Updates from: 05/27/2022 01:22:38
Category Microsoft Docs article Related commit history on GitHub Change details
admin Multi Factor Authentication Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
These ways are based on your Microsoft 365 plan.
|Plan|Recommendation|Type of customer| |||| |All Microsoft 365 plans|Use security defaults, which require MFA for all user accounts. <p> You can also configure per-user MFA on individual user accounts, but this isn't recommended.|Small business|
-|Microsoft 365 Business Premium <p> Microsoft 365 E3 <p> Azure Active Directory (Azure AD) Premium P1 licenses|Use Conditional Access policies to require MFA for user accounts based on group membership, apps, or other criteria.|Small business to enterprise|
+|Microsoft 365 Business Premium <p> Microsoft 365 E3 <p> Azure Active Directory (Azure AD) Premium P1 licenses|Use [security defaults or Conditional Access policies](/microsoft-365/business-premium/m365bp-conditional-access) to require MFA for user accounts based on group membership, apps, or other criteria.|Small business to enterprise|
|Microsoft 365 E5 <p> Azure AD Premium P2 licenses|Use Azure AD Identity Protection to require MFA based on sign-in risk criteria.|Enterprise| ||||
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
To learn more, see the following resources:
## Related content [Multi-factor authentication for Microsoft 365](multi-factor-authentication-microsoft-365.md) (article)\
-[Manage and monitor priority accounts](/microsoft-365/security/office-365-security/configure-review-priority-account) (article)\
-[Microsoft 365 Reports in the admin center](../activity-reports/activity-reports.md) (video)
+[Manage and monitor priority accounts](../setup/priority-accounts.md) (article)\
+[Microsoft 365 Reports in the admin center](../activity-reports/activity-reports.md) (video)\
+[Microsoft 365 Business Premium ΓÇö cybersecurity for small business](/microsoft-365/business-premium/) (article)\
+
admin Set Up Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md
For most subscriptions modern authentication is automatically turned on, but if
## Related content
-[Set up multifactor authentication](set-up-multi-factor-authentication.md) (video)
+[Set up multifactor authentication](set-up-multi-factor-authentication.md) (video)\
-[Turn on multi-factor authentication for your phone](https://support.microsoft.com/office/ace1d096-61e5-449b-a875-58eb3d74de14)
+[Turn on multi-factor authentication for your phone](https://support.microsoft.com/office/ace1d096-61e5-449b-a875-58eb3d74de14) (article)\
+
+[Security defaults and multi-factor authentication](/microsoft-365/business-premium/m365bp-conditional-access) (article)
admin Add Or Replace Your Onmicrosoftcom Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-or-replace-your-onmicrosoftcom-domain.md
It serves as a default email routing address for your Microsoft 365 environment.
You can change your fallback domain in the Microsoft 365 admin center. Common reasons customers change their fallback domain include: - Not knowing the company name to use when they first signed up for Microsoft 365. Now that they know the company name, they want their users to have login account names that are appropriate. -- They want to change how their Sharepoint URLs look like when they create a new site. SharePoint URLs in your Microsoft 365 environment are created based on your fallback domain name. If you did not use the correct company name when you first signed up, your SharePoint URLs for your sites will continue to use that name when you create new SharePoint sites.
+- They want to change how their SharePoint URLs look like when they create a new site. SharePoint URLs in your Microsoft 365 environment are created based on your fallback domain name. If you did not use the correct company name when you first signed up, your SharePoint URLs for your sites will continue to use that name when you create new SharePoint sites.
While you can add additional onmicrosoft.com domains, only one onmicrosoft.com domain can be used as your fallback domain. The steps in this article describe how to:
business-premium M365bp Review Threats Take Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-review-threats-take-action.md
Microsoft Defender Antivirus detects and protects against the following kinds of
- Phishing attempts - Data theft attempts
-As an IT professional/admin, you can view information about threat detections across [Windows 10 devices that are enrolled in Intune](/mem/intune/enrollment/device-enrollment) in the Microsoft 365 admin center. You'll see summary information, such as:
+As an IT professional/admin, you can view information about threat detections across [Windows devices that are enrolled in Intune](/mem/intune/enrollment/device-enrollment) in the Microsoft 365 admin center. You'll see summary information, such as:
- How many devices need antivirus protection-- How many devices are not in compliance with security policies
+- How many devices aren't in compliance with security policies
- How many threats are currently active, mitigated, or resolved You have several options to view specific information about threat detections and devices: -- The **Active devices** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. See [Manage threat detections on the Active devices page](#manage-threat-detections-on-the-active-devices-page) in this article.-- The **Active threats** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. See [Manage threat detections on the Active threats page](#manage-threat-detections-on-the-active-threats-page) in this article.-- The **Antivirus** page in <a href="https://go.microsoft.com/fwlink/p/?linkid=2150463" target="_blank">Microsoft Endpoint Manager</a>. See [Manage threat detections in Microsoft Endpoint Manager](#manage-threat-detections-in-microsoft-endpoint-manager) in this article.
+- Use the **Active threats** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. See [Manage threat detections on the **Active threats** page](#manage-threat-detections-on-the-active-threats-page) in this article.
+- Use the **Security report** in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). See [View and manage threat detections in the Microsoft 365 Defender portal](#view-and-manage-threat-detections-in-the-microsoft-365-defender-portal) in this article.
+- Use the **Antivirus** page in <a href="https://go.microsoft.com/fwlink/p/?linkid=2150463" target="_blank">Microsoft Endpoint Manager</a>. See [Manage threat detections in Microsoft Endpoint Manager](#manage-threat-detections-in-microsoft-endpoint-manager) in this article.
To learn more, see [Threats detected by Microsoft Defender Antivirus](/admin/security-and-compliance/threats-detected-defender-av.md). ## Manage threat detections on the **Active threats** page
-> [!NOTE]
-> The **Microsoft Defender Antivirus** card and **Active threats** page are being rolled out in phases, so you may not have immediate access to them.
- 1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and sign in. 2. On the **Microsoft Defender Antivirus** card, select **View active threats**. (Alternatively, in the navigation pane, select **Health** > **Threats & antivirus**.)
To learn more, see [Threats detected by Microsoft Defender Antivirus](/admin/sec
4. On the flyout, select a device to view available actions, such as **Update policy**, **Update antivirus**, **Run quick scan**, and more.
-## Actions you can take
+### Actions you can take
When you view details about specific threats or devices, you'll see recommendations and one or more actions you can take. The following table describes actions that you might see.<br><br>
When you view details about specific threats or devices, you'll see recommendati
| Run quick scan | Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. | | Run full scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | | Update antivirus | Requires the device to get [security intelligence updates](https://go.microsoft.com/fwlink/?linkid=2149926) for antivirus and antimalware protection. |
-| Restart device | Forces a Windows 10 device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user is not automatically notified of the restart and could lose unsaved work. |
+| Restart device | Forces a Windows 10 device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user isn't automatically notified of the restart and could lose unsaved work. |
+
+## View and manage threat detections in the Microsoft 365 Defender portal
+
+1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
+
+2. In the navigation pane, choose **Reports** > **General** > **Security report**.
+
+3. Scroll down to the **Devices** row. If threats were detected on devices, you'll see that information in this row.
## Manage threat detections in Microsoft Endpoint Manager
The following table describes the actions you might see in Microsoft Endpoint Ma
| Action | Description | |--|--|
-| Restart | Forces a Windows 10 device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user is not automatically notified of the restart and could lose unsaved work. |
+| Restart | Forces a Windows 10 device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user isn't automatically notified of the restart and could lose unsaved work. |
| Quick Scan | Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | | Full Scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | | Sync | Requires a device to check in with Intune (part of Microsoft Endpoint Manager). When the device checks in, the device receives any pending actions or policies assigned to the device. |
business-premium Share Files And Videos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/share-files-and-videos.md
Title: "Share files and videos in Microsoft Teams and Sharepoint"
+ Title: "Share files and videos in Microsoft Teams and SharePoint"
f1.keywords: - NOCSH
description: "Share files and videos inside your campaign with Microsoft Teams a
# Share files and videos in a safe environment
-Another thing to pay attention to is ensuring all members of the organization control who can view and edit files, and that they are stored in a secure location with the proper permissions applied. Microsoft 365 Business Premium users can use Microsoft Teams to store files, and then share the files either inside or outside of the firm, practice or campaign. You can also send a Sharepoint link. Sending a link rather than an email attachment means you know who is viewing and modifying the files, and they can't be viewed or modified without permission.
+Another thing to pay attention to is ensuring all members of the organization control who can view and edit files, and that they are stored in a secure location with the proper permissions applied. Microsoft 365 Business Premium users can use Microsoft Teams to store files, and then share the files either inside or outside of the firm, practice or campaign. You can also send a SharePoint link. Sending a link rather than an email attachment means you know who is viewing and modifying the files, and they can't be viewed or modified without permission.
![Diagram of a Microsoft Teams window, showing Files tab and Get link on the menu.](../media/m365-democracy-teams-sharefiles.png)
commerce Pay For Subscription Billing Profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-subscription-billing-profile.md
- commerce_billing - okr_SMB - AdminSurgePortfolio Previously updated : 10/29/2021 Last updated : 05/26/2022 # How to pay for your subscription with a billing profile
By default, recurring billing is automatically turned on for all paid subscripti
If recurring billing is turned off for a billing profile, you can use the **Pay now** button on your invoice to pay for it every billing period, regardless of what payment method is linked with the billing profile. You can also pay by check or electronic funds transfer (EFT). Instructions for how to do that are included on the PDF copy of your invoice.
+## New regulations from the Reserve Bank of India
+
+As of 1 October 2021, automatic payments in India might block some credit card transactions, especially transactions exceeding 5,000 INR. Because of this regulation, you might have to make payments manually in the Microsoft 365 admin center. These regulations won't affect the total amount youΓÇÖre charged for your usage.
+
+[Learn more about the Reserve Bank of India regulation for recurring payments](https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11668&Mode=0).
+
+On 1 July 2022, Microsoft and other online merchants will no longer store credit card information. To comply with this regulation, Microsoft will remove all stored card details from the Microsoft 365 admin center. To avoid service interruption, you must add a payment method and make a one-time payment for all subscriptions and billing profiles.
+
+[Learn about the Reserve Bank of India regulation for card storage](https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211).
+ ## Paying by invoice If you have a billing profile that is set up to be paid by invoice, you can pay for your subscription with a check or EFT. You can also use a credit card to make an online payment by using the **Pay now** button on your invoice.
commerce Pay For Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription.md
- AdminSurgePortfolio - business_assist - AdminTemplateSet Previously updated : 05/18/2022 Last updated : 05/26/2022 # How to pay for your subscription
You can use a credit or debit card, or bank account to pay for your subscription
- You must be a Global or Billing admin to do the steps described in this article. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md). - The payment method that you choose during checkout is the payment method that we use for all future billing periods. You can change it at any time.
+## New regulations from the Reserve Bank of India
+
+As of 1 October 2021, automatic payments in India might block some credit card transactions, especially transactions exceeding 5,000 INR. Because of this regulation, you might have to make payments manually in the Microsoft 365 admin center. These regulations won't affect the total amount youΓÇÖre charged for your usage.
+
+[Learn more about the Reserve Bank of India regulation for recurring payments](https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11668&Mode=0).
+
+On 1 July 2022, Microsoft and other online merchants will no longer store credit card information. To comply with this regulation, Microsoft will remove all stored card details from the Microsoft 365 admin center. To avoid service interruption, you must add a payment method and make a one-time payment for all subscriptions and billing profiles.
+
+[Learn about the Reserve Bank of India regulation for card storage](https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211).
+ ## Paying by credit or debit card, or bank account > [!IMPORTANT]
compliance Create A Custom Sensitive Information Type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type.md
Use this procedure to create a new sensitive information type that is based on a
You can also create custom sensitive information types by using PowerShell and Exact Data Match capabilities. To learn more about those methods, see: -- [Create a custom sensitive information type in Security & Compliance Center PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md)
+- [Create a custom sensitive information type in Microsoft Purview PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md)
- [Learn about exact data match based sensitive information types](sit-learn-about-exact-data-match-based-sits.md#learn-about-exact-data-match-based-sensitive-information-types) 1. In the Compliance Center, go to **Data classification** \> **Sensitive info types** and choose the sensitive information type that you want to copy.
compliance Create A Dlp Policy From A Template https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-dlp-policy-from-a-template.md
Members of your compliance team who will create DLP policies need permissions to
1. Create a group in Microsoft 365 and add compliance officers to it.
-2. Create a role group on the **Permissions** page of the Security &amp; Compliance Center.
+2. Create a role group on the **Permissions** page of the Microsoft Purview compliance portal.
3. While creating the role group, use the **Choose Roles** section to add the following role to the role group: **DLP Compliance Management**.
Members of your compliance team who will create DLP policies need permissions to
Use the **View-Only DLP Compliance Management** role to create role group with view-only privileges to the DLP policies and DLP reports.
-For more information, see [Give users access to the Office 365 Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+For more information, see [Permissions in the Microsoft Purview compliance portal](microsoft-365-compliance-center-permissions.md#permissions-in-the-microsoft-purview-compliance-portal).
These permissions are required to create and apply a DLP policy not to enforce policies.
These permissions are required to create and apply a DLP policy not to enforce p
There are roles and role groups in preview that you can test out to fine tune your access controls.
-Here's a list of applicable roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)
+Here's a list of applicable roles that are in preview. To learn more about them, see [Permissions in the Microsoft Purview compliance portal](microsoft-365-compliance-center-permissions.md#permissions-in-the-microsoft-purview-compliance-portal).
- Information Protection Admin - Information Protection Analyst - Information Protection Investigator - Information Protection Reader
-Here's a list of applicable role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)
+Here's a list of applicable role groups that are in preview. To learn more about the, see [Permissions in the Microsoft Purview compliance portal](microsoft-365-compliance-center-permissions.md#permissions-in-the-microsoft-purview-compliance-portal)
- Information Protection - Information Protection Admins
In this example, you'll create a DLP policy that identifies U.S. PII data, which
## View the status of a DLP policy
-At any time, you can view the status of your DLP policies on the **Policy** page in the **Data loss prevention** section of the Security &amp; Compliance Center. Here you can find important information, such as whether a policy was successfully enabled or disabled, or whether the policy is in test mode.
+At any time, you can view the status of your DLP policies on the **Policy** page in the **Data loss prevention** section of the Microsoft Purview compliance portal. Here you can find important information, such as whether a policy was successfully enabled or disabled, or whether the policy is in test mode.
Here are the different statuses and what they mean.
compliance Create A Keyword Dictionary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-keyword-dictionary.md
Remove-Item $rawFile
The keywords for your dictionary could come from various sources, most commonly from a file (such as a .csv or .txt list) imported in the service or by PowerShell cmdlet, from a list you enter directly in the PowerShell cmdlet, or from an existing dictionary. When you create a keyword dictionary, you follow the same core steps:
-1. Use the *<a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> or connect to **Security &amp; Compliance Center PowerShell**.
+1. Use the *<a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> or connect to **Microsoft Purview compliance portal PowerShell**.
2. **Define or load your keywords from your intended source**. The wizard and the cmdlet both accept a comma-separated list of keywords to create a custom keyword dictionary, so this step will vary slightly depending on where your keywords come from. Once loaded, they're encoded and converted to a byte array before they're imported.
compliance Create Test Tune Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-test-tune-dlp-policy.md
Members of your compliance team who will create DLP policies need permissions to
1. Create a group in Microsoft 365 and add compliance officers to it.
-2. Create a role group on the **Permissions** page of the Security &amp; Compliance Center.
+2. Create a role group on the **Permissions** page of the Microsoft Purview compliance portal.
3. While creating the role group, use the **Choose Roles** section to add the following role to the role group: **DLP Compliance Management**.
compliance Customize A Built In Sensitive Information Type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customize-a-built-in-sensitive-information-type.md
Now, you have something that looks similar to the following XML. Because rule pa
## Remove the corroborative evidence requirement from a sensitive information type
-Now that you have a new sensitive information type that you're able to upload to the Security &amp; Compliance Center, the next step is to make the rule more specific. Modify the rule so that it only looks for a 16-digit number that passes the checksum but doesn't require additional (corroborative) evidence, like keywords. To do this, you need to remove the part of the XML that looks for corroborative evidence. Corroborative evidence is very helpful in reducing false positives. In this case there are usually certain keywords or an expiration date near the credit card number. If you remove that evidence, you should also adjust how confident you are that you found a credit card number by lowering the `confidenceLevel`, which is 85 in the example.
+Now that you have a new sensitive information type that you're able to upload to the Microsoft Purview compliance portal, the next step is to make the rule more specific. Modify the rule so that it only looks for a 16-digit number that passes the checksum but doesn't require additional (corroborative) evidence, like keywords. To do this, you need to remove the part of the XML that looks for corroborative evidence. Corroborative evidence is very helpful in reducing false positives. In this case there are usually certain keywords or an expiration date near the credit card number. If you remove that evidence, you should also adjust how confident you are that you found a credit card number by lowering the `confidenceLevel`, which is 85 in the example.
```xml <Entity id="db80b3da-0056-436e-b0ca-1f4cf7080d1f" patternsProximity="300"
compliance Data Governance Solution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-governance-solution.md
To learn more about the capabilities from this solution, see [Learn about record
Learning modules for consultants and admins: -- [Introduction to information protection and governance in Microsoft 365](/learn/modules/m365-compliance-information-governance)-- [Govern information in Microsoft 365](/learn/modules/m365-compliance-information-govern-information/)-- [Manage records in Microsoft 365](/learn/modules/m365-compliance-information-manage-records/)
+- [Introduction to information protection and data lifecycle management in Microsoft Purview](/learn/modules/m365-compliance-information-governance)
+- [Manage the data lifecycle in Microsoft Purview](/learn/modules/m365-compliance-information-govern-information/)
+- [Manage records in Microsoft Purview](/learn/modules/m365-compliance-information-manage-records/)
For documentation to support users when these solutions are deployed, see the end user documentation sections for [data lifecycle management](get-started-with-information-governance.md#end-user-documentation) and [records management](get-started-with-records-management.md#end-user-documentation).
compliance Data Loss Prevention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-loss-prevention-policies.md
description: data loss prevention reference material
-<!-- MOVED TO LEARN ABOUT To comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security &amp; Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.
+<!-- MOVED TO LEARN ABOUT To comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Microsoft Purview compliance portal, you can identify, monitor, and automatically protect sensitive information across Office 365.
With a DLP policy, you can:
DLP detects sensitive information by using deep content analysis (not just a sim
### Policies are synced
-After you create a DLP policy in the Security &amp; Compliance Center, it's stored in a central policy store, and then synced to the various content sources, including:
+After you create a DLP policy in the Microsoft Purview compliance portal, it's stored in a central policy store, and then synced to the various content sources, including:
- Exchange Online, and from there to Outlook on the web and Outlook.
DLP evaluates any content that can be indexed. For more information on what file
### Policy evaluation in Exchange Online, Outlook, and Outlook on the web
-When you create a DLP policy that includes Exchange Online as a location, the policy's synced from the Office 365 Security &amp; Compliance Center to Exchange Online, and then from Exchange Online to Outlook on the web and Outlook.
+When you create a DLP policy that includes Exchange Online as a location, the policy's synced from the Microsoft Purview compliance portal to Exchange Online, and then from Exchange Online to Outlook on the web and Outlook.
When a message is being composed in Outlook, the user can see policy tips as the content being created is evaluated against DLP policies. And after a message is sent, it's evaluated against DLP policies as a normal part of mail flow, along with Exchange mail flow rules (also known as transport rules) and DLP policies created in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>. DLP policies scan both the message and any attachments.
DLP policy evaluation in Office is designed not to affect the performance of the
### Policy evaluation in Microsoft Teams <!--what do you mean that it's synched to user accounts? I thought DLP policies were applied to locations not users like sensitivity labels are -->
-When you create a DLP policy that includes Microsoft Teams as a location, the policy's synced from the Office 365 Security &amp; Compliance Center to user accounts and Microsoft Teams channels and chat messages. Depending on how DLP policies are configured, when someone attempts to share sensitive information in a Microsoft Teams chat or channel message, the message can be blocked or revoked. And, documents that contain sensitive information and that are shared with guests (external users) won't open for those users. To learn more, see [Data loss prevention and Microsoft Teams](dlp-microsoft-teams.md).
+When you create a DLP policy that includes Microsoft Teams as a location, the policy's synced from the Microsoft Purview compliance portal to user accounts and Microsoft Teams channels and chat messages. Depending on how DLP policies are configured, when someone attempts to share sensitive information in a Microsoft Teams chat or channel message, the message can be blocked or revoked. And, documents that contain sensitive information and that are shared with guests (external users) won't open for those users. To learn more, see [Data loss prevention and Microsoft Teams](dlp-microsoft-teams.md).
## Permissions
-By default, Global admins, Security admins, and Compliance admins will have access to create and apply a DLP policy. Other Members of your compliance team who will create DLP policies need permissions to the Security &amp; Compliance Center. By default, your Tenant admin will have access to this location and can give compliance officers and other people access to the Security &amp; Compliance Center, without giving them all of the permissions of a Tenant admin. To do this, we recommend that you:
+By default, Global admins, Security admins, and Compliance admins will have access to create and apply a DLP policy. Other Members of your compliance team who will create DLP policies need permissions to the Microsoft Purview compliance portal. By default, your Tenant admin will have access to this location and can give compliance officers and other people access to the Microsoft Purview compliance portal, without giving them all of the permissions of a Tenant admin. To do this, we recommend that you:
1. Create a group in Microsoft 365 and add compliance officers to it.
-2. Create a role group on the **Permissions** page of the Security &amp; Compliance Center.
+2. Create a role group on the **Permissions** page of the Microsoft Purview compliance portal.
3. While creating the role group, use the **Choose Roles** section to add the following role to the Role Group: **DLP Compliance Management**.
These permissions are required only to create and apply a DLP policy. Policy enf
## Find the DLP cmdlets
-To use most of the cmdlets for the Security &amp; Compliance Center, you need to:
+To use most of the cmdlets for the Microsoft Purview compliance portal, you need to:
-1. [Connect to the Office 365 Security &amp; Compliance Center using remote PowerShell](/powershell/exchange/connect-to-scc-powershell).
+1. [Connect to the Office 365 Microsoft Purview compliance portal using remote PowerShell](/powershell/exchange/connect-to-scc-powershell).
2. Use any of these [policy-and-compliance-dlp cmdlets](/powershell/module/exchange/export-dlppolicycollection).
-However, DLP reports need pull data from across Microsoft 365, including Exchange Online. For this reason, **the cmdlets for the DLP reports are available in Exchange Online Powershell -- not in Security &amp; Compliance Center Powershell**. Therefore, to use the cmdlets for the DLP reports, you need to:
+However, DLP reports need pull data from across Microsoft 365, including Exchange Online. For this reason, ***the cmdlets for the DLP reports are available in Exchange Online Powershell -- not in Microsoft Purview compliance portal Powershell***. Therefore, to use the cmdlets for the DLP reports, you need to:
1. [Connect to Exchange Online using remote PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
compliance Document Fingerprinting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/document-fingerprinting.md
description: "Information workers in your organization handle many kinds of sens
[!include[Purview banner](../includes/purview-rebrand-banner.md)]
-Information workers in your organization handle many kinds of sensitive information during a typical day. In the Security &amp; Compliance Center, Document Fingerprinting makes it easier for you to protect this information by identifying standard forms that are used throughout your organization. This topic describes the concepts behind Document Fingerprinting and how to create one by using PowerShell.
+Information workers in your organization handle many kinds of sensitive information during a typical day. In the Microsoft Purview compliance portal, Document Fingerprinting makes it easier for you to protect this information by identifying standard forms that are used throughout your organization. This topic describes the concepts behind Document Fingerprinting and how to create one by using PowerShell.
