Docs update tracker

Updates from: 06/14/2022 01:16:56

Category	Microsoft Docs article	Related commit history on GitHub	Change details
compliance	Classifier Learn About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md	These appear in the Microsoft Purview compliance portal > **Data classificat > [!IMPORTANT] > Please note that the built-in trainable and global classifiers don't provide an exhaustive or complete list of terms or language across these areas. Further, language and cultural standards continually change, and in light of these realities, Microsoft reserves the right to update these classifiers in its discretion. While classifiers may assist your organization in detecting these areas, classifiers are not intended to provide your organization's sole means of detecting or addressing the use of such language. Your organization, not Microsoft or its subsidiaries, remains responsible for all decisions related to monitoring, scanning, blocking, removal, and retention of any content identified by a pre-trained classifier, including compliance with local privacy and other applicable laws. Microsoft encourages consulting with legal counsel before deployment and use. -Pre-trained classifiers can scan content in these languages: +Our Threat, Profanity, Harassment, and Discrimination classifiers can scan content in these languages: - Arabic - Chinese (Simplified) Pre-trained classifiers can scan content in these languages: - Portuguese - Spanish +All others are English only at the moment. + ### Custom classifiers When the pre-trained classifiers don't meet your needs, you can create and train your own classifiers. There's more work involved with creating your own, but they'll be much better tailored to your organizations needs.
compliance	Endpoint Dlp Learn About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md	Endpoint DLP enables you to audit and manage the following types of activities u \|print a document \|Detects when a user attempts to print a protected item to a local or network printer.\|supported\|supported\|auditable and restrictable \| \|copy to a remote session\|Detects when a user attempts to copy an item to a remote desktop session \|supported\|not supported\| auditable and restrictable\| \|copy to a Bluetooth device\|Detects when a user attempts to copy an item to an unallowed Bluetooth app (as defined in the list of unallowed Bluetooth aps in Endpoint DLP settings).\|supported\|not supported\| auditable and restrictable\| -\|create an item\|Detects when a user creates an item\|supported \| \|auditable\| -\|rename an item\|Detects when a user renames an item\|supported \| \|auditable\| +\|create an item\|Detects when a user creates an item\|supported \|supported \|auditable\| +\|rename an item\|Detects when a user renames an item\|supported \|supported \|auditable\| ## Best practice for endpoint DLP policies
compliance	Get Started Core Ediscovery	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-core-ediscovery.md	This article discusses the steps necessary to set up eDiscovery (Standard). This Licensing for eDiscovery (Standard) requires the appropriate organization subscription and per-user licensing. -- Organization subscription: To access eDiscovery (Standard) in the Microsoft Purview compliance portal and use the hold and export features, your organization must have a Microsoft 365 E3 or Office 365 E3 subscription or higher. Microsoft 365 Frontline organizations must have an F5 subscription. +- Organization subscription: To access eDiscovery (Standard) in the Microsoft Purview compliance portal and use the hold and export features, your organization must have an Exchange online Plan 2 or Microsoft 365 E3 or Office 365 E3 subscription or higher. Microsoft 365 Frontline organizations must have an F5 subscription. - Per-user licensing: To place an eDiscovery hold on mailboxes and sites, users must be assigned one of the following licenses, depending on your organization subscription:
compliance	Import Hr Data	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-hr-data.md	Here are requirements for configuring a CSV file with multiple data types: - You have to add the required columns (and optional if you use them) for each data type and the corresponding column name in the header row. If a data type doesn't correspond to a column, you can leave the value blank. -- To use a CSV file with multiple types of HR data, the HR connector needs to know which rows in the CSV file contain which type HR data. This is accomplished by adding an additional HRScenario column to the CSV file. The values in this column identify the type of HR data in each row. For example, values that correspond to the four HR scenarios could be \`Resignation\`, \`Job level change\`, \`Performance review\`, \`Performance improvement plan\`, and \`Employee profile\`. +- To use a CSV file with multiple types of HR data, the HR connector needs to know which rows in the CSV file contain which type HR data. This is accomplished by adding an additional HRScenario column to the CSV file. The values in this column identify the type of HR data in each row. For example, values that correspond to the HR scenarios could be \`Resignation\`, \`Job level change\`, \`Performance review\`, \`Performance improvement plan\`, and \`Employee profile\`. - If you have multiple CSV files that contain an HRScenario column, be sure that each file uses the same column name and the same values that identify the specific HR scenarios. -The following example shows a CSV file that contains the HRScenario column. The values in the HRScenario column identify the type of data in the corresponding row. +The following example shows a CSV file that contains the HRScenario** column. The values in the HRScenario column identify the type of data in the corresponding row. The below sample covers four HR scenarios \`Resignation\`, \`Job level change\`, \`Performance review\`, and \`Performance improvement plan\`. ```text HRScenario,EmailAddress,ResignationDate,LastWorkingDate,EffectiveDate,Remarks,Rating,OldLevel,NewLevel
compliance	Sit Get Started Exact Data Match Test	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-test.md	If you don't find any matches, here are some troubleshooting tips. \|No matches found \| Confirm that your sensitive data was uploaded correctly using the commands explained in [Hash and upload the sensitive information source table for exact data match sensitive information types](sit-get-started-exact-data-match-hash-upload.md#hash-and-upload-the-sensitive-information-source-table-for-exact-data-match-sensitive-information-types)\| \|No matches found \| Test the SIT you used when you configured the primary element in each of your patterns. This will confirm that the SIT is able to match the examples in the item. Using an incorrectly defined SIT as the classification element of an EDM Sensitive information type is the most common cause for detection failures in EDM. \| \|The SIT you selected for a primary element in the EDM type doesn't find a match in the item or finds fewer matches than you expected \| Check that it supports the separators and delimiters that are in the content. Be sure to include the ignored delimiters defined in your schema. \| -\|The primary element SIT finds matches in an item, but the EDM SIT doesn't. \| - Check your REGEX statements for starting or ending a capturing whitespace delimiter, like /s. The whitespace won't match the hashed value in the data table. Use a word delimiter like /b instead. </br> - Check your REGEX statements to ensure that they capture the whole string you want to capture, not just a substring. For example, this pattern for email addresses [a-zA-Z]{30}@[a-zA-Z]{20}.