+- PCI DSS 4 (Azure)

+- [User roles and permissions for Defender for Cloud](/azure/defender-for-cloud/permissions)

+ Title: "Data loss prevention policy tip reference for Outlook on the Web"

+f1.keywords:

+- CSH

+audience: Admin

+search.appverid: MET150

+f1_keywords:

+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'

+ms.localizationpriority: medium

+- tier3

+- purview-compliance

+hideEdit: true

+feedback_system: None

+recommendations: false

+description: "DLP policy tip reference for Outlook 2013 for Win32."

+# Data loss prevention policy tip reference for Outlook on the Web

+## DLP policy tips supported

+Yes.

+> [!IMPORTANT]

+> When emails are encrypted with Microsoft Purview Message Encryption and the policy used to detect them uses the detect encryption condition policy tips will not appear.

+## Email notification supported for Outlook on the Web

+Yes.

+## Conditions that support policy tips in Outlook on the Web

+- Content contains (SIT)

+- Content is shared from M365

+- Sender is a member of

+- Recipient Domain Is

+- Recipient is

+- Subject Contains Words or phrases

+- Sender is

+- Sender domain is

+- File extension is

+- Subject matches patterns

+- Subject or Body contains words or phrases

+- Doc or Attachment is password protected

+- Document name contains words or phrases

+- Sender address contains words

+- Document size equals or is greater than

+- Subject or Body matches patterns

+- Recipient address contains words

+- Sender address matches patterns

+- Document name matches patterns

+- Recipient address matches patterns

+- Message importance is

+- Any email attachment's content could not be scanned (DocIsUnsupported)

+- Document property is

+## Actions that support policy tips in Outlook on the Web

+- Restrict access or encrypt the content in Microsoft 365 locations

+- Set headers

+- Remove header

+- Redirect the message to specific users

+- Forward the message for approval to sender's manager

+- Forward the message for approval to specific approvers

+- Add recipient to the To box

+- Add recipient to the Cc box

+- Add recipient to the Bcc box

+- Add the sender's manager as recipient

+- Removed O365 Message Encryption and rights protection

+- Prepend Email Subject

+- Add HTML Disclaimer

+- Modify Email Subject

+- Deliver the message to the hosted quarantine

+## Sensitive information types that support policy tips in Outlook on the Web

+These preconfigured sensitive informaiton types (SIT) support policy tips in Outlook on the Web.

+- [ABA routing number](sit-defn-aba-routing.md)

+- [Argentina national identity (DNI) number](sit-defn-argentina-national-identity-numbers.md)

+- [Australia bank account number](sit-defn-australia-bank-account-number.md)

+- [Australia medical account number](sit-defn-australia-medical-account-number.md)

+- [Australia passport number](sit-defn-australia-passport-number.md)

+- [Australia tax file number](sit-defn-australia-tax-file-number.md)

+- [Azure DocumentDB auth key](sit-defn-azure-document-db-auth-key.md)

+- [Azure IAAS database connection string and Azure SQL connection string](sit-defn-azure-iaas-database-connection-string-azure-sql-connection-string.md)

+- [Azure IoT connection string](sit-defn-azure-iot-connection-string.md)

+- [Azure publish setting password](sit-defn-azure-publish-setting-password.md)

+- [Azure Redis cache connection string](sit-defn-azure-redis-cache-connection-string.md)

+- [Azure SAS](sit-defn-azure-sas.md)

+- [Azure service bus connection string](sit-defn-azure-service-bus-connection-string.md)

+- [Azure storage account key](sit-defn-azure-storage-account-key.md)

+- [Azure Storage account key (generic)](sit-defn-azure-storage-account-key-generic.md)

+- [Belgium national number](sit-defn-belgium-national-number.md)

+- [Brazil CPF number](sit-defn-brazil-cpf-number.md)

+- [Brazil legal entity number (CNPJ)](sit-defn-brazil-legal-entity-number.md)

+- [Brazil national identification card (RG)](sit-defn-brazil-national-identification-card.md)

+- [Canada bank account number](sit-defn-canada-bank-account-number.md)

+- [Canada driver's license number](sit-defn-canada-drivers-license-number.md)

+- [Canada health service number](sit-defn-canada-health-service-number.md)

+- [Canada passport number](sit-defn-canada-passport-number.md)