## Basic scenario for Document Fingerprinting
New-DlpSensitiveInformationType -Name "Contoso Customer Confidential" -Fingerpri
You can now use the **Get-DlpSensitiveInformationType** cmdlet to find all DLP data classification rule packages, and in this example, "Contoso Customer Confidential" is part of the data classification rule packages list.
-Finally, add the "Contoso Customer Confidential" data classification rule package to a DLP policy in the Security &amp; Compliance Center. This example adds a rule to an existing DLP policy named "ConfidentialPolicy".
+Finally, add the "Contoso Customer Confidential" data classification rule package to a DLP policy in the Microsoft Purview compliance portal. This example adds a rule to an existing DLP policy named "ConfidentialPolicy".
```powershell New-DlpComplianceRule -Name "ContosoConfidentialRule" -Policy "ConfidentialPolicy" -ContentContainsSensitiveInformation @{Name="Contoso Customer Confidential"} -BlockAccess $True ```
-You can also use the data classification rule package in mail flow rules in Exchange Online, as shown in the following example. To run this command, you first need to [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). Also note that it takes time for the rule package to sync from the Security &amp; Compliance Center to the Exchange admin center.
+You can also use the data classification rule package in mail flow rules in Exchange Online, as shown in the following example. To run this command, you first need to [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). Also note that it takes time for the rule package to sync from the Microsoft Purview compliance portal to the Exchange admin center.
```powershell New-TransportRule -Name "Notify :External Recipient Contoso confidential" -NotifySender NotifyOnly -Mode Enforce -SentToScope NotInOrganization -MessageContainsDataClassification @{Name=" Contoso Customer Confidential"}
compliance Get Started With The Default Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-the-default-dlp-policy.md
description: Learn how to use the report to refine your organization's default d
[!include[Purview banner](../includes/purview-rebrand-banner.md)]
-Before you even create your first Microsoft Purview Data Loss Prevention (DLP) policy, DLP is helping to protect your sensitive information with a default policy. This default policy and its recommendation (shown below) help keep your sensitive content secure by notifying you when email or documents containing a credit card number were shared with someone outside your organization. You'll see this recommendation on the **Home** page of the Security &amp; Compliance Center.
+Before you even create your first Microsoft Purview Data Loss Prevention (DLP) policy, DLP is helping to protect your sensitive information with a default policy. This default policy and its recommendation (shown below) help keep your sensitive content secure by notifying you when email or documents containing a credit card number were shared with someone outside your organization. You'll see this recommendation on the **Home** page of the Microsoft Purview compliance portal.
You can use this widget to quickly view when and how much sensitive information was shared, and then refine the default DLP policy in just a click or two. You can also edit the default DLP policy at any time because it's fully customizable. Note that if you don't see the recommendation at first, try clicking **+More** at the bottom of the **Recommended for you** section.
If you want to change these options later, you can edit the default DLP policy a
## Edit the default DLP policy
-This policy is named **Default DLP policy** and appears under **Data loss prevention** on the **Policy** page of the Security &amp; Compliance Center.
+This policy is named **Default DLP policy** and appears under **Data loss prevention** on the **Policy** page of the Microsoft Purview compliance portal.
This policy is fully customizable, the same as any DLP policy that you create yourself from scratch. You can also turn off or delete the policy, so that your users no longer receive policy tips or email notifications.
This policy is fully customizable, the same as any DLP policy that you create yo
## When the widget does and does not appear
-The widget named **Further protect shared content** appears in the **Recommended for you** section of the **Home** page of the Security &amp; Compliance Center.
+The widget named **Further protect shared content** appears in the **Recommended for you** section of the **Home** page of the Microsoft Purview compliance portal.
This widget appears only when:
compliance How Dlp Works Between Admin Centers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/how-dlp-works-between-admin-centers.md
In Microsoft Purview, you can create a data loss prevention (DLP) policy in two
- In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>, you can create a DLP policy to help protect content only in Exchange. This policy can use Exchange mail flow rules (also known as transport rules), so it has more options specific to handling email. For more information, see [DLP in the Exchange admin center](/exchange/security-and-compliance/data-loss-prevention/data-loss-prevention).
-DLP polices created in these admin centers work side by side - this topic explains how.
+DLP policies created in these admin centers work side by side - this article explains how.
![DLP pages in Security and Compliance Center and Exchange admin center.](../media/d3eaa7e7-3b16-457b-bd9c-26707f7b584f.png)
After you create a DLP policy in the Security & Compliance Center, the policy is
If you've created DLP policies in the Exchange admin center, those policies will continue to work side by side with any policies for email that you create in the Security & Compliance Center. But note that rules created in the Exchange admin center take precedence. All Exchange mail flow rules are processed first, and then the DLP rules from the Security & Compliance Center are processed.
-This means that:
+It means:
- Messages that are blocked by Exchange mail flow rules won't get scanned by DLP rules created in the Security & Compliance Center.--- Messages that are quarantined by Exchange mail flow rules or any other filters run before DLP will not be scanned by DLP.
-
-- If an Exchange mail flow rule modifies a message in a way that causes it to match a DLP policy in the Security & Compliance Center - such as adding external users - then the DLP rules will detect this and enforce the policy as needed.
+- Messages that are quarantined by Exchange mail flow rules or any other filters run before DLP won't be scanned by DLP.
+- If an Exchange mail flow rule modifies a message in a way that causes it to match a DLP policy in the Security & Compliance Center, such as adding external users, then the DLP rules will detect it and enforce the policy as needed.
Also note that Exchange mail flow rules that use the "stop processing" action don't affect the processing of DLP rules in the Security & Compliance Center - they'll still be processed. ## Policy tips in the Security & Compliance Center vs. the Exchange admin center
-Policy tips can work either with DLP policies and mail flow rules created in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>, or with DLP policies created in the Security & Compliance Center, but not both. This is because these policies are stored in different locations, but policy tips can draw only from a single location.
+Policy tips can work either with DLP policies and mail flow rules created in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>, or with DLP policies created in the Security & Compliance Center, but not both. It is because these policies are stored in different locations, but policy tips can draw only from a single location.
If you've configured policy tips in the Exchange admin center, any policy tips that you configure in the Security & Compliance Center won't appear to users in Outlook on the web and Outlook 2013 and later until you turn off the tips in the Exchange admin center. This ensures that your current Exchange mail flow rules will continue to work until you choose to switch over to the Security & Compliance Center.
-Note that while policy tips can draw only from a single location, email notifications are always sent, even if you're using DLP policies in both the Security & Compliance Center and the Exchange admin center.
+>[!Note]
+>While policy tips can draw only from a single location, email notifications are always sent, even if you're using DLP policies in both the Security & Compliance Center and the Exchange admin center.
compliance Retention Limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-limits.md
Although retention policies for Microsoft Teams and Yammer use mailboxes to stor
## Maximums for adaptive policy scopes
-There is no limit to the number of [adaptive policy scopes](retention.md#adaptive-or-static-policy-scopes-for-retention) that you can add to a policy for retention, but there are some maximum limits for the query that defines each adaptive scope:
+There's no limit to the number of [adaptive policy scopes](retention.md#adaptive-or-static-policy-scopes-for-retention) that you can add to a policy for retention, but there are some maximum limits for the query that defines each adaptive scope:
- String length for attribute or property values: 200 - Number of attributes or properties without a group, or within a group: 10
The following examples are for static scopes and provide some design solutions f
Exchange example: -- **Requirement**: In an organization that has over 40,000 user mailboxes, most users must have their email retained for 7 years but a subset of identified users (425) must have their email retained for only 5 years.
+- **Requirement**: In an organization that has over 40,000 user mailboxes, most users must have their email retained for seven years but a subset of identified users (425) must have their email retained for only five years.
- **Solution**: Create one retention policy for Exchange email with a retention period of 7 years and exclude the subset of users. Then create a second retention policy for Exchange email with a retention period of 5 years and include the subset of users.
Exchange example:
SharePoint example: -- **Requirement**: An organization has several thousand SharePoint sites but only 2,000 sites require a retention period of 10 years, and 8,000 sites require a retention period of 4 years.
+- **Requirement**: An organization has several thousand SharePoint sites but only 2,000 sites require a retention period of 10 years, and 8,000 sites require a retention period of four years.
- **Solution**: Create 20 retention policies for SharePoint with a retention period of 10 years that includes 100 specific sites, and create 80 retention policies for SharePoint with a retention period of 4 years that includes 100 specific sites.
compliance Retention Policies Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
For other workloads, see:
Teams chats messages, channel messages, and private channel messages can be deleted by using retention policies for Teams, and in addition to the text in the messages, the following items can be retained for compliance reasons: Embedded images, tables, hypertext links, links to other Teams messages and files, and [card content](/microsoftteams/platform/task-modules-and-cards/what-are-cards). Chat messages and private channel messages include all the names of the people in the conversation, and channel messages include the team name and the message title (if supplied).
-Code snippets, recorded voice memos from the Teams mobile client, thumbnails, announcement images, and reactions from others in the form of emoticons are not retained when you use retention policies for Teams.
+Code snippets, recorded voice memos from the Teams mobile client, thumbnails, announcement images, and reactions from others in the form of emoticons aren't retained when you use retention policies for Teams.
Emails and files that you use with Teams aren't included in retention policies for Teams. These items have their own retention policies.
Emails and files that you use with Teams aren't included in retention policies f
Use this section to understand how your compliance requirements are met by backend storage and processes, and should be verified by eDiscovery tools rather than by messages that are currently visible in the Teams app.
-You can use a retention policy to retain data from chats and channel messages in Teams, and delete these chats and messages. Behind the scenes, Exchange mailboxes are used to store data copied from these messages. Data from Teams chats is stored in a hidden folder in the mailbox of each user included in the chat, and a similar hidden folder in a group mailbox is used for Teams channel messages. These hidden folders are not designed to be directly accessible to users or administrators, but instead, store data that compliance administrators can search with eDiscovery tools.
+You can use a retention policy to retain data from chats and channel messages in Teams, and delete these chats and messages. Behind the scenes, Exchange mailboxes are used to store data copied from these messages. Data from Teams chats is stored in a hidden folder in the mailbox of each user included in the chat, and a similar hidden folder in a group mailbox is used for Teams channel messages. These hidden folders aren't designed to be directly accessible to users or administrators, but instead, store data that compliance administrators can search with eDiscovery tools.
These mailboxes are, listed by their RecipientTypeDetails attribute:
These mailboxes are, listed by their RecipientTypeDetails attribute:
- **GroupMailbox**: These mailboxes store message data for Teams standard channels. - **SubstrateGroup**: These mailboxes store message data for Teams shared channels.
-Other mailbox types, such as RoomMailbox that is used for Teams conference rooms, are not supported for Teams retention policies.
+Other mailbox types, such as RoomMailbox that is used for Teams conference rooms, aren't supported for Teams retention policies.
Teams uses an Azure-powered chat service as its primary storage for all messages (chats and channel messages). If you need to delete Teams messages for compliance reasons, retention policies for Teams can delete messages after a specified period, based on when they were created. Messages are then permanently deleted from both the Exchange mailboxes where they stored for compliance operations, and from the primary storage used by the underlying Azure-powered chat service. For more information about the underlying architecture, see [Security and compliance in Microsoft Teams](/MicrosoftTeams/security-compliance-overview) and specifically, the [Information Protection Architecture](/MicrosoftTeams/security-compliance-overview#information-protection-architecture) section.
-Although this data from Teams chats and channel messages are stored in mailboxes, you must configure a retention policy for the **Teams channel messages** and **Teams chats** locations. Teams chats and channel messages are not included in retention policies that are configured for Exchange user or group mailboxes. Similarly, retention policies for Teams don't affect other email items stored mailboxes.
+Although this data from Teams chats and channel messages are stored in mailboxes, you must configure a retention policy for the **Teams channel messages** and **Teams chats** locations. Teams chats and channel messages aren't included in retention policies that are configured for Exchange user or group mailboxes. Similarly, retention policies for Teams don't affect other email items stored mailboxes.
-If a user is added to a chat, a copy of all messages shared with them are ingested into their mailbox. The created date of those messages does not change for the new user and remains the same for all users.
+If a user is added to a chat, a copy of all messages shared with them are ingested into their mailbox. The created date of those messages doesn't change for the new user and remains the same for all users.
> [!NOTE] > If a user is included in an active retention policy that retains Teams messages and you delete a mailbox of a user who is included in this policy, the mailbox is converted into an [inactive mailbox](inactive-mailboxes-in-office-365.md) to retain the Teams data. If you don't need to retain this Teams data for the user, exclude the user account from the retention policy and [wait for this change to take effect](create-retention-policies.md#how-long-it-takes-for-retention-policies-to-take-effect) before you delete their mailbox.
-After a retention policy is configured for chat and channel messages, a timer job from the Exchange service periodically evaluates items in the hidden mailbox folder where these Teams messages are stored. The timer job typically takes 1-7 days to run. When these items have expired their retention period, they are moved to the SubstrateHolds folderΓÇöanother hidden folder that's in every user or group mailbox to store "soft-deleted" items before they are permanently deleted.
+After a retention policy is configured for chat and channel messages, a timer job from the Exchange service periodically evaluates items in the hidden mailbox folder where these Teams messages are stored. The timer job typically takes 1-7 days to run. When these items have expired their retention period, they are moved to the SubstrateHolds folderΓÇöanother hidden folder that's in every user or group mailbox to store "soft-deleted" items before they're permanently deleted.
-Messages remain in the SubstrateHolds folder for at least 1 day, and then if they are eligible for deletion, the timer job permanently deletes them the next time it runs.
+Messages remain in the SubstrateHolds folder for at least 1 day, and then if they're eligible for deletion, the timer job permanently deletes them the next time it runs.
> [!IMPORTANT]
-> Because of the [first principle of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) and since Teams chat and channel messages are stored in Exchange Online mailboxes, permanent deletion from the SubstrateHolds folder is always suspended if the mailbox is affected by another retention policy (including policies applied to the Exchange location), litigation hold, delay hold, or if an eDiscovery hold is applied to the mailbox for legal or investigative reasons.
+> Because of the [first principle of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) and since Teams chat and channel messages are stored in Exchange Online mailboxes, permanent deletion from the SubstrateHolds folder is always suspended if the mailbox is affected by another retention policy for the same location, Litigation Hold, delay hold, or if an eDiscovery hold is applied to the mailbox for legal or investigative reasons.
> > While the mailbox is included in an applicable hold, Teams chat and channel messages that have been deleted will no longer be visible in the Teams app but will continue to be discoverable with eDiscovery.
For the two paths in the diagram:
1. **If a chat or channel message is edited or deleted** by a user during the retention period, the original message is copied (if edited) or moved (if deleted) to the SubstrateHolds folder. The message is stored there for at least 1 day. When the retention period expires, the message is permanently deleted the next time the timer job runs (typically between 1-7 days).
-2. **If a chat or channel message is not deleted** by a user and for current messages after editing, the message is moved to the SubstrateHolds folder after the retention period expires. This action typically takes between 1-7 days from the expiry date. When the message is in the SubstrateHolds folder, it is stored there for at least 1 day, and then the message is permanently deleted the next time the timer job runs (typically between 1-7 days).
+2. **If a chat or channel message is not deleted** by a user and for current messages after editing, the message is moved to the SubstrateHolds folder after the retention period expires. This action typically takes between 1-7 days from the expiry date. When the message is in the SubstrateHolds folder, it's stored there for at least 1 day, and then the message is permanently deleted the next time the timer job runs (typically between 1-7 days).
> [!NOTE] > Messages stored in mailboxes, including the hidden folders, are searchable by eDiscovery tools. Until messages are permanently deleted from the SubstrateHolds folder, they remain searchable by eDiscovery tools.
Use the following examples to see how the processes and timings explained in the
- [Example 2: Retain for 30 days and then delete](#example-2-retain-for-30-days-and-then-delete) - [Example 3: Delete-only after 1 day](#example-3-delete-only-after-1-day)
-For all examples that refer to permanent deletion, because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), this action is suspended if the message is subject to another retention policy to retain the item or it is subject to an eDiscovery hold.
+For all examples that refer to permanent deletion, because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), this action is suspended if the message is subject to another retention policy to retain the item or it's subject to an eDiscovery hold.
##### Example 1: Retain-only for 7 years
Impromptu and scheduled meeting messages are stored in the same way as group cha
When external users are included in a meeting that your organization hosts: -- If an external user joins by using a guest account in your tenant, any messages from the meeting are stored in both your users' mailbox and a shadow mailbox that's granted to the guest account. However, retention policies are not supported for shadow mailboxes, even though they can be reported as included in a retention policy for the entire location (sometimes known as an "organization-wide policy").
+- If an external user joins by using a guest account in your tenant, any messages from the meeting are stored in both your users' mailbox and a shadow mailbox that's granted to the guest account. However, retention policies aren't supported for shadow mailboxes, even though they can be reported as included in a retention policy for the entire location (sometimes known as an "organization-wide policy").
-- If an external user joins by using an account from another Microsoft 365 organization, your retention policies can't delete messages for this user because they are stored in that user's mailbox in another tenant. For the same meeting however, your retention policies can delete messages for your users.
+- If an external user joins by using an account from another Microsoft 365 organization, your retention policies can't delete messages for this user because they're stored in that user's mailbox in another tenant. For the same meeting however, your retention policies can delete messages for your users.
## When a user leaves the organization
compliance Retention Policies Yammer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-yammer.md
Yammer user messages and community messages can be deleted by using retention po
User messages include all the names of the people in the conversation, and community messages include the community name and the message title (if supplied).
-Reactions from others in the form of emoticons are not retained when you use retention policies for Yammer.
+Reactions from others in the form of emoticons aren't retained when you use retention policies for Yammer.
Files that you use with Yammer aren't included in retention policies for Yammer. These items have their own retention policies.
Use this section to understand how your compliance requirements are met by backe
You can use a retention policy to retain data from community messages and user messages in Yammer, and delete these messages. Behind the scenes, Exchange mailboxes are used to store data copied from these messages. Data from Yammer user messages is stored in a hidden folder in the mailbox of each user included in the user message, and a similar hidden folder in a group mailbox is used for community messages.
-Copies of community messages can also be stored in the hidden folder of user mailboxes when they @ mention users or notify the user of a reply. Although these messages originate as a community message, a retention policy for Yammer user messages will often include copies of community messages. As a result, user messages are not restricted to private messages.
+Copies of community messages can also be stored in the hidden folder of user mailboxes when they @ mention users or notify the user of a reply. Although these messages originate as a community message, a retention policy for Yammer user messages will often include copies of community messages. As a result, user messages aren't restricted to private messages.
-These hidden folders are not designed to be directly accessible to users or administrators, but instead, store data that compliance administrators can search with eDiscovery tools.
+These hidden folders aren't designed to be directly accessible to users or administrators, but instead, store data that compliance administrators can search with eDiscovery tools.
Even though they are stored in Exchange, Yammer messages are only included in a retention policy that's configured for the **Yammer community messages** or **Yammer user messages** locations. > [!NOTE] > If a user is included in an active retention policy that retains Yammer data and you a delete a mailbox of a user who is included in this policy, to retain the Yammer data, the mailbox is converted into an [inactive mailbox](inactive-mailboxes-in-office-365.md). If you don't need to retain this Yammer data for the user, exclude the user account from the retention policy before you delete their mailbox.
-After a retention policy is configured for Yammer messages, a timer job from the Exchange service periodically evaluates items in the hidden folder where these Yammer messages are stored. The timer job takes up to seven days to run. When these items have expired their retention period, they are moved to the SubstrateHolds folderΓÇöa hidden folder that's in every user or group mailbox to store "soft-deleted" items before they are permanently deleted.
+After a retention policy is configured for Yammer messages, a timer job from the Exchange service periodically evaluates items in the hidden folder where these Yammer messages are stored. The timer job takes up to seven days to run. When these items have expired their retention period, they're moved to the SubstrateHolds folderΓÇöa hidden folder that's in every user or group mailbox to store "soft-deleted" items before they're permanently deleted.
> [!IMPORTANT]
-> Because of the [first principle of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) and since Yammer messages are stored in Exchange Online mailboxes, permanent deletion from the SubstrateHolds folder is always suspended if the mailbox is affected by another retention policy (including policies applied to the Exchange location), litigation hold, delay hold, or if an eDiscovery hold is applied to the mailbox for legal or investigative reasons.
+> Because of the [first principle of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) and since Yammer messages are stored in Exchange Online mailboxes, permanent deletion from the SubstrateHolds folder is always suspended if the mailbox is affected by another retention policy for the same location, Litigation Hold, delay hold, or if an eDiscovery hold is applied to the mailbox for legal or investigative reasons.
> > While the mailbox is included in an applicable hold, Yammer messages that have been deleted will no longer be visible in Yammer but will continue to be discoverable with eDiscovery.
For the two paths in the diagram:
1. **If a Yammer message is edited or deleted** by the user during the retention period, the original message is immediately copied (if edited) or moved (if deleted) to the SubstrateHolds folder. The message is stored there until the retention period expires and then the message is immediately permanently deleted.
-2. **If a Yammer message is not deleted** and for current messages after editing, the message is moved to the SubstrateHolds folder after the retention period expires. This action takes up to seven days from the expiry date. When the message is in the SubstrateHolds folder, it is then immediately permanently deleted.
+2. **If a Yammer message is not deleted** and for current messages after editing, the message is moved to the SubstrateHolds folder after the retention period expires. This action takes up to seven days from the expiry date. When the message is in the SubstrateHolds folder, it's then immediately permanently deleted.
> [!NOTE] > Messages in the SubstrateHolds folder are searchable by eDiscovery tools. Until messages are permanently deleted (in the SubstrateHolds folder), they remain searchable by eDiscovery tools.
When the retention policy is retain-only, or delete-only, the content's paths ar
1. **If the Yammer message is not deleted** during the retention period: At the end of the retention period, the message is moved to the SubstrateHolds folder. This action takes up to seven days from the expiry date. Then the message is immediately permanently deleted from the SubstrateHolds folder.
-2. **If the Yammer message is deleted by the user** during the period, the item is immediately moved to the SubstrateHolds folder where it is immediately permanently deleted.
+2. **If the Yammer message is deleted by the user** during the period, the item is immediately moved to the SubstrateHolds folder where it's immediately permanently deleted.
#### Example flows and timings for retention policies
Use the following examples to see how the processes and timings explained in the
- [Example 2: Retain for 30 days and then delete](#example-2-retain-for-30-days-and-then-delete) - [Example 3: Delete-only after 1 day](#example-3-delete-only-after-1-day)
-For all examples that refer to permanent deletion, because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), this action is suspended if the message is subject to another retention policy to retain the item or it is subject to an eDiscovery hold.
+For all examples that refer to permanent deletion, because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), this action is suspended if the message is subject to another retention policy to retain the item or it's subject to an eDiscovery hold.
##### Example 1: Retain-only for 7 years
compliance Sit Get Started Exact Data Match Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-test.md
Once you're satisfied with the results of your testing and tuning, your EDM base
If you don't find any matches, here are some troubleshooting tips. - |Issue |Troubleshooting tip | ||| |No matches found | Confirm that your sensitive data was uploaded correctly using the commands explained in [Hash and upload the sensitive information source table for exact data match sensitive information types](sit-get-started-exact-data-match-hash-upload.md#hash-and-upload-the-sensitive-information-source-table-for-exact-data-match-sensitive-information-types)|
compliance View The Dlp Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/view-the-dlp-reports.md
description: Use the DLP reports in Office 365 to view the number of DLP policy
[!include[Purview banner](../includes/purview-rebrand-banner.md)]
-After you create your Microsoft Purview data loss prevention (DLP) policies, you'll want to verify that they're working as you intended and helping you to stay compliant. With the DLP reports in the Security &amp; Compliance Center, you can quickly view:
+After you create your Microsoft Purview data loss prevention (DLP) policies, you'll want to verify that they're working as you intended and helping you to stay compliant. With the DLP reports in the Microsoft Purview compliance portal, you can quickly view:
- **DLP policy matches** This report shows the count of DLP policy matches over time. You can filter the report by date, location, policy, or action. You can use this report to:
After you create your Microsoft Purview data loss prevention (DLP) policies, you
All DLP reports can show data from the most recent four-month time period. The most recent data can take up to 24 hours to appear in the reports.
