose what kind of information is shown by selecting **Customize columns** from the toolbar above the column headers. +The **Alerts** tab provides a list of alerts that are associated with the file, as well as the incident the alert is linked to. This list covers much of the same information as the Alerts queue, except for the device group, if any, the affected device belongs to. You can choose what kind of information is shown by selecting **Customize columns** from the toolbar above the column headers. :::image type="content" source="images/atp-alerts-related-to-file.png" alt-text="The alerts related to the file section" lightbox="images/atp-alerts-related-to-file.png"::: The **Observed in organization** tab allows you to specify a date range to see w :::image type="content" source="images/atp-observed-machines.png" alt-text="The most recent observed devices with the file" lightbox="images/atp-observed-machines.png"::: -Use the slider or the range selector to quickly specify a time period that you want to check for events involving the file. You can specify a time window as small as a single day. This will allow you to see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching. +Use the slider or the range selector to quickly specify a time period that you want to check for events involving the file. You can get assisted by the alerts indication over the range. You can specify a time window as small as a single day. This will allow you to see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching. ## Deep analysis The **File names** tab lists all names the file has been observed to use, within :::image type="content" source="images/atp-file-names.png" alt-text="The File names tab" lightbox="images/atp-file-names.png"::: +## Action center ++The **Action center** displays the action center filtered on a specific file, so you can see pending actions and the history of actions taken on the file. + ## Related topics - [View and organize the Microsoft Defender for Endpoint queue](alerts-queue.md) |
| security | Ios Install | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install.md | This step simplifies the onboarding process by setting up the VPN profile. For a - VPN identifier = com.microsoft.scmx - In the key-value pairs, enter the key **AutoOnboard** and set the value to **True**. - Type of Automatic VPN = On-demand VPN- - Click **Add** for **On Demand Rules** and select **I want to do the following = Establish VPN**, **I want to restrict to = All domains**. + - Select **Add** for **On Demand Rules** and select **I want to do the following = Connect VPN**, **I want to restrict to = All domains**. :::image type="content" source="images/ios-deploy-8.png" alt-text="The VPN profile Configuration settings tab" lightbox="images/ios-deploy-8.png"::: Admins can configure Microsoft Defender for Endpoint to deploy and activate sile - VPN identifier = com.microsoft.scmx - In the key-value pairs, enter the key **SilentOnboard** and set the value to **True**. - Type of Automatic VPN = On-demand VPN- - Select **Add** for **On Demand Rules** and select **I want to do the following = Establish VPN**, **I want to restrict to = All domains**. + - Select **Add** for **On Demand Rules** and select **I want to do the following = Connect VPN**, **I want to restrict to = All domains**. :::image type="content" source="images/ios-deploy-9.png" alt-text="The VPN profile Configuration page" lightbox="images/ios-deploy-9.png"::: |
| security | Linux Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-preferences.md | Determines whether behavior monitoring and blocking capability is enabled on the ||| |**Key**|behaviorMonitoring| |**Data type**|String|-|**Possible values**|disabled (default) <p> enabled (default)| +|**Possible values**|disabled (default) <p> enabled | |**Comments**|Available in Defender for Endpoint version 101.45.00 or higher.| #### Run a scan after definitions are updated |
| security | Linux Pua | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-pua.md | These applications can increase the risk of your network being infected with mal Defender for Endpoint on Linux can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine. -When a PUA is detected on an endpoint, Defender for Endpoint on Linux keeps a record of the infection in the threat history. The history can be visualized from the Microsoft 365 Defender portal portal or through the `mdatp` command-line tool. The threat name will contain the word "Application". +When a PUA is detected on an endpoint, Defender for Endpoint on Linux keeps a record of the infection in the threat history. The history can be visualized from the Microsoft 365 Defender portal or through the `mdatp` command-line tool. The threat name will contain the word "Application". ## Configure PUA protection |