+- [Canada personal health identification number (PHIN)](sit-defn-canada-personal-health-identification-number.md)

+- [Canada social insurance number](sit-defn-canada-social-insurance-number.md)

+- [Chile identity card number](sit-defn-chile-identity-card-number.md)

+- [China resident identity card (PRC) number](sit-defn-china-resident-identity-card-number.md)

+- [Credit card number](sit-defn-credit-card-number.md)

+- [Croatia identity card number](sit-defn-croatia-identity-card-number.md)

+- [Croatia personal identification (OIB) number](sit-defn-croatia-personal-identification-number.md)

+- [Czech personal identity number](sit-defn-czech-personal-identity-number.md)

+- [Denmark personal identification number](sit-defn-denmark-personal-identification-number.md)

+- [Drug Enforcement Agency (DEA) number](sit-defn-drug-enforcement-agency-number.md)

+- [EU debit card number](sit-defn-eu-debit-card-number.md)

+- [EU driver's license number](sit-defn-eu-drivers-license-number.md)

+- [EU national identification number](sit-defn-eu-national-identification-number.md)

+- [EU passport number](sit-defn-eu-passport-number.md)

+- [EU social security number or equivalent identification](sit-defn-eu-social-security-number-equivalent-identification.md)

+- [EU Tax identification number](sit-defn-eu-tax-identification-number.md)

+- [Finland national ID](sit-defn-finland-national-id.md)

+- [Finland passport number](sit-defn-finland-passport-number.md)

+- [France driver's license number](sit-defn-france-drivers-license-number.md)

+- [France national id card (CNI)](sit-defn-france-national-id-card.md)

+- [France passport number](sit-defn-france-passport-number.md)

+- [France social security number (INSEE)](sit-defn-france-social-security-number.md)

+- [Germany driver's license number](sit-defn-germany-drivers-license-number.md)

+- [Germany passport number](sit-defn-germany-passport-number.md)

+- [Germany identity card number](sit-defn-germany-identity-card-number.md)

+- [Greece national ID card](sit-defn-greece-national-id-card.md)

+- [Hong Kong identity card (HKID) number](sit-defn-hong-kong-identity-card-number.md)

+- [India permanent account number (PAN)](sit-defn-india-permanent-account-number.md)

+- [India unique identification (Aadhaar) number](sit-defn-india-unique-identification-number.md)

+- [Indonesia identity card (KTP) number](sit-defn-indonesia-identity-card-number.md)

+- [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)

+- [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)

+- [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md)

+- [IP address](sit-defn-ip-address.md)

+- [Ireland personal public service (PPS) number](sit-defn-ireland-personal-public-service-number.md)

+- [Israel bank account number](sit-defn-israel-bank-account-number.md)

+- [Israel national identification number](sit-defn-israel-national-identification-number.md)

+- [Italy driver's license number](sit-defn-italy-drivers-license-number.md)

+- [Japan bank account number](sit-defn-japan-bank-account-number.md)

+- [Japan driver's license number](sit-defn-japan-drivers-license-number.md)

+- [Japan passport number](sit-defn-japan-passport-number.md)

+- [Japan resident registration number](sit-defn-japan-resident-registration-number.md)

+- [Japan social insurance number (SIN)](sit-defn-japan-social-insurance-number.md)

+- [Japan residence card number](sit-defn-japan-residence-card-number.md)

+- [Malaysia identification card number](sit-defn-malaysia-identification-card-number.md)

+- [Netherlands citizens service (BSN) number](sit-defn-netherlands-citizens-service-number.md)

+- [New Zealand ministry of health number](sit-defn-new-zealand-ministry-of-health-number.md)

+- [Norway identification number](sit-defn-norway-identification-number.md)

+- [Philippines unified multi-purpose identification number](sit-defn-philippines-unified-multi-purpose-identification-number.md)

+- [Poland identity card](sit-defn-poland-identity-card.md)

+- [Poland national ID (PESEL)](sit-defn-poland-national-id.md)

+- [Poland passport number](sit-defn-poland-passport-number.md)

+- [Portugal citizen card number](sit-defn-portugal-citizen-card-number.md)

+- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)

+- [Singapore national registration identity card (NRIC) number](sit-defn-singapore-national-registration-identity-card-number.md)

+- [South Africa identification number](sit-defn-south-africa-identification-number.md)