[a-zA-Z]{2,3} will match user@contoso.com and user@contoso.co.jp. \| -\|An EDM SIT with primary elements and no secondary elements defined detects items, but doesn't detect, or detects fewer than expected, when primary and secondary elements are required. \| Make sure values for secondary evidence are composed of a single word or string that doesn't contain spaces or use REGEX statements that detect multi-word strings. For example, \b[A-Z][a-z]{1,25}([ -][A-Z][a-z]{1,25}){0,4}\b, which will match any sequence of one to five consecutive words that start with an uppercase character. Use this SIT as the classification element for the additional evidence conditions in your EDM sensitive info type XML. See [Create a rule package manually](sit-get-started-exact-data-match-create-rule-package.md#create-a-rule-package-manually)\| +\|The primary element SIT finds matches in an item, but the EDM SIT doesn't. \| - Check your REGEX statements for starting or ending capturing whitespace delimiters, like \s. The whitespace won't match the hashed value in the data table. Use a word delimiter like \b instead. </br> - Check your REGEX statements to ensure that they capture the whole string you want to capture, not just a substring. For example, this pattern for email addresses \b[a-zA-Z]{2,30}@[a-zA-Z]{2,20}.[a-zA-Z]{2,3}\b will correctly match user@contoso.com but will only capture user@contoso.co.jp in incomplete form. +\|An EDM SIT with primary elements and no secondary elements defined detects items, but doesn't detect, or detects fewer matches than expected when primary and secondary elements are required. \| If values in a column used for secondary evidence are not composed of a single word or strings that don't contain spaces, commas, or other word separators, you will need to associate them with a sensitive info type that uses either a REGEX designed to detect multi-word strings that follow the desired pattern (e.g. a fixed number of consecutive words that start with an uppercase character), or a keyword dictionary that lists all the unique values in that column. For example, if there's an additional evidence column for a person's city or residence, you can create a list with all the unique city names from the table and use it to create a dictionary-based sensitive information type. Use this SIT as the classification element for the corresponding column in your EDM sensitive info type by exporting and editing the EDM SIT definition in XML. See [Create a rule package manually](sit-get-started-exact-data-match-create-rule-package.md#create-a-rule-package-manually).\| \|SIT test function doesn't detect any matches at all. \| Check if the SIT you selected includes requirements for additional keywords or other validations. For the built-in SITs, see [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md#sensitive-information-type-entity-definitions) to verify what the minimum requirements are for matching each type. \| \|The Test functionality works but your SharePoint or OneDrive items aren't being detected in DLP or auto-labeling rules \| Check if the documents you would expect to match show up in Content Explorer. If they aren't there, remember that only content created after the changes to the sensitive information type will show as matches. You have to recrawl the sites and libraries for pre-existing items to show up. See [Manually request crawling and reindexing of a site, a library or a list](/sharepoint/crawl-site-content) for details on recrawling SharePoint and OneDrive. \| \|DLP or auto-labeling rules that require multiple matches don't trigger \|Check that the proximity requirements for both your EDM type and the base sensitive information types are met. For example, if the maximum distance of between the primary element and supporting keywords is 300 characters, but the keywords are only present in the first row of a long table, only the first few rows of matching values are likely to meet the proximity requirements. Modify your SIT definitions to support more relaxed proximity rules or use the anywhere in the document option for the additional evidence conditions. \|
includes	Microsoft 365 Content Updates	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md	+## Week of June 06, 2022 ++ +\| Published On \|Topic title \| Change \| +\|\|\|--\| +\| 6/6/2022 \| [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| [Uploading a pre-built zip package](/microsoft-365/test-base/uploadapplication?view=o365-21vianet) \| added \| +\| 6/6/2022 \| [Understand your usage cost](/microsoft-365/test-base/usagecost?view=o365-21vianet) \| added \| +\| 6/6/2022 \| [Compare different device and app data protection methods](/microsoft-365/admin/devices/choose-device-security?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| Upload your package \| removed \| +\| 6/6/2022 \| [Manage and monitor priority accounts](/microsoft-365/admin/setup/priority-accounts?view=o365-21vianet) \| added \| +\| 6/6/2022 \| [Upgrade distribution lists to Microsoft 365 Groups in Exchange Online](/microsoft-365/admin/manage/upgrade-distribution-lists?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| [Microsoft cloud architecture models - enterprise resource planning](/microsoft-365/solutions/cloud-architecture-models?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) \| modified \| +\| 6/6/2022 \| [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) \| modified \| +\| 6/7/2022 \| [Take response actions on a device in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-21vianet) \| modified \| +\| 6/7/2022 \| [Quick tasks for getting started with compliance in Microsoft Purview](/microsoft-365/compliance/compliance-quick-tasks?view=o365-21vianet) \| modified \| +\| 6/7/2022 \| [Use PowerShell to perform a staged migration to Microsoft 365](/microsoft-365/enterprise/use-powershell-to-perform-a-staged-migration-to-microsoft-365?view=o365-21vianet) \| modified \| +\| 6/7/2022 \| [What's new in Microsoft Purview](/microsoft-365/compliance/whats-new?view=o365-21vianet) \| modified \| +\| 6/7/2022 \| [Create a Microsoft 365 Group with a specific preferred data location](/microsoft-365/enterprise/multi-geo-add-group-with-pdl?view=o365-21vianet) \| modified \| +\| 6/7/2022 \| [SharePoint Server 2007 end of support roadmap](/microsoft-365/enterprise/sharepoint-2007-end-of-support?view=o365-21vianet) \| modified \| +\| 6/7/2022 \| [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft Defender for Office 365 step-by-step guides and how to use them](/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview?view=o365-21vianet) \| added \| +\| 6/8/2022 \| [Assign eDiscovery permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Manage audit log retention policies](/microsoft-365/compliance/audit-log-retention-policies?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Change the hold duration for an inactive mailbox](/microsoft-365/compliance/change-the-hold-duration-for-an-inactive-mailbox?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Clone a Content Search](/microsoft-365/compliance/clone-a-content-search?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Delete items in the Recoverable Items folder](/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Create a DLP policy to protect documents](/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Modify a custom sensitive information type using PowerShell](/microsoft-365/compliance/sit-modify-a-custom-sensitive-information-type-in-powershell?