| security | Mac Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-updates.md | MAU includes a command-line tool, called *msupdate*, that is designed for IT adm In MAU, the application identifier for Microsoft Defender for Endpoint on macOS is *WDAV00*. To download and install the latest updates for Microsoft Defender for Endpoint on macOS, execute the following command from a Terminal window: ```dos+cd /Library/Application\ Support/Microsoft/MAU2.0/Microsoft\ AutoUpdate.app/Contents/MacOS ./msupdate --install --apps wdav00 ``` |
| security | Manage Indicators | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-indicators.md | ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) The functionality of pre-existing IoCs will not change. However, the indicators - The "alert only" response action was renamed to "audit" with the generate alert setting enabled. - The "alert and block" response was renamed to "block and remediate" with the optional generate alert setting. -The IoC API schema and the threat ids in advance hunting have been updated to align with the renaming of the IoC response actions. The API scheme changes applies to all IoC Types. +The IoC API schema and the threat ids in advance hunting have been updated to align with the renaming of the IoC response actions. The API scheme changes apply to all IoC Types. > [!Note] > There is a limit of 15,000 indicators per tenant. File and certificate indicators do not block [exclusions defined for Microsoft Defender Antivirus](/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). Indicators are not supported in Microsoft Defender Antivirus when it is in passive mode. |
| security | Microsoft Defender Endpoint Linux | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md | High I/O workloads from certain applications can experience performance issues w ## Resources - For more information about logging, uninstalling, or other topics, see [Resources](linux-resources.md).+ +## Related articles + +- [Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](/azure/defender-for-cloud/integration-defender-for-endpoint) +- [Connect your non-Azure machines to Microsoft Defender for Cloud](/azure/defender-for-cloud/quickstart-onboard-machines) + |
| security | Minimum Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/minimum-requirements.md | Access to Defender for Endpoint is done through a browser, supporting the follow - Windows Server 2019 - Windows Server 2022 - Windows Virtual Desktop+- Windows 365 Devices on your network must be running one of these editions. |
| security | Offboard Machine Api | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/offboard-machine-api.md | Comment|String|Comment to associate with the action. **Required**. ## Response -If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body. +If successful, this method returns 200 - Created response code and [Machine Action](machineaction.md) in the response body. ## Example |
| security | Respond File Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/respond-file-alerts.md | By default, you should be able to download files that are in quarantine. ### Download quarantined files -Files that have been quarantined by Microsoft Defender Antivirus or your security team will be saved in a compliant way according to your [sample submission configurations](enable-cloud-protection-microsoft-defender-antivirus.md). Your security team can download the files directly from the file's detail page via the "Download file" button. **This preview feature is turned 'On' by default**. +Files that have been quarantined by Microsoft Defender Antivirus or your security team will be saved in a compliant way according to your [sample submission configurations](enable-cloud-protection-microsoft-defender-antivirus.md). Your security team can download the files directly from the file's detail page via the "Download file" button. **This feature is turned 'On' by default**. The location depends on your organization's geo settings (either EU, UK, or US). A quarantined file will only be collected once per organization. Learn more about Microsoft's data protection from the Service Trust Portal at https://aka.ms/STP. |