+- [South Korea resident registration number](sit-defn-south-korea-resident-registration-number.md)

+- [Spain social security number (SSN)](sit-defn-spain-social-security-number.md)

+- [SQL Server connection string](sit-defn-sql-server-connection-string.md)

+- [Sweden national ID](sit-defn-sweden-national-id.md)

+- [Sweden passport number](sit-defn-sweden-passport-number.md)

+- [SWIFT code](sit-defn-swift-code.md)

+- [Taiwan national identification number](sit-defn-taiwan-national-identification-number.md)

+- [Taiwan passport number](sit-defn-taiwan-passport-number.md)

+- [Taiwan-resident certificate (ARC/TARC) number](sit-defn-taiwan-resident-certificate-number.md)

+- [Thai population identification code](sit-defn-thai-population-identification-code.md)

+- [Turkey national identification number](sit-defn-turkey-national-identification-number.md)

+- [U.K. drivers license number](sit-defn-uk-drivers-license-number.md)

+- [U.K. electoral roll number](sit-defn-uk-electoral-roll-number.md)

+- [U.K. national health service number](sit-defn-uk-national-health-service-number.md)

+- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md)

+- [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)

+- [U.S. bank account number](sit-defn-us-bank-account-number.md)

+- [U.S. driver's license number](sit-defn-us-drivers-license-number.md)

+- [U.S. individual taxpayer identification number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md)

+- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)

+## Exact data match sensitive information types support for policy tips in Outlook on the Web

+Yes.

+All exact data match sensitive information types are custom created. For more details, see [Learn about exact data match based sensitive information types](sit-learn-about-exact-data-match-based-sits.md).

+## Custom sensitive information types support for policy tips in Outlook on the Web

+Yes.

+Custom sensitive information types that use REGEX, functions, keyword lists and keyword dictionaries support policy tips in Outlook on the Web. For more details, see [Create custom sensitive information types in the compliance portal](create-a-custom-sensitive-information-type.md) and [Create a custom sensitive information type using PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md).

+## Sensitivity labels that support policy tips in Outlook on the Web

+No.

+## Retention labels that support policy tips in Outlook on the Web

+No.

+## Trainable classifiers that support policy tips in Outlook on the Web

+No.

+<!-- END USER CONTENT ## Policy tips in Outlook on the web

+When you compose a new email in Outlook on the web and Outlook 2013 and later, you'll see a policy tip if you add content that matches a rule in a DLP policy, and that rule uses policy tips. The policy tip appears at the top of the message, above the recipients, while the message is being composed.

+

+Policy tips work whether the sensitive information appears in the message body, subject line, or even a message attachment as shown here.

+

+If the policy tips are configured to allow override, you can choose **Show Details** \> **Override** \> enter a business justification or report a false positive \> **Override**.

+

+

+Note that when you add sensitive information to an email, there may be latency between when the sensitive information is added and when the policy tip appears. When emails are encrypted with Microsoft Purview Message Encryption and the policy used to detect them uses the detect encryption condition policy tips will not appear.

+-->

+#### Policy tip references

+Details on support for policy tips and notfications for different apps can be found here:

+- [Data loss prevention policy tip reference for Outlook on the Web](dlp-owa-policy-tips.md)

+|**App and platform**|**DLP policy tip support**|**Sensitive information types supported**|**Conditions and actions supported**|**Comments**|

+|**Outlook On the Web**|:::image type="icon" source="../medi)|

+Compliance boundaries create logical boundaries within an organization that control the user content locations (such as mailboxes, OneDrive accounts, and SharePoint sites) that eDiscovery managers can search. Compliance boundaries also control who can access eDiscovery cases used to manage the legal, human resources, or other investigations within your organization.

+The need for compliance boundaries is often necessary for multi-national corporations that have to respect geographical boarders and regulations and for governments, which are often divided into different agencies. In Microsoft 365, compliance boundaries help you meet these requirements when performing content searches and managing investigations with eDiscovery cases.

+We'll use the example in the following illustration to explain how compliance boundaries work.

+- The search permissions filtering functionality for eDiscovery controls the content locations that eDiscovery managers and investigators can search. This control means eDiscovery managers and investigators in the Fourth Coffee agency can only search content locations in the Fourth Coffee subsidiary. The same restriction applies to the Coho Winery subsidiary.