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Use a script to add users to a hold in a eDiscovery (Standard) case](/microsoft-365/compliance/use-a-script-to-add-users-to-a-hold-in-ediscovery?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [View the reports for data loss prevention](/microsoft-365/compliance/view-the-dlp-reports?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Connect to all Microsoft 365 services in a single PowerShell window](/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [View an enterprise Cloud PC failed network connection in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-failed-network-connections?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Creating a Test Base Account](/microsoft-365/test-base/createaccount?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft 365 admin center groups reports](/microsoft-365/admin/activity-reports/office-365-groups-ww?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Add your brand to encrypted messages](/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft Compliance Configuration Analyzer for Compliance Manager](/microsoft-365/compliance/compliance-manager-mcca?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Manage Customer Key](/microsoft-365/compliance/customer-key-manage?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Legacy information for Office 365 Message Encryption](/microsoft-365/compliance/legacy-information-for-message-encryption?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Manage Office 365 Message Encryption](/microsoft-365/compliance/manage-office-365-message-encryption?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Migrate legacy eDiscovery searches and holds to the Microsoft Purview compliance portal](/microsoft-365/compliance/migrate-legacy-ediscovery-searches-and-holds?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Use Content Search for a list of users on the mailbox & OneDrive for Business site](/microsoft-365/compliance/search-the-mailbox-and-onedrive-for-business-for-a-list-of-users?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Set up Azure Rights Management for the previous version of Message Encryption](/microsoft-365/compliance/set-up-azure-rms-for-previous-version-message-encryption?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Work with a partner to archive third-party data](/microsoft-365/compliance/work-with-partner-to-archive-third-party-data?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Privileged access management for your Microsoft 365 for enterprise test environment](/microsoft-365/enterprise/privileged-access-microsoft-365-enterprise-dev-test-environment?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Removing or disabling Hybrid Modern Authentication from Skype for Business and Exchange](/microsoft-365/enterprise/remove-or-disable-hybrid-modern-authentication-from-skype-for-business-and-excha?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft 365 Security for Business Decision Makers (BDMs)](/microsoft-365/security/microsoft-365-security-for-bdm?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Take response actions on a device in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Best practices for unauthenticated sharing](/microsoft-365/solutions/best-practices-anonymous-sharing?view=o365-21vianet) \| modified \| +\| 6/8/2022 \| [Microsoft 365 enterprise resource planning - Security architecture](/microsoft-365/solutions/identity-design-principles?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-troubleshoot?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Creating a Test Base Account](/microsoft-365/test-base/createaccount?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Stay informed of upcoming changes to Microsoft Defender for Office 365 using the message center](/microsoft-365/security/office-365-security/step-by-step-guides/stay-informed-with-message-center?view=o365-21vianet) \| added \| +\| 6/9/2022 \| [Domains Frequently Asked Questions](/microsoft-365/admin/setup/domains-faq?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Onboard Windows multi-session devices in Azure Virtual Desktop](/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Top 20 most-viewed admin help articles this month # < 60 chars](/microsoft-365/admin/top-m365-admin-articles?view=o365-21vianet) \| modified \| +\| 6/9/2022 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Share calendars with external users](/microsoft-365/admin/manage/share-calendars-with-external-users?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Understand subscriptions and licenses in Microsoft 365 for business](/microsoft-365/commerce/licenses/subscriptions-and-licenses?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Set up Microsoft Purview Message Encryption](/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Troubleshooting mode scenarios in Microsoft Defender for Endpoint (preview)](/microsoft-365/security/defender-endpoint/troubleshooting-mode-scenarios?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [(False Negatives) How to handle malicious emails that are delivered to recipients using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [(False Positives) How to handle legitimate emails getting blocked from delivery using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Set up and configure the Moodle plugin for Open LMS](/microsoft-365/lti/open-lms-plugin-configuration?view=o365-21vianet) \| added \| +\| 6/10/2022 \| [Integrate Microsoft Teams classes and meetings with Open LMS](/microsoft-365/lti/open-lms-teams-classes-and-meetings?view=o365-21vianet) \| added \| +\| 6/10/2022 \| [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Network connectivity in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [What is Microsoft 365 for business](/microsoft-365/admin/admin-overview/what-is-microsoft-365-for-business?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Create and publish retention labels by using PowerShell](/microsoft-365/compliance/bulk-create-publish-labels-using-powershell?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Manage jobs in eDiscovery (Premium)](/microsoft-365/compliance/managing-jobs-ediscovery20?view=o365-21vianet) \| modified \| +\| 6/10/2022 \| [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) \| modified \| ++ ## Week of May 30, 2022 \| 5/13/2022 \| [Microsoft Defender Experts for Hunting preview](/microsoft-365/security/defender/defenderexpertsforhuntingprev?view=o365-21vianet) \| modified \| \| 5/13/2022 \| [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) \| modified \| \| 5/13/2022 \| [Remove blocked connectors from the Restricted entities portal in Microsoft 365](/microsoft-365/security/office-365-security/remove-blocked-connectors?view=o365-21vianet) \| modified \|-- -## Week of May 02, 2022 -- -\| Published On \|Topic title \| Change \| -\|\|\|--\| -\| 5/2/2022 \| [Microsoft Defender for Business trial playbook](/microsoft-365/security/defender-business/trial-playbook-defender-business?view=o365-21vianet) \| added \| -\| 5/2/2022 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Device groups in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-create-edit-device-groups?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Set up email notifications for your security team](/microsoft-365/security/defender-business/mdb-email-notifications?