+ Title: "Microsoft 365 admin center Viva Goals activity reports"

+audience: Admin

+ms.localizationpriority: medium

+- Tier2

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- Adm_NonTOC

+search.appverid:

+- BCS160

+- MET150

+- MOE150

+- GEA150

+description: "Learn how to get a Microsoft 365 Apps for usage report to learn more about user adoption of Viva Goals."

+# Microsoft 365 Reports in the admin center - Viva Goals activity

+The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill to individual product level reports to give you more granular insight about the activities within each product. Check out the [Reports overview topic](activity-reports.md).

+In the Viva Goals report, you can understand the activity of every Viva Goals user in your organization. It also helps you to understand the level of collaboration going on by looking at the active usage and number of OKRs created.

+## How do I get to the Viva Goals activity report?

+1. In the admin center, go to the **Reports**, and then select **Usage**.

+2. Find **Viva Goals page**.

+## Interpret the Viva Goals report

+You can use this report to see the activity and usage of Viva Goals in your organization. You see the following summary charts in this report:

+**Active users** shows you the number of daily active users on each day over time. This includes Viva Goals on the web and Teams app usage.

+**Active self-service users** shows you the number of daily active users with self-service license each day over time.

+**Active users by client type** shows you the number of daily active users on each day over time, displayed by client type (Viva Goals for the Web, Viva Goals on Teams, Viva Goals on Azure DevOps, and more.)

+**User actions by activities** shows you the daily number of actions created or edited over time by Viva Goals users. This includes Viva Goals on all client types.

+**Active Viva Goals organizations** shows you the daily active organizations each day over time. This includes all the activities in a Viva Goals organization.

+The report also has a table that shows activity for each Viva Goals user in your organization.

+Select Choose Columns to add or remove columns from the table.

+You can also export the report data into an Excel .csv file by selecting the Export link. This exports the Viva Goals usage data of all users and enables you to do simple sorting and filtering for further analysis.

+The Viva Goals report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. If you select a particular day in the report, the per user data table will be updated accordingly to display users' usage on that day. However, this feature only works for the most recent 28 days.

+## User activity table

+|Item |Description |

+|||

+|User name |The user's principal name. |

+|Display name |The full name of the user. |

+|Last activity date |The latest date the user in that row had activity in Viva Goals, including any of the activities. |

+|Is self-serve trial |Indicates whether the user has a self-serve trial license |

+|Microsoft Teams |Indicates whether the user uses the Viva Goals app on Microsoft Teams |

+|Slack |Indicates whether the user uses the Viva Goals integration on Slack |

+|Azure DevOps |Indicates whether the user uses the Viva Goals integration on Azure DevOps |

+|Web |Indicates whether the user uses Viva Goals on web |

+|Check-ins |Number of check-ins done by the user on Viva Goals within the time range selected |

+|OKRs created |Number of OKRs created by the user on Viva Goals within the time range selected |

+|Projects created |Number of Projects created by the user on Viva Goals within the time range selected |

+|OKR engagement |Number of reactions on the OKRs by the user on Viva Goals within the time range selected |

+|Dashboards created |Number of Dashboards created by the user on Viva Goals within the time range selected |

+If you get a message in the admin center that you don't have permissions to edit a setting or page, it's because you're assigned a role that doesn't have that permission. Talk to another admin to assign you the correct permissions or see [Assign admin roles](assign-admin-roles.md) to assign yourself the correct role.

+As the admin, you may have company requirements to allow some users access to another user's mailbox. For example, you may want to enable an assistant to send or read email from their manager's mailbox. Or you may want to give one of your users the ability to send email on behalf of another user.

+## Set up mailbox permissions

+The first step to setting up permissions is deciding which actions you want to allow the other user to take in the given mailbox. You can allow a user to read emails from the mailbox, send emails on behalf of another user, and send emails as if they were sent from that mailbox. Permissions can only be set up within the current organization. It's not possible to set up mailbox permissions for users in another organization. Read the sections below for the task you want to complete:

+> Once you've set up the permissions, it can take up to 60 minutes for the changes to propagate through the system and be in effect.

+

+### Access another person's mailbox

+

+There are a few different ways to access a mailbox once you've given permission and access. See the [Access another person's mailbox](https://support.microsoft.com/office/A909AD30-E413-40B5-A487-0EA70B763081) article for the steps.

+3. On the **Mail** tab, select **Send as permissions**.

+4. Select **Add permissions**, then choose the name of the person who you want this user to be able to send as.

+5. Select **Add**.

+1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=850628" target="_blank">Active users</a> page.

+3. Next to **Send as**, select **Edit**.

+4. Select **Add permissions**, then choose the name of the person who you want this user to be able to send as.

+3. On the **Mail** tab, select **Read and manage permissions**.

+4. Select **Add permissions**, then choose the name of the user or users that you want to allow to read email from this mailbox.

+5. Select **Add**.

+3. On the **Mail** tab, select **Send on behalf of permissions**.

+4. Select **Add permissions**, then choose the name of the user or users that you want to allow to send email on behalf of this mailbox.

+5. Select **Add**.

+1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=850628" target="_blank">Active users</a> page.

+Compliance Manager helps you automatically assess and manage compliance across your multicloud environment. The assessments you build are based on templates that correspond to governmental regulations and industry standards around the world.

+Your licensing agreement to use Compliance Manager may include one or more built-in regulatory templates for building assessments. An extensive library of premium regulations is also available for building assessments specific to your organizationΓÇÖs needs. To try out these regulatory templates before purchasing licenses, sign up for the free Compliance Manager premium assessments trial.

+You can sign up for a trial in the Microsoft Purview compliance portal using the **Trials** link in the left navigation pane. Select the **Compliance Manager premium assessment trial** to start the trial. This premium assessment trial is available to organizations using Compliance Manager under a commercial license. For GCC and DOD information and trial options, see [Working with Compliance Manager templates](compliance-manager-templates.md).

+Starting your one-time trial for premium assessments gives you the right to use 25 premium regulatory templates of your choice for free for 90 days. You can create as many assessments from the 25 templates as you wish.

+After you start your trial, go to your **Assessments** tab in Compliance Manager and view the **Activated/Regulations** counter to see how many regulation templates are available and are in use. This counter shows your 25 licensed regulatory templates. As you create assessments for these regulations, your activated number updates. Multiple assessments based on the same regulation count as one regulatory template use. For more information, see [Learn about regulations in Compliance Manager](compliance-manager-templates.md).

+Throughout your trial, you can review the **Trial summary** section of the **Overview** page in Compliance Manager to see how many assessments youΓÇÖve created, how many improvement actions youΓÇÖve taken, how that has contributed to your compliance score, and how much time remains in your trial. From here, you can also review the list of available regulations and learn more about purchasing them for ongoing use.

+After your trial ends, the regulatory templates you used won't receive automatic updates and may fall out of date with any regulatory changes. We recommend that you delete assessments built from regulatory templates that you donΓÇÖt intend to purchase.

+| **Service**| A data source, such as Microsoft Azure or Amazon Web Services (AWS); or more broadly, the digital entity thatΓÇÖs being assessed and that benefits from the actions taken. For an assessment, you designate the service that it should evaluate. Completing an improvement action in the assessment benefits the service. |

+| **Service instance**| For Compliance Manager connectors, each service instance represents an account with a non-Microsoft service provider. For example, an organization may have multiple accounts in Salesforce, such as one for development and testing, one for production, etc. Connectors are set up for each service instance using one email address and password. So an organization may have several connectors for one service, which enables the organization to monitor assessment progress across all instances of a service. |

+| **Subscription**| A type of account to create, assess, and manage a service covered by Microsoft Defender for Cloud, such as Azure, Google Cloud Platform, or Amazon Web Services. Examples: an Azure account for development and testing purposes, an Azure account for production, etc. |

+Use these procedures to access the [Business justification X-Header](dlp-policy-reference.md#business-justification-x-header).

+### DLP Activity Explorer and reports

+The Activity explorer tab on the DLP page has the *Activity* filter preset to *DLPRuleMatch*. Use this tool to review activity related to content that contains sensitive info or has labels applied, such as what labels were changed, files were modified, and matched a rule.