+ - Control who can see the eDiscovery cases in the Microsoft Purview compliance portal. This control means that eDiscovery managers and investigators can only see the eDiscovery cases in their agency.

+ - Control who can assign members to an eDiscovery case. This control means eDiscovery managers and investigators can only assign members to cases that they themselves are a member of.

+- Users must be assigned an Exchange Online license. To verify assignments, use the [Get-User](/powershell/module/exchange/get-user) cmdlet in Exchange Online PowerShell.

+## Setting up compliance boundaries

+Here's the steps for setting up compliance boundaries:

+

+- [Step 1: Identify a user attribute to define your agencies](#step-1-identify-a-user-attribute-to-define-your-agencies)

+- [Step 2: Create a role group for each agency](#step-2-create-a-role-group-for-each-agency)

+- [Step 3: Create a search permissions filter to enforce the compliance boundary](#step-3-create-a-search-permissions-filter-to-enforce-the-compliance-boundary)

+- [Step 4: Create an eDiscovery case for an intra-agency investigations](#step-4-create-an-ediscovery-case-for-intra-agency-investigations)

+### Step 1: Identify a user attribute to define your agencies

+The first step is to choose an attribute to use that will define your agencies. This attribute is used to create the search permissions filter that limits an eDiscovery manager to search only the content locations of users who are assigned a specific value for this attribute. For example, let's say Contoso decides to use the **Department** attribute. The value for this attribute for users in the Fourth Coffee subsidiary would be `FourthCoffee` and the value for users in Coho Winery subsidiary would be `CohoWinery`. In Step 3, you use this `attribute:value` pair (for example, *Department:FourthCoffee*) to limit the user content locations that eDiscovery managers can search.

+### Step 2: Create a role group for each agency

+### Step 3: Create a search permissions filter to enforce the compliance boundary

+- `Users`: Specifies the users or groups who get this filter applied to the search actions they perform. For compliance boundaries, this parameter specifies the role groups (that you created in Step 2) in the agency that you're creating the filter for. This parameter is a multi-value parameter so you can include one or more role groups, separated by commas.

+#### Fourth Coffee

+#### Coho Winery

+#### How do the search permissions filters work in this scenario?

+### Step 4: Create an eDiscovery case for intra-agency investigations

+## Searching and exporting content in multi-geo environments

+[SharePoint hub sites](/sharepoint/dev/features/hub-site/hub-site-overview) often align with the same geographical or agency boundaries that eDiscovery compliance boundaries follow. That means you can use the site ID property of the hub site to create a compliance boundary. To do this, use the [Get-SPOHubSite](/powershell/module/sharepoint-online/get-spohubsite#examples) cmdlet in SharePoint Online PowerShell to obtain the SiteId for the hub site, and then use this value for the department ID property to create a search permissions filter.

+- Respect for compliance boundaries for OneDrive sites in searches may be impacted when:

+ - The sites (or associated mailboxes) are moved or re-homed

+ - OneDrive ownership is re-assigned, or more than one owner is added

+ - The OneDrive site is renamed/re-issued

+

+ Moving a OneDrive site can change the ownership of the content and may include creating an arbitration mailbox. When these resources are moved, there's a chance that content search results may be available across compliance boundaries. When a OneDrive site is re-assigned, re-named or assigned to more than one owner, it's possible that the content from these sites may be available across compliance boundaries.

+- Compliance boundaries for mailboxes may be impacted when:

+ - The mailbox isn't associated with a licensed user (includes disabled or deleted users)

+ - A mailbox isn't managed or synced from Azure Active Directory

+ Additionally, there are several types of mailboxes that may produce content during search, regardless of their compliance boundaries. These mailbox types include:

+

+ - EquipmentMailbox

+ - GuestMailUser

+ - LinkedMailbox

+ - RoomList

+ - RoomMailbox

+ - SchedulingMailbox

+ - SharedMailbox

+ - SystemMailbox

+ - TeamMailbox

+ To make sure that the search respects your compliance boundaries as expected, you may need to update the permissions and roles for the moved resources.