-You can find these reports in the Security &amp; Compliance Center \> **Reports** \> **Dashboard**.
+You can find these reports in the Microsoft Purview compliance portal \> **Reports** \> **Dashboard**.
![DLP policy matches report.](../media/117d20c9-d379-403f-ad68-1f5cd6c4e5cf.png)
To view DLP reports in the Security & Compliance Center, you have to be assigned
## Find the cmdlets for the DLP reports
-To use most of the cmdlets for the Security &amp; Compliance Center, you need to:
+To use most of the cmdlets for the Microsoft Purview compliance portal, you need to:
-1. [Connect to the Security &amp; Compliance Center using remote PowerShell](/powershell/exchange/connect-to-scc-powershell)
+1. [Connect to the Microsoft Purview compliance portal using remote PowerShell](/powershell/exchange/connect-to-scc-powershell)
2. Use any of these [Security &amp; Compliance Center cmdlets](/powershell/exchange/exchange-online-powershell)
-However, DLP reports need pull data from across Office 365, including Exchange Online. For this reason, the cmdlets for the DLP reports are available in Exchange Online PowershellΓÇönot in Security &amp; Compliance Center Powershell. Therefore, to use the cmdlets for the DLP reports, you need to:
+However, DLP reports need pull data from across Office 365, including Exchange Online. For this reason, the cmdlets for the DLP reports are available in Exchange Online PowershellΓÇönot in Microsoft Purview compliance portal Powershell. Therefore, to use the cmdlets for the DLP reports, you need to:
1. [Connect to Exchange Online using remote PowerShell](/powershell/exchange/connect-to-exchange-online-powershell)
compliance What The Dlp Policy Templates Include https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/what-the-dlp-policy-templates-include.md
search.appverid:
- seo-marvel-apr2020 recommendations: false
-description: Learn what the data loss prevention (DLP) policy templates in the Office 365 Security & Compliance Center include.
+description: Learn what the data loss prevention (DLP) policy templates in the Microsoft Purview compliance portal include.
# What the DLP policy templates include [!include[Purview banner](../includes/purview-rebrand-banner.md)]
-Microsoft Purview Data loss prevention (DLP) in the Security &amp; Compliance Center includes ready-to-use policy templates that address common compliance requirements, such as helping you to protect sensitive information subject to the U.S. Health Insurance Act (HIPAA), U.S. Gramm-Leach-Bliley Act (GLBA), or U.S. Patriot Act. This topic lists all of the policy templates, what types of sensitive information they look for, and what the default conditions and actions are. This topic does not include every detail of how each policy template is configured; instead, the topic presents with you enough information to help you decide which template is the best starting point for your scenario. Remember, you can customize these policy templates to meet your specific requirements.
+Microsoft Purview Data Loss Prevention (DLP) in the Microsoft Purview compliance portal includes ready-to-use policy templates that address common compliance requirements, such as helping you to protect sensitive information subject to the U.S. Health Insurance Act (HIPAA), U.S. Gramm-Leach-Bliley Act (GLBA), or U.S. Patriot Act. This article lists all of the policy templates, what types of sensitive information they look for, and what the default conditions and actions are. This article doesn't include every detail of how each policy template is configured; instead, the article presents with you enough information to help you decide which template is the best starting point for your scenario. Remember, you can customize these policy templates to meet your specific requirements.
## Australia Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Australia Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> SWIFT Code ΓÇö Min count 1, Max count 9 <br/> Australia Tax File Number ΓÇö Min count 1, Max count 9 <br/> Australia Bank Account Number ΓÇö Min count 1, Max count 9 <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Australia Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> Australia Tax File Number ΓÇö Min count 10, Max count 500 <br/> Australia Bank Account Number ΓÇö Min count 10, Max count 500 <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Australia Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> SWIFT Code - Min count 1, Max count 9 <br/> Australia Tax File Number - Min count 1, Max count 9 <br/> Australia Bank Account Number - Min count 1, Max count 9 <br/> Credit Card Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Australia Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> SWIFT Code - Min count 10, Max count 500 <br/> Australia Tax File Number - Min count 10, Max count 500 <br/> Australia Bank Account Number - Min count 10, Max count 500 <br/> Credit Card Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Australia Health Records Act (HRIP Act) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Australia HRIP: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Australia Tax File Number ΓÇö Min count 1, Max count 9 <br/> Australia Medical Account Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Australia HRIP: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Australia Tax File Number ΓÇö Min count 10, Max count 500 <br/> Australia Medical Account Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Australia HRIP: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Australia Tax File Number - Min count 1, Max count 9 <br/> Australia Medical Account Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Australia HRIP: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Australia Tax File Number - Min count 10, Max count 500 <br/> Australia Medical Account Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Australia Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Australia PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Australia Tax File Number ΓÇö Min count 1, Max count 9 <br/> Australia Driver's License Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Australia PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Australia Tax File Number ΓÇö Min count 10, Max count 500 <br/> Australia Driver's License Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Australia PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Australia Tax File Number - Min count 1, Max count 9 <br/> Australia Driver's License Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Australia PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Australia Tax File Number - Min count 10, Max count 500 <br/> Australia Driver's License Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Australia Privacy Act |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Australia Privacy: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Australia Driver's License Number ΓÇö Min count 1, Max count 9 <br/> Australia Passport Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Australia Privacy: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Australia Driver's License Number ΓÇö Min count 10, Max count 500 <br/> Australia Passport Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Australia Privacy: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Australia Driver's License Number - Min count 1, Max count 9 <br/> Australia Passport Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Australia Privacy: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Australia Driver's License Number - Min count 10, Max count 500 <br/> Australia Passport Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Canada Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Canada Financial Data: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> Canada Bank Account Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Canada Financial Data: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> Canada Bank Account Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Canada Financial Data: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> Canada Bank Account Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Canada Financial Data: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> Canada Bank Account Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Canada Health Information Act (HIA) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Canada HIA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Passport Number ΓÇö Min count 1, Max count 9 <br/> Canada Social Insurance Number ΓÇö Min count 1, Max count 9 <br/> Canada Health Service Number ΓÇö Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Canada HIA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Passport Number ΓÇö Min count 10, Max count 500 <br/> Canada Social Insurance Number ΓÇö Min count 10, Max count 500 <br/> Canada Health Service Number ΓÇö Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Canada HIA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Passport Number - Min count 1, Max count 9 <br/> Canada Social Insurance Number - Min count 1, Max count 9 <br/> Canada Health Service Number - Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Canada HIA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Passport Number - Min count 10, Max count 500 <br/> Canada Social Insurance Number - Min count 10, Max count 500 <br/> Canada Health Service Number - Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Canada Personal Health Act (PHIPA) - Ontario |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Canada PHIPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Passport Number ΓÇö Min count 1, Max count 9 <br/> Canada Social Insurance Number ΓÇö Min count 1, Max count 9 <br/> Canada Health Service Number ΓÇö Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Canada PHIPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Passport Number ΓÇö Min count 10, Max count 500 <br/> Canada Social Insurance Number ΓÇö Min count 10, Max count 500 <br/> Canada Health Service Number ΓÇö Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Canada PHIPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Passport Number - Min count 1, Max count 9 <br/> Canada Social Insurance Number - Min count 1, Max count 9 <br/> Canada Health Service Number - Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Canada PHIPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Passport Number - Min count 10, Max count 500 <br/> Canada Social Insurance Number - Min count 10, Max count 500 <br/> Canada Health Service Number - Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Canada Personal Health Information Act (PHIA) - Manitoba |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Canada PHIA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Social Insurance Number ΓÇö Min count 1, Max count 9 <br/> Canada Health Service Number ΓÇö Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Canada PHIA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Social Insurance Number ΓÇö Min count 10, Max count 500 <br/> Canada Health Service Number ΓÇö Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Canada PHIA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Social Insurance Number - Min count 1, Max count 9 <br/> Canada Health Service Number - Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Canada PHIA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Social Insurance Number - Min count 10, Max count 500 <br/> Canada Health Service Number - Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Canada Personal Information Protection Act (PIPA) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Canada PIPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Passport Number ΓÇö Min count 1, Max count 9 <br/> Canada Social Insurance Number ΓÇö Min count 1, Max count 9 <br/> Canada Health Service Number ΓÇö Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Canada PIPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Passport Number ΓÇö Min count 10, Max count 500 <br/> Canada Social Insurance Number ΓÇö Min count 10, Max count 500 <br/> Canada Health Service Number ΓÇö Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Canada PIPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Passport Number - Min count 1, Max count 9 <br/> Canada Social Insurance Number - Min count 1, Max count 9 <br/> Canada Health Service Number - Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Canada PIPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Passport Number - Min count 10, Max count 500 <br/> Canada Social Insurance Number - Min count 10, Max count 500 <br/> Canada Health Service Number - Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Canada Personal Information Protection Act (PIPEDA) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Canada PIPEDA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number ΓÇö Min count 1, Max count 9 <br/> Canada Bank Account Number ΓÇö Min count 1, Max count 9 <br/> Canada Passport Number ΓÇö Min count 1, Max count 9 <br/> Canada Social Insurance Number ΓÇö Min count 1, Max count 9 <br/> Canada Health Service Number ΓÇö Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Canada PIPEDA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number ΓÇö Min count 10, Max count 500 <br/> Canada Bank Account Number ΓÇö Min count 10, Max count 500 <br/> Canada Passport Number ΓÇö Min count 10, Max count 500 <br/> Canada Social Insurance Number ΓÇö Min count 10, Max count 500 <br/> Canada Health Service Number ΓÇö Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Canada PIPEDA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number - Min count 1, Max count 9 <br/> Canada Bank Account Number - Min count 1, Max count 9 <br/> Canada Passport Number - Min count 1, Max count 9 <br/> Canada Social Insurance Number - Min count 1, Max count 9 <br/> Canada Health Service Number - Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Canada PIPEDA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number - Min count 10, Max count 500 <br/> Canada Bank Account Number - Min count 10, Max count 500 <br/> Canada Passport Number - Min count 10, Max count 500 <br/> Canada Social Insurance Number - Min count 10, Max count 500 <br/> Canada Health Service Number - Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Canada Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Canada PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number ΓÇö Min count 1, Max count 9 <br/> Canada Bank Account Number ΓÇö Min count 1, Max count 9 <br/> Canada Passport Number ΓÇö Min count 1, Max count 9 <br/> Canada Social Insurance Number ΓÇö Min count 1, Max count 9 <br/> Canada Health Service Number ΓÇö Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Canada PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number ΓÇö Min count 10, Max count 500 <br/> Canada Bank Account Number ΓÇö Min count 10, Max count 500 <br/> Canada Passport Number ΓÇö Min count 10, Max count 500 <br/> Canada Social Insurance Number ΓÇö Min count 10, Max count 500 <br/> Canada Health Service Number ΓÇö Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Canada PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number - Min count 1, Max count 9 <br/> Canada Bank Account Number - Min count 1, Max count 9 <br/> Canada Passport Number - Min count 1, Max count 9 <br/> Canada Social Insurance Number - Min count 1, Max count 9 <br/> Canada Health Service Number - Min count 1, Max count 9 <br/> Canada Personal Health Identification Number (PHIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Canada PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Canada Driver's License Number - Min count 10, Max count 500 <br/> Canada Bank Account Number - Min count 10, Max count 500 <br/> Canada Passport Number - Min count 10, Max count 500 <br/> Canada Social Insurance Number - Min count 10, Max count 500 <br/> Canada Health Service Number - Min count 10, Max count 500 <br/> Canada Personal Health Identification Number (PHIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## France Data Protection Act |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|France DPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> France National ID Card (CNI) ΓÇö Min count 1, Max count 9 <br/> France Social Security Number (INSEE) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|France DPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> France National ID Card (CNI) ΓÇö Min count 10, Max count 500 <br/> France Social Security Number (INSEE) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|France DPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> France National ID Card (CNI) - Min count 1, Max count 9 <br/> France Social Security Number (INSEE) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|France DPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> France National ID Card (CNI) - Min count 10, Max count 500 <br/> France Social Security Number (INSEE) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## France Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|France Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> EU Debit Card Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|France Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> EU Debit Card Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|France Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> EU Debit Card Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|France Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> EU Debit Card Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## France Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|France PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> France Social Security Number (INSEE) ΓÇö Min count 1, Max count 9 <br/> France Driver's License Number ΓÇö Min count 1, Max count 9 <br/> France Passport Number ΓÇö Min count 1, Max count 9 <br/> France National ID Card (CNI) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|France PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> France Social Security Number (INSEE) ΓÇö Min count 10, Max count 500 <br/> France Driver's License Number ΓÇö Min count 10, Max count 500 <br/> France Passport Number ΓÇö Min count 10, Max count 500 <br/> France National ID Card (CNI) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|France PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> France Social Security Number (INSEE) - Min count 1, Max count 9 <br/> France Driver's License Number - Min count 1, Max count 9 <br/> France Passport Number - Min count 1, Max count 9 <br/> France National ID Card (CNI) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|France PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> France Social Security Number (INSEE) - Min count 10, Max count 500 <br/> France Driver's License Number - Min count 10, Max count 500 <br/> France Passport Number - Min count 10, Max count 500 <br/> France National ID Card (CNI) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## General Data Protection Regulation (GDPR) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Low volume EU Sensitive content found <br/> | Content contains sensitive information: <br/> EU Debit Card Number ΓÇö Min count 1, Max count 9 <br/> EU Driver's License Number ΓÇö Min count 1, Max count 9 <br/> EU National Identification Number ΓÇö Min count 1, Max count 9 <br/> EU Passport Number ΓÇö Min count 1, Max count 9 <br/> EU Social Security Number (SSN) or Equivalent ID ΓÇö Min count 1, Max count 9 <br/> EU Tax Identification Number (TIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send incident reports to Administrator <br/> |
-|High volume of EU Sensitive content found <br/> | Content contains sensitive information: <br/> EU Debit Card Number ΓÇö Min count 10, Max count 500 <br/> EU Driver's License Number ΓÇö Min count 10, Max count 500 <br/> EU National Identification Number ΓÇö Min count 10, Max count 500 <br/> EU Passport Number ΓÇö Min count 10, Max count 500 <br/> EU Social Security Number (SSN) or Equivalent ID ΓÇö Min count 10, Max count 500 <br/> EU Tax Identification Number (TIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Restrict access to the content for external users <br/> Notify users with email and policy tips <br/> Allow override <br/> Require business justification <br/> Send incident reports to Administrator <br/> |
+|Low volume EU Sensitive content found <br/> | Content contains sensitive information: <br/> EU Debit Card Number - Min count 1, Max count 9 <br/> EU Driver's License Number - Min count 1, Max count 9 <br/> EU National Identification Number - Min count 1, Max count 9 <br/> EU Passport Number - Min count 1, Max count 9 <br/> EU Social Security Number (SSN) or Equivalent ID - Min count 1, Max count 9 <br/> EU Tax Identification Number (TIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send incident reports to Administrator <br/> |
+|High volume of EU Sensitive content found <br/> | Content contains sensitive information: <br/> EU Debit Card Number - Min count 10, Max count 500 <br/> EU Driver's License Number - Min count 10, Max count 500 <br/> EU National Identification Number - Min count 10, Max count 500 <br/> EU Passport Number - Min count 10, Max count 500 <br/> EU Social Security Number (SSN) or Equivalent ID - Min count 10, Max count 500 <br/> EU Tax Identification Number (TIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Restrict access to the content for external users <br/> Notify users with email and policy tips <br/> Allow override <br/> Require business justification <br/> Send incident reports to Administrator <br/> |
## Germany Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Germany Financial Data: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> EU Debit Card Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Germany Financial Data: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> EU Debit Card Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Germany Financial Data: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> EU Debit Card Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Germany Financial Data: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> EU Debit Card Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Germany Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Germany PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> German Driver's License Number ΓÇö Min count 1, Max count 9 <br/> German Passport Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Germany PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> German Driver's License Number ΓÇö Min count 10, Max count 500 <br/> German Passport Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Germany PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> German Driver's License Number - Min count 1, Max count 9 <br/> German Passport Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Germany PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> German Driver's License Number - Min count 10, Max count 500 <br/> German Passport Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Israel Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Israel Financial Data: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Israel Bank Account Number ΓÇö Min count 1, Max count 9 <br/> SWIFT Code ΓÇö Min count 1, Max count 9 <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Israel Financial Data: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Israel Bank Account Number ΓÇö Min count 10, Max count 500 <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Israel Financial Data: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Israel Bank Account Number - Min count 1, Max count 9 <br/> SWIFT Code - Min count 1, Max count 9 <br/> Credit Card Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Israel Financial Data: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Israel Bank Account Number - Min count 10, Max count 500 <br/> SWIFT Code - Min count 10, Max count 500 <br/> Credit Card Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Israel Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Israel PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Israel National ID ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Israel PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Israel National ID ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Israel PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Israel National ID - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Israel PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Israel National ID - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Israel Protection of Privacy |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Israel Privacy: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Israel National ID ΓÇö Min count 1, Max count 9 <br/> Israel Bank Account Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Israel Privacy: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Israel National ID ΓÇö Min count 10, Max count 500 <br/> Israel Bank Account Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Israel Privacy: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Israel National ID - Min count 1, Max count 9 <br/> Israel Bank Account Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Israel Privacy: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Israel National ID - Min count 10, Max count 500 <br/> Israel Bank Account Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Japan Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Japan Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Japan Bank Account Number ΓÇö Min count 1, Max count 9 <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Japan Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Japan Bank Account Number ΓÇö Min count 10, Max count 500 <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Japan Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Japan Bank Account Number - Min count 1, Max count 9 <br/> Credit Card Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Japan Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Japan Bank Account Number - Min count 10, Max count 500 <br/> Credit Card Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Japan Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Japan PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number ΓÇö Min count 1, Max count 9 <br/> Japan Social Insurance Number (SIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Japan PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number ΓÇö Min count 10, Max count 500 <br/> Japan Social Insurance Number (SIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Japan PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number - Min count 1, Max count 9 <br/> Japan Social Insurance Number (SIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Japan PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number - Min count 10, Max count 500 <br/> Japan Social Insurance Number (SIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Japan Protection of Personal Information |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Japan PPI: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number ΓÇö Min count 1, Max count 9 <br/> Japan Social Insurance Number (SIN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Japan PPI: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number ΓÇö Min count 10, Max count 500 <br/> Japan Social Insurance Number (SIN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Japan PPI: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number - Min count 1, Max count 9 <br/> Japan Social Insurance Number (SIN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Japan PPI: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Japan Resident Registration Number - Min count 10, Max count 500 <br/> Japan Social Insurance Number (SIN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## PCI Data Security Standard (PCI DSS) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|PCI DSS: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|PCI DSS: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|PCI DSS: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|PCI DSS: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Saudi Arabia - Anti-Cyber Crime Law |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Saudi Arabia ACC: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> SWIFT Code ΓÇö Min count 1, Max count 9 <br/> International Banking Account Number (IBAN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Saudi Arabia ACC: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> International Banking Account Number (IBAN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Saudi Arabia ACC: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> SWIFT Code - Min count 1, Max count 9 <br/> International Banking Account Number (IBAN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Saudi Arabia ACC: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> SWIFT Code - Min count 10, Max count 500 <br/> International Banking Account Number (IBAN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Saudi Arabia Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Saudi Arabia Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> SWIFT Code ΓÇö Min count 1, Max count 9 <br/> International Banking Account Number (IBAN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Saudi Arabia Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> International Banking Account Number (IBAN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Saudi Arabia Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> SWIFT Code - Min count 1, Max count 9 <br/> International Banking Account Number (IBAN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Saudi Arabia Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> SWIFT Code - Min count 10, Max count 500 <br/> International Banking Account Number (IBAN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## Saudi Arabia Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Saudi Arabia PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Saudi Arabia National ID ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|Saudi Arabia PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Saudi Arabia National ID ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|Saudi Arabia PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Saudi Arabia National ID - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Saudi Arabia PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Saudi Arabia National ID - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.K. Access to Medical Reports Act |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.K. AMRA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Health Service Number ΓÇö Min count 1, Max count 9 <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.K. AMRA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Health Service Number ΓÇö Min count 10, Max count 500 <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.K. AMRA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Health Service Number - Min count 1, Max count 9 <br/> U.K. National Insurance Number (NINO) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.K. AMRA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Health Service Number - Min count 10, Max count 500 <br/> U.K. National Insurance Number (NINO) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.K. Data Protection Act |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.K. DPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 1, Max count 9 <br/> U.S. / U.K. Passport Number ΓÇö Min count 1, Max count 9 <br/> SWIFT Code ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.K. DPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 10, Max count 500 <br/> U.S. / U.K. Passport Number ΓÇö Min count 10, Max count 500 <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.K. DPA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) - Min count 1, Max count 9 <br/> U.S. / U.K. Passport Number - Min count 1, Max count 9 <br/> SWIFT Code - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.K. DPA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) - Min count 10, Max count 500 <br/> U.S. / U.K. Passport Number - Min count 10, Max count 500 <br/> SWIFT Code - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.K. Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.K. Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> EU Debit Card Number ΓÇö Min count 1, Max count 9 <br/> SWIFT Code ΓÇöMin count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.K. Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> EU Debit Card Number ΓÇö Min count 10, Max count 500 <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.K. Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> EU Debit Card Number - Min count 1, Max count 9 <br/> SWIFT Code -Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.K. Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> EU Debit Card Number - Min count 10, Max count 500 <br/> SWIFT Code - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.K. Personal Information Online Code of Practice (PIOCP) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.K. PIOCP: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 1, Max count 9 <br/> U.K. National Health Service Number ΓÇö Min count 1, Max count 9 <br/> SWIFT Code ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.K. PIOCP: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 10, Max count 500 <br/> U.K. National Health Service Number ΓÇö Min count 10, Max count 500 <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.K. PIOCP: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) - Min count 1, Max count 9 <br/> U.K. National Health Service Number - Min count 1, Max count 9 <br/> SWIFT Code - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.K. PIOCP: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) - Min count 10, Max count 500 <br/> U.K. National Health Service Number - Min count 10, Max count 500 <br/> SWIFT Code - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.K. Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.K. PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 1, Max count 9 <br/> U.S. / U.K. Passport Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.K. PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) ΓÇö Min count 10, Max count 500 <br/> U.S. / U.K. Passport Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.K. PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) - Min count 1, Max count 9 <br/> U.S. / U.K. Passport Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.K. PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.K. National Insurance Number (NINO) - Min count 10, Max count 500 <br/> U.S. / U.K. Passport Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.K. Privacy and Electronic Communications Regulations |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.K. PECR: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> SWIFT Code ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.K. PECR: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> SWIFT Code ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.K. PECR: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> SWIFT Code - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.K. PECR: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> SWIFT Code - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.S. Federal Trade Commission (FTC) Consumer Rules |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.S. FTC Rules: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> U.S. Bank Account Number ΓÇö Min count 1, Max count 9 <br/> ABA Routing Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.S. FTC Rules: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> U.S. Bank Account Number ΓÇö Min count 10, Max count 500 <br/> ABA Routing Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.S. FTC Rules: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> U.S. Bank Account Number - Min count 1, Max count 9 <br/> ABA Routing Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.S. FTC Rules: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> U.S. Bank Account Number - Min count 10, Max count 500 <br/> ABA Routing Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.S. Financial Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.S. Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> U.S. Bank Account Number ΓÇö Min count 1, Max count 9 <br/> ABA Routing Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.S. Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> U.S. Bank Account Number ΓÇö Min count 10, Max count 500 <br/> ABA Routing Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.S. Financial: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> U.S. Bank Account Number - Min count 1, Max count 9 <br/> ABA Routing Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.S. Financial: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> U.S. Bank Account Number - Min count 10, Max count 500 <br/> ABA Routing Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.S. Gramm-Leach-Bliley Act (GLBA) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.S. GLBA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> U.S. Bank Account Number ΓÇö Min count 1, Max count 9 <br/> U.S. Individual Taxpayer Identification Number (ITIN) ΓÇö Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.S. GLBA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> U.S. Bank Account Number ΓÇö Min count 10, Max count 500 <br/> U.S. Individual Taxpayer Identification Number (ITIN) ΓÇö Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.S. GLBA: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> U.S. Bank Account Number - Min count 1, Max count 9 <br/> U.S. Individual Taxpayer Identification Number (ITIN) - Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.S. GLBA: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> U.S. Bank Account Number - Min count 10, Max count 500 <br/> U.S. Individual Taxpayer Identification Number (ITIN) - Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.S. Health Insurance Act (HIPAA) |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|Content matches U.S. HIPAA <br/> | Contains any of the following sensitive information: <br/> U.S. Social Security Number (SSN) ΓÇö Min count 1, Max count any <br/> Drug Enforcement Agency (DEA) Number ΓÇö Min count 1, Max count any <br/> **AND** <br/> Content contains any of these terms: <br/> International Classification of Diseases (ICD-9-CM) ΓÇö Min count 1, Max count any <br/> International Classification of Diseases (ICD-10-CM) ΓÇö Min count 1, Max count any <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|Content matches U.S. HIPAA <br/> | Contains any of the following sensitive information: <br/> U.S. Social Security Number (SSN) - Min count 1, Max count any <br/> Drug Enforcement Agency (DEA) Number - Min count 1, Max count any <br/> **AND** <br/> Content contains any of these terms: <br/> International Classification of Diseases (ICD-9-CM) - Min count 1, Max count any <br/> International Classification of Diseases (ICD-10-CM) - Min count 1, Max count any <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
## U.S. Patriot Act |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.S. Patriot Act: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> U.S. Bank Account Number ΓÇö Min count 1, Max count 9 <br/> U.S. Individual Taxpayer Identification Number (ITIN) ΓÇö Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.S. Patriot Act: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> U.S. Bank Account Number ΓÇö Min count 10, Max count 500 <br/> U.S. Individual Taxpayer Identification Number (ITIN) ΓÇö Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.S. Patriot Act: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> U.S. Bank Account Number - Min count 1, Max count 9 <br/> U.S. Individual Taxpayer Identification Number (ITIN) - Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.S. Patriot Act: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> U.S. Bank Account Number - Min count 10, Max count 500 <br/> U.S. Individual Taxpayer Identification Number (ITIN) - Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.S. Personally Identifiable Information (PII) Data |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.S. PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.S. Individual Taxpayer Identification Number (ITIN) ΓÇö Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 1, Max count 9 <br/> U.S. / U.K. Passport Number ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.S. PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.S. Individual Taxpayer Identification Number (ITIN) ΓÇö Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 10, Max count 500 <br/> U.S. / U.K. Passport Number ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.S. PII: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.S. Individual Taxpayer Identification Number (ITIN) - Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) - Min count 1, Max count 9 <br/> U.S. / U.K. Passport Number - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.S. PII: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.S. Individual Taxpayer Identification Number (ITIN) - Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) - Min count 10, Max count 500 <br/> U.S. / U.K. Passport Number - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.S. State Breach Notification Laws |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.S. State Breach: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 1, Max count 9 <br/> U.S. Bank Account Number ΓÇö Min count 1, Max count 9 <br/> U.S. Driver's License Number ΓÇö Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.S. State Breach: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number ΓÇö Min count 10, Max count 500 <br/> U.S. Bank Account Number ΓÇö Min count 10, Max count 500 <br/> U.S. Driver's License Number ΓÇö Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.S. State Breach: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 1, Max count 9 <br/> U.S. Bank Account Number - Min count 1, Max count 9 <br/> U.S. Driver's License Number - Min count 1, Max count 9 <br/> U.S. Social Security Number (SSN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.S. State Breach: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> Credit Card Number - Min count 10, Max count 500 <br/> U.S. Bank Account Number - Min count 10, Max count 500 <br/> U.S. Driver's License Number - Min count 10, Max count 500 <br/> U.S. Social Security Number (SSN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
## U.S. State Social Security Number Confidentiality Laws |**Rule name**|**Conditions <br/> (including sensitive information types)**|**Actions**| |:--|:--|:--|
-|U.S. SSN Laws: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.S. Social Security Number (SSN) ΓÇö Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
-|U.S. SSN Laws: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.S. Social Security Number (SSN) ΓÇö Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
+|U.S. SSN Laws: Scan content shared outside - low count <br/> | Content contains sensitive information: <br/> U.S. Social Security Number (SSN) - Min count 1, Max count 9 <br/> Content is shared with: <br/> People outside my organization <br/> |Send a notification <br/> |
+|U.S. SSN Laws: Scan content shared outside - high count <br/> | Content contains sensitive information: <br/> U.S. Social Security Number (SSN) - Min count 10, Max count 500 <br/> Content is shared with: <br/> People outside my organization <br/> | Block access to content <br/> Send a notification <br/> Allow override <br/> Require business justification <br/> Send incident report <br/> |
contentunderstanding Adoption Assessment Tool https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/adoption-assessment-tool.md
The assessment report includes the following information:
- **Libraries with custom content types** ΓÇô Identify libraries using custom content types, where SharePoint Syntex models can be used to automatically categorize files. -- **Content type usage** ΓÇô Identify patterns of content type usage, to target Sharepoint Syntex models where they'll have the maximum benefit.
