| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Change A User Name And Email Address | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/change-a-user-name-and-email-address.md | If they are using Exchange Online or if their account is linked with your organi This is due to the Microsoft Online Email Routing Address (MOERA). The MOERA is constructed from the person's _userPrincipalName_ attribute in Active Directory and is automatically assigned to the cloud account during the initial sync and once created, it cannot be modified or removed in Microsoft 365. You can subsequently change the username in the Active Directory, but it doesn't change the MOERA and you may run into issues displaying the newly changed name in the Global Address List. -To fix this, log in to the [Azure Active Directory Module for PowerShell](https://go.microsoft.com/fwlink/?LinkId=823193) with your Microsoft 365 administrator credentials. and use the following syntax: +To fix this, log in to the [Microsoft Graph Powershell](/powershell/microsoftgraph/overview) with your Microsoft 365 administrator credentials. and use the following syntax: ```powershell-Set-MsolUserPrincipalName -UserPrincipalName anne.wallace@contoso.onmicrosoft.com -NewUserPrincipalName anne.jones@contoso.com +Update-MgUser -UserId anne.wallace@contoso.onmicrosoft.com -UserPrincipalName anne.jones@contoso.com ``` > [!TIP] |
| admin | Remove Former Employee Step 7 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-7.md | If your organization synchronizes user accounts to Microsoft 365 from a local Ac To learn how to delete and restore user account in Active Directory, see [Delete a User Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753730(v=ws.11)). -If you're using Azure Active Directory, see the [Remove-MsolUser](/powershell/module/msonline/remove-msoluser) PowerShell cmdlet. +If you're using Azure Active Directory, see the [Remove-MgUser](/powershell/module/microsoft.graph.users/remove-mguser) PowerShell cmdlet. ## What you need to know about terminating an employee's email session |
| admin | Turn Pronouns On Or Off | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/turn-pronouns-on-or-off.md | Use the following steps to turn the pronouns feature on or off in the Microsoft 3. To turn on the pronouns feature, in the **Pronouns** pane, select the **Turn on and allow pronouns** checkbox. To turn off the pronouns feature, clear the checkbox. 4. Select **Save**. +To turn the pronouns feature on or off for your organization using Microsoft Graph, see [Manage pronouns settings for an organization using the Microsoft Graph API](/graph/pronouns-configure-pronouns-availability). + ## Next steps Consider notifying your users about the availability of the pronouns feature. We suggest that you share the following article with your users: [Pronouns on your profile in Microsoft 365](https://support.microsoft.com/topic/232c3bfb-a947-4310-86db-b22d63663d85). |
| admin | Admin Mobile App | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md | If you're an admin and you're responsible for more than one Microsoft 365 organi > [!IMPORTANT] > If you're having issues using the Admin mobile app on iOS or Android, email us at [feedback365@microsoft.com](mailto:feedback365@microsoft.com) to let us know. -## Watch: Install the admin mobile app +## Watch: Install and use the admin mobile app Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2198017). You must be an administrator in a Microsoft 365 organization to use the admin mo [Google Play Store](https://play.google.com/store/apps/details?id=com.ms.office365admin&referrer=utm_source%3Ddocsaboutadminapp%26utm_campaign%25docsaboutadminapp). -## Watch: Install and use the admin mobile app --[!VIDEO https://www.microsoft.com/videoplayer/embed/05c1d439-9ec2-415f-9178-250f64dec64c] - ## Frequently asked questions Below are answers to frequently asked questions. |
| admin | Whats New In Preview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 05/03/2023 audience: Admin And if you'd like to know what's new with other Microsoft cloud - [Microsoft 365 updates](/OfficeUpdates/) - [How to check Windows release health](/windows/deployment/update/check-release-health) +## May 2023 ++### Sign up for Windows release health email notifications ++You now have an option to sign up for email notifications about Windows known issues and informational updates. Notifications include changes in issue status, new workarounds, and issue resolutions. To subscribe to notifications: ++1. Go to the [Windows release health page](https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth). +1. Select **Preferences** > **Email**, then select **Send me email notifications about Windows release health**. +1. Specify the following