+After you enable sensitivity labels for Office files in SharePoint and OneDrive, for new and changed files that have a sensitivity label that applies encryption with a cloud-based key (and doesn't use [Double Key Encryption](double-key-encryption.md)):

+|**Last updated:** 05/30/2023 -  [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|

+|**Last updated:** 05/30/2023 -  [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|

+**Last updated:** 05/30/2023 -  [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)

+|**Last updated:** 05/30/2023 - |

+## Week of May 22, 2023

+| Published On |Topic title | Change |

+|||--|

+| 5/22/2023 | [Working with improvement actions in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-improvement-actions?view=o365-worldwide) | modified |

+| 5/22/2023 | [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-worldwide) | modified |

+| 5/22/2023 | [Microsoft 365 Network Provider Program](/microsoft-365/enterprise/microsoft-365-networking-partner-program?view=o365-worldwide) | modified |

+| 5/22/2023 | [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-worldwide) | modified |

+| 5/22/2023 | [Configure and validate exclusions for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-exclusions?view=o365-worldwide) | modified |

+| 5/22/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified |

+| 5/22/2023 | [Configure and validate exclusions for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-worldwide) | modified |

+| 5/22/2023 | [Respond to a compromised connector in Microsoft 365](/microsoft-365/security/office-365-security/connectors-detect-respond-to-compromise?view=o365-worldwide) | modified |

+| 5/22/2023 | [Migrate to Microsoft Defender for Office 365 Phase 3: Onboard](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-onboard?view=o365-worldwide) | modified |

+| 5/22/2023 | [Migrate to Microsoft Defender for Office 365 Phase 1: Prepare](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare?view=o365-worldwide) | modified |

+| 5/22/2023 | [Migrate to Microsoft Defender for Office 365 Phase 2: Setup](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-setup?view=o365-worldwide) | modified |

+| 5/22/2023 | [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide) | modified |

+| 5/22/2023 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-documents-in-e5-plus-security-about?view=o365-worldwide) | modified |

+| 5/22/2023 | [Microsoft 365 network provider assessments (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppdata?view=o365-worldwide) | added |

+| 5/22/2023 | [Network provider connectivity attribution in the Microsoft 365 Admin Center (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppux?view=o365-worldwide) | added |

+| 5/23/2023 | [Guest access in eDiscovery (Premium) (preview)](/microsoft-365/compliance/ediscovery-guest-access?view=o365-worldwide) | added |

+| 5/23/2023 | [Protect Dev Drive using performance mode](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-antivirus-performance-mode?view=o365-worldwide) | added |

+| 5/23/2023 | [Get started with Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-worldwide) | modified |

+| 5/23/2023 | [Learn about regulations in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates?view=o365-worldwide) | modified |

+| 5/23/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified |

+| 5/23/2023 | [Learn about optical character recognition in Microsoft Purview (preview)](/microsoft-365/compliance/ocr-learn-about?view=o365-worldwide) | modified |

+| 5/23/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

+| 5/23/2023 | [Microsoft 365 network provider assessments (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppdata?view=o365-worldwide) | modified |

+| 5/23/2023 | [Network provider connectivity attribution in the Microsoft 365 Admin Center (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppux?view=o365-worldwide) | modified |

+| 5/23/2023 | [Set preferences for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide) | modified |

+| 5/23/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified |

+| 5/23/2023 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) | modified |

+| 5/23/2023 | [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-worldwide) | modified |

+| 5/23/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |

+| 5/23/2023 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) | modified |

+| 5/23/2023 | [Configure and review priority account protection in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/priority-accounts-turn-on-priority-account-protection?view=o365-worldwide) | modified |

+| 5/23/2023 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide) | modified |

+| 5/24/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified |

+| 5/24/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified |

+| 5/24/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified |

+| 5/24/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified |

+| 5/25/2023 | [Create conditional sections for templates in Microsoft Syntex](/microsoft-365/syntex/content-assembly-conditional-sections) | added |

+| 5/25/2023 | [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) | modified |

+| 5/25/2023 | [Get started with eDiscovery (Standard)](/microsoft-365/compliance/ediscovery-standard-get-started?view=o365-worldwide) | modified |

+| 5/25/2023 | [Built-in protection helps guard against ransomware](/microsoft-365/security/defender-endpoint/built-in-protection?view=o365-worldwide) | modified |

+| 5/25/2023 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-worldwide) | modified |

+| 5/25/2023 | [Enable and configure Microsoft Defender Antivirus always-on protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 5/25/2023 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 5/25/2023 | [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) | modified |