+- **Content type usage** ΓÇô Identify patterns of content type usage, to target SharePoint Syntex models where they'll have the maximum benefit.
- **Libraries with retention labels** ΓÇô Identify libraries where retention labels are used, where SharePoint Syntex can be used to automate and improve consistency.
contentunderstanding Content Assembly https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/content-assembly.md
With content assembly, you can use an existing document to create a *modern temp
Follow these steps to create a modern template.
-1. From a Sharepoint document library, select **New** > **Create modern template**.
+1. From a SharePoint document library, select **New** > **Create modern template**.
![Screenshot of document library with the Create modern template option highlighted.](../media/content-understanding/content-assembly-create-template-1.png)
You can create as many placeholders as you think are necessary. When you're done
If you need to edit an existing template or to delete or unpublish a template, follow these steps.
-1. From a Sharepoint document library, select **New** > **Edit New menu**.
+1. From a SharePoint document library, select **New** > **Edit New menu**.
![Screenshot of document library with the Edit New menu option highlighted.](../media/content-understanding/content-assembly-edit-template-1.png)
If you need to edit an existing template or to delete or unpublish a template, f
You can use a *published* modern template to quickly create similar documents without having to start from scratch. To create a document using a published template, follow these steps:
-1. From a Sharepoint document library, select **New**, and then select the modern template you want to use.
+1. From a SharePoint document library, select **New**, and then select the modern template you want to use.
![Screenshot of document library showing the modern template choices on the New menu.](../media/content-understanding/content-assembly-create-document-1.png)
contentunderstanding Model Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/model-usage-analytics.md
Your SharePoint Syntex content center provides you model usage analytics to prov
### Roll up of model usage data in the default content center
-In SharePoint Syntex, the default content center is created during setup. Additional content centers can also be created as needed. For example, departments might create their own content centers to create and manage their models.
+In SharePoint Syntex, the default content center is created during setup. More content centers can also be created as needed. For example, departments might create their own content centers to create and manage their models.
-In regards to model usage analytics, note that:
+Regarding model usage analytics, note that:
-- Your default content center will show model usage analytics for all content centers and models in your org, including ones created in additional content centers. This gives content managers and other stakeholders a centralized portal to manage and oversee the content centers and models across the company. -- Other content centers will only show model usage analytics for the models that were created in them. This gives content managers insights into usage data for only the models they are concerned with.
+- Your default content center will show model usage analytics for all content centers and models in your org, including ones created in other content centers. This gives content managers and other stakeholders a centralized portal to manage and oversee the content centers and models across the company.
+- Other content centers will only show model usage analytics for the models that were created in them. This gives content managers insights into usage data for only the models they're concerned with.
## Classification by model
contentunderstanding Term Store Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/term-store-analytics.md
View the distribution of open and closed term sets. This is useful if you want t
### Terms without synonyms
-View the number of terms in each of the added working languages that do not have synonyms defined. This is useful to help identify languages where you want to define synonyms. Synonyms help end users disambiguate and find the correct terms to tag their content.
+View the number of terms in each of the added working languages that don't have synonyms defined. This is useful to help identify languages where you want to define synonyms. Synonyms help end users disambiguate and find the correct terms to tag their content.
## See also
contentunderstanding Trial Syntex https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/trial-syntex.md
To successfully plan a SharePoint Syntex trial, consider the following factors:
A test or demo tenant can be used as a ΓÇ£dry runΓÇ¥ to walk through the activation steps and administrative controls. But it's probably best to evaluate model building on a production tenant.
-To maximize the value of a trial on a production tenant, planning and business engagement are essential. You should engage one or more business areas to identify three-to-six use cases that could potentially be addressed by SharePoint Syntex. These use cases should:
+To maximize the value of a trial on a production tenant, planning and business engagement are essential. You should engage one or more business areas to identify three to six use cases that could potentially be addressed by SharePoint Syntex. These use cases should:
-- Include scenarios that could be solved by either the forms processing or document understanding model.
+- Include scenarios that could be solved by either the form processing or document understanding model.
- Have a clear understanding of the purpose for any extracted metadata; for example, view formatting or automation by using Power Automate. While SharePoint Syntex is focused on classifying documents and extracting metadata, the value to quantify is what this metadata enables. - Be based on a defined set of data; for example, specific SharePoint sites or libraries. A common misconception of SharePoint Syntex is that general purpose models can be applied across all organization content. A more accurate view is that models are built to help solve specific business problems in targeted locations.
When you initiate a trial, you need to:
- Assign licenses to the relevant users. - Perform [additional setup of SharePoint Syntex](set-up-content-understanding.md).
- - You might want to [create additional content centers](create-a-content-center.md).
+ - You might want to [create more content centers](create-a-content-center.md).
After the trial is activated, you can create models and process files. See [guidance for model creation](create-a-content-center.md).
Based on the outcome of the trial, you can decide whether to proceed to producti
### Proceed to production use
-To ensure continuity of service, you need to purchase the required number of licenses and assign those licenses to users. Trial users who don't have a full license at the end of the trial period won't be able to fully utilize SharePoint Syntex.
+To ensure continuity of service, you need to purchase the required number of [licenses](syntex-licensing.md) and assign those licenses to users. Trial users who don't have a full license at the end of the trial period won't be able to fully use SharePoint Syntex.
-You might have to estimate your projected use of forms processing and plan for the expected amount of AI Builder credits. For help, see [Estimate the AI Builder capacity that's right for you](https://powerapps.microsoft.com/ai-builder-calculator/).
+You might have to estimate your projected use of form processing and plan for the expected number of AI Builder credits. For help, see [Estimate the AI Builder capacity that's right for you](https://powerapps.microsoft.com/ai-builder-calculator/).
### Don't proceed to production use
If you don't purchase licenses following the trial:
- You won't be able to create new models. - Libraries that were running models will no longer automatically classify files or extract models. - Any previously classified files or extracted metadata won't be affected.-- Content centers and any document-understanding models won't be automatically deleted. These will remain available for use if you decide to purchase licenses in the future.-- Forms-processing models will be stored in the Dataverse (previously named Common Data Service [CDS]) instance of the default Power Platform environment. These could be used with future licensing for SharePoint Syntex or with AI Builder capabilities in the Power Platform.
+- Content centers and any document understanding models won't be automatically deleted. These will remain available for use if you decide to purchase licenses in the future.
+- Form processing models will be stored in the Dataverse (previously named Common Data Service (CDS)) instance of the default Power Platform environment. These could be used with future licensing for SharePoint Syntex or with AI Builder capabilities in the Power Platform.
## See also
-[Microsoft SharePoint Syntex adoption: Get started](adoption-getstarted.md)
+[Get started driving adoption of SharePoint Syntex](adoption-getstarted.md)
enterprise EU Data Storage Locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/EU-data-storage-locations.md
Only in rare cases does a Microsoft engineer need access to customer data. Typic
Customers can use customer-managed keys to further prevent their data from being readable in case of unauthorized access. Both server-side and client-side encryption can rely on customer-managed keys or customer-provided keys. In either case, Microsoft would not have access to encryption keys and cannot decrypt the data. A SOC audit by an AICPA-accredited auditor twice a year to verifies the effectiveness of our security controls in audit scope. The SOC 2 Type 2 attestation report published by the auditor explains under what circumstances access to customer data can occur and how.
-In addition to storing and processing your data when you use the online services, Microsoft generates service data to monitor system health and to perform service operations such as troubleshooting. As a privacy protective measure, Microsoft generates and relies upon pseudonymous identifiers in this service generated data to be able to distinguish one user from another without identifying the actual users. Pseudonymous identifiers do not directly identify a person, and the information that enables mapping pseudonymous identifiers to actual users is protected as part of your data.
+In addition to storing and processing your data when you use the online services, Microsoft generates service data to monitor system health and to perform service operations such as troubleshooting. As a privacy protective measure, Microsoft generates and relies upon pseudonymous identifiers in this service generated data to be able to distinguish one user from another without identifying the actual users. Pseudonymous identifiers don't directly identify a person, and the information that enables mapping pseudonymous identifiers to actual users is protected as part of your data.
To learn more, see [Who can access your data](https://www.microsoft.com/trust-center/privacy/data-access) and on what terms and [Subprocessors and Data Privacy](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4qVL2).
enterprise Planportallaunchroll Out https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/Planportallaunchroll-out.md
description: "This article describes how you can plan your portal launch in Shar
A portal is a SharePoint site on your intranet with many site viewers who consume content on the site. Large organizations could have several portals. For example, a company portal and an HR portal. Typically portals have relatively few people who create and author the site and its content. Most visitors to the portal only read and consume the content.
-This article describes how to plan your deployment and roll-out plan to SharePoint Online. It also provides approaches to follow as traditional load testing is not permitted on SharePoint Online. SharePoint Online is a cloud service and the load capabilities, health, and overall balance of load in the service are managed by Microsoft.
+This article describes how to plan your deployment and roll-out plan to SharePoint Online. It also provides approaches to follow as traditional load testing isn't permitted on SharePoint Online. SharePoint Online is a cloud service and the load capabilities, health, and overall balance of load in the service are managed by Microsoft.
To help in creating a successful portal, follow the basic principles, practices, and recommendations detailed in the [Creating, launching, and maintaining a healthy portal](/sharepoint/portal-health)
enterprise Additional Network Security Requirements For Office 365 Gcchigh And Dod https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/additional-network-security-requirements-for-office-365-gcchigh-and-dod.md
The body of your message should include the following data:
For security and compliance reasons, keep in mind the following restrictions on your request:
-* There is a four subnet limitation per tenant
+* There's a four subnet limitation per tenant
* Subnets must be in CIDR Notation (for example, 10.1.1.0/28)
-* Subnet ranges cannot be larger than /24
+* Subnet ranges canΓÇÖt be larger than /24
* We **cannot** accommodate requests to allow access to commercial cloud services (commercial Office 365, Google G-Suite, Amazon Web Services, etc.)
-Once your request has been received and approved by Microsoft, there is a three-week SLA for implementation and cannot be expedited. You will receive an initial acknowledgment when weΓÇÖve received your request and a final acknowledgment once it has been completed.
+Once your request has been received and approved by Microsoft, there's a three-week SLA for implementation and canΓÇÖt be expedited. You'll receive an initial acknowledgment when weΓÇÖve received your request and a final acknowledgment once it has been completed.
enterprise Azure Expressroute https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/azure-expressroute.md
description: Learn how to use Azure ExpressRoute with Office 365 and plan the ne
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-Learn how Azure ExpressRoute is used with Office 365 and how to plan the network implementation project that will be required if you are deploying Azure ExpressRoute for use with Office 365. Infrastructure and platform services running in Azure will often benefit by addressing network architecture and performance considerations. We recommend ExpressRoute for Azure in these cases. Software as a Service offerings like Office 365 and Dynamics 365 have been built to be accessed securely and reliably via the Internet. You can read about Internet performance and security and when you might consider Azure ExpressRoute for Office 365 in the article [Assessing Office 365 network connectivity](assessing-network-connectivity.md).
+Learn how Azure ExpressRoute is used with Office 365 and how to plan the network implementation project that will be required if you're deploying Azure ExpressRoute for use with Office 365. Infrastructure and platform services running in Azure will often benefit by addressing network architecture and performance considerations. We recommend ExpressRoute for Azure in these cases. Software as a Service offerings like Office 365 and Dynamics 365 have been built to be accessed securely and reliably via the Internet. You can read about Internet performance and security and when you might consider Azure ExpressRoute for Office 365 in the article [Assessing Office 365 network connectivity](assessing-network-connectivity.md).
> [!NOTE] > Microsoft Defender for Endpoint does not provide integration with Azure ExpressRoute. While this does not stop customers from defining ExpressRoute rules that enable connectivity from a private network to Microsoft Defender for Endpoint cloud services, it is up to the customer to maintain rules as the service or cloud infrastructure evolves.
In addition to internet connectivity, you may choose to route a subset of their
Regardless of whether you have an existing MPLS WAN, ExpressRoute can be added to your network architecture in one of three ways; through a supported cloud exchange co-location provider, an Ethernet point-to-point connection provider, or through an MPLS connection provider. See what [providers are available in your region](/azure/expressroute/expressroute-locations). The direct ExpressRoute connection will enable connectivity to the applications outlined in [What Office 365 services are included?](azure-expressroute.md#BKMK_WhatDoIGet) below. Network traffic for all other applications and services will continue to traverse the internet.
-Consider the following high level network diagram which shows a typical Office 365 customer connecting to Microsoft's datacenters over the internet for access to all Microsoft applications such as Office 365, Windows Update, and TechNet. Customers use a similar network path regardless of whether they're connecting from an on-premises network or from an independent internet connection.
+Consider the following high level network diagram, which shows a typical Office 365 customer connecting to Microsoft's datacenters over the internet for access to all Microsoft applications such as Office 365, Windows Update, and TechNet. Customers use a similar network path regardless of whether they're connecting from an on-premises network or from an independent internet connection.
![Office 365 network connectivity.](../media/9d8bc622-4a38-4a3b-a0f3-68657712d460.png)
-Now look at the updated diagram which depicts an Office 365 customer who uses both the internet and ExpressRoute to connect to Office 365. Notice that some connections such as Public DNS and Content Delivery Network nodes still require the public internet connection. Also notice the customer's users who are not located in their ExpressRoute connected building are connecting over the Internet.
+Now look at the updated diagram, which depicts an Office 365 customer who uses both the internet and ExpressRoute to connect to Office 365. Notice that some connections such as Public DNS and Content Delivery Network nodes still require the public internet connection. Also notice the customer's users who aren't located in their ExpressRoute connected building are connecting over the Internet.
![Office 365 connectivity with ExpressRoute.](../media/251788c4-0937-4584-9b2c-df08e11611fc.png)
Still want more information? Learn how to [manage your network traffic with Azur
## What Office 365 services are included? <a name="BKMK_WhatDoIGet"> </a>
-The following table lists the Office 365 services that are supported over ExpressRoute. Please review the [Office 365 endpoints article](./urls-and-ip-address-ranges.md) to understand which network requests for these applications require internet connectivity.
+The following table lists the Office 365 services that are supported over ExpressRoute. Review the [Office 365 endpoints article](./urls-and-ip-address-ranges.md) to understand which network requests for these applications require internet connectivity.
| Applications included | |:--|
The following table lists the Office 365 services that are supported over Expres
|SharePoint Online<sup>1</sup> <br/> OneDrive for Business<sup>1</sup> <br/> Project Online<sup>1</sup> <br/> | |Portal and shared<sup>1</sup> <br/> Azure Active Directory (Azure AD) <sup>1</sup> <br/> Azure AD Connect<sup>1</sup> <br/> Office<sup>1</sup> <br/> |
-<sup>1</sup> Each of these applications have internet connectivity requirements not supported over ExpressRoute, see the [Office 365 endpoints article](./urls-and-ip-address-ranges.md) for more information.
+<sup>1</sup> Each of these applications has internet connectivity requirements not supported over ExpressRoute, see the [Office 365 endpoints article](./urls-and-ip-address-ranges.md) for more information.
The services that aren't included with ExpressRoute for Office 365 are Microsoft 365 Apps for enterprise client downloads, On-premises Identity Provider Sign-In, and Office 365 (operated by 21 Vianet) service in China.
Implementing ExpressRoute requires the involvement of network and application ow
8. Optionally [implement QoS](https://support.office.com/article/ExpressRoute-and-QoS-in-Skype-for-Business-Online-20c654da-30ee-4e4f-a764-8b7d8844431d) and evaluate regional expansion.
-<sup>1</sup> Important performance considerations. Decisions here can dramatically impact latency which is a critical for applications such as Skype for Business.
+<sup>1</sup> Important performance considerations. Decisions here can dramatically impact latency, which is a critical for applications such as Skype for Business.
For additional references, use our [routing guide](https://support.office.com/article/Routing-with-ExpressRoute-for-Office-365-e1da26c6-2d39-4379-af6f-4da213218408) in addition to the [ExpressRoute documentation](/azure/expressroute/expressroute-introduction).
To purchase ExpressRoute for Office 365, you'll need to work with one or more [a
Here's a short link you can use to come back: [https://aka.ms/expressrouteoffice365]()
-Ready to sign-up for [ExpressRoute for Office 365](https://aka.ms/ert)?
+Ready to sign up for [ExpressRoute for Office 365](https://aka.ms/ert)?
## Related Topics
enterprise Content Delivery Networks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/content-delivery-networks.md
description: "Use this information to learn about how Office 365 uses Content De
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-CDNs help keep Office 365 fast and reliable for end users. Cloud services like Office 365 use CDNs to cache static assets closer to the browsers requesting them to speed up downloads and reduce perceived end user latency. The information in this topic will help you learn about Content Delivery Networks (CDNs) and how they are used by Office 365.
+CDNs help keep Office 365 fast and reliable for end users. Cloud services like Office 365 use CDNs to cache static assets closer to the browsers requesting them to speed up downloads and reduce perceived end user latency. The information in this topic will help you learn about Content Delivery Networks (CDNs) and how they're used by Office 365.
## What exactly is a CDN?
Although not a part of the Office 365 CDN, you can use these CDNs in your Office
>[!NOTE] >Beginning in Q3 2020, SharePoint Online will begin caching videos on the Azure CDN to support improved video playback and reliability. Popular videos will be streamed from the CDN endpoint closest to the user. This data will remain within the Microsoft Purview boundary. This is a free service for all tenants and it does not require any customer action to configure.
-You can use the **Azure CDN** to deploy your own CDN instance for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN is not free, and requires an Azure subscription.
+You can use the **Azure CDN** to deploy your own CDN instance for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN isn't free, and requires an Azure subscription.
For more information on how to configure an Azure CDN instance, see [Quickstart: Integrate an Azure storage account with Azure CDN](/azure/cdn/cdn-create-a-storage-account-with-cdn).
Regardless of what CDN you configure for your Office 365 tenant, the basic data
b. If the data is already cached in a _private_ origin, the CDN service checks your Office 365 user account's permissions on the origin. If you have permissions, SharePoint Online dynamically generates a custom URL composed of the path to the asset in the CDN and two access tokens, and returns the custom URL to your client. Your client then downloads the data directly from the nearest CDN location to your client using the custom URL.
-3. If the data isn't cached at the CDN, the CDN node requests the data from Office 365 and then caches the data for a period of time after your client downloads the data.
+3. If the data isn't cached at the CDN, the CDN node requests the data from Office 365 and then caches the data for time after your client downloads the data.
The CDN figures out the closest datacenter to the user's browser and, using redirection, downloads the requested data from there. CDN redirection is quick, and can save users a lot of download time.
The CDNs in use by Office 365 are always subject to change and in many cases the
There are many factors involved in measuring specific differences in performance between data downloaded directly from Office 365 and data downloaded from a specific CDN, such as your location relative to your tenant and to the nearest CDN endpoint, the number of assets on a page that are served by the CDN, and transient changes in network latency and bandwidth. However, a simple A/B test can help to show the difference in download time for a specific file.