+<!---->

+You can view the last 30 days of DLP information in [Activity Axplorer](data-classification-activity-explorer.md) using these preconfigured filters:

+- Endpoint DLP activities

+- Files containing sensitive info types

+- Egress activities

+- DLP policies that detected activities

+- DLP policy rules that detected activities

+You can also access DLP report using via these cmdlets in the Security & Compliance PowerShell.

+1. [Connect to Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell)

+Use these cmdlets:

+[Get-DlpDetailReport](/powershell/module/exchange/get-dlpdetailreport)

+[Get-DlpDetectionsReport](/powershell/module/exchange/get-dlpdetectionsreport)

+[Get-DlpSiDetectionsReport](/powershell/module/exchange/get-dlpsidetectionsreport)

+However, DLP reports need pull data from across Microsoft 365, including Exchange Online. For this reason, the following cmdlets for DLP reports are available in Exchange Online Powershell. To use the cmdlets for these DLP reports, do these steps:

+1. [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell)

+Use these cmdlets:

+[Get-DlpDetailReport](/powershell/module/exchange/get-dlpdetailreport)

+[Get-MailDetailDlpPolicyReport](/powershell/module/exchange/get-maildetaildlppolicyreport)

+>

+> - When emails are encrypted with Microsoft Purview Message Encryption and the policy used to detect them uses the detect encryption condition policy tips will not appear.

+> - Poicy tips that rely on conditions which evaluate custom X-headers will not display for Outlook on the Web messages because the transport service on the mailbox servers insert custom X-header values after the policy tips are evaluated.

+Unrestricted administrators can manage all policies and see all the alerts and events that flow from policy matches into the [Alerts dashboard](dlp-alerts-dashboard-learn.md#learn-about-the-data-loss-prevention-alerts-dashboard) and [DLP Activity Explorer](dlp-learn-about-dlp.md#dlp-activity-explorer-and-reports).

+When a user overrides a block with override action on an email, the override option and the text that they provide are stored in the [Audit log](/microsoft-365/compliance/audit-solutions-overview.md) and in the email X-header. To view the business justification overrides [search the audit log in the compliance portal](audit-log-search.md) for `ExceptionInfo` value for the details. Here's an example of the audit log values:

+|**Outlook On the Web**|:::image type="icon" source="../medi)|

+When you deploy a new policy, [you should run it in test mode,](dlp-overview-plan-for-dlp.md#policy-deployment) and then use the [alerts](dlp-alerts-dashboard-learn.md) to assess the impact. Test mode allows you to see the impact of an individual policy on all the items that are in the policies scope. You use it to find out what items match a policy.

+description: "With Microsoft 365, your content is encrypted at rest and in transit with the strongest encryption, protocols, and technologies available. Get an overview of encryption in Office 365."

+Encryption is an important part of your file protection and information protection strategy. This article provides an overview of encryption for Microsoft 365. Get help with encryption tasks like how to set up encryption for your organization and how to password-protect Office documents.

+- For information about certificates and technologies like TLS, see [Technical reference details about encryption in Microsoft 365](technical-reference-details-about-encryption.md).

+- For information about how to configure or set up encryption for your organization, see [Set up encryption in Microsoft 365 Enterprise](set-up-encryption.md).

+## What is encryption, and how does it work in Microsoft 365?

+ **Examples of data in transit** include mail messages that are in the process of being delivered, or conversations that are taking place in an online meeting. In Microsoft 365, data is in transit whenever a user's device is communicating with a Microsoft server, or when a Microsoft server is communicating with another server.

+|Files on a device. These files can include email messages saved in a folder, Office documents saved on a computer, tablet, or phone, or data saved to the Microsoft cloud.|BitLocker in Microsoft datacenters. BitLocker can also be used on client machines, such as Windows computers and tablets<br/>Distributed Key Manager (DKM) in Microsoft datacenters<br/>Customer Key for Microsoft 365|[Windows IT Center: BitLocker](/windows/device-security/bitlocker/bitlocker-overview)<br/>[Microsoft Trust Center: Encryption](https://www.microsoft.com/TrustCenter/Security/Encryption)<br/>[Cloud security controls series: Encrypting Data at Rest](https://blogs.microsoft.com/microsoftsecure/2015/09/10/cloud-security-controls-series-encrypting-data-at-rest)<br/>[How Exchange Online secures your email secrets](exchange-online-secures-email-secrets.md)<br/>[Service encryption with Customer Key](customer-key-overview.md)|

+|Files in transit between users. These files can include Office documents or SharePoint list items shared between users.|TLS for files in transit|[Data Encryption in OneDrive for Business and SharePoint Online](data-encryption-in-odb-and-spo.md)<br/>[Skype for Business Online: Security and Archiving](/office365/servicedescriptions/skype-for-business-online-service-description/skype-for-business-online-features)|

+|Email in transit between recipients. This email includes email hosted by Exchange Online.|Microsoft Purview Message Encryption with Azure Rights Management, S/MIME, and TLS for email in transit|[Message Encryption](ome.md)<br/>[Email encryption in Office 365](email-encryption.md)<br/>[How Exchange Online uses TLS to secure email connections in Office 365](exchange-online-uses-tls-to-secure-email-connections.md)|

+|Chats, messages, and files in transit between recipients using Microsoft Teams.|Teams uses TLS and MTLS to encrypt instant messages. Media traffic is encrypted using Secure RTP (SRTP). Teams uses FIPS (Federal Information Processing Standard) compliant algorithms for encryption key exchanges.|[Encryption for Teams](/microsoftteams/teams-security-guide#encryption-for-teams)|

+## Microsoft 365 Crypto Update

+In late August 2023, Microsoft Purview Information Protection will begin to use Advanced Encryption Standard (AES) with 256-bit key length in Cipher Block Chaining mode (AES256-CBC). By October 2023, AES256-CBC will be the default for encryption of Microsoft 365 Apps documents and emails. You may need to take action to support this change in your organization. For more information, see [Technical reference details about encryption](technical-reference-details-about-encryption.md).

+- Generates detailed activity reports so that you can track things like who shared the content with people outside your organization and when they did it. You can use the [audit log data](audit-log-search.md) (where **Activity** = **DLP**) to see this information.

+[](https://compliance.microsoft.com)

+| <br> Manage retention and deletion of high-value items for business, legal, or regulatory record-keeping requirements. <p> [Privacy risk management](/privacy/priva/priva-overview) <br> Proactively identify and protect against privacy risks such as data hoarding, problematic data transfers, and data oversharing with Microsoft Priva. <p> [Subject rights requests](/privacy/priva/subject-rights-requests) <br> Help alleviate the complexity and length of time involved in responding to data subject inquires with [Microsoft Priva](/privacy/priva/priva-overview). |

+To see the results of this policy, use [DLP Activity Explorer](dlp-learn-about-dlp.md#dlp-activity-explorer-and-reports).

+To see the results of this policy, use [DLP Activity Explorer](dlp-learn-about-dlp.md#dlp-activity-explorer-and-reports).

+> You can't recover or restore an inactive mailbox that's configured with an auto-expanding archive. If, for compliance reasons, you need to recover data from an inactive mailbox with an auto-expanding archive, use content search to export the data from the mailbox. This action is supported for eDiscovery purposes only, and can't be used as a backup solution. For instructions to use content search for the recovery of data for eDiscovery, see following articles:

+- If your chosen flow uses an [environment type other than Default](/power-platform/admin/environments-overview#types-of-environments), you must use [PowerShell to create the retention label](/powershell/module/exchange/new-compliancetag), and use the *FlowId* parameter.

+Refer to this article to learn about certificates, technologies, and TLS cipher suites used for [encryption in Microsoft 365](encryption.md). This article also provides details about planned deprecations.

+- If you're looking for overview information, see [Encryption in Microsoft 365](encryption.md).

+- If you're looking for setup information, see [Set up encryption in Microsoft 365 Enterprise](set-up-encryption.md).

+## FIPS compliance for Microsoft 365

+## AES256-CBC support for Microsoft 365

+In late August 2023, Microsoft Purview Information Protection will begin to use Advanced Encryption Standard (AES) with 256-bit key length in Cipher Block Chaining mode (AES256-CBC). By October 2023, AES256-CBC will be the default for encryption of Microsoft 365 Apps documents and emails. You may need to take action to support this change in your organization.