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Microsoft 365 Lighthouse and Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Offboard a device from Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-offboard-devices?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [What is Microsoft Defender for Business?](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [The simplified configuration process in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Tutorials and simulations in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Use setup wizard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [SeenBy() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-seenby-function?view=o365-21vianet) \| added \| -\| 5/2/2022 \| [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) \| modified \| -\| 5/2/2022 \| Microsoft Managed Desktop and ITIL \| removed \| -\| 5/2/2022 \| Change history for Microsoft Managed Desktop documentation \| removed \| -\| 5/2/2022 \| Address device name dependency \| removed \| -\| 5/2/2022 \| Working with Microsoft Consulting Services \| removed \| -\| 5/2/2022 \| Apps in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Prepare on-premises resources access for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Prepare certificates and network profiles for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Prerequisites for guest accounts \| removed \| -\| 5/2/2022 \| Get ready for enrollment in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Prepare mapped drives for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Network configuration for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Prerequisites for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Prepare printing resources for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Downloadable readiness assessment checker \| removed \| -\| 5/2/2022 \| Fix issues found by the readiness assessment tool \| removed \| -\| 5/2/2022 \| Readiness assessment tools \| removed \| -\| 5/2/2022 \| Access the Admin portal \| removed \| -\| 5/2/2022 \| Add and verify admin contacts in the Admin portal \| removed \| -\| 5/2/2022 \| Assign licenses \| removed \| -\| 5/2/2022 \| Install Intune Company Portal on devices \| removed \| -\| 5/2/2022 \| Adjust settings after enrollment \| removed \| -\| 5/2/2022 \| Deploy apps to devices \| removed \| -\| 5/2/2022 \| Windows 10 location service \| removed \| -\| 5/2/2022 \| Device registration methods in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Order devices in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Microsoft Edge \| removed \| -\| 5/2/2022 \| Enable user support features \| removed \| -\| 5/2/2022 \| Enable Enterprise State Roaming \| removed \| -\| 5/2/2022 \| First-run experience with Autopilot and the Enrollment Status Page \| removed \| -\| 5/2/2022 \| Get started with app control \| removed \| -\| 5/2/2022 \| Get your users ready to use devices \| removed \| -\| 5/2/2022 \| Get started with Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Localize the user experience \| removed \| -\| 5/2/2022 \| Microsoft 365 Apps for enterprise \| removed \| -\| 5/2/2022 \| Manual registration for existing devices \| removed \| -\| 5/2/2022 \| Manual registration \| removed \| -\| 5/2/2022 \| Microsoft OneDrive \| removed \| -\| 5/2/2022 \| Partner registration \| removed \| -\| 5/2/2022 \| Prepare devices for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Install Microsoft Project or Microsoft Visio on Microsoft Managed Desktop devices \| removed \| -\| 5/2/2022 \| Microsoft Teams \| removed \| -\| 5/2/2022 \| Validate new devices \| removed \| -\| 5/2/2022 \| Microsoft Managed Desktop documentation # < 60 chars \| removed \| -\| 5/2/2022 \| Compliance \| removed \| -\| 5/2/2022 \| What is Microsoft Managed Desktop? \| removed \| -\| 5/2/2022 \| Microsoft Managed Desktop roles and responsibilities \| removed \| -\| 5/2/2022 \| Microsoft Managed Desktop technologies \| removed \| -\| 5/2/2022 \| Microsoft Managed Desktop and Windows 11 \| removed \| -\| 5/2/2022 \| App control \| removed \| -\| 5/2/2022 \| Exceptions to the service plan \| removed \| -\| 5/2/2022 \| Device deployment groups \| removed \| -\| 5/2/2022 \| Device images \| removed \| -\| 5/2/2022 \| Device names \| removed \| -\| 5/2/2022 \| Device configuration \| removed \| -\| 5/2/2022 \| Device requirements \| removed \| -\| 5/2/2022 \| Microsoft Managed Desktop device services \| removed \| -\| 5/2/2022 \| Diagnostic logs \| removed \| -\| 5/2/2022 \| Microsoft Managed Desktop service description \| removed \| -\| 5/2/2022 \| App requirements \| removed \| -\| 5/2/2022 \| Microsoft Managed Desktop operations and monitoring \| removed \| -\| 5/2/2022 \| Privacy and personal data \| removed \| -\| 5/2/2022 \| Understand device profiles \| removed \| -\| 5/2/2022 \| Supported regions \| removed \| -\| 5/2/2022 \| Security operations in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Security technologies in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Service changes and communication \| removed \| -\| 5/2/2022 \| Shared devices \| removed \| -\| 5/2/2022 \| Admin support \| removed \| -\| 5/2/2022 \| How updates are handled in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| User support \| removed \| -\| 5/2/2022 \| Admin support for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| App usage report \| removed \| -\| 5/2/2022 \| Assign devices to a deployment group \| removed \| -\| 5/2/2022 \| Reassign device profiles \| removed \| -\| 5/2/2022 \| Deploy configurable settings in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Configurable settings for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Configurable settings reference for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Device inventory report \| removed \| -\| 5/2/2022 \| Device status report \| removed \| -\| 5/2/2022 \| Get user support for Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Working with Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Manage apps in Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Remove devices \| removed \| -\| 5/2/2022 \| Work with reports \| removed \| -\| 5/2/2022 \| Windows security updates report \| removed \| -\| 5/2/2022 \| Service metrics report \| removed \| -\| 5/2/2022 \| Preview and test Windows 11 with Microsoft Managed Desktop \| removed \| -\| 5/2/2022 \| Work with app control \| removed \| -\| 5/2/2022 \| [Host firewall reporting in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/host-firewall-reporting?view=o365-21vianet) \| modified \| -\| 5/3/2022 \| [Manage group attendees in Bookings](/microsoft-365/bookings/manage-attendees-bookings?view=o365-21vianet) \| added \| -\| 5/3/2022 \| [Manage your blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/manage-tenant-blocks?view=o365-21vianet) \| modified \| -\| 5/3/2022 \| [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) \| modified \| -\| 5/3/2022 \| [View your Azure Active Directory roles in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-your-roles?view=o365-21vianet) \| added \| -\| 5/3/2022 \| Microsoft Purview trial terms and conditions \| removed \| -\| 5/3/2022 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) \| modified \| -\| 5/3/2022 \| [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) \| modified \| -\| 5/3/2022 \| [Onboard Windows 10 or Windows 11 devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-overview?view=o365-21vianet) \| modified \| -\| 5/4/2022 \| [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) \| modified \| -\| 5/4/2022 \| [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) \| modified \| -\| 5/4/2022 \| [Office 365 US Government DOD endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints?view=o365-21vianet) \| modified \| -\| 5/4/2022 \| [Office 365 U.S. Government GCC High endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints?view=o365-21vianet) \| modified \| -\| 5/4/2022 \| [Bookings in Outlook](/microsoft-365/bookings/bookings-in-outlook?view=o365-21vianet) \| added \| -\| 5/4/2022 \| [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-21vianet) \| modified \| -\| 5/4/2022 \| [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-21vianet) \| modified \| -\| 5/5/2022 \| [Microsoft Purview Compliance Manager alerts and alert policies](/microsoft-365/compliance/compliance-manager-alert-policies?view=o365-21vianet) \| modified \| -\| 5/5/2022 \| [Configure retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-21vianet) \| modified \| -\| 5/5/2022 \| [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) \| modified \| -\| 5/5/2022 \| [Overview](/microsoft-365/test-base/overview?view=o365-21vianet) \| modified \| -\| 5/5/2022 \| [Redirection of users from the Office 365 Security and Compliance Center to the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-redirection?view=o365-21vianet) \| modified \| -\| 5/5/2022 \| [Microsoft Purview compliance documentation # < 60 chars](/microsoft-365/compliance/index?view=o365-21vianet) \| modified \| -\| 5/6/2022 \| [Microsoft Purview compliance documentation # < 60 chars](/microsoft-365/compliance/index?view=o365-21vianet) \| modified \|
lighthouse	M365 Lighthouse Requirements	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md	In addition, each MSP customer tenant must qualify for Lighthouse by meeting the - Must have delegated access set up for the Managed Service Provider (MSP) to be able to manage the customer tenant* - Must have at least one Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, Windows 365 Business, or Microsoft Defender for Business license-- Must have no more than 1000 licensed users +- Must have no more than 2500 licensed users Either Granular Delegated Admin Privileges (GDAP) plus an indirect reseller relationship or a Delegated Admin Privileges (DAP) relationship is required to onboard customers to Lighthouse. If DAP and GDAP coexist in a customer tenant, GDAP permissions take precedence for MSP technicians in GDAP-enabled security groups. Coming soon, customers with GDAP-only relationships (without indirect reseller relationships) will be able to onboard to Lighthouse.
lighthouse	M365 Lighthouse Troubleshoot	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-troubleshoot.md	This article describes error messages and problems that you might encounter whil - Must have delegated access set up for the Managed Service Provider (MSP) to be able to manage the customer tenant* - Must have at least one Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, Windows 365 Business, or Microsoft Defender for Business license-- Must have no more than 1000 licensed users +- Must have no more than 2500 licensed users Resolution: The following table describes the different tenant statuses that require action and explains how to resolve them. Either Granular Delegated Admin Privileges (GDAP) plus an indirect reseller rela \| Inactive \| The tenant was offboarded at the request of the MSP and is no longer being managed in Lighthouse. \| You need to reactivate the tenant. On the Tenants page, select the three dots (more actions) next to the tenant that you want to reactivate, and then select Activate tenant. It can take 24ΓÇô48 hours for initial customer data to appear in Lighthouse. \| \| Ineligible - DAP or GDAP is not set up \| You don't have DAP or GDAP and indirect reseller admin privileges set up with the tenant, which is required by Lighthouse. \| Set up DAP or GDAP and indirect reseller admin privileges in the Microsoft Partner Center. \| \| Ineligible - Required license is missing \| The tenant is missing a required license. They need at least one Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, or Microsoft Defender for Business license. \| Make sure the tenant has at least one Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, Windows 365 Business, or Microsoft Defender for Business license assigned. \| -\| Ineligible - User count exceeded \| The tenant has more than the maximum of 1000 licensed users allowed by Lighthouse. \| Verify that the tenant doesn't have more than 1000 licensed users. \| +\| Ineligible - User count exceeded \| The tenant has more than the maximum of 2500 licensed users allowed by Lighthouse. \| Verify that the tenant doesn't have more than 2500 licensed users. \| \| Ineligible - Geo check failed \| You and your customer don't reside in the same geographic region, which is required by Lighthouse. \| Verify that the customer resides in your geographic region. If not, then you can't manage the tenant in Lighthouse. \| \| In process \| Lighthouse discovered the tenant but is still in the process of onboarding them. \| Allow Lighthouse 48 hours to complete onboarding of the tenant. \|
lti	Moodle Plugin Configuration	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/moodle-plugin-configuration.md	ms.localizationpriority: medium description: Get ready to integrate Moodle and Microsoft Teams by setting up and configuring the Moodle plugin. -# Set up and configure the Moodle plugin +# Set up the Moodle plugin In this article, you'll learn how to install and configure the Moodle LMS plugin to incorporate Microsoft Teams with your Moodle experience. -> [!NOTE] -> Currently, Moodle and Microsoft Teams LTI integrations are only available in private preview. -> ->If you'd like to participate in the private preview program, [sign up here](https://m365crmedu.powerappsportals.com/LMSSignup) - ## Prerequisites Here are the prerequisites to install Moodle:
lti	Open Lms Plugin Configuration	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/open-lms-plugin-configuration.md	description: Get ready to integrate One LMS and Microsoft Teams by setting up an In this article, you'll learn how to install and configure the Moodle plugin to incorporate Microsoft Teams with your Open LMS experience. -> [!NOTE] -> Currently, Open LMS and Microsoft Teams LTI integrations are only available in private preview. -> ->If you'd like to participate in the private preview program, [sign up here](https://m365crmedu.powerappsportals.com/LMSSignup) - ## Prerequisites Here are the prerequisites to install the Moodle plugin:
lti	Open Lms Teams Classes And Meetings	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/open-lms-teams-classes-and-meetings.md	description: Create and manage Teams classes and meetings with Microsoft OneDriv # Integrate Microsoft Teams classes and meetings within Open LMS -> [!NOTE] -> Currently, Open LMS and Microsoft Teams LTI integrations are only available in private preview. -> ->If you'd like to participate in the private preview program, [sign up here](https://m365crmedu.powerappsportals.com/LMSSignup/). - This guide provides the IT admin steps for registering both Teams Classes and Teams Meetings LTI apps on Open LMS. For details on managing all LTI apps for any LMS, see [Manage Microsoft LMS Gateway for any LMS](manage-microsoft-one-lti.md).