-The following screenshots illustrate the difference in download speed between the native file location in Office 365 and the same file hosted on the [Microsoft Ajax Content Delivery Network](/aspnet/ajax/cdn/overview). These screenshots are from the **Network** tab in the Internet Explorer 11 developer tools. These screenshots show the latency on the popular library jQuery. To bring up this screen, in Internet Explorer, press **F12** and select the **Network** tab which is symbolized with a Wi-Fi icon.
+The following screenshots illustrate the difference in download speed between the native file location in Office 365 and the same file hosted on the [Microsoft Ajax Content Delivery Network](/aspnet/ajax/cdn/overview). These screenshots are from the **Network** tab in the Internet Explorer 11 developer tools. These screenshots show the latency on the popular library jQuery. To bring up this screen, in Internet Explorer, press **F12** and select the **Network** tab, which is symbolized with a Wi-Fi icon.
![Screenshot of F12 Network.](../media/930541fd-af9b-434a-ae18-7bda867be128.png)
The second screenshot shows the same file delivered by Microsoft's CDN. This tim
## Is my data safe?
-We take great care to protect the data that runs your business. Data stored in the Office 365 CDN is encrypted both in transit and at rest, and access to data in the Office 365 SharePoint CDN is secured by Office 365 user permissions and token authorization. Requests for data in the Office 365 SharePoint CDN must be referred (redirected) from your Office 365 tenant or an authorization token will not be generated.
+We take great care to protect the data that runs your business. Data stored in the Office 365 CDN is encrypted both in transit and at rest, and access to data in the Office 365 SharePoint CDN is secured by Office 365 user permissions and token authorization. Requests for data in the Office 365 SharePoint CDN must be referred (redirected) from your Office 365 tenant or an authorization token won't be generated.
To ensure that your data remains secure, we recommend that you never store user content or other sensitive data in a public CDN. Because access to data in a public CDN is anonymous, public CDNs should only be used to host generic content such as web script files, icons, images and other non-sensitive assets.
For in-depth information about privacy and data protection for Office 365 CDN pr
## How can I secure my network with all these 3rd party services?
-Leveraging an extensive set of partner services allows Office 365 to scale and meet availability requirements as well as enhance the user experience when using Office 365. The 3rd party services Office 365 leverages include both certificate revocation lists; such as crl.microsoft.com or sa.symcb.com, and CDNs; such as r3.res.outlook.com. Every CDN FQDN generated by Office 365 is a custom FQDN for Office 365. If you're sent to a FQDN at the request of Office 365 you can be assured that the CDN provider controls the FQDN and the underlying content at that location.
+Using an extensive set of partner services allows Office 365 to scale and meet availability requirements and enhance the user experience when using Office 365. The 3rd party services Office 365 leverages include both certificate revocation lists; such as crl.microsoft.com or sa.symcb.com, and CDNs; such as r3.res.outlook.com. Every CDN FQDN generated by Office 365 is a custom FQDN for Office 365. If you're sent to a FQDN at the request of Office 365, you can be assured that the CDN provider controls the FQDN and the underlying content at that location.
For customers that want to segregate requests destined for a Microsoft or Office 365 datacenter from requests that are destined for a 3rd party, we've written up guidance on [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a).
You can also use the [Office 365 IP Address and URL Web service](microsoft-365-i
## Can I use my own CDN and cache content on my local network?
-We're continually looking for new ways to support our customers needs and are currently exploring the use of caching proxy solutions and other on-premises CDN solutions.
+We're continually looking for new ways to support our customers' needs and are currently exploring the use of caching proxy solutions and other on-premises CDN solutions.
-Although it is not a part of the Office 365 CDN, you can also use the **Azure CDN** for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN is not free, and requires an Azure subscription. For more information on how to configure an Azure CDN instance, see [Quickstart: Integrate an Azure storage account with Azure CDN](/azure/cdn/cdn-create-a-storage-account-with-cdn).
+Although it isn't a part of the Office 365 CDN, you can also use the **Azure CDN** for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN isn't free, and requires an Azure subscription. For more information on how to configure an Azure CDN instance, see [Quickstart: Integrate an Azure storage account with Azure CDN](/azure/cdn/cdn-create-a-storage-account-with-cdn).
## I'm using Azure ExpressRoute for Office 365, does that change things?
-[Azure ExpressRoute for Office 365](azure-expressroute.md) provides a dedicated connection to Office 365 infrastructure that is segregated from the public internet. This means that clients will still need to connect over non-ExpressRoute connections to connect to CDNs and other Microsoft infrastructure that is not explicitly included in the list of services supported by ExpressRoute. For more information about how to route specific traffic such as requests destined for CDNs, refer to [Office 365 network traffic management](routing-with-expressroute.md).
+[Azure ExpressRoute for Office 365](azure-expressroute.md) provides a dedicated connection to Office 365 infrastructure that is segregated from the public internet. This means that clients will still need to connect over non-ExpressRoute connections to connect to CDNs and other Microsoft infrastructure that isn't explicitly included in the list of services supported by ExpressRoute. For more information about how to route specific traffic such as requests destined for CDNs, see [Office 365 network traffic management](routing-with-expressroute.md).
## Can I use CDNs with SharePoint Server on-premises?
-Using CDNs only makes sense in a SharePoint Online context and should be avoided with SharePoint Server. This is because all of the advantages around geographic location do not hold true if the server is located on-premises or geographically close anyway. Additionally, if there is a network connection to the servers where it's hosted, then the site may be used without an Internet connection and therefore cannot retrieve the CDN files. Otherwise, you should use a CDN if there is one available and stable for the library and files you need for your site.
+Using CDNs only makes sense in a SharePoint Online context and should be avoided with SharePoint Server. This is because all of the advantages around geographic location don't hold true if the server is located on-premises or geographically close anyway. Additionally, if there's a network connection to the servers where it's hosted, then the site may be used without an Internet connection and therefore canΓÇÖt retrieve the CDN files. Otherwise, you should use a CDN if there's one available and stable for the library and files you need for your site.
Here's a short link you can use to come back: [https://aka.ms/o365cdns]()
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
Commonly, during mergers or divestitures, you need the ability to move your user
Administrators can use the New-MigrationBatch cmdlet, available through the Move Mailboxes management role, to execute cross-tenant moves.
-Users migrating must be present in the target tenant Exchange Online system as MailUsers, marked with specific attributes to enable the cross-tenant moves. The system will fail moves for users that are not properly set up in the target tenant.
+Users migrating must be present in the target tenant Exchange Online system as MailUsers, marked with specific attributes to enable the cross-tenant moves. The system will fail moves for users that aren't properly set up in the target tenant.
When the moves are complete, the source user mailbox is converted to a MailUser and the targetAddress (shown as ExternalEmailAddress in Exchange) is stamped with the routing address to the destination tenant. This process leaves the legacy MailUser in the source tenant and allows for coexistence and mail routing. When business processes allow, the source tenant may remove the source MailUser or convert them to a mail contact.
This article describes the process for cross-tenant mailbox moves and provides g
Before starting, be sure you have the necessary permissions to configure the Move Mailbox application in Azure, EXO Migration Endpoint, and the EXO Organization Relationship.
-Additionally, at least one mail-enabled security group in the source tenant is required. These groups are used to scope the list of mailboxes that can move from source (or sometimes referred to as resource) tenant to the target tenant. This allows the source tenant admin to restrict or scope the specific set of mailboxes that need to be moved, preventing unintended users from being migrated. Nested groups are not supported.
+Additionally, at least one mail-enabled security group in the source tenant is required. These groups are used to scope the list of mailboxes that can move from source (or sometimes referred to as resource) tenant to the target tenant. This allows the source tenant admin to restrict or scope the specific set of mailboxes that need to be moved, preventing unintended users from being migrated. Nested groups aren't supported.
-You will also need to communicate with your trusted partner company (with whom you will be moving mailboxes) to obtain their Microsoft 365 tenant ID. This tenant ID is used in the Organization Relationship DomainName field.
+You'll also need to communicate with your trusted partner company (with whom you will be moving mailboxes) to obtain their Microsoft 365 tenant ID. This tenant ID is used in the Organization Relationship DomainName field.
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) and go to [https://aad.portal.azure.com/\#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties). Click the copy icon for the Tenant ID property to copy it to the clipboard.
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
![Application Registration](../media/tenant-to-tenant-mailbox-move/edcdf18b9f504c47284fe4afb982c433.png)
-6. On the top-right corner of the page, you will see a notification pop-up that states the app was successfully created.
+6. On the top-right corner of the page, you'll see a notification pop-up that states the app was successfully created.
7. Go back to Home, Azure Active Directory and click on App registrations. 8. Under Owned applications, find the app you created and click on it.
-9. Under ^Essentials, you will need to copy down the Application (client) ID as you will need it later to create a URL for the target tenant.
+9. Under ^Essentials, you'll need to copy down the Application (client) ID as you'll need it later to create a URL for the target tenant.
10. Now, on the left navigation bar, click on API permissions to view permissions assigned to your app.
-11. By default, User. Read permissions are assigned to the app you created, but we do not require them for mailbox migrations, you can remove that permission.
+11. By default, User. Read permissions are assigned to the app you created, but we don't require them for mailbox migrations, you can remove that permission.
![Application Permissions](../media/tenant-to-tenant-mailbox-move/6a8c13a36cb3e10964a6920b8138e12b.png)
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
> [!NOTE] > This is the password that will be used when creating your migration endpoint. It is extremely important that you copy this password to your clipboard and or copy this password to secure/secret password safe location. This is the only time you will be able to see this password! If you do somehow lose it or need to reset it, you can log back into our Azure portal, go to App registrations, find your migration app, select Secrets & certificates, and create a new secret for your app.
-19. Now that you have successfully created the migration application and secret, you will need to consent to the application. To consent to the application, go back to the Azure Active Directory landing page, click on Enterprise applications in the left navigation, find your migration app you created, select it, and select Permissions on the left navigation.
+19. Now that you've successfully created the migration application and secret, you'll need to consent to the application. To consent to the application, go back to the Azure Active Directory landing page, click on Enterprise applications in the left navigation, find your migration app you created, select it, and select Permissions on the left navigation.
20. Click on the Grant admin consent for [your tenant] button.
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
22. You can go back to your portal window and select Refresh to confirm your acceptance.
-23. Formulate the URL to send to your trusted partner (source tenant admin) so they can also accept the application to enable mailbox migration. Here is an example of the URL to provide to them you will need the application ID of the app you created:
+23. Formulate the URL to send to your trusted partner (source tenant admin) so they can also accept the application to enable mailbox migration. Here's an example of the URL to provide to them you'll need the application ID of the app you created:
```powershell https://login.microsoftonline.com/sourcetenant.onmicrosoft.com/adminconsent?client_id=[application_id_of_the_app_you_just_created]&redirect_uri=https://office.com
If a mailbox is required to move back to the original source tenant, the same se
## Prepare target user objects for migration
-Users migrating must be present in the target tenant and Exchange Online system (as MailUsers) marked with specific attributes to enable the cross-tenant moves. The system will fail moves for users that are not properly set up in the target tenant. The following section details the MailUser object requirements for the target tenant.
+Users migrating must be present in the target tenant and Exchange Online system (as MailUsers) marked with specific attributes to enable the cross-tenant moves. The system will fail moves for users that aren't properly set up in the target tenant. The following section details the MailUser object requirements for the target tenant.
### Prerequisites for target user objects
Ensure the following objects and attributes are set in the target organization.
1. For any mailbox moving from a source organization, you must provision a MailUser object in the Target organization: - The Target MailUser must have these attributes from the source mailbox or assigned with the new User object:
- - ExchangeGUID (direct flow from source to target): The mailbox GUID must match. The move process will not proceed if this is not present on target object.
- - ArchiveGUID (direct flow from source to target): The archive GUID must match. The move process will not proceed if this is not present on the target object. (This is only required if the source mailbox is Archive enabled).
- - LegacyExchangeDN (flow as proxyAddress, "x500:\<LegacyExchangeDN>"): The LegacyExchangeDN must be present on target MailUser as x500: proxyAddress. In addition, you also need to copy all x500 addresses from the source mailbox to the target mail user. The move processes will not proceed if these are not present on the target object.
+ - ExchangeGUID (direct flow from source to target): The mailbox GUID must match. The move process will not proceed if this isn't present on target object.
+ - ArchiveGUID (direct flow from source to target): The archive GUID must match. The move process won't proceed if this isn't present on the target object. (This is only required if the source mailbox is Archive enabled).
+ - LegacyExchangeDN (flow as proxyAddress, "x500:\<LegacyExchangeDN>"): The LegacyExchangeDN must be present on target MailUser as x500: proxyAddress. In addition, you also need to copy all x500 addresses from the source mailbox to the target mail user. The move processes won't proceed if these aren't present on the target object.
- UserPrincipalName: UPN will align to the user's NEW identity or target company (for example, user@northwindtraders.onmicrosoft.com). - Primary SMTPAddress: Primary SMTP address will align to the user's NEW company (for example, user@northwind.com). - TargetAddress/ExternalEmailAddress: MailUser will reference the user's current mailbox hosted in source tenant (for example user@contoso.onmicrosoft.com). When assigning this value, verify that you have/are also assigning PrimarySMTPAddress or this value will set the PrimarySMTPAddress, which will cause move failures.
- - You cannot add legacy smtp proxy addresses from source mailbox to target MailUser. For example, you cannot maintain contoso.com on the MEU in fabrikam.onmicrosoft.com tenant objects). Domains are associated with one Azure AD or Exchange Online tenant only.
+ - You canΓÇÖt add legacy smtp proxy addresses from source mailbox to target MailUser. For example, you canΓÇÖt maintain contoso.com on the MEU in fabrikam.onmicrosoft.com tenant objects). Domains are associated with one Azure AD or Exchange Online tenant only.
Example **target** MailUser object:
enterprise Delay Loading Images And Javascript In Sharepoint Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/delay-loading-images-and-javascript-in-sharepoint-online.md
description: Learn how to decrease the load time for SharePoint Online pages by
This article describes how you can decrease the load time for SharePoint Online pages by using JavaScript to delay loading images and also by waiting to load non-essential JavaScript until after the page loads.
-Images can negatively affect page load speeds on SharePoint Online. By default, most modern Internet browsers pre-fetch images when loading an HTML page. This can cause the page to be unnecessarily slow to load if the images are not visible on the screen until the user scrolls down. The images can block the browser from loading the visible part of the page. To work around this problem, you can use JavaScript to skip loading the images first. Also, loading non-essential JavaScript can slow download times on your SharePoint pages too. This topic describes some methods you can use to improve page load times with JavaScript in SharePoint Online.
+Images can negatively affect page load speeds on SharePoint Online. By default, most modern Internet browsers pre-fetch images when loading an HTML page. This can cause the page to be unnecessarily slow to load if the images aren't visible on the screen until the user scrolls down. The images can block the browser from loading the visible part of the page. To work around this problem, you can use JavaScript to skip loading the images first. Also, loading non-essential JavaScript can slow download times on your SharePoint pages too. This topic describes some methods you can use to improve page load times with JavaScript in SharePoint Online.
## Improve page load times by delaying image loading in SharePoint Online pages by using JavaScript
Once you've finished writing delayLoadImages.js, you can add the contents of the
### Example: Referencing the JavaScript delayLoadImages.js file from a master page in SharePoint Online
-In order for this to work, you also need to reference jQuery in the master page. In the following example, you can see in the initial page load that there is only one image loaded but there are several more on the page.
+In order for this to work, you also need to reference jQuery in the master page. In the following example, you can see in the initial page load that there's only one image loaded but there are several more on the page.
![Screenshot showing one image loaded on page.](../media/3d177ddb-67e5-43a7-b327-c9f9566ca937.png)
The following screenshot shows the rest of the images that are downloaded after
![Screenshot showing several images loaded on page.](../media/95eb2b14-f6a1-4eac-a5cb-96097e49514c.png)
-Delaying image loading by using JavaScript can be an effective technique in increasing performance; however, if the technique is applied on a public website then search engines are not able to crawl the images in the same way they would crawl a regularly formed image. This can affect rankings on search engines because metadata on the image itself is not really there until the page loads. Search engine crawlers only read the HTML and therefore will not see the images as content on the page. Images are one of the factors used to rank pages in search results. One way to work around this is to use introductory text for your images.
+Delaying image loading by using JavaScript can be an effective technique in increasing performance; however, if the technique is applied on a public website then search engines are not able to crawl the images in the same way they would crawl a regularly formed image. This can affect rankings on search engines because metadata on the image itself isn't really there until the page loads. Search engine crawlers only read the HTML and therefore won't see the images as content on the page. Images are one of the factors used to rank pages in search results. One way to work around this is to use introductory text for your images.
## GitHub code sample: Injecting JavaScript to improve performance
enterprise Deploy Microsoft 365 Directory Synchronization Dirsync In Microsoft Azure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/deploy-microsoft-365-directory-synchronization-dirsync-in-microsoft-azure.md
description: Learn how to deploy Azure AD Connect on a virtual machine in Azure
Azure Active Directory (Azure AD) Connect (formerly known as the Directory Synchronization tool, Directory Sync tool, or the DirSync.exe tool) is an application that you install on a domain-joined server to synchronize your on-premises Active Directory Domain Services (AD DS) users to the Azure AD tenant of your Microsoft 365 subscription. Microsoft 365 uses Azure AD for its directory service. Your Microsoft 365 subscription includes an Azure AD tenant. This tenant can also be used for management of your organization's identities with other cloud workloads, including other SaaS applications and apps in Azure.
-You can install Azure AD Connect on a on-premises server, but you can also install it on a virtual machine in Azure for these reasons:
+You can install Azure AD Connect on an on-premises server, but you can also install it on a virtual machine in Azure for these reasons:
- You can provision and configure cloud-based servers faster, making the services available to your users sooner. - Azure offers better site availability with less effort.
The following diagram shows Azure AD Connect running on a virtual machine in Azu
![Azure AD Connect tool on a virtual machine in Azure synchronizing on-premises accounts to the Azure AD tenant of a Microsoft 365 subscription with traffic flow.](../media/CP-DirSyncOverview.png)
-In the diagram, there are two networks connected by a site-to-site VPN or ExpressRoute connection. There is an on-premises network where AD DS domain controllers are located, and there is an Azure virtual network with a directory sync server, which is a virtual machine running [Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594). There are two main traffic flows originating from the directory sync server:
+In the diagram, there are two networks connected by a site-to-site VPN or ExpressRoute connection. There's an on-premises network where AD DS domain controllers are located, and there's an Azure virtual network with a directory sync server, which is a virtual machine running [Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594). There are two main traffic flows originating from the directory sync server:
- Azure AD Connect queries a domain controller on the on-premises network for changes to accounts and passwords. - Azure AD Connect sends the changes to accounts and passwords to the Azure AD instance of your Microsoft 365 subscription. Because the directory sync server is in an extended portion of your on-premises network, these changes are sent through the on-premises network's proxy server.
There are two major steps when you deploy this solution:
Configuring Azure AD Connect requires the credentials (user name and password) of an Azure AD administrator account and a AD DS enterprise administrator account. Azure AD Connect runs immediately and on an ongoing basis to synchronize the on-premises AD DS forest to Microsoft 365.
-Before you deploy this solution in production, you can use the instructions in [The simulated enterprise base configuration](simulated-ent-base-configuration-microsoft-365-enterprise.md) to set this configuration up as a proof of concept, for demonstrations, or for experimentation.
+Before you deploy this solution in production, you can use the instructions in [The simulated enterprise base configuration](simulated-ent-base-configuration-microsoft-365-enterprise.md) to set up this configuration as a proof of concept, for demonstrations, or for experimentation.
> [!IMPORTANT] > When Azure AD Connect configuration completes, it does not save the AD DS enterprise administrator account credentials.
The following list describes the design choices made for this solution.
- On the on-premises network, a domain controller and DNS servers exist. -- Azure AD Connect performs password hash synchronization instead of single sign-on. You do not have to deploy an Active Directory Federation Services (AD FS) infrastructure. To learn more about password hash synchronization and single sign-on options, see [Choosing the right authentication method for your Azure Active Directory hybrid identity solution](/azure/active-directory/hybrid/choose-ad-authn).
+- Azure AD Connect performs password hash synchronization instead of single sign-on. You don't have to deploy an Active Directory Federation Services (AD FS) infrastructure. To learn more about password hash synchronization and single sign-on options, see [Choosing the right authentication method for your Azure Active Directory hybrid identity solution](/azure/active-directory/hybrid/choose-ad-authn).
-There are additional design choices that you might consider when you deploy this solution in your environment. These include the following:
+There are other design choices that you might consider when you deploy this solution in your environment. These include the following:
- If there are existing DNS servers in an existing Azure virtual network, determine whether you want your directory sync server to use them for name resolution instead of DNS servers on the on-premises network.
enterprise Deploy Update Channels Examples Rapid Deploy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/deploy-update-channels-examples-rapid-deploy.md
See [Windows 10 deployment](/windows/deployment/) for more information on Window
| Stage | Channel | Deployment group | |:-|:-|:--|
-| Pilot | **Release Preview Channel** <ul><li>Purpose: Deployment of feature updates to IT staff and early adopters for validation on representative devices and configurations (languages, 3rd party apps). </li><li> State: Fully compliant and supported for commercial customers and it does not count against your support agreements. </li></ul> | **Win10ReleasePreviewChannel** (example name) <br><br> Members are groups containing: <ul><li> Windows enthusiasts across departments and locations </li><li> Staff with configurations that need validation </li><li> IT admins and IT deployment staff </li><li> Change managers </li><li> Internal training staff </li></ul> |
-| Production | **Semi-Annual Channel** <ul><li>Purpose: Broad deployment of the latest feature updates to the rest of the organization. </li><li> State: Fully compliant and supported. </li></ul> | **Win10SemiAnnualChannel** (example name) <br><br> Members are all users that are not in the Win10ReleasePreviewChannel group. |
+| Pilot | **Release Preview Channel** <ul><li>Purpose: Deployment of feature updates to IT staff and early adopters for validation on representative devices and configurations (languages, 3rd party apps). </li><li> State: Fully compliant and supported for commercial customers and it doesn't count against your support agreements. </li></ul> | **Win10ReleasePreviewChannel** (example name) <br><br> Members are groups containing: <ul><li> Windows enthusiasts across departments and locations </li><li> Staff with configurations that need validation </li><li> IT admins and IT deployment staff </li><li> Change managers </li><li> Internal training staff </li></ul> |
+| Production | **Semi-Annual Channel** <ul><li>Purpose: Broad deployment of the latest feature updates to the rest of the organization. </li><li> State: Fully compliant and supported. </li></ul> | **Win10SemiAnnualChannel** (example name) <br><br> Members are all users that aren't in the Win10ReleasePreviewChannel group. |
|||| This organization uses the best practice of deploying the Release Preview Channel payload in the same way as they deploy Semi-Annual Channel releases, such as Windows Update or Windows Server Update Services, and that they apply the same policies for both channel updates.