+### Who is impacted and what do I need to do?

+Use this table to figure out if you have to take action:

+|**Client applications**|**Service applications**|**Action required?**|**What do I need to do?**|

+|:--|:--|:--|:--|

+|Microsoft 365 Apps|Exchange Online, SharePoint Online |No|N/A|

+|Office 2013, 2016, 2019, or 2021|Exchange Online, SharePoint Online| Yes (Optional)| See [Set up Office 2013, 2016, 2019, or 2021 for AES256-CBC mode](#set-up-office-2013-2016-2019-or-2021-for-aes256-cbc-mode). |

+|Microsoft 365 Apps|Exchange Server or hybrid|Yes (Mandatory)| See [Set up Exchange Server for AES256-CBC support](#set-up-exchange-server-for-aes256-cbc-support).|

+|Office 2013, 2016, 2019, or 2021|Exchange Server or hybrid| Yes (Mandatory)| Complete [Option 1](#option-1) (required), and then see [Set up Office 2013, 2016, 2019, or 2021 for AES256-CBC mode](#set-up-office-2013-2016-2019-or-2021-for-aes256-cbc-mode). |

+|Microsoft 365 Apps|MIP SDK|Yes (Optional)| See [Set up MIP SDK for AES256-CBC support](#set-up-mip-sdk-for-aes256-cbc-support).|

+|Any|SharePoint Server|No|N/A|

+#### Set up Office 2013, 2016, 2019, or 2021 for AES256-CBC mode

+You need to configure Office 2013, 2016, 2019, or 2021 to use AES256-CBC mode using Group Policy, or by using the Cloud Policy service for Microsoft 365. Starting with version 16.0.16327 of Microsoft 365 Apps, CBC mode is used by default. Use the `Encryption mode for Information Rights Management (IRM)` setting under `User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings`.

+For example, to force CBC mode, select the group policy setting as follows:

+Encryption mode for Information Rights Management (IRM): [1, Cipher Block Chaining (CBC)]

+#### Set up Exchange Server for AES256-CBC support

+Exchange Server doesn't support decrypting content that uses AES256-CBC. To work around this problem, you have two options.

+##### Option 1

+Customers using Exchange Online with the Azure Rights Management Connector service deployed will be opted out of the AES256-CBC publishing change in both Exchange Online and SharePoint Online.

+To move to AES256-CBC mode, complete these steps:

+1. Install the hotfix on your Exchange Servers when it becomes available. For the most recent information about ship dates, see the [Microsoft 365 product roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=117576).

+1. If you're using Exchange Server with the Azure Rights Management Connector Service, you'll need to run the GenConnectorConfig.ps1 script on each Exchange server. For more information, see [Configure servers for the Rights Management connector](/azure/information-protection/configure-servers-rms-connector). To download the Azure RMS connector, see the [official Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40839)

+Once your organization has installed the patch across all of your Exchange Servers, open a support case and request these services to be enabled for AES256-CBC publishing.

+##### Option 2

+This option gives you some extra time before you need to patch all of your Exchange servers. Use this option if you're unable to complete the steps in [option 1](#option-1) when the hotfix becomes available. Instead, deploy group policy or client settings that force Microsoft 365 clients to keep using AES128-ECB mode. Deploy this setting using Group Policy, or by using the Cloud Policy service for Microsoft 365. You can configure Office and Microsoft 365 Apps for Windows to use ECB or CBC mode with the `Encryption mode for Information Rights Management (IRM)` setting under `User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings`. Starting with version 16.0.16327 of Microsoft 365 Apps, CBC mode is used by default.

+For example, to force EBC mode for Windows clients, set the group policy setting as follows:

+Encryption mode for Information Rights Management (IRM): [2, Electronic Codebook (ECB)]

+To configure settings for Office for Mac clients, see [Set suite-wide preferences for Office for Mac](/deployoffice/mac/preferences-office).

+As soon as you can, complete the steps in [option 1](#set-up-exchange-server-for-aes256-cbc-support).

+#### Set up MIP SDK for AES256-CBC support

+Update to MIP SDK 1.13 or later. If you choose to update to MIP SDK 1.13, you'll need to configure a setting to force AES256-CBC. For more information, see the [MIP SDK Version 1.13.158 Critical Update](/information-protection/develop/version-release-history). Later versions of the MIP SDK will protect Microsoft 365 files and email with AES256-CBC by default.

+## Versions of TLS supported by Microsoft 365

+TLS, and SSL that came before TLS, are cryptographic protocols that secure communication over a network by using security certificates to encrypt a connection between computers. Microsoft 365 supports TLS version 1.2 (TLS 1.2).

+Some of the services continue to support TLS version 1.3 (TLS 1.3).

+Since October 31, 2018, Microsoft 365 no longer supports the use of 3DES cipher suites for communication to Microsoft 365. More specifically, Microsoft 365 no longer supports the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Since February 28, 2019, this cipher suite has been disabled in Microsoft 365. Clients and servers that communicate with Microsoft 365 must support one or more of the supported ciphers. For a list of supported ciphers, see [TLS cipher suites supported by Microsoft 365](#tls-cipher-suites-supported-by-microsoft-365).

+## Deprecating SHA-1 certificate support in Microsoft 365

+Since June 2016, Microsoft 365 no longer accepts an SHA-1 certificate for outbound or inbound connections. Use SHA-2 (Secure Hash Algorithm 2) or a stronger hashing algorithm in the certificate chain.

+## TLS cipher suites supported by Microsoft 365

+TLS uses *cipher suites*, collections of encryption algorithms, to establish secure connections. Microsoft 365 supports the cipher suites listed in the following table. The table lists the cipher suites in order of strength, with the strongest cipher suite listed first.

+Microsoft 365 responds to a connection request by first attempting to connect using the most secure cipher suite. If the connection doesn't work, Microsoft 365 tries the second most secure cipher suite in the list, and so on. The service continues down the list until the connection is accepted. Likewise, when Microsoft 365 requests a connection, the receiving service chooses whether to use TLS and which cipher suite to use.

+| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDH/192 | Yes | AES/256 | RSA/112 |

+| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDH/128 | Yes | AES/128 | RSA/112 |

+| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDH/192 | Yes | AES/256 | RSA/112 |

+| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDH/128 | Yes | AES/128 | RSA/112 |

+| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDH/192 | Yes | AES/256 | RSA/112 |

+| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDH/128 | Yes | AES/128 | RSA/112 |

+| TLS_RSA_WITH_AES_256_GCM_SHA384 | RSA/112 | No | AES/256 | RSA/112 |

+| TLS_RSA_WITH_AES_128_GCM_SHA256 | RSA/112 | No | AES/256 | RSA/112 |

+| Protocols | Cipher suite name | Key exchange algorithm/strength | Forward secrecy | Cipher/strength | Authentication algorithm/strength |

+| TLS 1.0, 1.1, 1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDH/192 | Yes | AES/256 | RSA/112 |

+| TLS 1.0, 1.1, 1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDH/128 | Yes | AES/128 | RSA/112 |

+| TLS 1.0, 1.1, 1.2 | TLS_RSA_WITH_AES_256_CBC_SHA | RSA/112 | No | AES/256 | RSA/112 |

+| TLS 1.0, 1.1, 1.2 | TLS_RSA_WITH_AES_128_CBC_SHA | RSA/112 | No | AES/128 | RSA/112 |

+| TLS 1.0, 1.1, 1.2 | TLS_RSA_WITH_AES_256_CBC_SHA256 | RSA/112 | No | AES/256 | RSA/112 |

+| TLS 1.0, 1.1, 1.2 | TLS_RSA_WITH_AES_128_CBC_SHA256 | RSA/112 | No | AES/256 | RSA/112 |

+Certain Office 365 products (including Microsoft Teams) use [Azure Front Door](/azure/frontdoor/front-door-overview) to terminate TLS connections and route network traffic efficiently. At least one of the [cipher suites supported by Azure Front Door over TLS 1.2](/azure/frontdoor/front-door-faq#what-are-the-current-cipher-suites-supported-by-azure-front-door-) must be enabled to successfully connect to these products. For Windows 10 and above, we recommend enabling one or both of the ECDHE cipher suites for better security. Windows 7, 8, and 8.1 aren't compatible with Azure Front Door's ECDHE cipher suites and the DHE cipher suites have been provided for compatibility with those operating systems.