| security | Mssp Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/mssp-access.md | -1. Enable [role-based access control](/windows/security/threat-protection/microsoft-defender-atp/rbac) for Defender for Endpoint via the Microsoft 365 Defender portal and connect with Azure Active Directory (Azure AD) groups. +1. Enable [role-based access control](/microsoft-365/security/defender-endpoint/rbac) for Defender for Endpoint via the Microsoft 365 Defender portal and connect with Azure Active Directory (Azure AD) groups. -2. Configure [Governance Access Packages](/azure/active-directory/governance/identity-governance-overview) for access request and provisioning. +2. Configure [entitlement management for external users](/azure/active-directory/governance/entitlement-management-external-users) within Azure AD Identity Governance to enable access requests and provisioning. 3. Manage access requests and audits in [Microsoft Myaccess](/azure/active-directory/governance/entitlement-management-request-approve). To implement a multi-tenant delegated access solution, take the following steps: Perform all actions except for live response and manage security settings. - **Tier 2 Analysts** <br>- Tier 1 capabilities with the addition to [live response](/windows/security/threat-protection/microsoft-defender-atp/live-response) + Tier 1 capabilities with the addition to [live response](/microsoft-365/security/defender-endpoint/live-response). - For more information, see [Use role-based access control](/windows/security/threat-protection/microsoft-defender-atp/rbac). + For more information, see [Manage portal access using role-based access control](/microsoft-365/security/defender-endpoint/rbac). ## Configure Governance Access Packages |
| security | Siem Server Integration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/siem-server-integration.md | Make sure that audit logging is turned on before you configure SIEM server integ - For SharePoint Online, OneDrive for Business, and Azure Active Directory, see [Turn auditing on or off](../../compliance/turn-audit-log-search-on-or-off.md). - For Exchange Online, see [Manage mailbox auditing](../../compliance/enable-mailbox-auditing.md). +## Integration steps if your SIEM is Microsoft Sentinel ++Be sure that your current plan allows for Microsoft Sentinel integration (for example, you have Microsoft Defender for Office 365 Plan 2 or higher), and that your account in Microsoft Defender for Office 365 or Microsoft 365 Defender is a *Security Administrator*. Finally, be sure that you have *Write permissions in Microsoft Sentinel*. ++1. Navigate to Microsoft Sentinel. +1. On the navigation to the left of the screen **Configuration** > **Data connectors**. +1. **Search for** Microsoft 365 Defender and select the **Microsoft 365 Defender (preview) connector**. +1. On the right of your screen select **Open Connector Page**. +1. Under **Configuration** > select **Connect incidents & alerts** + 1. Turn off all Microsoft incident creation rules for the products currently selected. +1. Scroll to **Microsoft Defender for Office 365** in the **Connect events** section of the page. ++Note that you can choose tables from *any other Microsoft Defender product* you find helpful and applicable while completing the final step, (below). ++7. Select **EmailEvents**, **EmailUrlInfo**, **EmailAttachmentInfo**, and **EmailPostDeliveryEvents** > and **Apply Changes**. + ## More resources [Integrate security solutions in Microsoft Defender for Cloud](/azure/security-center/security-center-partner-integration#exporting-data-to-a-siem) |
| security | Use Arc Exceptions To Mark Trusted Arc Senders | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders.md | + + Title: Use Trusted ARC senders for legitimate devices and services between the sender and receiver +f1.keywords: + - NOCSH ++++audience: ITPro ++ms.localizationpriority: high +search.appverid: + - MET150 ++ - M365-security-compliance + - m365initiative-defender-office365 ++ - seo-marvel-apr2020 +description: Authenticated Received Chain (ARC) is email authentication that tries to preserve authentication results across devices and any indirect mailflows that come between the sender and recipient. Here's how to make exceptions for your trusted ARC Senders. +ms.technology: mdo +++# Make a list of trusted ARC Senders to trust *legitimate* indirect mailflows ++**Applies to** ++- Exchange Online Protection +- Microsoft Defender for Office 365 plan 1 and plan 2 +- Microsoft 365 Defender ++Email authentication mechanisms like [SPF](set-up-spf-in-office-365-to-help-prevent-spoofing.md), [DKIM](use-dkim-to-validate-outbound-email.md), [DMARC](use-dmarc-to-validate-email.md) are used to verify the senders of emails for the *safety* of email recipients, but some legitimate services may make changes to the email between the sender and recipient. **In Microsoft 365 Defender, ARC will help reduce SPF, DKIM, and DMARC delivery failures that happen due to *legitimate* indirect mailflows.