lti	Teams Classes Meetings With Moodle	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-meetings-with-moodle.md	description: Create and manage Teams classes and meetings with Microsoft OneDriv # Integrate Microsoft Teams classes and meetings within Moodle -> [!NOTE] -> Currently, Moodle and Microsoft Teams LTI integrations are only available in private preview. -> ->If you'd like to participate in the private preview program, [sign up here](https://m365crmedu.powerappsportals.com/LMSSignup/). - This guide provides the IT admin steps for registering both Teams Classes and Teams Meetings LTI apps on Moodle. For details on managing all LTI apps for any LMS, see [Manage Microsoft LMS Gateway for any LMS](manage-microsoft-one-lti.md).
security	Investigate Alerts	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-alerts.md	As needed for in-process incidents, continue your [investigation](investigate-in - [Incidents overview](incidents-overview.md) - [Manage incidents](manage-incidents.md) - [Investigate incidents](investigate-incidents.md) +- [Investigate data loss incidents](investigate-dlp.md)
security	Investigate Dlp	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-dlp.md	+ + Title: Investigate data loss incidents with Microsoft 365 Defender +description: Investigate data loss in Microsoft 365 Defender. +keywords: Data Loss Prevention, incidents, alerts, investigate, analyze, response, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365 +f1.keywords: + - NOCSH ++ +ms.localizationpriority: medium + +audience: ITPro + + - M365-security-compliance + +search.appverid: + - MOE150 +ms.technology: m365d + +# Investigate data loss incidents with Microsoft 365 Defender ++ +Applies to: + +- Microsoft 365 Defender + +Incidents for Microsoft Purview Data Loss Prevention (DLP) can now be managed in the Microsoft 365 Defender portal. You can manage DLP incidents along with security incidents from Incidents & alerts \> Incidents on the quick launch of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>. From this page, you can: + +- View all your DLP alerts grouped under incidents in the Microsoft 365 Defender incident queue. +- View intelligent inter-solution (DLP-MDE, DLP-MDO) and intra-solution (DLP-DLP) correlated alerts under a single incident. +- Hunt for compliance logs along with security under Advanced Hunting. +- In-place admin remediation actions on user, file, and device. +- Associate custom tags to DLP incidents and filter by them. +- Filter by DLP policy name, tag, Date, service source, incident status, and user on the unified incident queue. + +You can also use the Microsoft 365 Defender connector in Microsoft Sentinel to pull DLP incidents along with events and evidence into Microsoft Sentinel for investigation and remediation. + +## Licensing requirements + +To investigate Microsoft Purview Data Loss Prevention incidents in the Microsoft 365 Defender portal, you need a license from one of the following subscriptions: + +- Microsoft Office 365 E5/A5 +- Microsoft 365 E5/A5 +- Microsoft 365 E5/A5 Compliance +- Microsoft 365 E5/A5 Security +- Microsoft 365 E5/A5 Information Protection and Governance + +## DLP investigation experience in the Microsoft 365 Defender portal + +Before you start, [turn on alerts for all your DLP policies](/microsoft-365/compliance/dlp-configure-view-alerts-policies#alert-configuration-experience) in the <a href="https://purview.microsoft.com" target="_blank">Microsoft Purview compliance portal</a>. + +1. Go to the Microsoft 365 Defender portal, and select Incidents in the left hand navigation menu to open the incidents page. + +2. Select Filters on the top right, and choose Service Source : Data Loss Prevention to view all incidents with DLP alerts. + +3. Search for the DLP policy name of the alerts and incidents you're interested in. + +4. To view the incident summary page, select the incident from the queue. Similarly, select the alert to view the DLP alert page. + +5. View the Alert story for details about policy and the sensitive information types detected in the alert. Select the event in the Related Events section to see the user activity details. + +6. View the matched sensitive content in the Sensitive info types tab and the file content in the Source tab if you have the required permission (See details <a href="/microsoft-365/compliance/dlp-alerts-dashboard-get-started#roles" target="_blank">here</a>). + +7. You can also use Advanced Hunting to search through audit logs of user, files, and site locations for your investigation. The CloudAppEvents table contains all audit logs across all locations like Sharepoint, OneDrive, Exchange and Devices. + +8. You can also download the email by selecting Actions \> Download email. + +9. For remediation actions on files on SPO or ODB sites, you can see actions like: + + - Apply retention label + - Apply sensitivity label + - Unshare file + - Delete + + For remediation actions, select the User card on the top of the alert page to open the user details. + + For Devices DLP alerts, select the device card on the top of the alert page to view the device details and take remediation actions on the device. + +10. Go to the incident summary page and select Manage Incident to add incident tags, assign, or resolve an incident. + +## DLP investigation experience in Microsoft Sentinel + +You can use the Microsoft 365 Defender connector in Microsoft Sentinel to import all DLP incidents into Sentinel to extend your correlation, detection, and investigation across other data sources and extend your automated orchestration flows using SentinelΓÇÖs native SOAR capabilities. + +1. Follow instructions on Connect data from Microsoft 365 Defender to Microsoft Sentinel to import all incidents including DLP incidents and alerts into Sentinel. Enable `CloudAppEvents` event connector to pull all O365 audit logs into Sentinel. + + You should be able to see your DLP incidents in Sentinel once the above connector is set up. + +2. Select Alerts to view the alert page. + +3. You can use AlertType, startTime, and endTime to query the CloudAppEvents table to get all the user activities that contributed to the alert. Use this query to identify the underlying activities: + +```kusto +let Alert = SecurityAlert +\| where TimeGenerated > ago(30d) +\| where SystemAlertId == "" // insert the systemAlertID here +CloudAppEvents +\| extend correlationId = parse_json(tostring(RawEventData.Data)).cid +\| join kind=inner Alert on $left.correlationId == $right.AlertType +\| where RawEventData.CreationTime > StartTime and RawEventData.CreationTime < EndTime +``` + +## Related articles + +- [Incidents overview](incidents-overview.md) +- [Prioritize incidents](incident-queue.md) +- [Manage incidents](manage-incidents.md)