See [Microsoft 365 Apps deployment](/deployoffice/plan-office-365-proplus) for m
| Stage | Channel | Deployment group | |:-|:-|:--|
-| Pilot | **Current Channel (Preview)** <ul><li> Purpose: {give a group of representative users a sneak peek of new Microsoft 365 Apps features} Deployment of feature updates as soon as they are tested with Current Channel (Preview) users and are production-ready. </li><li> State: Fully compliant and supported.</li><li> How often: Updates 2-3 times each month. </li></ul> | **AppsCurrentChannelPreview** (example name) <br><br> Members are groups containing: <ul><li> Office apps enthusiasts across departments and locations </li><li> Staff with configurations that need validation </li><li> IT admins and IT deployment staff </li><li> Change managers </li><li> Internal training staff </li></ul>|
-| Production | **Current Channel** <ul><li> Purpose: Broad deployment of the latest feature updates to the rest of the organization. </li><li> State: Fully compliant and supported. </li></ul> | **AppsCurrentChannel** (example name) <br><br> Members are all users that are not in the AppsCurrentChannelPreview group. |
+| Pilot | **Current Channel (Preview)** <ul><li> Purpose: {give a group of representative users a sneak peek of new Microsoft 365 Apps features} Deployment of feature updates as soon as they're tested with Current Channel (Preview) users and are production-ready. </li><li> State: Fully compliant and supported.</li><li> How often: Updates 2-3 times each month. </li></ul> | **AppsCurrentChannelPreview** (example name) <br><br> Members are groups containing: <ul><li> Office apps enthusiasts across departments and locations </li><li> Staff with configurations that need validation </li><li> IT admins and IT deployment staff </li><li> Change managers </li><li> Internal training staff </li></ul>|
+| Production | **Current Channel** <ul><li> Purpose: Broad deployment of the latest feature updates to the rest of the organization. </li><li> State: Fully compliant and supported. </li></ul> | **AppsCurrentChannel** (example name) <br><br> Members are all users that aren't in the AppsCurrentChannelPreview group. |
||| Ongoing updates process:
enterprise Diagnosing Performance Issues With Sharepoint Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/diagnosing-performance-issues-with-sharepoint-online.md
To bring up the developer tools press **F12** and then click the Wi-Fi icon:
![Screenshot of F12 developer tools wifi icon.](../media/27acacbb-5688-459a-aa2f-5c8c5f17b76e.png)
-On the **Network** tab, press the green play button to load a page. The tool returns all of the files that the browser requests in order to get the page you asked for. The following screen shot shows one such list.
+On the **Network** tab, press the green play button to load a page. The tool returns all of the files that the browser requests in order to get the page you asked for. The following screenshot shows one such list.
![Screenshot of the list of files returned with a page request.](../media/247a9422-76da-4b0c-bed3-ce77b05e4560.png)
-You can also see the download times of the files on the right side as shown in this screen shot.
+You can also see the download times of the files on the right side as shown in this screenshot.
![Diagram showing the time it takes to load the requested pages from SharePoint.](../media/d71ad1fa-9018-4fae-82eb-c1838e7db0ff.png)
The best way to determine your site's performance weak points is to set up a com
## Viewing SharePoint response header information <a name="F12ToolInfo"> </a>
-In SharePoint Online, you can access the information that is sent back to the browser in the response header for each file. The most useful value for diagnosing performance issues is **SPRequestDuration**, which displays the amount of time that the request took on the server to be processed. This can help determine if the request is very heavy and resource intensive. This is the best insight you have into how much work the server is doing to serve the page.
+In SharePoint Online, you can access the information that is sent back to the browser in the response header for each file. The most useful value for diagnosing performance issues is **SPRequestDuration**, which displays the amount of time that the request took on the server to be processed. This can help determine if the request is heavy and resource intensive. This is the best insight you have into how much work the server is doing to serve the page.
### To view SharePoint response header information
In SharePoint Online, you can access the information that is sent back to the br
## What's causing performance issues in SharePoint Online? <a name="F12ToolInfo"> </a>
-The article [Navigation options for SharePoint Online](navigation-options-for-sharepoint-online.md) shows an example of using the SPRequestDuration value to determine that the complicated structural navigation was causing the page to take a long time to process on the server. By taking a value for a baseline site (without customization), it is possible to determine if any given file is taking a long time to load. The example used in [Navigation options for SharePoint Online](navigation-options-for-sharepoint-online.md) is the main .aspx file. That file contains most of the ASP.NET code that runs for your page load. Depending on the site template you use, this could be start.aspx, home.aspx, default.aspx, or another name if you customize the home page. If this number is considerably higher than your baseline site, then it's a good indication that there is something complex going on in your page that is causing performance issues.
+The article [Navigation options for SharePoint Online](navigation-options-for-sharepoint-online.md) shows an example of using the SPRequestDuration value to determine that the complicated structural navigation was causing the page to take a long time to process on the server. By taking a value for a baseline site (without customization), it's possible to determine if any given file is taking a long time to load. The example used in [Navigation options for SharePoint Online](navigation-options-for-sharepoint-online.md) is the main .aspx file. That file contains most of the ASP.NET code that runs for your page load. Depending on the site template you use, this could be start.aspx, home.aspx, default.aspx, or another name if you customize the home page. If this number is considerably higher than your baseline site, then it's a good indication that there's something complex going on in your page that is causing performance issues.
-Once you have identified that an issue specific to your site, the recommended way to figure out what is causing poor performance is to eliminate all of the possible causes, like page customizations, and then add them back to the site one by one. Once you have removed enough customizations that the page is performing well, you can then add back specific customizations one by one.
+Once you've identified that an issue specific to your site, the recommended way to figure out what is causing poor performance is to eliminate all of the possible causes, like page customizations, and then add them back to the site one by one. Once you have removed enough customizations that the page is performing well, you can then add back specific customizations one by one.
-For example, if you have a very complex navigation try changing the navigation to not show sub-sites then check the developer tools to see if this makes a difference. Or if you have a large amount of content roll-ups try removing them from your page and see if this improves things. If you eliminate all of the possible causes and add them back in one at a time, you can easily identify which features are the biggest problem and then work towards a solution.
+For example, if you have a complex navigation try changing the navigation to not show sub-sites then check the developer tools to see if this makes a difference. Or if you have a large amount of content roll-ups try removing them from your page and see if this improves things. If you eliminate all of the possible causes and add them back in one at a time, you can easily identify which features are the biggest problem and then work towards a solution.
enterprise Image Optimization For Sharepoint Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/image-optimization-for-sharepoint-online.md
description: "Learn how to use renditions and sprites to improve image performan
# Image optimization for SharePoint Online classic publishing sites
-The loading speed of a webpage depends on the combined size of all the components required to render the page including images, HTML, JavaScript, and CSS. Images are a great way to make your site more appealing, but their size can affect performance. By optimizing your images with compression and resizing, and using sprites, you can offset the effects of very large images. Using SharePoint image renditions, you can upload a single large image, and display sections of the image allowing it to be reused rather than reloaded.
+The loading speed of a webpage depends on the combined size of all the components required to render the page including images, HTML, JavaScript, and CSS. Images are a great way to make your site more appealing, but their size can affect performance. By optimizing your images with compression and resizing, and using sprites, you can offset the effects of large images. Using SharePoint image renditions, you can upload a single large image, and display sections of the image allowing it to be reused rather than reloaded.
>[!NOTE] >This topic applies to SharePoint Online classic publishing sites, not modern portal sites. For information about image optimization in SharePoint Online modern portal sites, see [Optimize images in SharePoint Online modern portal pages](modern-image-optimization.md).
What's covered here:
- Image optimization - SharePoint image renditions
-This can increase performance because you download only one image instead of several and then cache and reuse that image. Even if the image does not remain cached, by having a single image instead of multiple images, this method reduces the total number of HTTP requests to the server which will reduce page loading times. This is really a form of image bundling. This is a very useful technique if the images are not changing very often, for example, icons, as shown in the SharePoint example provided above. You can how to use [Web Essentials](https://vswebessentials.com/), a third-party, open-source, community-based project to achieve this easily in Microsoft Visual Studio. For more information, see [Minification and bundling in SharePoint Online](./minification-and-bundling-in-sharepoint-online.md).
+This can increase performance because you download only one image instead of several and then cache and reuse that image. Even if the image doesn't remain cached, by having a single image instead of multiple images, this method reduces the total number of HTTP requests to the server, which will reduce page loading times. This is really a form of image bundling. This is a useful technique if the images aren't changing often, for example, icons, as shown in the SharePoint example provided above. You can see how to use [Web Essentials](https://vswebessentials.com/), a third-party, open-source, community-based project to achieve this easily in Microsoft Visual Studio. For more information, see [Minification and bundling in SharePoint Online](./minification-and-bundling-in-sharepoint-online.md).
## Using image compression and optimization to speed up page loading
-Image compression and optimization is about reducing the file size of the images you use on your site. Often, the best technique to reduce the size of an image is to resize the image to the maximum dimensions that it will be viewed on the site. There is no sense in having an image larger than it will ever be viewed. Making sure images are of the correct dimensions using an image editor is a quick and easy way to reduce the size of your page.
+Image compression and optimization is about reducing the file size of the images you use on your site. Often, the best technique to reduce the size of an image is to resize the image to the maximum dimensions that it will be viewed on the site. There's no sense in having an image larger than it will ever be viewed. Making sure images are of the correct dimensions using an image editor is a quick and easy way to reduce the size of your page.
-Once images are the right size, the next step is to optimize the compression of these images. There are various tools available to use for compression and optimization, including Photo Gallery and third-party tools. The key to compression is to reduce the file size as much as possible without losing any discernible quality for end users. Make sure you test your compressed files on a high-definition display to ensure they will still look good.
+Once images are the right size, the next step is to optimize the compression of these images. There are various tools available to use for compression and optimization, including Photo Gallery and third-party tools. The key to compression is to reduce the file size as much as possible without losing any discernible quality for end users. Make sure you test your compressed files on a high-definition display to ensure they'll still look good.
## Speed up page downloads by using SharePoint image renditions
-Image renditions are a feature in SharePoint Online that allows you to serve up different versions of images based on pre-defined image dimensions. This is especially important when there is user-generated image content or the image dimensions such as width and height are fixed by the CSS on the site. Even if an image is fixed by CSS, the full resolution image is still loaded. In this case the file size can be reduced by using image renditions.
+Image renditions are a feature in SharePoint Online that allows you to serve up different versions of images based on pre-defined image dimensions. This is especially important when there's user-generated image content or the image dimensions such as width and height are fixed by the CSS on the site. Even if an image is fixed by CSS, the full resolution image is still loaded. In this case, the file size can be reduced by using image renditions.
> [!NOTE] > Renditions are only available for SharePoint when publishing is enabled. You can enable publishing under Settings \> Site Settings \> Manage site features \> SharePoint Server Publishing. The option will not appear otherwise.
The steps are relatively simple but for images to use the renditions, the rendit
3. Choose the **Settings** icon.
-4. On the **Site Settings** page, in the **Look and Feel** section, you will see the built-in image renditions.
+4. On the **Site Settings** page, in the **Look and Feel** section, you'll see the built-in image renditions.
You can use the out of the box renditions or choose **Image Renditions** to create a new one.
enterprise Managing Expressroute For Connectivity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/managing-expressroute-for-connectivity.md
search.appverid:
- MET150 - BCS160 ms.assetid: e4468915-15e1-4530-9361-cd18ce82e231
-description: Learn how manage ExpressRoute for Office 365, including common areas to configure like prefix filtering, security, and compliance.
+description: Learn how to manage ExpressRoute for Office 365, including common areas to configure like prefix filtering, security, and compliance.
# Managing ExpressRoute for Office 365 connectivity
ExpressRoute for Office 365 offers an alternative routing path to reach many Off
Microsoft recommends that customers accept all BGP routes as advertised from Microsoft, the routes provided undergo a rigorous review and validation process removing any benefits to added scrutiny. ExpressRoute natively offers the recommended controls such as IP prefix ownership, integrity, and scale - with no inbound route filtering on the customer side.
-If you require additional validation of route ownership across ExpressRoute public peering, you can check the advertised routes against the list of all IPv4 and IPv6 IP prefixes that represent [Microsoft's public IP ranges](https://www.microsoft.com/download/details.aspx?id=53602). These ranges cover the full Microsoft address space and change infrequently, providing a reliable set of ranges to filter against that also provides additional protection to customers who are concerned about non-Microsoft owned routes leaking into their environment. In the event there is a change, it will be made on the 1st of the month and the version number in the **details** section of the page will change every time the file is updated.
+If you require additional validation of route ownership across ExpressRoute public peering, you can check the advertised routes against the list of all IPv4 and IPv6 IP prefixes that represent [Microsoft's public IP ranges](https://www.microsoft.com/download/details.aspx?id=53602). These ranges cover the full Microsoft address space and change infrequently, providing a reliable set of ranges to filter against that also provides additional protection to customers who are concerned about non-Microsoft owned routes leaking into their environment. In the event there's a change, it will be made on the 1st of the month and the version number in the **details** section of the page will change every time the file is updated.
-There are a number of reasons to avoid the use of the [Office 365 URLs and IP address ranges](./urls-and-ip-address-ranges.md) for generating prefix filter lists. Including the following:
+There are many reasons to avoid the use of the [Office 365 URLs and IP address ranges](./urls-and-ip-address-ranges.md) for generating prefix filter lists. Including the following:
- The Office 365 IP prefixes undergo lots of changes on a frequent basis. - The Office 365 URLs and IP address ranges are designed for managing firewall allow lists and Proxy infrastructure, not routing. -- The Office 365 URLs and IP address ranges do not cover other Microsoft services that may be in scope for your ExpressRoute connections.
+- The Office 365 URLs and IP address ranges don't cover other Microsoft services that may be in scope for your ExpressRoute connections.
|**Option**|**Complexity**|**Change Control**| |:--|:--|:--|
Regardless of how you manage the BGP route advertisements coming from Microsoft,
### Security
-Microsoft recommends that you maintain your own network and security perimeter controls for connections going to and from ExpressRoute public and Microsoft peering, which includes connections to and from Office 365 services. Security controls should be in place for network requests that travel outbound from your network to Microsoft's network as well as inbound from Microsoft's network to your network.
+Microsoft recommends that you maintain your own network and security perimeter controls for connections going to and from ExpressRoute public and Microsoft peering, which includes connections to and from Office 365 services. Security controls should be in place for network requests that travel outbound from your network to Microsoft's network and inbound from Microsoft's network to your network.
#### Outbound from Customer to Microsoft
For added controls, you can use FQDN level filtering within your proxy infrastru
There are several optional scenarios that require Microsoft to initiate connections to your network. -- ADFS during password validation for sign-in.
+- ADFS during password validation for sign in.
- [Exchange Server Hybrid deployments](/exchange/exchange-hybrid). - Mail from an Exchange Online tenant to an on-premises host. -- SharePoint Online Mail send from SharePoint Online to an on-premises host.
+- SharePoint Online Mail sent from SharePoint Online to an on-premises host.
- [SharePoint federated hybrid search](/SharePoint/hybrid/display-hybrid-federated-search-results-in-sharepoint-online).
enterprise Managing Office 365 Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/managing-office-365-endpoints.md
description: Learn how to manage Office 365 endpoints so that they work with you
# Managing Office 365 endpoints
-Most enterprise organizations that have multiple office locations and a connecting WAN will need configuration for Office 365 network connectivity. You can optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet level inspection or processing. This reduces latency and your perimeter capacity requirements. Identifying Office 365 network traffic is the first step in providing optimal performance for your users. For more information, see [Office 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md).
+Most enterprise organizations that have multiple office locations and a connecting WAN will need configuration for Office 365 network connectivity. You can optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all extra packet level inspection or processing. This reduces latency and your perimeter capacity requirements. Identifying Office 365 network traffic is the first step in providing optimal performance for your users. For more information, see [Office 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md).
Microsoft recommends you access the Office 365 network endpoints and ongoing changes to them using the [Office 365 IP Address and URL Web Service](microsoft-365-ip-web-service.md).
Get-PacFile -Type 2 -Instance Worldwide -TenantName Contoso -ClientRequestId b10
## Proxy server bypass processing of Office 365 network traffic
-Where PAC files are not used for direct outbound traffic, you still want to bypass processing on your network perimeter by configuring your proxy server. Some proxy server vendors have enabled automated configuration of this as described in the [Office 365 Networking Partner Program](microsoft-365-networking-partner-program.md).
+Where PAC files aren't used for direct outbound traffic, you still want to bypass processing on your network perimeter by configuring your proxy server. Some proxy server vendors have enabled automated configuration of this as described in the [Office 365 Networking Partner Program](microsoft-365-networking-partner-program.md).
-If you are doing this manually, you will need to get the Optimize and Allow endpoint category data from the Office 365 IP Address and URL Web Service and configure your proxy server to bypass processing for these. It is important to avoid SSL Break and Inspect and Proxy Authentication for the Optimize and Allow category endpoints.
+If you're doing this manually, you'll need to get the Optimize and Allow endpoint category data from the Office 365 IP Address and URL Web Service and configure your proxy server to bypass processing for these. It is important to avoid SSL Break and Inspect and Proxy Authentication for the Optimize and Allow category endpoints.
<a name="bkmk_changes"> </a> ## Change management for Office 365 IP addresses and URLs
-In addition to selecting appropriate configuration for your network perimeter, it is critical that you adopt a change management process for Office 365 endpoints. These endpoints change regularly and if you do not manage the changes, you can end up with users blocked or with poor performance after a new IP address or URL is added.
+In addition to selecting appropriate configuration for your network perimeter, it's critical that you adopt a change management process for Office 365 endpoints. These endpoints change regularly and if you don't manage the changes, you can end up with users blocked or with poor performance after a new IP address or URL is added.
Changes to the Office 365 IP addresses and URLs are usually published near the last day of each month. Sometimes a change will be published outside of that schedule due to operational, support, or security requirements.
-When a change is published that requires you to act because an IP address or URL was added, you should expect to receive 30 days notice from the time we publish the change until there is an Office 365 service on that endpoint. This is reflected as the Effective Date. Although we aim for this notification period, it may not always be possible due to operational, support, or security requirements. Changes that do not require immediate action to maintain connectivity, such as removed IP addresses or URLs or less significant changes, do not include advance notification. In these instances, no Effective Date will be provided. Regardless of what notification is provided, we list the expected service active date for each change.
+When a change is published that requires you to act because an IP address or URL was added, you should expect to receive 30 days notice from the time we publish the change until there's an Office 365 service on that endpoint. This is reflected as the Effective Date. Although we aim for this notification period, it may not always be possible due to operational, support, or security requirements. Changes that don't require immediate action to maintain connectivity, such as removed IP addresses or URLs or less significant changes, don't include advance notification. In these instances, no Effective Date will be provided. Regardless of what notification is provided, we list the expected service active date for each change.
### Change notification using the Web Service
-You can use the Office 365 IP Address and URL Web Service to get change notification. We recommend you call the **/version** web method once an hour to check the version of the endpoints that you are using to connect to Office 365. If this version changes when compared to the version that you have in use, then you should get the latest endpoint data from the **/endpoints** web method and optionally get the differences from the **/changes** web method. It is not necessary to call the **/endpoints** or **/changes** web methods if there has not been any change to the version you found.
+You can use the Office 365 IP Address and URL Web Service to get change notification. We recommend you call the **/version** web method once an hour to check the version of the endpoints that you're using to connect to Office 365. If this version changes when compared to the version that you have in use, then you should get the latest endpoint data from the **/endpoints** web method and optionally get the differences from the **/changes** web method. It isn't necessary to call the **/endpoints** or **/changes** web methods if there hasn't been any change to the version you found.
For more information, see [Office 365 IP Address and URL Web Service](microsoft-365-ip-web-service.md).
With over 2500 ISP peering relationships globally and 70 points of presence, get
<a name="bkmk_MissingIP"> </a> ### I see network requests to IP addresses not on the published list, do I need to provide access to them?
-We only provide IP addresses for the Office 365 servers you should route directly to. This isn't a comprehensive list of all IP addresses you'll see network requests for. You will see network requests to Microsoft and third-party owned, unpublished, IP addresses. These IP addresses are dynamically generated or managed in a way that prevents timely notice when they change. If your firewall can't allow access based on the FQDNs for these network requests, use a PAC or WPAD file to manage the requests.
+We only provide IP addresses for the Office 365 servers you should route directly to. This isn't a comprehensive list of all IP addresses you'll see network requests for. You'll see network requests to Microsoft and third-party owned, unpublished, IP addresses. These IP addresses are dynamically generated or managed in a way that prevents timely notice when they change. If your firewall can't allow access based on the FQDNs for these network requests, use a PAC or WPAD file to manage the requests.
See an IP associated with Office 365 that you want more information on? 1. Check if the IP address is included in a larger published range using a CIDR calculator, such as these for [IPv4](https://www.ipaddressguide.com/cidr) or [IPv6](https://www.ipaddressguide.com/ipv6-cidr). For example, 40.96.0.0/13 includes the IP Address 40.103.0.1 despite 40.96 not matching 40.103.
-2. See if a partner owns the IP with a [whois query](https://dnsquery.org/). If it's Microsoft owned, it may be an internal partner. Many partner network endpoints are listed as belonging to the _default_ category, for which IP addresses are not published.
-3. The IP address may not be part of Office 365 or a dependency. Office 365 network endpoint publishing does not include all of Microsoft network endpoints.
+2. See if a partner owns the IP with a [whois query](https://dnsquery.org/). If it's Microsoft owned, it may be an internal partner. Many partner network endpoints are listed as belonging to the _default_ category, for which IP addresses aren't published.
+3. The IP address may not be part of Office 365 or a dependency. Office 365 network endpoint publishing doesn't include all of Microsoft network endpoints.
4. Check the certificate. With a browser, connect to the IP address using *HTTPS://\<IP_ADDRESS\>* and check the domains listed on the certificate to understand what domains are associated with the IP address. If it's a Microsoft-owned IP address and not on the list of Office 365 IP addresses, it's likely the IP address is associated with a Microsoft CDN such as *MSOCDN.NET* or another Microsoft domain without published IP information. If you do find the domain on the certificate is one where we claim to list the IP address, please let us know. <a name="bkmk_cname"> </a>
Client computers need a DNS A or AAAA record that includes one or more IP addres
serviceA.office.com -> CNAME: serviceA.domainA.com -> CNAME: serviceA.domainB.com -> A: IP_1 ```
-These CNAME redirects are a normal part of the DNS and are transparent to the client computer and transparent to proxy servers. They are used for load balancing, content delivery networks, high availability, and service incident mitigation. Microsoft does not publish the intermediary CNAME records, they are subject to change at any time, and you should not need to configure them as allowed in your proxy server.
+These CNAME redirects are a normal part of the DNS and are transparent to the client computer and transparent to proxy servers. They are used for load balancing, content delivery networks, high availability, and service incident mitigation. Microsoft doesn't publish the intermediary CNAME records, they are subject to change at any time, and you shouldn't need to configure them as allowed in your proxy server.
-A proxy server validates the initial URL, which in the above example is serviceA.office.com, and this URL would be included in Office 365 publishing. The proxy server requests DNS resolution of that URL to an IP Address and will receive back IP_1. It does not validate the intermediary CNAME redirection records.
+A proxy server validates the initial URL, which in the above example is serviceA.office.com, and this URL would be included in Office 365 publishing. The proxy server requests DNS resolution of that URL to an IP Address and will receive back IP_1. It doesn't validate the intermediary CNAME redirection records.
-Hard-coded configurations or using an allowlist based on indirect Office 365 FQDNs are not recommended, not supported by Microsoft, and are known to cause customer connectivity issues. DNS solutions that block on CNAME redirection, or that otherwise incorrectly resolve Office 365 DNS entries, can be solved via DNS forwarders with DNS recursion enabled or by using DNS root hints. Many third-party network perimeter products natively integrate recommended Office 365 endpoint to include an allowlist in their configuration using the [Office 365 IP Address and URL Web service](microsoft-365-ip-web-service.md).
+Hard-coded configurations or using an allowlist based on indirect Office 365 FQDNs aren't recommended, not supported by Microsoft, and are known to cause customer connectivity issues. DNS solutions that block on CNAME redirection, or that otherwise incorrectly resolve Office 365 DNS entries, can be solved via DNS forwarders with DNS recursion enabled or by using DNS root hints. Many third-party network perimeter products natively integrate recommended Office 365 endpoint to include an allowlist in their configuration using the [Office 365 IP Address and URL Web service](microsoft-365-ip-web-service.md).
<a name="bkmk_akamai"> </a> ### Why do I see names such as nsatc.net or akadns.net in the Microsoft domain names?
Office 365 and other Microsoft services use several third-party services such as
As Office 365 is a suite of services built to function over the internet, the reliability and availability promises are based on many standard internet services being available. For example, standard internet services such as DNS, CRL, and CDNs must be reachable to use Office 365 just as they must be reachable to use most modern internet services.