information: + - Email address for the notifications + - Each admin account can specify up to two email addresses under their email preferences + - Windows versions to be notified about + - When a single known issue affects multiple versions of Windows, you'll receive only one email notification, even if you've selected notifications for multiple versions. Duplicate emails won't be sent. +1. Select **Save** when you're finished specifying email addresses and Windows versions. It may take up to 8 hours for these changes to take effect. ++For more information, see [How to check Windows release health](/windows/deployment/update/check-release-health). + ## April 2023 The **Suggested training** feature is part of the Experience Insights dashboard and gives you deeper insights into the Microsoft 365 help and training articles being read by your signed-in users on support.microsoft.com and in-app help panels with these 3 insights: |
| compliance | Apply Sensitivity Label Automatically | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md | There are two different methods for automatically applying a sensitivity label t - For these Office files, Word, PowerPoint, and Excel are supported. If the label applies encryption and these files are unencrypted, they're now encrypted by using [Message encryption](ome.md). The encryption settings are inherited from the email. - If you have Exchange mail flow rules or Microsoft Purview Data Loss Prevention (DLP) policies that apply IRM encryption: When content is identified by these rules or policies and an auto-labeling policy, the label is applied. If that label applies encryption, the IRM settings from the Exchange mail flow rules or DLP policies are ignored. However, if that label doesn't apply encryption, the IRM settings from the mail flow rules or DLP policies are applied in addition to the label. - Email that has IRM encryption with no label will be replaced by a label with any encryption settings when there's a match by using auto-labeling.- - Incoming email is labeled when there is a match with your auto-labeling conditions. If this label is configured for [encryption](encryption-sensitivity-labels.md), that encryption is always applied when the sender is from your organization. By default, that encryption isn't applied when the sender is outside your organization but can be applied by configuring **Additional settings for email** and specifying a Rights Management owner. + - Incoming email is labeled when there's a match with your auto-labeling conditions. For this outcome to apply to senders outside your organization, the [Exchange location must be set to **All** included and **None** excluded](#incoming-email-conditions). If the label is configured for [encryption](encryption-sensitivity-labels.md): + - That encryption is always applied when the sender is from your organization. + - By default, that encryption isn't applied when the sender is outside your organization but can be applied by configuring **Additional settings for email** and specifying a Rights Management owner. - When the label applies encryption, the [Rights Management issuer and Rights Management owner](/azure/information-protection/configure-usage-rights#rights-management-issuer-and-rights-management-owner) is the person who sends the email when the sender is from your own organization. When the sender is outside your organization, you can specify a Rights Management owner for incoming email that's labeled and encrypted by your policy. - If the label is configured to apply [dynamic markings](sensitivity-labels-office-apps.md#dynamic-markings-with-variables), be aware that for incoming email, this configuration can result in displaying the names of people outside your organization. Finally, you can use simulation mode to provide an approximation of the time nee If you use the **Included** or **Excluded** options: - - For the **Exchange** location, the policy is applied according to the sender address of the recipients specified. Most of the time, you'll want to keep the default of **All** included with **None** excluded. This configuration is suitable even if you're testing for a subset of users. Instead of specifying your subset of users here, use the advanced rules in the next step to configure conditions to include or exclude recipients in your organization. Otherwise, when you change the default settings here: + - <a name="incoming-email-conditions"></a>For the **Exchange** location, the policy is applied according to the sender address of the recipients specified. Most of the time, you'll want to keep the default of **All** included with **None** excluded. This configuration is suitable even if you're testing for a subset of users. Instead of specifying your subset of users here, use the advanced rules in the next step to configure conditions to include or exclude recipients in your organization. Otherwise, when you change the default settings here: - If you change the default of **All** included and instead, choose specific users or groups, email sent from outside your organization will be exempt from the policy. - If you keep the default of **All** included but specify users or groups to exclude, email that these excluded users send will be exempt from the policy, but not email that they receive. |