security	Microsoft 365 Security Center Defender Cloud Apps	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps.md	+ + Title: Microsoft Defender for Cloud Apps in Microsoft 365 Defender +description: Learn about changes from the Microsoft Defender for Cloud Apps to Microsoft 365 Defender +keywords: Getting started with Microsoft 365 Defender, Microsoft Defender for Cloud Apps +ms.mktglfcycl: deploy +ms.localizationpriority: medium +f1.keywords: +- NOCSH +++ Last updated : 05/03/2022 +audience: ITPro + +search.appverid: +- MOE150 +- MET150 + +- M365-security-compliance +++ +# Microsoft Defender for Cloud Apps in Microsoft 365 Defender ++ +Applies to: + +- [Microsoft 365 Defender](microsoft-365-defender.md) +- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/) + +Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. + +SOC analysts will be able to triage, investigate and hunt across all Microsoft 365 Defender workloads, including cloud apps. +Defender for Cloud Apps alerts will continue to appear in Microsoft 365 DefenderΓÇÖs incidents queue and alerts queue, but now with relevant content inside the alert pages available in the Microsoft 365 Defender portal, in a unified format with the proper adaptations to each alerts type. + +Take a look in Microsoft 365 Defender at <https://security.microsoft.com>. + +Learn more about the benefits: [Overview of Microsoft 365 Defender](microsoft-365-defender.md). + +## Quick reference + +The image and the table below lists the changes in navigation between Microsoft Defender for Cloud Apps and Microsoft 365 Defender. + +> [!NOTE] +> Some pages have not yet been migrated and should be accessed from the Defender for Cloud Apps portal. + +> [!div class="mx-imgBorder"] +> :::image type="content" source="../../media/defender-cloud-apps-m365-defender.png" alt-text="The new locations in the Microsoft 365 Defender portal" lightbox="../../media/defender-cloud-apps-m365-defender.png"::: + +\| Defender for Cloud Apps \| Microsoft 365 Defender \| +\|\|\| +\| Cloud Discover dashboard \| Cloud apps -> Cloud discovery \| +\| Discovered Apps \| tab on Cloud Discovery page \| +\| Discovered resources \| tab on Cloud Discovery page \| +\| IP addresses \| tab on Cloud Discovery page \| +\| Users \| tab on Cloud Discovery page \| +\| Devices \| tab on Cloud Discovery page \| +\| Cloud app catalog \| Cloud apps -> Cloud app catalog \| +\| Create Cloud Discovery snapshot report \| On the Cloud Discovery page, under Actions \| +\| Activity log \| Cloud apps -> Activity log \| +\| Files \| remaining in Defender for Cloud Apps portal \| +\| Users and accounts \| Assets -> Identities \| +\| Security configuration \| remaining in Defender for Cloud Apps portal \| +\| Identity security posture \| remaining in Defender for Cloud Apps portal \| +\| OAuth apps \| Cloud apps -> OAuth apps \| +\| Connected apps \| remaining in Defender for Cloud Apps portal \| + +## What's changed + +Learn about the changes that have come with the integration of Defender for Cloud Apps and Microsoft 365 Defender. + +### Global search + +Global search in Microsoft 365 Defender (using the search bar at the top of the page) now includes an additional searchable entity: it allows you to search for connected apps in Defender for Cloud Apps. ++ +### Assets and identities + +As part of the creation of a dedicated Assets section that spans the entire Microsoft 365 Defender experience, the Users and Accounts section of Defender for Cloud Apps is rebranded as the Identities section. No changes to functionality are expected. + +## Related information + +- [Microsoft 365 Defender](microsoft-365-defender.md)
security	Supported Event Types	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/supported-event-types.md	The Event Streaming API is constantly being expanded to support more event types The following table only includes the list of the tables supported in the streaming API, and is not inclusive of all AH schema. For a full list of the API see, [Learn the schema tables](advanced-hunting-schema-tables.md#learn-the-schema-tables). - -\| Table name \| Status \| -\|\|-\| -\| [AlertEvidence](advanced-hunting-alertevidence-table.md) \| GA \| -\| [AlertInfo](advanced-hunting-alertinfo-table.md) \| GA \| -\| [DeviceEvents](advanced-hunting-deviceevents-table.md) \|GA \| -\| [DeviceFileCertificateInfo](advanced-hunting-DeviceFileCertificateInfo-table.md) \|GA \| -\| [DeviceFileEvents](advanced-hunting-devicefileevents-table.md) \| GA \| -\| [DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md) \| GA \| -\| [DeviceInfo](advanced-hunting-deviceinfo-table.md) \| GA \| -\| [DeviceLogonEvents](advanced-hunting-devicelogonevents-table.md) \| GA \| -\| [DeviceNetworkEvents](advanced-hunting-devicenetworkevents-table.md) \|GA \| -\| [DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md) \| GA \| -\| [DeviceProcessEvents](advanced-hunting-deviceprocessevents-table.md) \| GA \| -\| [DeviceRegistryEvents](advanced-hunting-deviceregistryevents-table.md) \| GA \| -\| [EmailAttachmentInfo](advanced-hunting-emailattachmentinfo-table.md) \| GA \| -\| [EmailEvents](advanced-hunting-emailevents-table.md) \| GA \| -\| [EmailPostDeliveryEvents](advanced-hunting-emailpostdeliveryevents-table.md) \| GA \| -\| [EmailUrlInfo](advanced-hunting-emailurlinfo-table.md) \| GA \| -- +\| Table name \| Status<br>(Commercial) \| GCC \| GCC High \| DoD \| +\|-\|-\|-\|-\|-\| +\| [AlertEvidence](advanced-hunting-alertevidence-table.md) \| GA \| GA \| GA \| GA \| +\| [AlertInfo](advanced-hunting-alertinfo-table.md) \| GA \| GA \| GA \| GA \| +\| [DeviceEvents](advanced-hunting-deviceevents-table.md) \|GA \| GA \| GA \| GA \| +\| [DeviceFileCertificateInfo](advanced-hunting-DeviceFileCertificateInfo-table.md) \|GA \| GA \| GA \| GA \| +\| [DeviceFileEvents](advanced-hunting-devicefileevents-table.md) \| GA \| GA \| GA \| GA \| +\| [DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md) \| GA \| GA \| GA \| GA \| +\| [DeviceInfo](advanced-hunting-deviceinfo-table.md) \| GA \| GA \| GA \| GA \| +\| [DeviceLogonEvents](advanced-hunting-devicelogonevents-table.md) \| GA \| GA \| GA \| GA \| +\| [DeviceNetworkEvents](advanced-hunting-devicenetworkevents-table.md) \|GA \| GA \| GA \| GA \| +\| [DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md) \| GA \| GA \| GA \| GA \| +\| [DeviceProcessEvents](advanced-hunting-deviceprocessevents-table.md) \| GA \| GA \| GA \| GA \| +\| [DeviceRegistryEvents](advanced-hunting-deviceregistryevents-table.md) \| GA \| GA \| GA \| GA \| +\| [EmailAttachmentInfo](advanced-hunting-emailattachmentinfo-table.md) \| GA \|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\| +\| [EmailEvents](advanced-hunting-emailevents-table.md) \| GA \|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\| +\| [EmailPostDeliveryEvents](advanced-hunting-emailpostdeliveryevents-table.md) \| GA \|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\| +\| [EmailUrlInfo](advanced-hunting-emailurlinfo-table.md) \| GA \|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\| +\| [IdentityLogonEvents](advanced-hunting-identitylogonevents-table.md)\|GA\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\| +\| [IdentityQueryEvents](advanced-hunting-identityqueryevents-table.md)\|GA\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\| +\| [IdentityDirectoryEvents](advanced-hunting-identitydirectoryevents-table.md)\|GA\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\| +\| [CloudAppEvents](advanced-hunting-cloudappevents-table.md)\|GA\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|![No](../defender-endpoint/images/svg/check-no.svg)\|