+| 5/25/2023 | [Frequently asked questions (FAQs) on tamper protection](/microsoft-365/security/defender-endpoint/faqs-on-tamper-protection?view=o365-worldwide) | modified |

+| 5/25/2023 | [Manage tamper protection on an individual device](/microsoft-365/security/defender-endpoint/manage-tamper-protection-individual-device?view=o365-worldwide) | modified |

+| 5/25/2023 | [Manage tamper protection for your organization using Microsoft Intune](/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune?view=o365-worldwide) | modified |

+| 5/25/2023 | [Manage tamper protection for your organization using Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-365-defender?view=o365-worldwide) | modified |

+| 5/25/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified |

+| 5/25/2023 | [Troubleshoot problems with tamper protection](/microsoft-365/security/defender-endpoint/troubleshoot-problems-with-tamper-protection?view=o365-worldwide) | modified |

+| 5/25/2023 | [Configure Microsoft Defender Antivirus with Group Policy](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 5/25/2023 | [Tenant administration guide for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-admin-guide?view=o365-worldwide) | added |

+| 5/25/2023 | [Maintain your Microsoft Defender for Business environment](/microsoft-365/security/defender-business/mdb-maintain-environment?view=o365-worldwide) | added |

+| 5/25/2023 | [Security administration guide for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-security-admin-guide?view=o365-worldwide) | added |

+| 5/25/2023 | [Security operations guide for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-security-operations-guide?view=o365-worldwide) | added |

+| 5/25/2023 | [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-worldwide) | modified |

+| 5/25/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified |

+| 5/26/2023 | [Report phishing and suspicious emails in Outlook for admins](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) | modified |

+| 5/26/2023 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-worldwide) | modified |

+| 5/26/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified |

+<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.-->

+<!--China endpoints version 2023053000-->

+<!--File generated 2023-05-30 08:00:10.8736-->

+## Exchange Online

+## SharePoint Online and OneDrive for Business

+-- | - | -- | | -

+21 | Default<BR>Required | No | `*.wns.windows.com` | **TCP:** 443, 80

+## Skype for Business Online and Microsoft Teams

+## Microsoft 365 Common and Office Online

+-- | - | -- | - | -

+7 | Allow<BR>Required | No | `*.azure-mobile.cn, *.chinacloudapi.cn, *.chinacloudapp.cn, *.chinacloud-mobile.cn, *.chinacloudsites.cn, *.partner.microsoftonline-m.cn, *.partner.microsoftonline-m.net.cn, *.partner.microsoftonline-m-i.cn, *.partner.microsoftonline-m-i.net.cn, *.partner.microsoftonline-p.net.cn, *.partner.microsoftonline-p-i.cn, *.partner.microsoftonline-p-i.net.cn, *.partner.officewebapps.cn, *.windowsazure.cn, portal.partner.microsoftonline.cdnsvc.com, r4.partner.outlook.cn`<BR>`23.236.126.0/24, 40.73.240.0/24, 40.73.242.0/24, 42.159.224.122/32, 42.159.233.91/32, 42.159.237.146/32, 42.159.238.120/32, 58.68.168.0/24, 112.25.33.0/24, 123.150.49.0/24, 125.65.247.0/24, 139.217.17.219/32, 139.217.19.156/32, 139.217.21.3/32, 139.217.25.244/32, 171.107.84.0/24, 180.210.232.0/24, 180.210.234.0/24, 209.177.86.0/24, 209.177.90.0/24, 209.177.94.0/24, 222.161.226.0/24, 2406:e500:4900::/48` | **TCP:** 443, 80

+11 | Allow<BR>Required | No | `activation.sls.microsoft.com, bjb-odcsm.officeapps.partner.office365.cn, bjb-ols.officeapps.partner.office365.cn, bjb-roaming.officeapps.partner.office365.cn, crl.microsoft.com, odc.officeapps.live.com, office15client.microsoft.com, officecdn.microsoft.com, ols.officeapps.partner.office365.cn, osi-prod-bjb01-odcsm.chinacloudapp.cn, osiprod-scus01-odcsm.cloudapp.net, osi-prod-sha01-odcsm.chinacloudapp.cn, roaming.officeapps.partner.office365.cn, sha-odcsm.officeapps.partner.office365.cn, sha-ols.officeapps.partner.office365.cn, sha-roaming.officeapps.partner.office365.cn`<BR>`40.73.248.0/21, 42.159.4.45/32, 42.159.4.50/32, 42.159.4.225/32, 42.159.7.13/32, 42.159.132.73/32, 42.159.132.74/32, 42.159.132.75/32, 65.52.98.231/32, 65.55.69.140/32, 65.55.227.140/32, 70.37.81.47/32, 168.63.252.62/32` | **TCP:** 443, 80