| enterprise | Cross Tenant Onedrive Migration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-onedrive-migration.md | Any legal URL will be accepted when creating your Identity Map from Source to Ta Each OneDrive account can have a maximum of 2 TB of content or 1 million items. ->[!Important] ->If you attempt to migrate any OneDrive site that exceeds the 2GB quota, the transfer will fail. +> [!IMPORTANT] +> If you attempt to migrate any OneDrive site that exceeds the 2 TB quota, the transfer will fail. ## Permissions |
| enterprise | M365 Dr Workload Other | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/m365-dr-workload-other.md | Capability summary: Microsoft Viva Goals is a goal-alignment solution that conne #### Data Residency Available -Starting December 5, 2022, Viva Goals [Customer Data](/privacy/eudb/eu-data-boundary-learn) for new tenants in the [European Union Data Boundary (EUDB)](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations) will be stored in data centers located in the EU. All other tenants will have their Viva Goals Customer Data stored in data centers located in the United States. Tenants aren't provided with a choice for the specific deployment region for data storage. +Starting December 5, 2022, Viva Goals [Customer Data](/privacy/eudb/eu-data-boundary-learn) for new tenants in the [European Union Data Boundary (EUDB)](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations) and in the United Kingdom will be stored in data centers located in the EU. All other tenants will have their Viva Goals Customer Data stored in data centers located in the United States. Tenants aren't provided with a choice for the specific deployment region for data storage. To be considered a tenant in the EUDB: To be considered a tenant in the EUDB: #### Migration -Customers who signed up for Viva Goals prior to December 5, 2022, currently have their data stored in the US data centers. We'll migrate the data for these customers to data centers located in the EU over the coming months. Customers won't have to do anything to facilitate this move. +Customers based in EU and UK who signed up for Viva Goals prior to December 5, 2022, have now been migrated to EU data centers. ### Viva Insights ΓÇô Advanced, Mgr, Leader Please see the [Static data location information for select workloads](#static-data-location-information-for-select-workloads) section. The data region for Manager/Leader and Advanced is determined by the _Default Geography_ of the _tenant_, not individual users. |
| frontline | Switch From Enterprise To Frontline | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/switch-from-enterprise-to-frontline.md | To learn more, see [Exchange Online service description](/office365/servicedescr #### Teams -F3 and F1 plans include the Teams desktop app, mobile app, and web app for frontline worker communication and collaboration. Your frontline workers have access to Teams features including meetings, chat, channels, content, and apps. However, they won't be able to create live events and webinars or use Teams Phone capabilities. +F3 and F1 plans include the Teams desktop app, mobile app, and web app for frontline worker communication and collaboration. Your frontline workers have access to Teams features including meetings, chat, channels, content, and apps. However, they won't be able to create live events and webinars or use Teams Phone capabilities without the purchase of additional add-ons. |Service or feature|Microsoft 365 E3/E5|Microsoft 365 F3|Microsoft 365 F1| ||||| Here are some links to setup, help, and learning resources that you can share wi |Office mobile|Setup:</br><ul><li>[Set up Office apps and email on Android](https://support.microsoft.com/office/set-up-office-apps-and-email-on-android-6ef2ebf2-fc2d-474a-be4a-5a801365c87f)</li><li>[Set up Office apps and email on iOS devices](https://support.microsoft.com/office/set-up-the-office-app-and-outlook-on-ios-devices-0402b37e-49c4-4419-a030-f34c2013041f)</li></ul>Office mobile app help:<ul><li>[Office mobile app for Android help](https://support.microsoft.com/office/microsoft-office-app-for-android-0383d031-a1c6-46c9-b734-53cd1d22765b)</li><li>[Office app for iOS