-The Office 365 suite is broken down into major service areas. These can be selectively enabled for connectivity and there is a Common area, which is a dependency for all and is always required.
+The Office 365 suite is broken down into major service areas. These can be selectively enabled for connectivity and there's a Common area, which is a dependency for all and is always required.
| Service Area | Description | |:--|:--|
If you're trying to use Office 365 and are finding third-party services aren't a
<a name="bkmk_consumer"> </a> ### How do I block access to Microsoft's consumer services?
-The tenant restrictions feature now supports blocking the use of all Microsoft consumer applications (MSA apps) such as OneDrive, Hotmail, and Xbox.com. This uses a separate header to the login.live.com endpoint. For more details, see [Use tenant restrictions to manage access to SaaS cloud applications](/azure/active-directory/manage-apps/tenant-restrictions#blocking-consumer-applications).
+The tenant restrictions feature now supports blocking the use of all Microsoft consumer applications (MSA apps) such as OneDrive, Hotmail, and Xbox.com. This uses a separate header to the login.live.com endpoint. For more information, see [Use tenant restrictions to manage access to SaaS cloud applications](/azure/active-directory/manage-apps/tenant-restrictions#blocking-consumer-applications).
<a name="bkmk_IPOnlyFirewall"> </a>+ ### My firewall requires IP Addresses and cannot process URLs. How do I configure it for Office 365?
-Office 365 does not provide IP addresses of all required network endpoints. Some are provided as URLs only and are categorized as default. URLs in the default category that are required should be allowed through a proxy server. If you don't have a proxy server, look at how you have configured web requests for URLs that users type into the address bar of a web browser; the user doesn't provide an IP address either. The Office 365 default category URLs that do not provide IP addresses should be configured in the same way.
+Office 365 doesn't provide IP addresses of all required network endpoints. Some are provided as URLs only and are categorized as default. URLs in the default category that are required should be allowed through a proxy server. If you don't have a proxy server, look at how you have configured web requests for URLs that users type into the address bar of a web browser; the user doesn't provide an IP address either. The Office 365 default category URLs that do not provide IP addresses should be configured in the same way.
## Related topics
enterprise Microsoft 365 Service Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-service-health.md
description: "Microsoft 365 service health status"
# Microsoft 365 network health status
-Due to the increased demand for Microsoft's cloud services during the COVID-19 crisis, we are providing information about the health of Microsoft's global network as well as information about network quality issues that our customers might experience but that we don't control.
+Due to the increased demand for Microsoft's cloud services during the COVID-19 crisis, we are providing information about the health of Microsoft's global network and information about network quality issues that our customers might experience but that we don't control.
This information includes network issues that affect all of our software as service offerings, including Microsoft 365. _There might be delays in the updates to this page. We are updating it manually while we build a more automated solution._
-When we detect significant issues within Microsoft's global network or with internet connectivity between our customers and Microsoft's network, we will post that information here. We recommend that customers continue to use the Microsoft 365 admin center <a href="https://go.microsoft.com/fwlink/p/?linkid=842900" target="_blank">Service Health dashboard</a> to understand the impact of any significant network issues on their tenant, as we provide much more detailed and targeted information there.
+When we detect significant issues within Microsoft's global network or with internet connectivity between our customers and Microsoft's network, we'll post that information here. We recommend that customers continue to use the Microsoft 365 admin center <a href="https://go.microsoft.com/fwlink/p/?linkid=842900" target="_blank">Service Health dashboard</a> to understand the impact of any significant network issues on their tenant, as we provide much more detailed and targeted information there.
## Current network issues
enterprise Migrate Data To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/migrate-data-to-office-365.md
ms.assetid: e2fdfc8d-547e-4419-8628-2738ed4e0f46
f1.keywords: - NOCSH
-description: "In this article, you will the resources to help you migrate your organization data to Microsoft 365."
+description: "In this article, you will find the resources to help you migrate your organization data to Microsoft 365."
# Migrate your organization data to Microsoft 365 Enterprise
description: "In this article, you will the resources to help you migrate your o
Our [basic set up instructions](https://support.office.com/article/Set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa) help you get everyone using your Microsoft 365 services and applications in the shortest time possible. This skips the hybrid scenarios and the more advanced methods for migrating to Microsoft 365.
-If you want help getting Microsoft 365 set up, [FastTrack](https://fasttrack.microsoft.com/office) is the easiest way to deploy Microsoft 365, you can also sign in and use the [Setup guides for Microsoft 365 services](setup-guides-for-microsoft-365.md).
+If you want help with getting Microsoft 365 setup, [FastTrack](https://fasttrack.microsoft.com/office) is the easiest way to deploy Microsoft 365, you can also sign in and use the [Setup guides for Microsoft 365 services](setup-guides-for-microsoft-365.md).
## Migrate email to Microsoft 365 - Migrate with Exchange Hybrid using the [Exchange Deployment Assistant](https://technet.microsoft.com/exdeploy2013). (Administrator)
enterprise Sharepoint 2007 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/sharepoint-2007-end-of-support.md
You can't migrate directly from SharePoint 2007 to SharePoint Online. Your move
|**Online pro**|**Online con**| |:--|:--| |Microsoft supplies SPO hardware and all hardware administration. <br/> |Available features may differ between SharePoint Server on-premises and SPO. <br/> |
-|You're the Sharepoint admin or global admin of your subscription and can assign administrators to SPO sites. <br/> |Some actions available to a farm administrator in SharePoint Server on-premises don't exist or aren't necessarily included in the SharePoint Administrator role in Microsoft 365. <br/> |
+|You're the SharePoint admin or global admin of your subscription and can assign administrators to SPO sites. <br/> |Some actions available to a farm administrator in SharePoint Server on-premises don't exist or aren't necessarily included in the SharePoint Administrator role in Microsoft 365. <br/> |
|Microsoft applies patches, fixes, and updates to underlying hardware and software. <br/> |Because there's no access to the underlying file system in the service, customization is limited. <br/> | |Microsoft publishes [Service level agreements](/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement) and moves quickly to resolve service-level incidents. <br/> |Backup and restore and other recovery options are automated by the service in SharePoint Online. Backups are overwritten if not used. <br/> | |Security testing and server performance tuning are carried out on an ongoing basis in the service by Microsoft. <br/> |Changes to the user interface and other SharePoint features are installed by the service and may need to be toggled on or off. <br/> |
enterprise Upgrade From Sharepoint 2010 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-sharepoint-2010.md
If you upgrade to SharePoint Server 2013 or SharePoint Server 2016 and decide to
|SharePoint Online advantage|SharePoint Online disadvantage| ||| |Microsoft supplies SPO hardware and all hardware administration.|Available features may differ between SharePoint Server on-premises and SPO.|
-|You're the Sharepoint admin or global admin of your subscription and can assign administrators to SPO sites.|Some actions available to a farm administrator in SharePoint Server on-premises don't exist (or aren't necessary) in the SharePoint Administrator role in Microsoft 365. But SharePoint Administration, Site Collection Administration, and Site Ownership are local to your org.|
+|You're the SharePoint admin or global admin of your subscription and can assign administrators to SPO sites.|Some actions available to a farm administrator in SharePoint Server on-premises don't exist (or aren't necessary) in the SharePoint Administrator role in Microsoft 365. But SharePoint Administration, Site Collection Administration, and Site Ownership are local to your org.|
|Microsoft applies patches, fixes, and updates to underlying hardware and software, including SQL servers on which SharePoint Online runs.|Because there's no access to the underlying file system in the service, customization is limited.| |Microsoft publishes [service level agreements](/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement) and moves quickly to resolve service-level incidents.|Backup and restore and other recovery options are automated by the service in SharePoint Online. Backups are overwritten if not used.| |Security testing and server performance tuning are carried out continuously in the service by Microsoft.|Changes to the user interface and other SharePoint features are installed by the service and may need to be toggled on or off.|
security Admin Submissions Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/admin-submissions-mde.md
In Microsoft Defender for Endpoint, admins can use the unified submissions featu
- To submit files to Microsoft, you need to be a member of one of the following role groups:
- - **Organization Management** or **Security Administrator** in the [Microsoft 365 Defender portal](../office-365-security/permissions-microsoft-365-security-center.md).
+ - **Organization Management**, **Security Administrator**, or **Security Reader** in the [Microsoft 365 Defender portal](../office-365-security/permissions-microsoft-365-security-center.md).
- For more information about how you can submit spam, phish, URLs, and email attachments to Microsoft, see [Report messages and files to Microsoft](../office-365-security/report-junk-email-messages-to-microsoft.md).
security Microsoft Defender Endpoint Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md
If you experience any installation failures, refer to [Troubleshooting installat
> [!NOTE] > It is not supported to install Microsoft Defender for Endpoint in any other location other than the default install path.
+> [!NOTE]
+> Microsoft Defender for Endpoint on Linux creates an "mdatp" user with random UID and GID. If you want to control the UID and GID, create an "mdatp" user prior to installation using the "/usr/sbin/nologin" shell option.
+> For example: `mdatp:x:UID:GID::/home/mdatp:/usr/sbin/nologin`.
+ ### System requirements
+> [!NOTE]
+> Support of Red Hat Enterprise Linux and CentOS 6.7+ to 6.10+ are in preview.
+ - Supported Linux server distributions and x64 (AMD64/EM64T) and x86_64 versions: - Red Hat Enterprise Linux 6.7 or higher (Preview)
- - Red Hat Enterprise Linux 7.2 or higher
- - Red Hat Enterprise Linux 8.x
- - CentOS 6.7 or higher
+ - Red Hat Enterprise Linux 7.2 or higher
+ - Red Hat Enterprise Linux 8.x
+ - CentOS 6.7 or higher (Preview)
- CentOS 7.2 or higher - Ubuntu 16.04 LTS or higher LTS - Debian 9 or higher
If you experience any installation failures, refer to [Troubleshooting installat
- List of supported kernel versions
- - Minimum kernel version 3.10.0-327 (For all the supported Linux distributions mentioned above except Red Hat Enterprise Linux 6 and CentOS 6)
+ > [!NOTE]
+ > Microsoft Defender for Endpoint on RHEL/CentOS - 6.7 to 6.10 is a Kernel based solution. You must verify that the kernel is the supported before updating to the newer kernel version. See the list below for the list of supported kernels.
+ > Microsoft Defender for Endpoint implementation for all other supported distributions and versions is kernel-version-agnostic. With minimal requirement for the kernel version to be on or above 3.10.0-327.
+ - The `fanotify` kernel option must be enabled - Red Hat Enterprise Linux 6 and CentOS 6: - For 6.7: 2.6.32-573.* - For 6.8: 2.6.32-642.* - For 6.9: 2.6.32-696.* (except 2.6.32-696.el6.x86_64)
- - For 6.10: 2.6.32.754.2.1.el6.x86_64 to 2.6.32-754.43.1:
+ - For 6.10: 2.6.32.754.2.1.el6.x86_64 to 2.6.32-754.47.1:
- 2.6.32-754.10.1.el6.x86_64 - 2.6.32-754.11.1.el6.x86_64
security Advanced Hunting Best Practices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-best-practices.md
The [summarize operator](/azure/data-explorer/kusto/query/summarizeoperator) agg
| summarize hint.shufflekey = RecipientEmailAddress count() by Subject, RecipientEmailAddress ```
+Watch this [short video](https://www.youtube.com/watch?v=ceYvRuPp5D8) to learn how you can optimize the Kusto Query Language.
+ ## Query scenarios ### Identify unique processes with process IDs
security Advanced Hunting Query Emails Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-query-emails-devices.md
SenderFromAddress, RecipientEmailAddress, AccountDisplayName, JobTitle,
Department, City, Country ```
+Watch this [short video](https://www.youtube.com/watch?v=8qZx7Pp5XgM) to learn how you can use Kusto Query Language to join tables.
+ ### Get device information+ The [advanced hunting schema](advanced-hunting-schema-tables.md) provides extensive device information in various tables. For example, the [DeviceInfo table](advanced-hunting-deviceinfo-table.md) provides comprehensive device information based on event data aggregated regularly. This query uses the `DeviceInfo` table to check if a potentially compromised user (`<account-name>`) has logged on to any devices and then lists the alerts that have been triggered on those devices. >[!Tip]
DeviceInfo
## Hunting scenarios ### List logon activities of users that received emails that were not zapped successfully+ [Zero-hour auto purge (ZAP)](../office-365-security/zero-hour-auto-purge.md) addresses malicious emails after they have been received. If ZAP fails, malicious code might eventually run on the device and leave accounts compromised. This query checks for logon activity made by the recipients of emails that were not successfully addressed by ZAP. ```kusto
LogonTime = Timestamp, AccountDisplayName, Application, Protocol, DeviceName, Lo
``` ### Get logon attempts by domain accounts targeted by credential theft+ This query first identifies all credential access alerts in the `AlertInfo` table. It then merges or joins the `AlertEvidence` table, which it parses for the names of the targeted accounts and filters for domain-joined accounts only. Finally, it checks the `IdentityLogonEvents` table to get all logon activities by the domain-joined targeted accounts. ```kusto
AlertInfo
``` ### Check if files from a known malicious sender are on your devices+ Assuming you know of an email address sending malicious files (`MaliciousSender@example.com`), you can run this query to determine if files from this sender exist on your devices. You can use this query, for example, to identify devices affected by a malware distribution campaign. ```kusto
DeviceFileEvents
``` ### Review logon attempts after receipt of malicious emails+ This query finds the 10 latest logons performed by email recipients within 30 minutes after they received known malicious emails. You can use this query to check whether the accounts of the email recipients have been compromised. ```kusto
IdentityLogonEvents
``` ### Review PowerShell activities after receipt of emails from known malicious sender+ Malicious emails often contain documents and other specially crafted attachments that run PowerShell commands to deliver additional payloads. If you are aware of emails coming from a known malicious sender (`MaliciousSender@example.com`), you can use this query to list and review PowerShell activities that occurred within 30 minutes after an email was received from the sender. ```kusto
DeviceProcessEvents
``` ## Related topics+ - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the query language](advanced-hunting-query-language.md) - [Work with query results](advanced-hunting-query-results.md)
security Advanced Hunting Query Language https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-query-language.md
ms.technology: m365d
**Applies to:**+ - Microsoft 365 Defender - Microsoft Defender for Endpoint
FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType
**[Run this query in advanced hunting](https://security.microsoft.com/hunting?query=H4sIAAAAAAAEAI2TW0sCURSF93PQfxh8Moisp956yYIgQtLoMaYczJpbzkkTpN_et_dcdPQkcpjbmrXXWftyetKTQG5lKqmMpeB9IJksJJKZDOWdZ8wKeP5wvcm3OLgZbMXmXCmIxjnYIfcAVgYvRi8w3TnfsXEDGAG47pCCZXyP5ViO4KeNbt-Up-hEuJmB6lvButnY8XSL-cDl0M2I-GwxVX8Fe2H5zMzHiKjEVB0eEsnBrszfBIWuXOLrxCJ7VqEBfM3DWUYTkNKrv1p5y3X0jwetemzOQ_NSVuuXZ1c6aNTKRaN8VvWhY9n7OS-o6J5r7mYeQypdEKc1m1qfiqpjCSuspsDntt2J61bEvTlXls5AgQfFl5bHM_gr_BhO2RF1rztoBv2tWahrso_TtzkL93KGMGZVr2pe7eWR-xeZl91f_113UOsx3nDR4Y9j5R6kaCq8ajr_YWfFeedsd27L7it-Z6dAZyxsJq1d9-2ZOSzK3y2NVd8-zUPjtZaJnYsIH4Md7AmdeAcd2Cl1XoURc5PzXlfU8U9P54WcswL6t_TW9Q__qX-xygQAAA&runQuery=true&timeRangeId=week)** ### Describe the query and specify the tables to search+ A short comment has been added to the beginning of the query to describe what it is for. This comment helps if you later decide to save the query and share it with others in your organization. ```kusto
The query itself will typically start with a table name followed by several elem
```kusto union DeviceProcessEvents, DeviceNetworkEvents ```+ ### Set the time range+ The first piped element is a time filter scoped to the previous seven days. Limiting the time range helps ensure that queries perform well, return manageable results, and don't time out. ```kusto
The first piped element is a time filter scoped to the previous seven days. Limi
``` ### Check specific processes+ The time range is immediately followed by a search for process file names representing the PowerShell application. ```kusto
The time range is immediately followed by a search for process file names repres
``` ### Search for specific command strings+ Afterwards, the query looks for strings in command lines that are typically used to download files using PowerShell. ```kusto
Afterwards, the query looks for strings in command lines that are typically used
``` ### Customize result columns and length + Now that your query clearly identifies the data you want to locate, you can define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process. ```kusto
Select **Run query** to see the results.
>[!TIP] >You can view query results as charts and quickly adjust filters. For guidance, [read about working with query results](advanced-hunting-query-results.md)
+Watch this [short video](https://www.youtube.com/watch?v=8qZx7Pp5XgM) to learn how you can use Kusto Query Language to join tables.
+ ## Learn common query operators You've just run your first query and have a general idea of its components. It's time to backtrack slightly and learn some basics. The Kusto query language used by advanced hunting supports a range of operators, including the following common ones.
Advanced hunting supports Kusto data types, including the following common types
To learn more about these data types, [read about Kusto scalar data types](/azure/data-explorer/kusto/query/scalar-data-types/). ## Get help as you write queries+ Take advantage of the following functionality to write queries faster: - **Autosuggest**ΓÇöas you write queries, advanced hunting provides suggestions from IntelliSense. - **Schema tree**ΓÇöa schema representation that includes the list of tables and their columns is provided next to your working area. For more information, hover over an item. Double-click an item to insert it to the query editor. - **[Schema reference](advanced-hunting-schema-tables.md#get-schema-information-in-the-security-center)**ΓÇöin-portal reference with table and column descriptions as well as supported event types (`ActionType` values) and sample queries ## Work with multiple queries in the editor+ You can use the query editor to experiment with multiple queries. To use multiple queries: - Separate each query with an empty line.
For more information on Kusto query language and supported operators, see [Kusto
>Some tables in this article might not be available in Microsoft Defender for Endpoint. [Turn on Microsoft 365 Defender](m365d-enable.md) to hunt for threats using more data sources. You can move your advanced hunting workflows from Microsoft Defender for Endpoint to Microsoft 365 Defender by following the steps in [Migrate advanced hunting queries from Microsoft Defender for Endpoint](advanced-hunting-migrate-from-mde.md). ## Related topics+ - [Advanced hunting overview](advanced-hunting-overview.md) - [Work with query results](advanced-hunting-query-results.md) - [Use shared queries](advanced-hunting-shared-queries.md)
security Api Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/api-overview.md
Along with these Microsoft 365 Defender-specific APIs, each of our other securit
> [!NOTE] > The transition to the unified portal should not affect the PowerBi dashboards based on Microsoft Defender for Endpoint APIs. You can continue to work with the existing APIs regardless of the interactive portal transition.
+Watch this short video to learn how you can use Microsoft 365 Defender to automate workflows and integrate apps.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M?rel=0]
+ ## Learn more | **Understand how to access the APIs** |
security Configure Event Hub https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/configure-event-hub.md
Title: Configure your Event Hub
-description: Learn how to configure your Event Hub
+ Title: Configure your Event Hubs
+description: Learn how to configure your Event Hubs
keywords: event hub, configure, insights search.product: eADQiWindows 10XVcnh search.appverid: met150
MS.technology: mde
-# Configure your Event Hub
+# Configure your Event Hubs
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-Learn how to configure your Event Hub so that it can ingest events from Microsoft 365 Defender.
+Learn how to configure your Event Hubs so that it can ingest events from Microsoft 365 Defender.
-## Set up the required Resource Provider in the Event Hub subscription
+## Set up the required Resource Provider in the Event Hubs subscription
1. Sign in to the [Azure portal](https://portal.azure.com). 1. Select **Subscriptions** > **{ Select the subscription the event hubs will be deployed to }** > **Resource providers**.
-1. Verify that the **Microsoft.Insights** Provider is registered. Otherwise, register it.
+1. Verify whether the **Microsoft.Insights** Provider is registered. Otherwise, register it.
:::image type="content" source="../../media/f893db7a7b1f7aa520e8b9257cc72562.png" alt-text="The list of service providers page in the Microsoft Azure portal" lightbox="../../media/f893db7a7b1f7aa520e8b9257cc72562.png"::: ## Set up Azure Active Directory App Registration
-> ![NOTE]
+> [!NOTE]
> You must have Administrator role or Azure Active Directory (AAD) must be set to allow non-Administrators to register apps. You must also have an Owner or User Access Administrator role to assign the service principal a role. For more information, see [Create an Azure AD app & service principal in the portal - Microsoft identity platform \| Microsoft Docs](/azure/active-directory/develop/howto-create-service-principal-portal). 1. Create a new registration (which inherently creates a service principal) in
Learn how to configure your Event Hub so that it can ingest events from Microsof
1. Create a secret by clicking on **Certificates & secrets** \> **New client secret**: :::image type="content" source="../../media/d2ef88d3d2310d2c60c294b569cdf02e.png" alt-text="The Client secret section in the Microsoft Azure portal" lightbox="../../media/d2ef88d3d2310d2c60c294b569cdf02e.png":::
-
+
+This client secret value is used by Microsoft Graph APIs to authenticate this application that is being registered.
> [!WARNING] > **You won't be able to access the client secret again so make sure to save it**.
-## Set up Event Hub namespace
+## Set up Event Hubs namespace
-1. Create an Event Hub Namespace:
+1. Create an Event Hubs Namespace:
- Go **to Event Hub \> Add** and select the pricing tier, throughput units and Auto-Inflate (requires standard pricing and under features) appropriate for the load you are expecting. For more information, see [Pricing - Event Hub \| Microsoft Azure](https://azure.microsoft.com/pricing/details/event-hubs/)
+ Go **to Event Hub \> Add** and select the pricing tier, throughput units and Auto-Inflate (requires standard pricing and under features) appropriate for the load you're expecting. For more information, see [Pricing - Event Hubs \| Microsoft Azure](https://azure.microsoft.com/pricing/details/event-hubs/).
> [!NOTE] > You can use an existing event-hub, but the throughput and scaling are set at the namespace level so it is recommended to place an event-hub in its own namespace. :::image type="content" source="../../media/ebc4ca37c342ad1da75c4aee4018e51a.png" alt-text="The event hubs section in the Microsoft Azure portal" lightbox="../../media/ebc4ca37c342ad1da75c4aee4018e51a.png":::
-1. You will also need the Resource ID of this Event Hub Namespace. Go to your Azure Event Hub namespace page \> Properties. Copy the text under Resource ID and record it for use during the Microsoft 365 Configuration section below.
+1. You'll also need the Resource ID of this Event Hubs Namespace. Go to your Azure Event Hubs namespace page \> Properties. Copy the text under Resource ID and record it for use during the Microsoft 365 Configuration section below.
:::image type="content" source="../../media/759498162a4e93cbf17c4130d704d164.png" alt-text="The event hubs properties section in the Microsoft Azure portal" lightbox="../../media/759498162a4e93cbf17c4130d704d164.png":::
+### Add permissions
+
+You're required to add permissions to the following roles to entities that are involved in Event Hubs data management:
+
+- **Contributor**: The permissions related to this role are added to entity who logs in to the Microsoft 365 Defender portal.
+- **Reader** and **Azure Event Hub data Receiver**: The permissions related to these roles are assigned to the entity who is already assigned the role of a **Service Principal** and logs in to the Azure Active Directory application.
-1. Once the Event Hub Namespace is created, you will need to add the App Registration Service Principal as Reader, Azure Event Hubs Data Receiver, and the user who will be logging into Microsoft 365 Defender as Contributor (you can also do this at Resource Group or Subscription level).