+- The _Tenant_ _Default Geography_ must be one of the countries included in the _Local Region Geography_ (Australia, Brazil, Canada, France, Germany, India, Japan, Poland, Qatar, South Korea, Norway, South Africa, Sweden, Switzerland, United Arab Emirates, and United Kingdom).

+ Title: "Manage Loop experiences (Loop workspaces and Loop components) in SharePoint"

+recommendations: true

+audience: Admin

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+- Strat_SP_admin

+- Microsoft 365-collaboration

+- Tier3

+search.appverid:

+- SPO160

+- MET150

+description: "Learn how to manage Loop experiences (Loop workspaces and Loop components) by using PowerShell and Cloud Policy."

+# Manage Loop experiences (Loop workspaces and Loop components) in SharePoint

+Loop experiences on Microsoft 365 OneDrive or SharePoint are backed by .fluid or .loop files. IT admins need to manage access to Loop experiences from **BOTH**:

+1. Cloud Policy

+2. SharePoint PowerShell command

+## Requirements

+Just like other Microsoft 365 experiences, Loop also leverages core services across SharePoint and Microsoft 365. To effectively enable Loop experiences or OneDrive and SharePoint files-backed experiences powered by Fluid Framework, follow the instructions in [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) to ensure connections to Loop services.

+#### Microsoft 365 Groups for Cloud Policy

+This section is not required if you choose to apply the Loop settings to all the users in your tenant; however, if you want to scope, you must create or use an existing Microsoft 365 group that defines which users in your organization this policy will apply to. You can learn how to create a Microsoft 365 group by visiting [Create a Microsoft 365 group](/microsoft-365/admin/create-groups/create-groups).

+You'll be able to use this group for the Cloud Policy setup procedure below.

+If you prefer, you can also create other types of groups to use with Cloud Policy. See [learn more about creating groups in the Microsoft 365 admin center](/microsoft-365/admin/email/create-edit-or-delete-a-security-group) or [learn more about creating dynamic groups in AzureAD](/azure/active-directory/external-identities/use-dynamic-groups).

+#### Exchange Online license

+The Loop app currently requires each user to have an Exchange Online license. If not, users will experience failures in the Loop app, be unable to create new Loop workspaces, will not receive notifications or signals when users collaborate and update, and other experiences may also fail.

+#### WebSocket connections

+Loop's near real-time communications are enabled by the core services that run a WebSocket server. Coauthors in the same session need to establish secured WebSocket connections to this service to send and receive collaborative data such as changes made by others, live cursors, presence, etc. These experiences are crucial to Loop, and all the scenarios powered by Fluid framework. So, at the minimum, WebSocket will need to be unblocked from the user's endpoint.

+## Available policy settings

+There are several IT Admin settings provided to enable the Loop app and Loop experiences across Microsoft 365:

+|Configure|Setting Type|Specific Policy|Notes

+|||||

+|Loop app workspaces|Cloud Policy|**Create and view Loop workspaces in Loop**|*Loop app only checks the setting in this row|

+|Loop component experiences across Microsoft 365*|Cloud Policy|**Create and view Loop files in Microsoft apps that support Loop**|Applies to:<br/>- Outlook integration<br/>- Word for the web integration<br/>- Whiteboard integration<br/>Does NOT apply to:<br/>- Loop app<br/>- Teams integration|

+|Outlook integration of Loop experiences|Cloud Policy|**Create and view Loop files in Outlook**|First checks **Create and view Loop files in Microsoft apps that support Loop**, then applies **Create and view Loop files in Outlook** if applicable|

+|Teams integration|SharePoint property|See [Settings management for Loop components in Teams](#settings-management-for-loop-functionality-in-teams)|*Teams only checks the setting in this row|

+## Example configurations

+|Scenario|Policies Configured|

+|||

+|Enable Loop workspaces in the app and Loop components everywhere|**Create and view Loop workspaces in Loop** = Enabled<br/>**Create and view Loop files in Microsoft apps that support Loop** = Enabled<br/>[Teams-only] `Set-SPOTenant -IsLoopEnabled $true`|

+|Enable Loop components everywhere<br/>Disable Loop workspaces in the app during public preview|**Create and view Loop workspaces in Loop** = Disabled<br/>**Create and view Loop files in Microsoft apps that support Loop** = Enabled<br/>[Teams-only] `Set-SPOTenant -IsLoopEnabled $true`|

+|Enable Loop components everywhere, but Disable in eCommunication (Outlook, Teams)<br/>Disable Loop workspaces in the app during public preview|**Create and view Loop workspaces in Loop** = Disabled<br/>**Create and view Loop files in Microsoft apps that support Loop** = Enabled<br/>**Create and view Loop files in Outlook** = Disabled<br/>[Teams-only] `Set-SPOTenant -IsLoopEnabled $false`|

+## Settings management in Cloud Policy

+The Loop experiences (except for Microsoft Teams) check the following Cloud Policy settings. See [Available policy settings](#available-policy-settings) to understand how each app checks these settings:

+- **Create and view Loop files in Microsoft apps that support Loop**

+- **Create and view Loop files in Outlook**

+- **Create and view Loop workspaces in Loop**

+ - Note: this policy was previously mistitled 'Create and view Loop files in Loop'

+See the [Cloud Policy](/deployoffice/admincenter/overview-cloud-policy) setting templates for more information on the settings above.

+> [!TIP]

+> If you're new to Cloud Policy and looking to enable the Loop app for your organization during the public preview, you may appreciate a more step by step document for how to roll out Cloud Policy settings to your tenant. If so, check out this Tech Community blog: [Learn how to enable the Microsoft Loop app, now in Public Preview](https://techcommunity.microsoft.com/t5/microsoft-365-blog/learn-how-to-enable-the-microsoft-loop-app-now-in-public-preview/ba-p/3769013).

+To configure these Cloud Policy settings:

+1. Sign in to https://config.office.com/ with your Microsoft 365 admin credentials.

+2. Select **Customization** from the left pane.

+3. Select **Policy Management**.

+4. Create a new policy configuration or edit an existing one.

+5. In **Choose the scope**, choose either the "all users" option or select the group for which you want to apply the policy. See [Microsoft 365 Groups for Cloud Policy](#microsoft-365-groups-for-cloud-policy) for more information.

+6. In **Configure Settings**, choose one of the settings listed at the top of this section.

+7. In configuration setting, choose one of the following:

+ - For **Create and view Loop files in Microsoft apps that support Loop**

+ - **Enabled**: Loop experience is available to users.

+ - **Disabled**: Loop experience is not available to users.

+ - **Not configured**: Loop experience is available to users.

+ - For **Create and view Loop files in Outlook**

+ - **Enabled**: Loop experience is available to users.

+ - **Disabled**: Loop experience is not available to users.

+ - **Not configured**: Loop experience is available to users.

+ - For **Create and view Loop workspaces in Loop**

+ - **Enabled**: Loop app and creation of workspaces is available to users.

+ - **Disabled**: Loop app creation of workspaces is not available to users.

+ - **Not configured**: Loop app and creation of workspaces is not available to users.

+ - Loop during Public Preview is IT Admin Opt-in by default.

+ - Loop app will still open Loop components when workspaces is disabled. If this is not rolled out to your environment, Loop component will open in Office.com.

+ - Ensure additional [Loop service requirements](#requirements) are met.

+8. Save the policy configuration.

+9. Reassign priority for any security group if required. (If two or more policy configurations are applicable to the same set of users, the one with the higher priority is applied.)

+10. In case you create a new policy configuration or change the configuration for an existing policy, there will be a delay in the change being reflected as follows:

+ - If there were existing policy configurations prior to the change, then it will take 90 mins for the change to be reflected.

+ - If there were no policy configurations prior to the change then it will take 24 hours for the change to be reflected.

+## Settings management for Loop functionality in Teams

+You'll need the latest version of SharePoint PowerShell module to enable or disable Loop experiences in Teams. Loop components default to ON for all organizations. Because Loop components are designed for collaboration, the components are always shared as editable by others, even if your organization is set to default to view-only for other file types. See the Learn more link next to the setting for more details.