help](https://support.microsoft.com/office/microsoft-office-app-for-ios-c8880c05-883a-46b6-ad32-9bffa31228d0)</li></ul>Individual Office mobile app help:<ul><li>[Word for Android Phones](https://support.microsoft.com/office/word-for-android-phones-help-764afb31-ad50-4645-8f51-820ecf731d8f), [Word for Android tablets](https://support.microsoft.com/office/word-for-android-tablets-help-8a0dcd56-fb32-4e0d-95d8-997c066125c8),[Word for iPhone](https://support.microsoft.com/office/word-for-iphone-help-d41a5299-f6fa-4cca-b529-46a8069c5796), [Word for iPad](https://support.microsoft.com/office/word-for-ipad-help-6567cf2a-c949-4213-912d-f7a14f6264c5)</li><li>[Excel for Android Phones](https://support.microsoft.com/office/excel-for-android-phones-help-f818cb37-bfac-485d-8480-363b3da40596), [Excel for Android Tablets](https://support.microsoft.com/office/word-for-android-tablets-help-8a0dcd56-fb32-4e0d-95d8-997c066125c8), [Excel for iPhone](https://support.microsoft.com/office/excel-for-iphone-help-b367819b-05b4-4a56-ab1c-678da62e1fd3), [Excel for iPad](https://support.microsoft.com/office/excel-for-ipad-help-6b5dc2e1-a8e4-48e6-bb69-cb9a3964bc91)</li><li>[PowerPoint for Android Phones](https://support.microsoft.com/office/powerpoint-for-android-phones-help-f6714e00-0ee2-48d1-bd3d-e1997565861f), [PowerPoint for Android Tablets](https://support.microsoft.com/office/powerpoint-for-android-tablets-help-2ada1d22-3784-4943-bc47-9d1ede42875c), [PowerPoint for iPhone](https://support.microsoft.com/office/powerpoint-for-iphone-help-754fcb37-783b-4e8a-afca-edb900221b8b), [PowerPoint for iPad](https://support.microsoft.com/office/powerpoint-for-ipad-help-b75ce3bb-03e3-46df-a792-647573fef84a)</li><li>[OneNote for Android](https://support.microsoft.com/office/microsoft-onenote-for-android-46b4b49d-2bef-4746-9c30-6abb5e20b688), [OneNote for iPhone](https://support.microsoft.com/office/microsoft-onenote-for-iphone-b93a0ea8-1285-4d31-a7c5-86a849731902), [OneNote for iPad](https://support.microsoft.com/office/microsoft-onenote-help-ipad-f44e5bcd-5203-4553-9de4-0c56e6500825)</li></ul> |Teams|<ul><li>[Teams video training](https://support.microsoft.com/office/microsoft-teams-video-training-4f108e54-240b-4351-8084-b1089f0d21d7)</li><li>[Teams help & learning](https://support.microsoft.com/teams)</li></ul>| + |
| security | Defender Endpoint Plan 1 2 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2.md | The following table summarizes what's included in Microsoft endpoint security pl | Plan | What's included | |:|:|-| [Defender for Endpoint Plan 1](defender-endpoint-plan-1.md) | - [Next-generation protection](defender-endpoint-plan-1.md#next-generation-protection) (includes antimalware and antivirus)<br/>- [Attack surface reduction](defender-endpoint-plan-1.md#attack-surface-reduction)<br/>- [Manual response actions](defender-endpoint-plan-1.md#manual-response-actions)<br/>- [Centralized management](defender-endpoint-plan-1.md#centralized-management)<br/>- [Security reports](defender-endpoint-plan-1.md#reporting)<br/>- [APIs](defender-endpoint-plan-1.md#apis)<br/>- [Support for Windows 10, iOS, Android OS, and macOS devices](defender-endpoint-plan-1.md#cross-platform-support)| +| [Defender for Endpoint Plan 1](defender-endpoint-plan-1.md) | - [Next-generation protection](defender-endpoint-plan-1.md#next-generation-protection) (includes antimalware and antivirus)<br/>- [Attack surface reduction](defender-endpoint-plan-1.md#attack-surface-reduction)<br/>- [Manual response actions](defender-endpoint-plan-1.md#manual-response-actions)<br/>- [Centralized management](defender-endpoint-plan-1.md#centralized-management)<br/>- [Security reports](defender-endpoint-plan-1.md#reporting)<br/>- [APIs](defender-endpoint-plan-1.md#apis)<br/>- [Support for Windows 10, Windows 11, iOS, Android OS, and macOS devices](defender-endpoint-plan-1.md#cross-platform-support)| | [Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) | All of the Defender for Endpoint Plan 1 capabilities, plus:<br/>- [Device discovery](device-discovery.md)<br/>- [Device inventory](machines-view-overview.md)<br/>- [Core Defender Vulnerability Management capabilities](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md)<br/>- [Threat Analytics](threat-analytics.md)<br/>- [Automated investigation and response](automated-investigations.md)<br/>- [Advanced hunting](advanced-hunting-overview.md)<br/>- [Endpoint detection and response](overview-endpoint-detection-response.md)<br/>- [Endpoint Attack Notifications](endpoint-attack-notifications.md)<br/>- Support for [Windows](configure-endpoints.md) (client only) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux) | | [Defender Vulnerability Management add-on](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md) | More Defender Vulnerability Management