** ++## Authenticated Received Chain (ARC) for *legitimate* indirect mailflows in Microsoft 365 Defender for Office ++Mailing lists and services that filter or forward mails are a well-known and normal feature of an organization's mail flow. However, email fowarding violates SPF. Services can also violate DKIM email authentication by changing email headers, adding things like virus scan info or removing attachments. Failing either of these email authentication methods can result in failure to pass DMARC. ++Planned mailflow interventions from legitimate services are often called *indirect mailflow*, and might *accidentally* cause messages to fail email authentication as they pass through (hop to) the next device or service on the way to the receiver. ++**Trusted ARC sealers lets admins add a list of *trusted* intermediaries into the Microsoft 365 Defender portal.** Trusted ARC sealers allows Microsoft to honor ARC signatures from trusted intermediaries, preventing these legitimate messages from failing the authentication chain. ++> [!NOTE] +> ***Trusted ARC sealers is an admin-created list of any domain whose processes result in indirect mailflow and who have implemented ARC sealing.*** When an email is routed to Office 365 through and ARC rusted intermediary of the Office 365 tenant, Microsoft validates the ARC signature, and, based on the ARC results, can honor authentication details provided. ++## When to use trusted ARC sealers? ++A list of trusted ARC sealers is only needed where devices and servers intervene in an organizationΓÇÖs email flow and: ++1. May modify the email header or other email contents. +2. May cause authentication to fail for other reasons (example, by removing attachments). + +By adding a trusted ARC sealer, Office 365 will validate and trust the authentication results that the sealer provides when delivering mail to your tenant in Office 365. ++**Administrators should add *only legitimate services* as trusted ARC sealers.** Adding only services the organization expressly uses and knows will help messages that must first go through a service to pass email authentication checks, and prevent legitimate messages from being sent to *Junk* due to authentication failures. ++## Steps to add a trusted ARC sealer to Microsoft 365 Defender ++Trusted ARC sealers in Microsoft 365 Defender portal shows all the ARC sealers acknowledged by and added to your tenant. ++**To add a new Trusted ARC sealer in the admin portal:** ++1. Navigate to the [email authentication settings](https://security.microsoft.com/authentication?viewid=ARC) page. ++2. If this is the first time you've added a trusted ARC sealer, click the Add button. +3. Add trusted ARC sealers in the textbox shown. + 1. Notice that you're adding the domains (example fabrikam.com). + 1. The domain name you enter here *must* be a match to the domain shown in the domain 'd' tag in ARC-Seal and ARC-Message-Signature headers (on the email headers for the message). + 1. You can see these in the properties of the message in Outlook. ++## Steps to validate your trusted ARC sealer ++If there is an ARC seal from a third party before the message reaches Microsoft 365 Defender, **check the headers once the email is received and view the latest ARC headers**. ++In the last ***ARC-Authentication-Results header***, check whether ARC validation is listed as **pass**. ++An ARC header that lists an 'oda' of 1 indicates that previous ARC has been *verified*, the previous ARC sealer is *trusted*, and previous *pass result* can be used to override the current DMARC failure. ++**An ARC pass header showing oda=1** ++See the email authentication methods at the end of this header-block for the oda result. ++`` +ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is +40.107.65.78) smtp.rcpttodomain=microsoft.com +smtp.mailfrom=o365e5test083.onmicrosoft.com; dmarc=bestguesspass action=none +header.from=o365e5test083.onmicrosoft.com; dkim=none (message not signed); +arc=pass (0 oda=1 ltdi=1 +spf=[1,1,smtp.mailfrom=o365e5test083.onmicrosoft.com] +dkim=[1,1,header.d=o365e5test083.onmicrosoft.com] +dmarc=[1,1,header.from=o365e5test083.onmicrosoft.com]) +`` ++To check whether the ARC result was used to override a DMARC failure, look for *compauth* result and a *reason of code(130)* in the header. ++See the last entry in this header-block to find *compauth* and *reason*. ++`` +Authentication-Results: spf=fail (sender IP is 51.163.158.241) +smtp.mailfrom=contoso.com; dkim=fail (body hash did not verify) +header.d=contoso.com;dmarc=fail action=none +header.from=contoso.com;compauth=pass reason=130 +`` ++## PowerShell steps to add or remove a trusted ARC sealer ++**Admins can also set up ARC configurations with Exchange Online Powershell.** ++1. Connect to Exchange online powershell. +2. Connect-ExchangeOnline. +3. To add or update a domain into a trusted ARC sealer: +</br> +`` +Set-ArcConfig -Identity default -ArcTrustedSealers {a list of arc signing domains split by comma} +`` +</br>or</br> +`` +Set-ArcConfig -Identity {tenant name/tenanid}\default -ArcTrustedSealers {a list of arc signing domains split by comma} +`` +</br>You need to provide identity parameter *-Identity* default when running *Set-ArcConfig*. The trusted sealers should be matched to the value of the 'd' tag in the *ARC-Seal header*. ++4. View the trusted ARC sealers: +</br> +`` +Get-ArcConfig +`` +or +`` +Get-ArcConfig - Organization {tenant name} +`` ++## Trusted ARC sealer mailflow graphics ++These diagrams contrast mailflow operations with and without a trusted ARC sealer, when using any of SPF, DKIM, and DMARC email authentication. In both graphics, there are legitimate services used by the company that must intervene in mailflow, sometimes violating email authentication standards by changing sending IPs, and writing to the email header. **In the first case, the indirect mailflow traffic demonstrates the result *before* admins add a trusted ARC sealer.** +++Here, you see the same organization **after leveraging the ability to create a trusted ARC sealer.** +++## Next steps: After you set up ARC for Microsoft 365 Defender for Office ++After setup, check your ARC Headers with [Message Header Analyzer](/connectivity-analyzer/message-header-analyzer). ++Review [SPF](set-up-spf-in-office-365-to-help-prevent-spoofing.md), [DKIM](use-dkim-to-validate-outbound-email.md), [DMARC](use-dmarc-to-validate-email.md), configuration steps. |
| solutions | Productivity Illustrations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md | This set of illustrations uses one of the most regulated industries, financial s | Item | Description | |:--|:--|-|[](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.pdf) <br/> English: [Download as a PDF](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.pdf) \| [Download as a Visio](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.vsdx) <br/> Japanese: [Download as a PDF](https://download.microsoft.com/download/6/f/1/6f1a7d0e-dd8e-442e-b073-8e94327ae4f8/m365-compliance-illustrations.pdf) \| [Download as a Visio](https://download.microsoft.com/download/6/f/1/6f1a7d0e-dd8e-442e-b073-8e94327ae4f8/m365-compliance-illustrations.vsdx) <br/> Updated November 2020|Includes: <ul><li> Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention</li><li>Retention policies and retention labels </li><li>Information barriers</li><li>Communication compliance</li><li>Insider risk</li><li>Third-party data ingestion</li>| +|[](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.pdf) <br/> English: [Download as a PDF](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.pdf) \| [Download as a Visio](https://download.microsoft.com/download/3/a/6/3a6ab1a3-feb0-4ee2-8e77-62415a772e53/m365-compliance-illustrations.vsdx) <br/> Japanese: [Download as a PDF](https://download.microsoft.com/download/6/f/1/6f1a7d0e-dd8e-442e-b073-8e94327ae4f8/m365-compliance-illustrations.pdf) \| [Download as a Visio](https://download.microsoft.com/download/6/f/1/6f1a7d0e-dd8e-442e-b073-8e94327ae4f8/m365-compliance-illustrations.vsdx) <br/> Updated November 2020|Includes: <ul><li> Information protection and data loss prevention</li><li>Retention policies and retention labels </li><li>Information barriers</li><li>Communication compliance</li><li>Insider risk</li><li>Third-party data ingestion</li>| ## Security and Information Protection for Multi-Region Organizations |