+|Experience|SharePoint organization properties|Notes|

+||-||

+|Loop components in Teams|`IsLoopEnabled` (boolean)|This property controls Loop experiences in Microsoft Teams. |

+|Collaborative meeting notes|`IsCollabMeetingNotesFluidEnabled` (boolean)|This property controls the collaborative meeting notes integration in Microsoft Teams.|

+To check your tenant's default file permissions

+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com).

+2. Under Admin centers, select **SharePoint**.

+3. Select **Policies** > **Sharing**, and under **File and folder links**, view your organization's default file permissions.

+To check if Loop components are enabled, run `Get-SPOTenant` without any arguments. Verify the value of IsLoopEnabled is true.

+To enable Loop components in Teams, run `Set-SPOTenant -IsLoopEnabled $true`. The change will take a short time to apply across your organization.

+The feature will be available on Teams Windows Desktop, Mac, iOS, Android, and web. When enabled, users will see a new option for inserting Loop components in the message compose experience for these clients.

+To disable Loop components in Teams, run `Set-SPOTenant -IsLoopEnabled $false`. The change will take a short time to apply across your organization. If your organization has multiple regions (that is, organization URLs), you need to disable loop components for all the regions to have consistent results across the organization.

+## eDiscovery for Loop components

+Loop components created in Teams or Outlook are discoverable and have eDiscovery workflow support using the Microsoft Purview tool. Currently, these files are stored in the creatorΓÇÖs OneDrive and are available for search and collection, and render in review for both eDiscovery (Standard) and eDiscovery (Premium). The HTML offline export format is supported on eDiscovery (Premium). You can also download and re-upload the files to any OneDrive to view them in their native format.

+Microsoft is currently working on a third-party export API solution for Loop components.

+> [!NOTE]

+> The Loop app and content created in the Loop app does not yet support eDiscovery workflows.

+## Related topics

+[Get started with Microsoft Loop - Microsoft Support](https://support.microsoft.com/office/get-started-with-microsoft-loop-9f4d8d4f-dfc6-4518-9ef6-069408c21f0c)

+[Overview of Loop components in Teams](loop-components-teams.md)

+[Use Loop components in Outlook](https://support.microsoft.com/office/9b47c279-011d-4042-bd7f-8bbfca0cb136)

+[Use Loop components in Word for the web](https://support.microsoft.com/office/645cc20d-5c98-4bdb-b559-380c5a27c5e5)

+[Loop components in Whiteboard](https://support.microsoft.com/office/c5f08f54-995e-473e-be6e-7f92555da347)

+ Title: Overview of Loop components in Teams

+audience: Admin

+ms.localizationpriority: medium

+search.appverid: MET150

+ - M365-collaboration

+description: Learn how to manage Loop components in Teams.

+f1.keywords:

+- CSH

+ - NewAdminCenter_Update

+ - chat-teams-channels-revamp

+appliesto:

+ - Microsoft Teams

+# Overview of Loop components in Teams

+Loop components in Teams chat offer a new way to ideate, create, and make decisions together. Send a component - like a table, task list, or paragraph ΓÇö where everyone in your chat can edit inline and see changes as they're made.

+> [!Note]

+> Loop components is the first feature of the [Microsoft Loop app](https://www.microsoft.com/en-us/microsoft-loop) to become available in Teams.

+**Get tasks done faster together.** Crowd-source an agenda, track a group's action items, or take notes collectively. These are just a few scenarios made easier with Loop components.

+**Share components.** In this release, you can share Loop components into different Teams chats. Recipients can edit from wherever they are and see updates instantly no matter where the changes were made.

+**Start in chat, build from there.** Every component you create from Teams chat is automatically saved to a file in OneDrive. So, you might begin collaborating in chat then later move to the file on Office.com, where you have a larger visual space for editing and can add as many components as you like.

+For information on admin settings for Loop components in Teams, see [Manage Loop components in SharePoint](loop-components-sharepoint.md).

+## Clients and platforms

+Available on Teams apps on Windows, Mac, iOS, and Android.

+## Loop components and .fluid files

+Loop components created in Teams are backed by a .fluid (will be changed to .loop in the near future) file stored in the creator's OneDrive. Being a file in OneDrive means that users can create, discover, and manage Loop components (.fluid files) as easily as any Office document.

+## How are .fluid files stored?

+.fluid files appear on Office.com and OneDrive, such as in the Recent and Recommended areas. Users can search for content in .fluid files from Office.com and OneDrive. .fluid files can be restored to previous versions from OneDrive. To create Loop components chat participants must have a OneDrive account. Without a valid OneDrive account, chat participants might still be able to collaborate on a component created by other users who have a valid OneDrive account, but can't create their own.

+Moving a .fluid file from OneDrive to a SharePoint site will result in the live component failing to load in Teams chat.

+## What happens if the owner of the file leaves the company?

+OneDrive retention policies apply to .fluid files just as they do to other content created by the user.

+## How are .fluid files shared?

+Loop components can be inserted in Teams chat or copied from one chat to another. (Loop components aren't yet supported in channels.) They default to the organization's existing permissions, but users can change permissions before sending to ensure everyone has access.

+Opening components from Teams chat in Office.com offers share functionality at the top of the window, similar to the sharing options offered for other Office documents.

+## What if a .fluid file becomes corrupted or damaged?

+Version History allows you to review, restore, or copy from previous versions of the file.

+## What apps can open and edit .fluid files?

+.fluid files can only be opened as links in your browser, such as Office.com, and as Loop components in Teams chat. If downloaded, they can't be opened again without first uploading them back to OneDrive or SharePoint.

+## Does .fluid files support eDiscovery?

+Currently, .fluid files are stored in the creator's OneDrive and are available for search and collection in eDiscovery (Standard) and available for search, collection, review, and export in eDiscovery (Premium). More information about eDiscovery support is outlined in the [Settings management](loop-components-sharepoint.md#settings-management-for-loop-functionality-in-teams) section.

+## If Loop is disabled from the admin switch, what will the user experience be?

+If you disable these experiences as outlined in the [Settings management](loop-components-sharepoint.md#settings-management-for-loop-functionality-in-teams) section, the following experience changes will apply:

+- The create/insert entry point within Teams messaging will be hidden. Users won't be able to create new .fluid files.

+- Existing messages that would have formerly rendered as an interactive Loop component will instead render as a hyperlink "Loop component." No interactive content will be displayed within Teams.

+- When an end-user clicks on the "Loop component" hyperlink or browses to a .fluid file in OneDrive for Business and clicks to open, it will open the file in a separate browser tab. End-users will still be able to edit the file.

+## Known issues

+- With tenant default file permissions set to *Specific people* (only the people the user specifies), copying the link to the Loop component and pasting it in another chat requires the sender to use the permissions dialog and add the recipients in the Specific people option to grant access properly.

+- With tenant default file permissions set to *Specific people* (only the people the user specifies), creating a live component in group chat with more than 20 members will require the sender to manually select the permission options for the component.

+- Searching for Loop components in Teams search will return a link to the component in office.com, not the chat message itself.

+- Loop components are disabled in federated chats.

+- Guests won't be able to view or collaborate on a Loop component.

+- Loop components aren't supported in Teams channels.

+- Loop components in chat won't load only if file was moved to different library. If file is moved to different folder then it will continue to load in chat.

+| Protection | Microsoft Defender Antivirus <br/>(*Active mode*) | Microsoft Defender Antivirus <br/>(*Passive mode*) | Microsoft Defender Antivirus <br/>(*Disabled or uninstalled*) |

+| [Real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md) | Yes | [See note 1](#notes-about-protection-states) | No |

+| [Cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) | Yes | No | No |

+| [Network protection](network-protection.md) | Yes | No | No |

+| [Attack surface reduction rules](attack-surface-reduction.md) | Yes | No | No |

+| [Limited periodic scanning availability](limited-periodic-scanning-microsoft-defender-antivirus.md) | No | Yes | No |

+| [File scanning and detection information](review-scan-results-microsoft-defender-antivirus.md) | Yes | Yes <br/>[See note 2](#notes-about-protection-states) | No |

+| [Threat remediation](configure-remediation-microsoft-defender-antivirus.md) | Yes | [See note 3](#notes-about-protection-states) | No |

+| [Security intelligence updates](microsoft-defender-antivirus-updates.md) | Yes | Yes <br/>[See note 4](#notes-about-protection-states) | No |

+| [Data Loss Prevention](../../compliance/endpoint-dlp-learn-about.md) | Yes | Yes | No |

+| [Controlled folder access](controlled-folders.md) | Yes |No | No |

+| [Web content filtering](web-content-filtering.md) | Yes | [See note 5](#notes-about-protection-states) | No |

+| [Device control](device-control-report.md) | Yes | Yes | No |

+| [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) | Yes | No | No |

+Microsoft Defender for Identity is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure.