capabilities for Defender for Endpoint Plan 2: <br/>- [Security baselines assessment](../defender-vulnerability-management/tvm-security-baselines.md)<br/>- [Block vulnerable applications](../defender-vulnerability-management/tvm-block-vuln-apps.md)<br/>- [Browser extensions](../defender-vulnerability-management/tvm-browser-extensions.md)<br/>- [Digital certificate assessment](../defender-vulnerability-management/tvm-certificate-inventory.md)<br/>- [Network share analysis](../defender-vulnerability-management/tvm-network-share-assessment.md)<br/> - [Hardware and firmware assessment](../defender-vulnerability-management/tvm-hardware-and-firmware.md) <br/> - [Authenticated scan for Windows](../defender-vulnerability-management/windows-authenticated-scan.md) <br/> - Support for [Windows](configure-endpoints.md) (client and server) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux) | | [Defender for Business](../defender-business/mdb-overview.md) <sup>[[1](#fn1)]</sup> | [Services optimized for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md) include: <br/>- Email protection<br/>- Antispam protection<br/>- Antimalware protection<br/>- Next-generation protection<br/>- Attack surface reduction<br/>- Endpoint detection and response<br/>- Automated investigation and response <br/>- Vulnerability management<br/>- Centralized reporting<br/>- APIs (for integration with custom apps or reporting solutions)<br/>- [Integration with Microsoft 365 Lighthouse](../defender-business/mdb-lighthouse-integration.md) | |
| security | Enable Exploit Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-exploit-protection.md | Title: Turn on exploit protection to help mitigate against attacks -keywords: exploit, mitigation, attacks, vulnerability description: Learn how to enable exploit protection in Windows. Exploit protection helps protect your device against malware. -ms.sitesec: library ms.localizationpriority: medium audience: ITPro The result is that DEP is enabled for *test.exe*. DEP won't be enabled for any o 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. -2. Go to **Device configuration** \> **Profiles** \> **Create profile**. +2. Go to **Device configuration** \> **Configuration Profiles** \> **Create profile**. -3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. +3. Name the profile, choose **Windows 10 and later**, select **templates** for Profile type and choose **Endpoint protection** under template name. :::image type="content" source="images/create-endpoint-protection-profile.png" alt-text="The Create endpoint protection profile" lightbox="images/create-endpoint-protection-profile.png"::: |
| security | Enable Microsoft Defender For Iot Integration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration.md | - Title: Onboard Microsoft Defender for IoT with Microsoft Defender for Endpoint -description: Onboard with Microsoft Defender for IoT to gain visibility and security assessments focused on IoT devices. -keywords: enable siem connector, siem, connector, security information and events -search.product: eADQiWindows 10XVcnh --ms.sitesec: library -ms.pagetype: security ------ m365-security-- tier3-- Previously updated : 11/12/2021---# Onboard with Microsoft Defender for IoT ---**Applies to:** --- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/?linkid=2154037)-- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)-- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)---> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-enablesiem-abovefoldlink) --Microsoft Defender for Endpoint now seamlessly integrates with Microsoft Defender for IoT. This integration extends your device discovery capabilities with the agentless monitoring capabilities provided by Defender for IoT. The Defender for IoT integration provides increased visibility to help locate, identify, and secure the enterprise IoT devices in your network, such as Voice over Internet Protocol (VoIP) devices, printers, and cameras. --This allows organizations to take advantage of a single integrated solution that secures all of their IoT, and Operational Technology (OT) infrastructure. For more information, see [Enterprise IoT network protection](/azure/defender-for-iot/organizations/overview-eiot). --The Defender for IoT integration gives you a single unified view of your complete OT/IoT inventory alongside the rest of your IT devices (workstations, servers, and mobile). Customers who've onboarded to Defender for IoT will also get information on alerts, vulnerabilities and security recommendations for their IoT devices. --## Prerequisites --To modify settings for your Defender for Endpoint integration, the user must have the following roles: --- Tenant Global Administrator in Azure Active Directory-- Security