+To ensure that these roles have been added, perform the following step:
- You do this step at **Event Hub Namespace** \> **Access Control (IAM)** \> **Add** and verify under **Role assignments**:
+Go to **Event Hub Namespace** \> **Access Control (IAM)** \> **Add** and verify under **Role assignments**.
- :::image type="content" source="../../media/9c9c29137b90d5858920202d87680d16.png" alt-text="An application registration service principal section in the Microsoft Azure portal" lightbox="../../media/9c9c29137b90d5858920202d87680d16.png":::
-## Set up Event Hub
+## Set up Event Hubs
**Option 1:**
-You can create an Event Hub within your Namespace and **all** the Event Types (Tables) you select to export will be written into this **one** Event Hub.
+You can create an Event Hubs within your Namespace and **all** the Event Types (Tables) you select to export will be written into this **one** Event Hub.
**Option 2:**
-Instead of exporting all the Event Types (Tables) into one Event Hub, you can export each table into different Event Hub inside your Event Hub Namespace (one Event Hub per Event Type).
+Instead of exporting all the Event Types (Tables) into one Event Hub, you can export each table into different Event Hubs inside your Event Hubs Namespace (one Event Hub per Event Type).
-In this option, Microsoft 365 Defender will create Event Hub for you.
+In this option, Microsoft 365 Defender will create Event Hubs for you.
> [!NOTE] > If you are using an Event Hub Namespace that is **not** part of an Event Hub Cluster, you will only be able to choose up to 10 Event Types (Tables) to export in each Export Settings you define, due to an Azure limitation of 10 Event Hub per Event Hub Namespace.
For example:
If you choose this option, you can skip to the [Configure Microsoft 365 Defender to send email tables](#configure-microsoft-365-defender-to-send-email-tables) section.
-Create Event Hub within your Namespace by selecting **Event Hub** \> **+ Event Hub**.
+Create Event Hubs within your Namespace by selecting **Event Hub** \> **+ Event Hub**.
-The Partition Count allows for more throughput via parallelism, so it is recommended to increase this number based on the load you are expecting. Default Message Retention and Capture values of 1 and Off are recommended.
+The Partition Count allows for more throughput via parallelism, so it's recommended to increase this number based on the load you're expecting. Default Message Retention and Capture values of 1 and Off are recommended.
:::image type="content" source="../../media/1db04b8ec02a6298d7cc70419ac6e6a9.png" alt-text="An event hubs creation section in the Microsoft Azure portal" lightbox="../../media/1db04b8ec02a6298d7cc70419ac6e6a9.png":::
-
-For these Event Hub (not namespace) you will need to configure a Shared Access Policy with Send, Listen Claims. Click on your **Event Hub** \> **Shared access policies** \> **+ Add** and then give it a Policy name (not used elsewhere) and check **Send** and **Listen**.
+For these Event Hubs (not namespace), you'll need to configure a Shared Access Policy with Send, Listen Claims. Click on your **Event Hub** \> **Shared access policies** \> **+ Add** and then give it a Policy name (not used elsewhere) and check **Send** and **Listen**.
:::image type="content" source="../../media/1867d13f46dc6a0f4cdae6cf00df24db.png" alt-text="The Shared access policies page in the Microsoft Azure portal" lightbox="../../media/1867d13f46dc6a0f4cdae6cf00df24db.png"::: ## Configure Microsoft 365 Defender to send email tables
-### Set up Microsoft 365 Defender send Email tables to Splunk via Event Hub
+### Set up Microsoft 365 Defender send Email tables to Splunk via Event Hubs
-1. Log in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> with an account that meets all the following role requirements:
+1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> with an account that meets all the following role requirements:
- - Contributor role at the Event Hub *Namespace* Resource level or higher for the Event Hub that you will be exporting to. Without this permission, you will get an export error when you try to save the settings.
+ - Contributor role at the Event Hubs *Namespace* Resource level or higher for the Event Hubs that you'll be exporting to. Without this permission, you'll get an export error when you try to save the settings.
- Global Admin or Security Admin Role on the tenant tied to Microsoft 365 Defender and Azure.
For these Event Hub (not namespace) you will need to configure a Shared Access P
1. Click on **Raw Data Export \> +Add**.
- You will now use the data that you recorded above.
+ You'll now use the data that you recorded above.
**Name**: This value is local and should be whatever works in your environment. **Forward events to event hub**: Select this checkbox.
- **Event-Hub Resource ID**: This value is the Event Hub Namespace Resource ID you recorded when you set up the Event Hub.
+ **Event-Hub Resource ID**: This value is the Event Hubs Namespace Resource ID you recorded when you set up the Event Hubs.
- **Event-Hub name**: If you created an Event Hub inside your Event Hub Namespace, paste the Event Hub name you recorded above.
+ **Event-Hub name**: If you created an Event Hubs inside your Event Hubs Namespace, paste the Event Hubs name you recorded above.
- If you choose to let Microsoft 365 Defender to create Event Hub per Event Types (Tables) for you, leave this field empty.
+ If you choose to let Microsoft 365 Defender to create Event Hubs per Event Types (Tables) for you, leave this field empty.
- **Event Types**: Select the Advanced Hunting tables that you want to forward to the Event Hub and then on to your custom app. Alert tables are from Microsoft 365 Defender, Devices tables are from Microsoft Defender for Endpoint (EDR), and Email tables are from Microsoft Defender for Office 365. Email Events records all Email Transactions. The URL (Safe Links), Attachment (Safe Attachments), and Post Delivery Events (ZAP) are also recorded and can be joined to the Email Events on the NetworkMessageId field.
+ **Event Types**: Select the Advanced Hunting tables that you want to forward to the Event Hubs and then on to your custom app. Alert tables are from Microsoft 365 Defender, Devices tables are from Microsoft Defender for Endpoint (EDR), and Email tables are from Microsoft Defender for Office 365. Email Events records all Email Transactions. The URL (Safe Links), Attachment (Safe Attachments), and Post Delivery Events (ZAP) are also recorded and can be joined to the Email Events on the NetworkMessageId field.
:::image type="content" source="../../media/3b2ad64b6ef0f88cf0175f8d57ef8b97.png" alt-text="The Streaming API settings page in the Microsoft Azure portal" lightbox="../../media/3b2ad64b6ef0f88cf0175f8d57ef8b97.png"::: 1. Make sure to click **Submit**.
-### Verify that the events are being exported to the Event Hub
+### Verify that the events are being exported to the Event Hubs
-You can verify that events are being sent to the Event Hub by running a basic Advanced Hunting query. Select **Hunting** \> **Advanced Hunting** \> **Query** and enter the following query:
+You can verify that events are being sent to the Event Hubs by running a basic Advanced Hunting query. Select **Hunting** \> **Advanced Hunting** \> **Query** and enter the following query:
```console EmailEvents
EmailEvents
|count ```
-This will show you how many emails were received in the last hour joined across all the other tables. It will also show you if you are seeing events that could be exported to the event hubs. If this count shows 0, then you won't see any data going out to the Event Hub.
+This query will show you how many emails were received in the last hour joined across all the other tables. It will also show you if you're seeing events that could be exported to the event hubs. If this count shows 0, then you won't see any data going out to the Event Hubs.
:::image type="content" source="../../media/c305e57dc6f72fa9eb035943f244738e.png" alt-text="The advanced hunting page in the Microsoft Azure portal" lightbox="../../media/c305e57dc6f72fa9eb035943f244738e.png":::
-Once you have verified there is data to export, you can view the Event Hub page to verify that messages are incoming. This can take up to one hour.
+Once you've verified there's data to export, you can view the Event Hubs page to verify that messages are incoming. This process can take up to one hour.
1. In Azure, go to **Event Hub** \> Click on the **Namespace** \> **Event Hub** \> Click on the **Event Hub**. 1. Under **Overview**, scroll down and in the Messages graph you should see Incoming Messages. If you don't see any results, then there will be no messages
security Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-started.md
ms.technology: m365d
Microsoft 365 Defender is a unified experience where you can monitor and manage security across your enterprise. With the integrated alerts across identities, endpoints, data, apps, email, and collaboration tools - investigating and responding to threats now happen in a central location.
+Watch this short video to learn how Microsoft 365 Defender helps to prevent, detect, investigate, and remediate threats across Microsoft 365.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4FTDg]
+ Whether you're new to the Microsoft suite of security products or familiar with individual workflows, this topic will guide you in the simple steps you need to take to get started with Microsoft 365 Defender. :::image type="content" source="../../media/mtp/get-started-m365d.png" alt-text="The steps to get started with the Microsoft 365 Defender portal" lightbox="../../media/mtp/get-started-m365d.png":::
In general, you'll need to take the following steps to get started:
## Key capabilities+ Turning on Microsoft 365 Defender and deploying services will give you access to the following key capabilities:
security Investigate Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-alerts.md
To create the automation, you'll need an API token before you can connect Power
### Create an automated flow
-For the detailed step-by-step process, see the video [here](https://www.microsoft.com/en-us/videoplayer/embed/RWFIRn).
-
-This video also describes how to connect power automate to Defender for Cloud Apps.
+Watch this short video to learn how automation works efficiently to create a smooth workflow and how to connect Power Automate to Defender for Cloud Apps.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWFIRn]
## Next steps
security Manage Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/manage-incidents.md
From the **Classification** field, you specify whether the incident is:
Classifying incidents and specifying their status and type helps tune Microsoft 365 Defender to provide better detection determination over time.
+Watch this short video to learn how to use classification to increase triage efficiency.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4LHJq]
+ ## Add comments You can add multiple comments to an incident with the **Comment** field. Each comment gets added to the historical events of the incident. You can see the comments and history of an incident from the **Comments and history** link on the **Summary** page.
security Microsoft 365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-defender.md
If you need information about what's changed from the Office 365 Security & Comp
> [!NOTE] > The Microsoft 365 Defender portal uses and enforces existing roles-based access, and will move each security model into the unified portal. Each converged workload has its own roles-based access. The roles already in the products will be converged into the Microsoft 365 Defender portal automatically. However, Microsoft Defender for Cloud Apps will still handle its own roles and permissions.
+Watch this short video to learn about the new unified portal in Microsoft 365 Defender.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWBKau]
+ ### What to expect All the security content that you use in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and the Microsoft 365 security center can now be found in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>.
security Streaming Api Event Hub https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/streaming-api-event-hub.md
Title: Stream Microsoft 365 Defender events to Azure Event Hub
-description: Learn how to configure Microsoft 365 Defender to stream Advanced Hunting events to your Event Hub.
-keywords: raw data export, streaming API, API, Azure Event Hub, Azure storage, storage account, Advanced Hunting, raw data sharing
+ Title: Stream Microsoft 365 Defender events to Azure Event Hubs
+description: Learn how to configure Microsoft 365 Defender to stream Advanced Hunting events to your Event Hubs.
+keywords: raw data export, streaming API, API, Azure Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) [!include[Prerelease information](../../includes/prerelease.md)]
-## Before you begin
-
-1. Create an [Event hub](/azure/event-hubs/) in your tenant.
-
-2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions > Your subscription > Resource Providers > Register to Microsoft.Insights**.
-
-3. Create an Event Hub Namespace, go to **Event Hub > Add** and select the pricing tier, throughput units and Auto-Inflate appropriate for expected load. For more information, see [Event Hubs pricing](https://azure.microsoft.com/pricing/details/event-hubs/).
+## Prerequisites
-### Add contributor permissions
+Prior to configuring Microsoft 365 Defender to stream data to Event Hubs, ensure the following prerequisites are fulfilled:
-Once the Event Hub namespace is created you will need to:
+1. Create an Event Hubs (for information, see [Set up Event Hubs](configure-event-hub.md#set-up-event-hubs)).
-1. Define the user who will be logging into Microsoft 365 Defender as Contributor.
+2. Creating an Event Hubs Namespace (for information, see [Set up Event Hubs namespace](configure-event-hub.md#set-up-event-hubs-namespace)).
-2. If you are connecting to an application, add the App Registration Service Principal as Reader, Azure Event Hub Data Receiver (this can also be done at Resource Group or Subscription level).
+3. Add permissions to the entity who has the privileges of a **Contributor** so that this entity can export data to the Event Hubs. For more information on adding permissions, see [Add permissions](configure-event-hub.md#add-permissions)
- Go to **Event hubs namespace > Access control (IAM) > Add** and verify under **Role assignments**.
+> [!NOTE]
+> The Streaming API can be integrated either via Event Hubs or Azure Storage Account.
## Enable raw data streaming
-1. Log in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> as a ***Global Administrator*** or ***Security Administrator***.
+1. Log on to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> as a ***Global Administrator*** or ***Security Administrator***.
2. Go to the [Streaming API settings page](https://security.microsoft.com/settings/mtp_settings/raw_data_export).
Once the Event Hub namespace is created you will need to:
5. Choose **Forward events to Azure Event Hub**.
-6. You can select if you want to export the event data to a single Event Hub, or to export each event table to a different event hub in your Event Hub namespace.
+6. You can select if you want to export the event data to a single Event Hub, or to export each event table to a different Event Hubs in your Event Hubs namespace.
7. To export the event data to a single Event Hub, enter your **Event Hub name** and your **Event Hub resource ID**.
- To get your **Event Hub resource ID**, go to your Azure Event Hub namespace page on [Azure](https://ms.portal.azure.com/) > **Properties** tab > copy the text under **Resource ID**:
+ To get your **Event Hub resource ID**, go to your Azure Event Hubs namespace page on [Azure](https://ms.portal.azure.com/) > **Properties** tab > copy the text under **Resource ID**:
:::image type="content" source="../defender-endpoint/images/event-hub-resource-id.png" alt-text="An Event Hub resource ID" lightbox="../defender-endpoint/images/event-hub-resource-id.png":::
Once the Event Hub namespace is created you will need to:
} ``` -- Each Event Hub message in Azure Event Hub contains list of records.
+- Each Event Hubs message in Azure Event Hubs contains list of records.
-- Each record contains the event name, the time Microsoft 365 Defender received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
+- Each record contains the event name, the time Microsoft 365 Defender received the event, the tenant it belongs (you'll only get events from your tenant), and the event in JSON format in a property called "**properties**".
- For more information about the schema of Microsoft 365 Defender events, see [Advanced Hunting overview](advanced-hunting-overview.md).
Once the Event Hub namespace is created you will need to:
## Data types mapping
-To get the data types for event properties do the following:
+To get the data types for event properties, do the following steps:
-1. Log in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> and go to [Advanced Hunting page](https://security.microsoft.com/hunting-package).
+1. Log on to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> and go to [Advanced Hunting page](https://security.microsoft.com/hunting-package).
2. Run the following query to get the data types mapping for each event:
To get the data types for event properties do the following:
| project ColumnName, ColumnType ``` -- Here is an example for Device Info event:
+- Here's an example for Device Info event:
:::image type="content" source="../defender-endpoint/images/machine-info-datatype-example.png" alt-text="An example query for device info" lightbox="../defender-endpoint/images/machine-info-datatype-example.png":::
To get the data types for event properties do the following:
- [Microsoft 365 Defender streaming API](streaming-api.md) - [Supported Microsoft 365 Defender event types in event streaming API](supported-event-types.md) - [Stream Microsoft 365 Defender events to your Azure storage account](streaming-api-storage.md)-- [Azure Event Hub documentation](/azure/event-hubs/)-- [Troubleshoot connectivity issues - Azure Event Hub](/azure/event-hubs/troubleshooting-guide)
+- [Azure Event Hubs documentation](/azure/event-hubs/)
+- [Troubleshoot connectivity issues - Azure Event Hubs](/azure/event-hubs/troubleshooting-guide)
security Attack Simulation Training End User Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-end-user-notifications.md
In Attack simulation training in Microsoft 365 E5 or Microsoft Defender for Offi
- **Simulation notifications**: These messages are sent when users are enrolled in trainings, and as reminders for required trainings. - **Positive reinforcement notifications**: These messages are sent when users report a simulated phishing message.
-To see the available end-user notification, open the Microsoft 365 Defender portal at <https://security.microsoft.com>, and then go to **Email & collaboration** \> **Attack simulation training** \> **Simulation content library** tab \> select **End user notifications**. To go directly to the **Simulation content library** tab, use <https://security.microsoft.com/attacksimulator?viewid=simulationcontentlibrary>.
+To see the available end-user notifications, open the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Attack simulation training** \> **Simulation content library** tab \> and then select **End user notifications**. To go directly to the **Simulation content library** tab where you can select **End user notifications**, use <https://security.microsoft.com/attacksimulator?viewid=simulationcontentlibrary>.
**End user notifications** has two tabs:
To remove one or more columns that are displayed, click ![Customize columns icon
When you select a notification from the list, a details flyout appears with the following information: -- **Preview** tab: View the notification message. To view the message in different languages, use the **Select language** box.
+- **Preview** tab: View the notification message as users will see it. To view the message in different languages, use the **Select language** box.
- **Details** tab: View details about the notification: - **Notification description** - **Source**: For built-in notifications, the value is **Global**. For custom notifications, the value is **Tenant**.
security Attack Simulation Training Payload Automations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations.md
To create a payload automation, do the following steps:
1. In the Microsoft 365 Defender portal at <https://security.microsoft.com/>, go to **Email & collaboration** \> **Attack simulation training** \> **Automations** tab \> **Payload automations**.
- To go directly to the **Automations** tab, use <https://security.microsoft.com/attacksimulator?viewid=automations>.
+ To go directly to the **Automations** tab where you can select **Payload automations**, use <https://security.microsoft.com/attacksimulator?viewid=automations>.
2. In **Payload automations**, select ![Create automation icon.](../../media/m365-cc-sc-create-icon.png) **Create automation**.
security Attack Simulation Training Payloads https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payloads.md
In Attack simulation training, a _payload_ is the phishing email message and web
This article describes how to create your own payloads in Attack simulation training. You can create custom payloads in the following locations: -- **Payloads**: In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Attack simulation training** \> **Simulation content library** tab \> **Payloads**. To go directly to the **Simulation content library** tab, use <https://security.microsoft.com/attacksimulator?viewid=simulationcontentlibrary>.
+- **Payloads**: In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Attack simulation training** \> **Simulation content library** tab \> **Payloads**. To go directly to the **Simulation content library** tab where you can select **Payloads**, use <https://security.microsoft.com/attacksimulator?viewid=simulationcontentlibrary>.
- During simulation creation: You can create custom payloads on the **Select a payload** page (the third page) of the simulation creation wizard. For more information, see [Simulate a phishing attack in Defender for Office 365](attack-simulation-training.md). For getting started information about Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).
security Attack Simulation Training Simulation Automations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations.md
To create a simulation automation, do the following steps:
1. In the Microsoft 365 Defender portal at <https://security.microsoft.com/>, go to **Email & collaboration** \> **Attack simulation training** \> **Automations** tab \> **Simulation automations**.
- To go directly to the **Automations** tab, use <https://security.microsoft.com/attacksimulator?viewid=automations>.
+ To go directly to the **Automations** tab where you can select **Simulation automations**, use <https://security.microsoft.com/attacksimulator?viewid=automations>.
2. On **Simulation automations**, select ![Create automation icon.](../../media/m365-cc-sc-create-icon.png) **Create automation**.
On the **Select end user notification** page, select from the following notifica
- **Deliver after campaign ends** - **Deliver during campaign** - **Actions**: If you click on the ![View icon.](../../media/m365-cc-sc-view-icon.png) **View** icon, the **Review notification** page appears with the following information:
- - **Preview** tab: View the notification message.
+ - **Preview** tab: View the notification message as users will see it.
- To view the message in different languages, use the **Select language** box. - Use the **Select payload to preview** box to select the notification message for simulations that contain multiple payloads. - **Details** tab: View details about the notification:
security Attack Simulation Training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training.md
On the **Select end user notification** page, select from the following notifica
- **Deliver after campaign ends** - **Deliver during campaign** - **Actions**: If you click on the ![View icon.](../../media/m365-cc-sc-view-icon.png) **View** icon, the **Review notification** page appears with the following information:
- - **Preview** tab: View the notification message.
+ - **Preview** tab: View the notification message as users will see it.
- To view the message in different languages, use the **Select language** box. - Use the **Select payload to preview** box to select the notification message for simulations that contain multiple payloads. - **Details** tab: View details about the notification:
security Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/campaigns.md
ms.prod: m365-security
**Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
-Campaign Views is a feature in Microsoft Defender for Office 365 Plan 2 (for example, Microsoft 365 E5 or organizations with an Defender for Office 365 Plan 2 add-on). Campaign Views in the Microsoft 365 Defender portal identifies and categorizes phishing attacks in the service. Campaign Views can help you to:
+Campaign Views is a feature in Microsoft Defender for Office 365 Plan 2 (for example, Microsoft 365 E5 or organizations with a Defender for Office 365 Plan 2 add-on). Campaign Views in the Microsoft 365 Defender portal identifies and categorizes phishing attacks in the service. Campaign Views can help you to:
- Efficiently investigate and respond to phishing attacks. - Better understand the scope of the attack.
Campaign Views is a feature in Microsoft Defender for Office 365 Plan 2 (for exa
Campaign Views lets you see the big picture of an attack faster and more complete than any human.
+Watch this short video on how campaign views in Microsoft Defender for Office 365 help you understand attack campaigns targeting your organization.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWGBL8]
+ ## What is a campaign? A campaign is a coordinated email attack against one or many organizations. Email attacks that steal credentials and company data are a large and lucrative industry. As technologies increase in an effort to stop attacks, attackers modify their methods in an effort to ensure continued success.
security Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links.md
ms.prod: m365-security
Safe Links is a feature in [Defender for Office 365](defender-for-office-365.md) that provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages and other locations. Safe Links scanning occurs in addition to the regular [anti-spam](anti-spam-protection.md) and [anti-malware](anti-malware-protection.md) in inbound email messages in Exchange Online Protection (EOP). Safe Links scanning can help protect your organization from malicious links that are used in phishing and other attacks.
+Watch this short video on how to protect against malicious links with Safe Links in Microsoft Defender for Office 365.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWGzjb]
+ Safe Links protection is available in the following locations: - **Email messages**: Although there's no default Safe Links policy, the **Built-in protection** preset security policy provides Safe Links protection to all recipients (users who aren't defined in custom Safe Links policies). For more information, see [Preset security policies in EOP and Microsoft Defender for Office 365](preset-security-policies.md). You can also create Safe Links policies that apply to specific users, group, or domains. For instructions, see [Set up Safe Links policies in Microsoft Defender for Office 365](set-up-safe-links-policies.md).
security Zero Hour Auto Purge https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/zero-hour-auto-purge.md
The ZAP action is seamless for the user; they aren't notified if a message is de
[Safe sender lists](create-safe-sender-lists-in-office-365.md), mail flow rules (also known as transport rules), Inbox rules, or additional filters take precedence over ZAP. Similar to what happens in mail flow, this means that even if the service determines the delivered message needs ZAP, the message is not acted on because of the safe senders configuration. This is another reason to be careful about configuring messages to bypass filtering.
+Watch this short video to learn how ZAP in Microsoft Defender for Office 365 automatically detects and neutralizes threats in email.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWGrLg]
+ ### Zero-hour auto purge (ZAP) for malware For **read or unread messages** that are found to contain malware after delivery, ZAP quarantines the message that contains the malware attachment. By default, only admins can view and manage quarantined malware messages. But, admins can create and use _quarantine policies_ to define what users are allowed to do to messages that were quarantined as malware. For more information, see [Quarantine policies](quarantine-policies.md).
To determine if ZAP moved your message, you have the following options:
- **Number of messages**: Use the [Mailflow view in the Mailflow status report](view-email-security-reports.md#mailflow-view-for-the-mailflow-status-report) to see the number of ZAP-affected messages for the specified date range. - **Message details**: Use [Threat Explorer (and real-time detections)](threat-explorer.md) to filter **All email** events by the value **ZAP** for the **Additional action** column.
-**Note**: ZAP is not logged in the Exchange mailbox audit logs as as system action.
+> [!NOTE]
+> ZAP is not logged in the Exchange mailbox audit logs as a system action.
## Zero-hour auto purge (ZAP) FAQ