security	Usgov	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/usgov.md	These are the known gaps: \|Feature name\|GCC\|GCC High\|DoD\| \|\|::\|::\|::\| -\|Integrations: Microsoft Sentinel (Incidents & Raw data)\|![Yes](../defender-endpoint/images/svg/check-yes.svg)\|![Yes](../defender-endpoint/images/svg/check-yes.svg) In private preview\|![Yes](../defender-endpoint/images/svg/check-yes.svg) In private preview\| +\|Integrations: Microsoft Sentinel (Incidents & Raw data)\|![Yes](../defender-endpoint/images/svg/check-yes.svg) In public preview\|![Yes](../defender-endpoint/images/svg/check-yes.svg) In public preview\|![Yes](../defender-endpoint/images/svg/check-yes.svg) In public preview\| \|Microsoft Threat Experts\|![No](../defender-endpoint/images/svg/check-no.svg) On engineering backlog\|![No](../defender-endpoint/images/svg/check-no.svg) On engineering backlog\|![No](../defender-endpoint/images/svg/check-no.svg) On engineering backlog\| +For detailed list of Event Streaming API tables, see [Microsoft 365 Defender streaming event types supported in Event Streaming API](supported-event-types.md). + ## More details For more information, see the individual workloads US Gov pages:+ - [Microsoft Defender for Cloud Apps](/enterprise-mobility-security/solutions/ems-cloud-app-security-govt-service-description). - [Microsoft Defender for Identity](/enterprise-mobility-security/solutions/ems-mdi-govt-service-description). - [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/gov).
security	Admin Submission	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md	The reported message will be marked as a false positive or a false negative. An When you're finished, click Apply. > [!div class="mx-imgBorder"] - > :::image type="content" source="../../media/admin-submission-customize-columns.png" alt-text="The New Customize column options for admin submissions" lightbox="../../media/email-admin-submission-customize-columns.png"::: + > :::image type="content" source="../../media/email-admin-submission-customize-columns.png" alt-text="The New Customize column options for admin submissions" lightbox="../../media/email-admin-submission-customize-columns.png"::: - To filter the entries, click Filter. The available filters are: - Date submitted: Start date and End date. The reported message will be marked as a false positive or a false negative. An When you're finished, click Apply. > [!div class="mx-imgBorder"] - > :::image type="content" source="../../media/admin-submission-filters.png" alt-text="The New Filter options for admin submissions" lightbox="../../media/email-admin-submission-filters.png"::: + > :::image type="content" source="../../media/email-admin-submission-filters.png" alt-text="The New Filter options for admin submissions" lightbox="../../media/email-admin-submission-filters.png"::: - To group the entries, click Group and select one of the following values from the dropdown list: - None If you've deployed the [Report Message add-in](enable-the-report-message-add-in. Once a user submits a suspicious email to the custom mailbox, the user and admin don't have an option to undo the submission. If the user would like to recover the email, it will be available for recovery in the Deleted Items or Junk Email folders. -### Converting user reported messages from the custom mailbox into an admin submission +### Convert user reported messages from the custom mailbox into an admin submission If you've configured the custom mailbox to intercept user-reported messages without sending the messages to Microsoft, you can find and send specific messages to Microsoft for analysis.
security	Tenant Allow Block List	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list.md	This article describes how to configure entries in the Tenant Allow/Block List i - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell). -- You need to be assigned permissions in Exchange Online before you can do the procedures in this article: - - To add and remove values from the Tenant Allow/Block List, you need to be a member of - - Organization Management or Security Administrator role group (Security admin role) - - Security Operator role group (Tenant AllowBlockList Manager). - - For read-only access to the Tenant Allow/Block List, you need to be a member of - - Global Reader role group - - Security Reader role group - - View-Only Configuration role group. +- You need to be assigned permissions in Exchange Online before you can do the procedures in this article: + - To add and remove entries from the Tenant Allow/Block List, you need to be a member of one of the following role groups: + - Organization Management (the Security admin role). + - Security Administrator (the Security admin role). + - Security Operator (the Tenant AllowBlockList Manager role). + + - For read-only access to the Tenant Allow/Block List, you need to be a member of one of the following role groups: + - Global Reader role group. + - Security Reader role group. + - View-Only Configuration role group. For more information, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo). For example, you add an allow entry for the following domain pair: Only messages from that domain and sending infrastructure pair are allowed to spoof. Other senders attempting to spoof gmail.com aren't allowed. Messages from senders in other domains originating from tms.mx.com are checked by spoof intelligence. - ## What to expect after you add an allow or block entry After you add an allow entry through the Submissions portal or a block entry in the Tenant Allow/Block List, the entry should start working immediately.
solutions	Identity Design Principles	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/identity-design-principles.md	Title: Microsoft 365 enterprise resource planning - Security architecture + Title: To identity and beyondΓÇöOne architect's viewpoint description: Learn about top design strategies for Microsoft Enterprise architecture from Alex Shteynberg, Technical Principal Architect at Microsoft.