Administrator for the Azure subscription that will be used for the Microsoft Defender for IoT integration--## Onboard a Defender for IoT plan --1. In the navigation pane of the [https://security.microsoft.com](https://security.microsoft.com/) portal, select **Settings** \> **Device discovery** \> **Enterprise IoT**. --2. Select the following options for your plan: -- - Select the Azure subscription from the list of available subscriptions in your Azure Active Directory tenant where you'd like to add a plan. -- - Select a pricing plan, either a monthly or annual commitment, or a trial. Microsoft Defender for IoT provides a 30-day free trial for the first 1,000 committed devices for evaluation purposes. -- For more information, see the [Microsoft Defender for IoT pricing page](https://azure.microsoft.com/pricing/details/iot-defender/). -- - Select the number of committed devices you'll want to monitor. If you selected a trial, this section doesn't appear as you have a default of 1000 devices. --3. Accept the **terms and conditions** and select **Save**. --> [!NOTE] -> Setting up an Enterprise IoT network sensor is currently in public preview. For more information, see [Shared device inventory](#shared-device-inventory). --## Managing your IoT devices --To view and manage your IoT devices in the [Microsoft 365 Defender portal](https://security.microsoft.com/) go to the **Device inventory** from the **Endpoints** navigation menu and select the **IoT devices** tab. --For information on how to view the devices in Defender for IoT, see [Manage your IoT devices with the device inventory for organizations](/azure/defender-for-iot/organizations/how-to-manage-device-inventory-for-organizations). --## View devices, alerts, recommendations, and vulnerabilities --After onboarding to a Defender for IoT plan, view detected data and security assessments in the following locations: --- View device data in Defender for Endpoint or Defender for IoT-- View [alerts](alerts-queue-endpoint-detection-response.md), [recommendations](../defender-vulnerability-management/tvm-security-recommendation.md), and [vulnerabilities](../defender-vulnerability-management/tvm-weaknesses.md) in the [Microsoft 365 Defender portal](https://security.microsoft.com).--### Shared device inventory --Defender for Endpoint customers can also set up the Enterprise IoT network sensor (currently in **Public Preview**) to gain more visibility into additional IoT segments of the corporate network that were not previously covered by Defender for Endpoint. Customers that have set up an Enterprise IoT network sensor will be able to see all discovered devices in the **Device inventory** in either Defender for Endpoint or Defender for IoT. --To add a network sensor, in the navigation pane of the [https://security.microsoft.com](https://security.microsoft.com/) portal: --1. Select **Settings** \> **Device discovery** \> **Enterprise IoT** -2. Under **Set up network sensors** choose the **Microsoft Defender for IoT** link --This brings you to the sensor setup process in the Azure portal. For more information, see [Get started with Enterprise IoT](/azure/defender-for-iot/organizations/tutorial-getting-started-eiot-sensor). --> [!IMPORTANT] -> Setting up an Enterprise IoT Network sensor is currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. --## Cancel your Defender for IoT plan --Cancel your Defender for IoT plan from the Defender for Endpoint settings page in the [https://security.microsoft.com](https://security.microsoft.com/) portal. Once you cancel your plan, the integration stops and you'll no longer get security assessment value in Defender for Endpoint, or detect new devices in Defender for IoT. --For more details about plan cancellation and data considerations, please see [Cancel a Defender for IoT plan](/azure/defender-for-iot/organizations/how-to-manage-subscriptions#cancel-a-defender-for-iot-plan-from-a-subscription) in the Defender for IoT documentation. --## See also --- [Device discovery overview](configure-device-discovery.md)-- [Device discovery FAQ](device-discovery-faq.md) |