+## Converged experiences in Microsoft 365 Defender

+[Microsoft 365 Defender](https://security.microsoft.com) combines security capabilities that protect, detect, investigate, and respond to email, collaboration, identity, and device threats, and now includes all functionality provided in the [classic Defender for Identity portal](/defender-for-identity/classic-workspace-portal).

+While they may not be in exactly same pages, much of your data is integrated into Microsoft 365 Defender pages so that you can view your data across all of your monitored entities.

+The following sections describe enhanced Defender for Identity features found in Microsoft 365 Defender.

+### Configuration and posture

+|Area |Description |

+|||

+|**Global exclusions** | In Microsoft 365 Defender, use alert tuning to define global exclusions that can apply to all Defender for Identity security alerts, instead of having to configure the exclusion in each, individual detection exclusion. <br><br> For more information, see [Global excluded entities](/defender-for-identity/exclusions). |

+|**Manage action and directory service accounts** | By default, Microsoft 365 Defender is configured to use the *local system*. Therefore, you'll only need to configure action and directory service account settings if you want a specific user account to perform the user remediation actions.<br><br> For more information, see [Microsoft Defender for Identity action accounts](/defender-for-identity/manage-action-accounts). |

+|**Remove a learning period** | Some Defender for Identity alerts rely on learning periods to build a profile of patterns, and then distinguish between legitimate and suspicious activities. <br><br>Microsoft 365 Defender supports an advanced setting to control whether to see alerts during the learning period before that profile is fully built. Changing this setting results in an increased number of alerts, with some of them being for legitimate traffic and activities. <br><br>For more information see [Remove the learning period for alerts](/defender-for-identity/advanced-settings). |

+|**Custom permission roles** | Microsoft 365 Defender supports custom permission roles. <br><br>For more information, see [Microsoft 365 Defender role-based access control (RBAC)](manage-rbac.md) |

+|**Microsoft Secure Score** | All security posture management assessments that were previously available from Microsoft Defender for Cloud Apps are now available in [Microsoft Secure Score](https://security.microsoft.com/securescore), in Microsoft 365 Defender. <br><br> For more information, see [Microsoft Defender for Identity's security posture assessments](/defender-for-identity/security-assessment). |

+|**API** | Use any of the following Microsoft 365 Defender APIs with Defender for Identity: <br><br>- [Query activities via API](api-advanced-hunting.md) <br>- [Manage security alerts via API](api-incident.md) <br>- [Stream security alerts and activities to Microsoft Sentinel](streaming-api.md)<br><br>**Tip**: Microsoft 365 Defender only stores advanced hunting data for 30 days. If you need longer retention periods, stream the activities to Microsoft Sentinel or another partner security information and event management (SIEM) system. |

+| **Onboarding** | Defender for Identity onboarding is now automatic for new customers, with no need to configure a workspace. <br><br>If you need to delete your instance, do so together with Microsoft support. |

+### Investigation

+|Area |Description |

+|||

+|**Identity page** | The Microsoft 365 Defender identity details page provides data about each identity, such as: <br><br>- Any associated alerts <br>- Active Directory account control<br>- Risky lateral movement paths<br>- A timeline of activities and alerts<br>- Details about observed locations, devices and groups. <br><br>For more information, see [Investigate users in Microsoft 365 Defender](investigate-users.md). |

+|**Device page** | Microsoft 365 Defender alert evidence lists all devices and users connected to each suspicious activity. Investigate further by selecting a specific device in an alert to access a device details page. <br><br>For more information, see [Investigate devices in the Microsoft Defender for Endpoint Devices list](../defender-endpoint/investigate-machines.md). |

+|**Advanced hunting** | Microsoft 365 Defender helps you proactively search for threats and malicious activity by using advanced hunting queries. These powerful queries can be used to locate and review threat indicators and entities for both known and potential threats. <br><br>Build custom detection rules from advanced hunting queries to help you proactively watch for events that might be indicative of breach activity and misconfigured devices. <br><br>For more information, see [Proactively hunt for threats with advanced hunting in Microsoft 365 Defender](advanced-hunting-overview.md). |

+|**Global search** | Using the search bar at the top of the Microsoft 365 Defender page to search for any entity being monitored by Microsoft 365 Defender, including identities, endpoints, Office 365 data, and more. <br><br>Select results directly from the search drop-down, or select **All users** or **All devices** to see all entities associated with a given search term. |

+| **Lateral movement paths** | Microsoft 365 Defender provides lateral movement path data on the **Advanced hunting** page and the **Lateral movement paths** security assessment, in addition to the **Lateral movement paths** tab on the user details page. <br><br> For more information, see [Understand and investigate lateral movement paths (LMPs) with Microsoft Defender for Identity](/defender-for-identity/understand-lateral-movement-paths). |

+### Detection and response

+|Area |Description |

+|||

+| **Alert and incident correlation** | Defender for Identity alerts are now included in Microsoft 365 Defender's alert queue, making them available to the automated incident correlation feature. <br><br>View all of your alerts in one place, and determine the scope of the breach even quicker than before. <br><br>For more information, see [Investigate Defender for Identity alerts in Microsoft 365 Defender](/defender-for-identity/manage-security-alerts). |

+| **Alert exclusions and tuning** | Microsoft 365 Defender's alert interface is more user friendly, and includes a search function and global exclusions, meaning you can exclude any entity from all alerts generated by Defender for Identity. <br><br>For more information, see [Configure Defender for Identity detection exclusions in Microsoft 365 Defender](/defender-for-identity/exclusions).|

+| **Remediation actions** | Defender for Identity remediation actions, such as disabling accounts or requiring password resets, are available from the Microsoft 365 Defender user details page. <br><br>For more information, see [Remediation actions in Microsoft Defender for Identity](/defender-for-identity/remediation-actions).

+## Quick reference

+The table below lists the changes in navigation between Microsoft Defender for Identity and Microsoft 365 Defender.

+| **Defender for** Identity | **Microsoft 365 Defender** |

+| -- | |

+| **Timeline** |- Microsoft 365 Defender Alerts/Incidents queue |

+| **Reports** |- Lateral movement path and passwords exposed in cleartext reports are covered by the [Identity security posture assessments](/defender-for-identity/security-assessment#assessment-reports) (ISPM)<br><br>- Health issues are available in **Settings** -> **Identities** -> **Health issues**<br><br>- View a summary of alerts by exporting the alerts queue or from the **Advanced hunting** page, which provides 30 days of data<br><br>- Modify sensitive groups from the **Advanced hunting** page<br><br>**Tip**: Use the **Advanced hunting** page to create customized reports in Microsoft 365 Defender. |

+| **Identity page** | Microsoft 365 Defender user details page |

+| **Device page** | Microsoft 365 Defender device details page |

+| **Group page** | Microsoft 365 Defender groups side pane |

+| **Alert page** | Microsoft 365 Defender alert details page <br><br>**Tip**: Use [alert tuning](investigate-alerts.md#tune-an-alert) to optimize the alerts you see in Microsoft 365 Defender. |

+| **Search** | Microsoft 365 Defender global search |

+| **Health center** | **Settings** -> **Identities** -> **Health issues** -> **Global / Sensor health issues** |

+| **Entity activities** | - **Advanced hunting** <br>- Device page > **Timeline** <br>- Identity page > **Timeline** tab |

+| **Settings** | **Settings** -> **Identities** |

+| **Users and accounts** | **Assets** -> **Identities** |

+| **Identity security posture** | [Microsoft Defender for Identity's security posture assessments](/defender-for-identity/security-assessment) |

+| **Onboarding a new workspace** | **Settings** -> **Identities** (automatically) |

+| **About** | **Settings > Identities > About** |

+## Next steps

+For more information, see:

+- [Related videos for Microsoft Defender for Identity](https://www.microsoft.com/videoplayer/embed/RE4HcEU)

+- [Microsoft Defender for Identity](/defender-for-identity/)

+|User|Data exfiltration <br> (A user violated email or file-sharing [DLP policies](../../compliance/dlp-learn-about-dlp.md) |Automated investigation doesn't result in a specific pending action. <p> [Get started with Activity Explorer](../../compliance/data-classification-activity-explorer.md#get-started-with-activity-explorer).|

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+This article lists the steps to use DomainKeys Identified Mail (DKIM) with Microsoft 365 to ensure that destination email systems trust messages sent outbound from your custom domain.