+<!--USGovDoD endpoints version 2023053000-->

+<!--File generated 2023-05-30 08:00:08.5578-->

+26 | Allow<BR>Required | Yes | `*.compliance.apps.mil, *.security.apps.mil, compliance.apps.mil, scc.protection.apps.mil, security.apps.mil`<BR>`23.103.204.0/22, 52.127.72.0/21, 52.180.255.219/32, 52.181.166.108/32` | **TCP:** 443, 80

+<!--USGovGCCHigh endpoints version 2023053000-->

+<!--File generated 2023-05-30 08:00:09.7122-->

+26 | Allow<BR>Required | Yes | `*.compliance.microsoft.us, *.security.microsoft.us, compliance.microsoft.us, scc.office365.us, security.microsoft.us`<BR>`52.127.240.0/20, 52.227.182.149/32, 52.244.65.13/32` | **TCP:** 443, 80

+<!--Worldwide endpoints version 2023053000-->

+<!--File generated 2023-05-30 08:00:07.1339-->

+-- | - | | - | --

+2 | Allow<BR>Optional<BR>**Notes:** POP3, IMAP4, SMTP Client traffic | Yes | `*.outlook.office.com, outlook.office365.com, smtp.office365.com`<BR>`13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128` | **TCP:** 587, 993, 995, 143

+8 | Default<BR>Required | No | `*.outlook.com, autodiscover.<tenant>.onmicrosoft.com` | **TCP:** 443, 80

+153 | Default<BR>Required | No | `*.azure-apim.net, *.flow.microsoft.com, *.powerapps.com, *.powerautomate.com` | **TCP:** 443

+> [!NOTE]

+> If no new events for a device occur for 48 hours, the Internet-facing tag is removed and it will no longer be visible in the Microsoft 365 Defender portal.

+ - Tenants with [role-based access (RBAC) permissions](/microsoft-365/security/defender/manage-rbac.md) enabled

+> - An isolated device is removed from isolation when an administrator modifies or adds a new iptable rule to the isolated device.

+> - Isolating a server running on Microsoft Hyper-V blocks network traffic to all child virtual machines of the server.

+|[Browser extensions assessment](tvm-browser-extensions.md)|-|Γ£ö|

+ Title: Device restart status

+description: Learn about the device restart status tag in Microsoft Defender Vulnerability Management

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+ms.localizationpriority: medium

+audience: ITPro

+ - m365-security-compliance

+ - tier1

+search.appverid: met150

+# Device restart status

+**Applies to:**

+- [Microsoft Defender Vulnerability Management](https://go.microsoft.com/fwlink/?linkid=2229011)

+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)

+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)

+- [Microsoft Defender for Servers Plan 1 & 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)

+Security recommendations in Defender Vulnerability Management can help reduce your overall vulnerability exposure and your exposure score. A robust update process is key when it comes to addressing these recommendations in your organization. If an update hasn't completed for some devices due to a pending restart, the effect of addressing the security recommendation isn't reflected in your exposure score.

+The **Pending restart** tag helps you identify devices in this state so you can take action, and it gives you visibility into why some update actions taken aren't being reflected in your exposure score.

+> [!NOTE]

+> The tag is currently available for Windows(OS) updates and KB corrections.

+> [!TIP]

+> Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](../defender-vulnerability-management/defender-vulnerability-management-trial.md).

+## View the device restart status

+The device restart status is visible in the following experiences in the Microsoft 365 Defender portal.

+### Security recommendations page

+On the security recommendations pages, filter by the **Pending restart** tag to only see security recommendations with devices pending a restart.

+### Software page

+On the software page filter by, the **Pending restart** tag to see missing KBs with devices that are pending a restart:

+## Related articles

+- [Security recommendations](tvm-security-recommendation.md)

+- [Vulnerabilities in my organization](tvm-weaknesses.md)

+

+

+ 

+

+

+

+

+

+

+

+

+

+

+

+

+

+ 

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+## Tune an alert

+### Active directory account control

+In this card, Defender for Identity surfaces security settings that may need your attentions. You can see important flags about the user, such as if the user can press enter to bypass the password, and if the user has a password that never expires, etc.