| security | Linux Whatsnew | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-whatsnew.md | This article is updated frequently to let you know what's new in the latest rele - [What's new in Defender for Endpoint on macOS](mac-whatsnew.md) - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md) +<details> + <summary> May-2023 (Build: 101.98.64 | Release version: 30.123032.19864.0)</summary> ++## May-2023 Build: 101.98.64 | Release version: 30.123032.19864.0 ++ Released: **May 3,2023**<br/> + Published: **May 3, 2023**<br/> + Build: **101.98.64**<br/> + Release version: **30.123032.19864.0**<br/> + Engine version: **1.1.20100.6**<br/> + Signature version: **1.385.68.0**<br/> ++**What's new** ++- There are multiple fixes and new changes in this release + - Health message improvements to capture details about auditd failures. + - Improvements to handle augenrules which was causing installation failure. + - Periodic memory cleanup in engine process. + - Fix for memory issue in mdatp audisp plugin. + - Handled missing plugin directory path during installation. + - When conflicting application is using blocking fanotify, with default configuration mdatp health will show unhealthy. This is now fixed. + - Support for ICMP traffic inspection in BM. + - Engine Update to 1.1.20100.6 and Signatures Ver: 1.385.68.0. + - Bug fixes. ++**Known issues** ++- While upgrading mdatp to version 101.94.13 or later, you may notice that health is false, with health_issues as "no active supplementary event provider". This may happen due to misconfigured/conflicting auditd rules on existing machines. To mitigate the issue, the auditd rules on the existing machines need to be fixed. The following commands can help you to identify such auditd rules (commands need to be run as super user). Please take backup of following file: /etc/audit/rules.d/audit.rules as these steps are only to identify failures. ++```bash +echo -c >> /etc/audit/rules.d/audit.rules +augenrules --load +``` ++- While upgrading from mdatp version 101.75.43 or 101.78.13, you may encounter a kernel hang. Run the following commands before attempting to upgrade to version 101.98.05. More information about the underlying issue can be found at [System hang due to blocked tasks in fanotify code](https://access.redhat.com/solutions/2838901). ++There are two ways to mitigate this upgrade issue: ++1. Use your package manager to uninstall the 101.75.43 or 101.78.13 mdatp version. ++Example: +```bash +sudo apt purge mdatp +sudo apt-get install mdatp +``` ++2. As an alternative you can follow the instructions to [uninstall](/microsoft-365/security/defender-endpoint/linux-resources#uninstall), then [install](/microsoft-365/security/defender-endpoint/linux-install-manually#application-installation) the latest version of the package. ++If you don't want to uninstall mdatp you can disable rtp and mdatp in sequence before upgrading. +Caution: Some customers (<1%) experience issues with this method. ++ ```bash +sudo mdatp config real-time-protection --value=disabled +sudo systemctl disable mdatp +``` +</details> + <details> <summary> April-2023 (Build: 101.98.58 | Release version: 30.123022.19858.0)</summary> |
| security | Anti Phishing Policies About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-policies-about.md | Impersonation safety tips appear to users when messages are identified as impers - **Show user impersonation unusual characters safety tip**: The From address contains unusual character sets (for example, mathematical symbols and text or a mix of uppercase and lowercase letters) in an sender specified in [user impersonation protection](#user-impersonation-protection). Available only if **Enable users to protect** is turned on and configured. > [!NOTE]-> Safety tips are not stamped in S/MIME signed messages. +> Safety tips are not stamped in the following messages: +> +> - S/MIME signed messages. +> - Messages that are allowed by your organizational settings. #### Trusted senders and domains |
| security | Anti Spam Policies Asf Settings About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-policies-asf-settings-about.md | In all Microsoft 365 organizations, the Advanced Spam Filter (ASF) settings in a > - Periodic quarantine notifications from spam and high confidence spam filter verdicts. > - The presence of filtered messages in quarantine. > - The specific `X-CustomSpam:` X-header fields that are added to messages as described in this article.+> +> ASF adds `X-CustomSpam:` X-header fields to messages _after_ the messages have been processed by Exchange mail flow rules (also known as transport rules), so you can't use mail flow rules to identify and act on messages that were filtered by ASF. The following sections describe the ASF settings and options that are available in anti-spam policies in the Microsoft 365 Defender portal, and in Exchange Online PowerShell or standalone EOP PowerShell ([New-HostedContentFilterPolicy](/powershell/module/exchange/new-hostedcontentfilterpolicy) and [Set-HostedContentFilterPolicy](/powershell/module/exchange/set-hostedcontentfilterpolicy)). For more information, see [Configure anti-spam policies in EOP](anti-spam-policies-configure.md). For each ASF setting, the following options are available in anti-spam policies: - **Off**: The ASF setting is disabled. This is the default value, and we recommend that you don't change it. - **Test**: ASF adds the corresponding X-header field to the message. What happens to the message is determined by the **Test mode** (*TestModeAction*) value: - **None**: Message delivery is unaffected by the ASF detection. The message is still subject to other types of filtering and rules in EOP.