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+In Microsoft 365 organizations with Exchange Online mailboxes, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, all messages sent to your organization pass through EOP before users see them. You have options about how to route messages that pass through EOP for processing before they're routed to user mailboxes.

+EOP offers flexibility in how your messages are routed. The following articles explain steps in the mail flow process.

+[Directory Based Edge Blocking](/exchange/mail-flow-best-practices/use-directory-based-edge-blocking) reject messages to invalid recipients at the service network perimeter by default.

+Your EOP service can help you manage subdomains that you add to your organization. Learn more about subdomains at [Enable mail flow for subdomains in Exchange Online](/exchange/mail-flow-best-practices/manage-accepted-domains/enable-mail-flow-for-subdomains).

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+- If the source email server doesn't have an IPv6 reverse DNS lookup record, the messages are rejected with the following error:

+- If the sender doesn't pass SPF or DKIM validation, the messages are rejected with the following error:

+- If you try to receive anonymous IPv6 messages before you've opted in, the message is rejected with the following error:

+## Related articles

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+This article provides troubleshooting information for senders who are experiencing issues when trying to send email to recipients in Microsoft 365, and best practices for bulk mailing to customers.

+[Exchange Online Protection](eop-about.md) (EOP) provides anti-spam protection for Microsoft 365. We also use email authentication technologies like SPF, DKIM, and DMARC to verify that the domain sending the email is authorized to do so. Many factors influence EOP filtering. For example, the sending IP, domain, email authentication, list accuracy, complaint rates, content, and more. One of the principal factors in driving down a sender's reputation and their ability to deliver email is their junk email complaint rate.

+IP addresses that have never been used to send email typically don't have any reputation in our systems. As a result, email from new sources are more likely to experience delivery issues. Once the IP address has built a reputation for not sending spam, EOP typically allows for a better email delivery experience.

+New IPs for domains with existing SPF records typically experience the added benefit of inheriting some of the domain's sending reputation. If your domain has a good sending reputation, new IPs might experience a faster ramp up time. A new IP can expect to be fully ramped within a couple of weeks or less depending on volume, list accuracy, and junk email complaint rates.

+## Ensure that you don't advertise yourself as a nonroutable IP

+We might not accept email from senders who fail a reverse-DNS lookup. In some cases, legitimate senders advertise themselves incorrectly as a non-internet routable IP when attempting to open a connection to EOP. IP addresses that are reserved for private (nonroutable) networking include:

+Some delivery issues are the result of Microsoft blocking the sender's IP address, or the user account is identified as banned sender due to previous spam activity. If you believe that you received the non-delivery report (also known as an NDR or bounce message) in error, follow any instructions in the NDR message to resolve the issue.

+For example, the following NDR indicates that Microsoft blocked the sending IP address:

+`550 5.7.606-649 Access denied, banned sending IP [x.x.x.x]; To request removal from this list please visit https://sender.office.com/ and follow the directions.`

+To request removal from this list, see [Use the delist portal to remove yourself from the blocked senders list](use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis.md).

+If a message was incorrectly identified as spam by EOP, you can work with the recipient to submit this false positive message to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md).

+## EOP throttled traffic from my IP address

+You receive the following NDR because suspicious activity was detected from the source IP address. Mail from the source has been temporarily restricted while it's being evaluated.

+`host xxxx.outlook.com [x.x.x.x]: 451 4.7.550 Access denied, please try again later`

+After we evaluate the messages and determine everything is OK, we remove the restriction.

+To receive messages from Microsoft 365 senders, make sure your network allows connections from the IP addresses that EOP uses in our datacenters. For more information, see [Exchange Online Protection IP addresses](../../enterprise/urls-and-ip-address-ranges.md).

+If you often conduct bulk email campaigns to Microsoft 365 users, follow the tips in this section.

+The Subject line of the message should be a brief summary of what the message is about. The message body should clearly and succinctly indicate what the offering, service, or product is about. For example:

+The easier you make it for people to know who you are and what you're doing, the less difficulty you have with most spam filters.

+Marketing email, especially newsletters, should always include a way to unsubscribe. For example:

+`This email was sent to example@contoso.com by sender@fabrikam.com.`

+`Update Profile/Email Address | Instant removal with SafeUnsubscribe&trade; | Privacy Policy`

+Requiring recipients to send email with "Unsubscribe" in the Subject line is less preferable than the one-click option. If you require recipients to send a message, ensure that the link takes them to a form where all required fields are populated.

+This industry best practice is recommended if your company requires or encourages users to register their contact information to access your product or services. The practice of automatically signing up users for marketing emails or e-newsletters during the registration process is questionable in today's internet environment.

+If the options to receive your newsletter or special offers are selected by default in your registration process, it's very likely that uninterested users will get your email.

+Microsoft recommends the double opt-in option, which means that the check box for marketing email or newsletters isn't selected by default. Additionally, once the registration form has been submitted, a verification email is sent to the user. The verification email contains a URL that allows the user to confirm their decision to receive marketing email.

+The double opt-in method helps to eliminate any questionable email marketing practices, because no one can claim that they unintentionally signed up for marketing email.

+Email content is as important as the way you send email. Use the following best practices to ensure that your email isn't flagged by email filtering

+- Requests for recipients to add the sender to their address book should clearly state that this action doesn't guarantee of delivery.

+- Redirects included in the body of the message should be similar and consistent, and not multiple and varied. A redirect in this context is anything that points away from the message, such as links and documents. If you have many advertising links, unsubscribe links, or update the profile links, they all should point to the same domain. For example:

+- Avoid content with large images and attachments, or messages that are composed entirely of an image.

+Any incorrect email addresses in your database that result in NDRs are unnecessary and put your outbound email at risk for further scrutiny by email filtering services. Ensure that your email database is up-to-date.

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+|`CAT:`|The category of protection policy, applied to the message: <ul><li>`BULK`: Bulk</li><li>`DIMP`: Domain Impersonation</li><li>`GIMP`: [Mailbox intelligence based impersonation](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>`HPHSH` or `HPHISH`: High confidence phishing</li><li>`HSPM`: High confidence spam</li><li>`MALW`: Malware</li><li>`PHSH`: Phishing</li><li>`SPM`: Spam</li><li>`SPOOF`: Spoofing</li><li>`UIMP`: User Impersonation</li><li>`AMP`: Anti-malware</li><li>`SAP`: Safe attachments</li><li>`FTBP`: Anti-malware filetype policy</li><li>`OSPM`: Outbound spam</li></ul> <br/> An inbound message might be flagged by multiple forms of protection and multiple detection scans. Policies have different priorities, and the policy with the highest priority is applied first. For more information, see [What policy applies when multiple protection methods and detection scans run on your email](how-policies-and-protections-are-combined.md).|

+|`CTRY`|The source country as determined by the connecting IP address, which might not be the same as the originating sending IP address.|

+|`LANG`|The language that the message was written in as specified by the country code (for example, ru_RU for Russian).|

+|`SFV:NSPM`|Spam filtering marked the message as nonspam and the message was sent to the intended recipients.|

+|`SFV:SKI`|The message was marked based on content of the intra-organizational message. For example, the message was marked as SCL 1 for nonspam or SCL 5 to 9 for spam.|

+|`SFV:SKN`|The message was marked as nonspam before processing by spam filtering. For example, the message was marked as SCL -1 or **Bypass spam filtering** by a mail flow rule.|