+For more information, see [User Account Control flags](/windows/win32/adschema/a-useraccountcontrol).

+- (GA) [Alert tuning](investigate-alerts.md#tune-an-alert) is now generally available. Alert tuning lets you fine-tune alerts to reduce investigation time and focus on resolving high priority alerts. Alert tuning replaces the Alert suppression feature.

+ Title: Find and manage images using image tagging in Microsoft Syntex

+description: Learn how to use image tagging to search, sort, filter, and manage images in Microsoft Syntex.

+# Find and manage images using image tagging in Microsoft Syntex

+Microsoft Syntex makes it easier to find and manage images in SharePoint document libraries. It does this by automatically tagging images with descriptive keywords using AI. These keywords are stored in a managed metadata column (the **Image Tags** column), which makes it easier to search, sort, filter, and manage the images.

+The image tagging feature makes it even easier to tag images without any training, thereby reducing the need for manual tagging or custom AI model building. This means you can quickly find images in your libraries and set up processes based on the tags for the images.

+> [!NOTE]

+> Syntex image tagger is available on a [pay-as-you-go basis](syntex-pay-as-you-go-services.md) and is not included in the Syntex seat license.

+## To enable image tagging in a library

+There are two methods you can use to enable image tagging in a document library:

+- [Use an existing **Image Tags** column](#use-an-existing-image-tags-column)

+- [Enable the **Image Tags** column](#enable-the-image-tags-column)

+### Use an existing Image Tags column

+If you already have an [**Image Tags** column in your library](https://support.microsoft.com/office/work-with-image-tags-in-a-sharepoint-library), use these steps to enable enhanced image tagging:

+1. On the **Image Tags** column, select **Column settings** > **Edit**.

+2. On the **Edit column** panel, in the **Automatically tag images with detected objects** section, toggle the switch to **Yes**.

+ 

+

+3. Once enabled, any new images uploaded to the library are tagged with the descriptive keywords.

+### Enable the Image Tags column

+If you don't have an **Image Tags** column in your library, use these steps to enable enhanced image tagging:

+1. From the document library, select **Automate** > **Enable image tagger**.

+ 

+2. Enhanced image tagging is then activated. Images uploaded are tagged with a set of descriptive keywords. The keywords are available in the **Image Tags** column that is added to the library view.

+ 

+3. Once the **Image Tags** column is configured, you can upload images. The relevant tags are displayed in the library for each image.

+ > [!NOTE]

+ >- **Supported image file types:** .bmp, .png, .gif, .jpeg, .jpg, .tif, .tiff, .ari, .arw, .bay, .cap, .crw, .cr2, .cr3, .dcr, .dcs, .dng, .drf, .eip, .erf, .fff, .heic, .heif, .iiq, .kdc, .k25, .mef, .mos, .mrw, .nef, .nrw, .orf, .pef, .ptx, .pxn, .raf, .raw, .rwl, .rw2, .sr2, .srf, .srw, .x3f, and .3fr.<br>

+ >- **Time taken to reflect tags getting in the **Image Tags** column:** Minimum: 5 minutes, maximum: 24 hours.<br>

+ >- **Existing image processing:** Currently, existing images aren't processed when image tagger is enabled. Any newly uploaded images are processed for automatic image tagging.<br>

+ >- **Responsible AI guidelines:** Send us feedback on the image tagging quality. We monitor feedback closely and take appropriate action based on the feedback.

+<!

+# Set up image tagging in Microsoft Syntex

+>

+When you use Microsoft Syntex [pay-as-you-go](syntex-azure-billing.md), services are billed using Syntex meters in the Azure subscription that you specified when you set up Microsoft Syntex. The following table describes each meter, its pricing, and how it measures usage. When you connect your Azure subscription to Microsoft Syntex, users in your organization will be able to take advantage of Syntex services right away. Your tenant will be billed according to the details shown in this article.

+|Image tagging |The number of images processed. Each processed image counts as one transaction. You wonΓÇÖt be charged if you only enable pay-as-you-go billing for image tagging. You will be charged only when you enable image tagging on a [document library](image-tagging.md#to-enable-image-tagging-in-a-library). |$0.001/image