- - **Add default X-header text (*AddXHeader*)**: The X-header value `X-CustomSpam: This message was filtered by the custom spam filter option` is added to the message. You can use this value in Inbox rules to affect the delivery of the message. + - **Add default X-header text (*AddXHeader*)**: The X-header value `X-CustomSpam: This message was filtered by the custom spam filter option` is added to the message. You can use this value in Inbox rules (not mail flow rules) to affect the delivery of the message. - **Send Bcc message (*BccMessage*)**: The specified email addresses (the *TestModeBccToRecipients* parameter value in PowerShell) are added to the Bcc field of the message, and the message is delivered to the additional Bcc recipients. In the Microsoft 365 Defender portal, you separate multiple email addresses by semicolons (;). In PowerShell, you separate multiple email addresses by commas. **Notes**: |
| security | Identity Access Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies.md | Follow the guidance in the article [Common Conditional Access policy: Block lega ### High risk users must change password -Follow the guidance in the article [Common Conditional Access policy: User risk-based password change](/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy) to require users with compromised credentials to change their password. +Follow the guidance in the article [Common Conditional Access policy: User risk-based password change](/azure/active-directory/conditional-access/howto-conditional-access-policy-risk-user) to require users with compromised credentials to change their password. Use this policy along with [Azure AD password protection](/azure/active-directory/authentication/concept-password-ban-bad), which detects and blocks known weak passwords and their variants in addition to terms specific to your organization. Using Azure AD password protection ensures that changed passwords are stronger. |
| security | Message Headers Eop Mdo | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-headers-eop-mdo.md | The individual fields and values are described in the following table. |`SFV:SKS`|The message was marked as spam prior to being processed by spam filtering. For example, the message was marked as SCL 5 to 9 by a mail flow rule.| |`SFV:SPM`|The message was marked as spam by spam filtering.| |`SRV:BULK`|The message was identified as bulk email by spam filtering and the bulk complaint level (BCL) threshold. When the _MarkAsSpamBulkMail_ parameter is `On` (it's on by default), a bulk email message is marked as spam (SCL 6). For more information, see [Configure anti-spam policies](anti-spam-policies-configure.md).|-|`X-CustomSpam: [ASFOption]`|The message matched an Advanced Spam Filter (ASF) setting. To see the X-header value for each ASF setting, see [Advanced Spam Filter (ASF) settings](anti-spam-policies-asf-settings-about.md).| +|`X-CustomSpam: [ASFOption]`|The message matched an Advanced Spam Filter (ASF) setting. To see the X-header value for each ASF setting, see [Advanced Spam Filter (ASF) settings](anti-spam-policies-asf-settings-about.md). <br><br> **Note**: ASF adds `X-CustomSpam:` X-header fields to messages _after_ the messages have been processed by Exchange mail flow rules (also known as transport rules), so you can't use mail flow rules to identify and act on messages that were filtered by ASF.| ## X-Microsoft-Antispam message header fields |
| security | Recommended Settings For Eop And Office365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md | For more information about Advanced Spam Filter (ASF) settings in anti-spam poli |**Backscatter** <br><br> _MarkAsSpamNdrBackscatter_|Off|Off|Off|| |**Test mode** <br><br> _TestModeAction_)|None|None|None|For ASF settings that support **Test** as an action, you can configure the test mode action to **None**, **Add default X-Header text**, or **Send Bcc message** (`None`, `AddXHeader`, or `BccMessage`). For more information, see [Enable, disable, or test ASF settings](anti-spam-policies-asf-settings-about.md#enable-disable-or-test-asf-settings).| +> [!NOTE] +> ASF adds `X-CustomSpam:` X-header fields to messages _after_ the messages have been processed by Exchange mail flow rules (also known as transport rules), so you can't use mail flow rules to identify and act on messages that were filtered by ASF. + #### EOP outbound spam policy settings To create and configure outbound spam policies, see [Configure outbound spam filtering in EOP](outbound-spam-policies-configure.md). |