+|`SFV:SKS`|The message was marked as spam before processing by spam filtering. For example, the message was marked as SCL 5 to 9 by a mail flow rule.|

+|`X-CustomSpam: [ASFOption]`|The message matched an Advanced Spam Filter (ASF) setting. To see the X-header value for each ASF setting, see [Advanced Spam Filter (ASF) settings](anti-spam-policies-asf-settings-about.md). <br><br> **Note**: ASF adds `X-CustomSpam:` X-header fields to messages _after_ the messages were processed by Exchange mail flow rules (also known as transport rules), so you can't use mail flow rules to identify and act on messages that were filtered by ASF.|

+|`action`|Indicates the action taken by the spam filter based on the results of the DMARC check. For example: <ul><li>`oreject` or `o.reject`: Stands for override reject. In this case, Microsoft 365 uses this action when it receives a message that fails the DMARC check from a domain whose DMARC TXT record has a policy of p=reject. Instead of deleting or rejecting the message, Microsoft 365 marks the message as spam. For more information on why Microsoft 365 is configured this way, see [How Microsoft 365 handles inbound email that fails DMARC](email-authentication-dmarc-configure.md#how-microsoft-365-handles-inbound-email-that-fails-dmarc).</li><li>`pct.quarantine`: Indicates that a percentage less than 100% of messages that don't pass DMARC are delivered anyway. This result means that the message failed DMARC and the policy was set to quarantine. But, the pct field wasn't set to 100%, and the system randomly determined not to apply the DMARC action per the specified domain's policy.</li><li>`pct.reject`: Indicates that a percentage less than 100% of messages that don't pass DMARC are delivered anyway. This result means that the message failed DMARC and the policy was set to reject. But, the pct field wasn't set to 100% and the system randomly determined not to apply the DMARC action per the specified domain's policy.</li><li>`permerror`: A permanent error occurred during DMARC evaluation, such as encountering an incorrectly formed DMARC TXT record in DNS. Attempting to resend this message isn't likely to end with a different result. Instead, you might need to contact the domain's owner in order to resolve the issue.</li><li>`temperror`: A temporary error occurred during DMARC evaluation. You might be able to request that the sender resend the message later in order to process the email properly.</li></ul>|

+|`compauth`|Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication (SPF, DKIM, and DMARC), or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.|

+|`dkim`|Describes the results of the DKIM check for the message. Possible values include: <ul><li>**pass**: Indicates the DKIM check for the message passed.</li><li>**fail (reason)**: Indicates the DKIM check for the message failed and why. For example, if the message wasn't signed or the signature wasn't verified.</li><li>**none**: Indicates that the message wasn't signed. This result might or might not indicate that the domain has a DKIM record or the DKIM record doesn't evaluate to a result.</li></ul>|

+|`dmarc`|Describes the results of the DMARC check for the message. Possible values include: <ul><li>**pass**: Indicates the DMARC check for the message passed.</li><li>**fail**: Indicates the DMARC check for the message failed.</li><li>**bestguesspass**: Indicates that no DMARC TXT record exists for the domain exists. If the domain had a DMARC TXT record, the DMARC check for the message would have passed.</li><li>**none**: Indicates that no DMARC TXT record exists for the sending domain in DNS.|

+|`reason`|The reason the composite authentication passed or failed. The value is a 3-digit code. For example: <ul><li>**000**: The message failed explicit authentication (`compauth=fail`). For example, the message received a DMARC fail with an action of quarantine or reject.</li><li>**001**: The message failed implicit authentication (`compauth=fail`). This result means that the sending domain didn't have email authentication records published, or if they did, they had a weaker failure policy (SPF `~all` or `?all`, or s DMARC policy of `p=none`).</li><li>**002**: The organization has a policy for the sender/domain pair that is explicitly prohibited from sending spoofed email. An admin manually configures this setting.</li><li>**010**: The message failed DMARC with an action of reject or quarantine, and the sending domain is one of your organization's accepted-domains (self-to-self or intra-org spoofing).</li><li>**1xx** or **7xx**: The message passed authentication (`compauth=pass`). The last two digits are internal codes used by Microsoft 365.</li><li>**2xx**: The message soft-passed implicit authentication (`compauth=softpass`). The last two digits are internal codes used by Microsoft 365.</li><li>**3xx**: The message wasn't checked for composite authentication (`compauth=none`).</li><li>**4xx** or **9xx**: The message bypassed composite authentication (`compauth=none`). The last two digits are internal codes used by Microsoft 365.</li><li>**6xx**: The message failed implicit email authentication, and the sending domain is one of your organization's accepted domains (self-to-self or intra-org spoofing).</li></ul>|

+|`smtp.mailfrom`|The domain of the `5321.MailFrom` address (also known as the MAIL FROM address, P1 sender, or envelope sender). This email address is used for non-delivery reports (also known as NDRs or bounce messages).|

+|`spf`|Describes the results of the SPF check for the message. Possible values include: <ul><li>`pass (IP address)`: The SPF check for the message passed and includes the sender's IP address. The client is authorized to send or relay email on behalf of the sender's domain.</li><li>`fail (IP address)`: The SPF check for the message failed and includes the sender's IP address. This result is sometimes called _hard fail_.</li><li>`softfail (reason)`: The SPF record designated the host as not being allowed to send, but is in transition.</li><li>`neutral`: The SPF record explicitly states that it doesn't assert whether the IP address is authorized to send.</li><li>`none`: The domain doesn't have an SPF record or the SPF record doesn't evaluate to a result.</li><li>`temperror`: A temporary error has occurred. For example, a DNS error. The same check later might succeed.</li><li>`permerror`: A permanent error has occurred. For example, the domain has a badly formatted SPF record.</li></ul>|

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>

+appliesto:

+ - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a>

+|Visit Compliance Manager to assess your compliance posture.| The next step is knowing which data protection regulations apply to your organization so you know what your obligations are.<p><p>Keeping up with new and updated laws and regulations can be a full-time job in itself, and many organizations struggle with manual processes for monitoring, updating, and reporting on their state of compliance. Compliance Manager helps manage the complexities of implementing controls through built-in control mapping, versioning, and continuous control assessments. This automation and continuous monitoring helps you to stay current with regulations and certifications, and eases reporting to auditors. <p><p>Use Compliance Manager to quickly assess your current environment and get an initial compliance score based on the Microsoft data protection baseline assessment. From there, you can create assessments that cover your multicloud environment and keep you on track with the regulations that are most relevant to your organization. | [Learn more about Compliance Manager](../compliance/compliance-manager.md)<br><br>[Start a premium assessments trial](../compliance/compliance-manager-setup.md#start-a-premium-assessments-trial)<br><br>[Learn about multicloud support](../compliance/compliance-manager-multicloud.md)|

+If your organization has already put the time into understanding your data, developing a data sensitivity schema, and applying the schema, you might be ready to extend elements of this schema to endpoints by using Microsoft Purview Data Loss Prevention (DLP) policies.

+For example, a DLP policy can look for personal data like a passport number. The DLP policy includes a condition that triggers the policy to take action, such as when a passport number is shared with people outside your organization. The action the policy takes can be configured as well. Options range from simply reporting the action to admins, warning users, or even preventing the data from being shared.

+The DLP policy also specifies the location to apply the policy to, such as Exchange email and SharePoint sites. One of the locations available to admins is devices. If devices are selected, you can specify which users and user groups to apply the policy to. You can also specify users and user groups to exclude from the policy.

+If your information protection and governance team is ready to extend DLP policies to endpoints, you need to coordinate with them to enable devices for Endpoint DLP, test and tune DLP policies, train users, and monitor the results.

+|2 | Enable devices for Endpoint DLP. If you onboarded devices to Microsoft Defender for Endpoint, your devices are already enabled for Endpoint DLP. If your devices aren't onboarded to Defender for Endpoint, see [Get started with Endpoint data loss prevention](../compliance/endpoint-dlp-getting-started.md) for instructions.|

+|3 | Work with your information protection and governance team to define, test, and tune policies. This includes monitoring the results. See these resources:<br>- [Using Endpoint data loss prevention](../compliance/endpoint-dlp-using.md)<br>- [Get started with Activity Explorer](../compliance/data-classification-activity-explorer.md) |

+| .|