+- Content is not labeled (PDF and Office files are fully supported). This predicate detects content that doesn't have a sensitivity label applied. To help ensure only supported file types are detected, you should use this condition with the **File extension is** or **File type is** conditions.

+- Document or attachment is password protected (PDF, Office files, .ZIP, and Symantec PGP encrypted files are fully supported). This condition detects only open protected files.

+- The user accessed a sensitive website from Microsoft Edge. For more information, see, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains).

+1. United Kingdom

+1. France

+| CA | Canada | AMER³| Canada⁵| CAN⁵|

+| FR | France | EUR¹| France⁹| EUR¹|

+| GB | United Kingdom | EUR¹| UK⁸| EUR¹|

+> [!IMPORTANT]

+> For information about the Adobe requirements for using Microsoft Purview Data Loss Prevention (DLP) features with PDF files, see this article from Adobe: [Microsoft Purview Information Protection Support in Acrobat](https://helpx.adobe.com/enterprise/kb/mpip-support-acrobat.html).

+1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>:

+The following registry is relevant only when the aim is to achieve a 'Single entry for each device'.

+If you have onboarded the primary image of your VDI environment (SENSE service is running), then you must offboard and clear some data before putting the image back into production.

+1. Ensure the sensor is stopped by running the following command in a CMD window:

+ ```console

+ sc query sense

+ ```

+2. Run the following commands using PsExec.exe (which can be downloaded from [https://download.sysinternals.com/files/PSTools.zip](https://download.sysinternals.com/files/PSTools.zip)):

+ ```console

+ PsExec.exe -s cmd.exe

+ del "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber\*.*" /f /s /q

+ REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection" /v senseGuid /f

+ exit

+ ```

+### Are you using a third party for VDIs?

+If you're deploying non-persistent VDIs through VMware instant cloning or similar technologies, make sure that your internal template VMs and replica VMs are not onboarded to Defender for Endpoint. If you onboard devices using the single entry method, instant clones that are provisioned from onboarded VMs might have the same senseGuid, and that can stop a new entry from being listed in the Device Inventory view (in the [Microsoft 365 Defender portal](https://security.microsoft.com), choose **Assets** > **Devices**).

+If either the primary image, template VM, or replica VM are onboarded to Defender for Endpoint using the single entry method, it will stop Defender from creating entries for new non-persistent VDIs in the Microsoft 365 Defender portal.

+Reach out to your third-party vendors for further assistance.

+- **Beginning in May 2023, the Platform and Engine version schema will have a new format**. Here's what the new version format looks like:

+To avoid a gap in protection, keep your OS installation images up to date with the latest antivirus and antimalware updates. Updates are available for:

+- Windows 10 and 11 (Enterprise, Pro, and Home editions)

+- Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2

+- WIM and VHD(x) files

+Updates are released for x86, x64, and ARM64 Windows architecture.

+|DEV-XXXX|[Volt Typhoon](https://www.microsoft.com/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques) |China|BRONZE SILHOUETTE|

+ Title: Report phishing and suspicious emails in Outlook for admins

+description: Learn how to report phishing and suspicious emails in Outlook using the built-in Report button or the Report Message and Report Phishing add-ins.

+# Report phishing and suspicious emails in Outlook for admins

+In Microsoft 365 organizations with mailboxes in Exchange Online or in on-premises mailboxes that use hybrid modern authentication, users can report phishing and suspicious emails in Outlook.

+Users can report false positives (good email that was blocked or sent to their Junk Email folder) and false negatives (unwanted email or phishing that was delivered to their Inbox) from Outlook on all platforms using free tools from Microsoft.

+- The Microsoft Report Message or Report Phishing add-ins. The add-ins work on virtually all Outlook platforms, including Outlook on the web. For more information, see [Enable the Microsoft Report Message or Report Phishing add-ins](submissions-users-report-message-add-in-configure.md).