+<!You can also give feedback from outside of the admin center on our UserVoice forum. You can use this page to make feature suggestions that can be voted on by other forum users: [UserVoice forum for the new admin center](https://go.microsoft.com/fwlink/?linkid=2024994).>

+For examples of privacy and consent notices, see Appendix A in [Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations](https://www.justice.gov/file/442111/download).

+2. [Set up your security capabilities](m365bp-security-overview.md).

+Welcome to the Microsoft Business Premium trial playbook. This playbook will help you make the most of your 30-day free trial by experiencing how Microsoft 365 Business Premium increases productivity and helps safeguard your organization with advanced security capabilities. Using Microsoft recommendations, learn how you can set up your threat protection features, analyze detected threats, and respond to cyberattacks.

+Microsoft 365 Business Premium includes [Preset security policies](/security/office-365-security/preset-security-policies.md) that you can use in your environment. These policies represent a baseline protection profile that's suitable for most users. Standard protection includes:

+- [Safe Links](../security/office-365-security/safe-links.md), [Safe Attachments](../security/office-365-security/safe-attachments.md) and [Anti-Phishing](../security/office-365-security/anti-phishing-protection.md) policies that are scoped to the entire tenant or the subset of users you may have chosen during the trial setup process. (Your trial subscription is for up to 25 users.)

+- Protection for productivity apps, such as [SharePoint](/sharepoint/introduction), [OneDrive](/onedrive/one-drive-quickstart-small-business), [Office apps](/deployoffice/about-microsoft-365-apps), and [Microsoft Teams](/microsoftteams/teams-overview).

+When you try or buy Microsoft 365 Business Premium, you have the option of using a domain you own, or buying one during the sign-up process.

+2. Select **Set up email with a custom domain** and then, **Use a domain you already own** such as `contoso.com`.

+ > If you purchased a domain during the sign-up, you will not see the **Add a domain** step here. Go to **Add users** instead.

+4. Follow the steps in the wizard to [create DNS records at any DNS hosting provider for Office 365](/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider) that verifies you own the domain. If you know your domain host, see [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain).

+> **What is "customer data"?** Customer data, as defined in the [Microsoft Online Service Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products), refers to all data, including all text, sound, or image files that are provided to Microsoft by, or on behalf of, the customer through the customer's use of Microsoft 365 services. To learn more about the protection of customer data, see the [Get started with the Microsoft Service Trust Portal](../../compliance/get-started-with-service-trust-portal.md).

+ - If you are using data lifecycle management:

+ - **Solutions** \> **Data lifecycle management** \> **Label policies** tab \> **Auto-apply a label**

+ - **Solutions** > **Data lifecycle management** > **Label policies** tab > **Publish labels**

+| Encrypted message portal|OMEPortal|

+ [SystemSync activities](#systemsync-activities)

+Use this to map a [Term](/dotnet/api/microsoft.sharepoint.taxonomy.term) to a [TermSet](/dotnet/api/microsoft.sharepoint.taxonomy.termset). A [Term](/dotnet/api/microsoft.sharepoint.taxonomy.term) can only exist in a single [TermSet](/dotnet/api/microsoft.sharepoint.taxonomy.termset). SharePoint requires this property when [defining a term](#sharepoint-taxonomy-vocabulary).

+[Import a term set using a SKOS-based format](import-term-set-skos.md)

+Check the dates that support ends on the [Product Lifecycle site](/lifecycle/products/microsoft-lync-server-2013). Plan your upgrades or migrations with these dates in mind. Remember that your product *won't stop working* at the date listed. But because your installation will no longer be patched after that date, you'll want to plan a smooth transition to the next version of the product. The table below lists the options available to you.

+For more information about this cmdlet, see [Set-PnPTenantCdnEnabled](https://pnp.github.io/powershell/cmdlets/Set-PnPTenantCdnEnabled.html).

+For more information about these cmdlets, see [Set-PnPTenantCdnPolicy](https://pnp.github.io/powershell/cmdlets/Set-PnPTenantCdnPolicy.html) and [Get-PnPTenantCdnPolicies](https://pnp.github.io/powershell/cmdlets/Get-PnPTenantCdnPolicies.html).

+For more information about these cmdlets, see [Set-PnPTenantCdnPolicy](https://pnp.github.io/powershell/cmdlets/Set-PnPTenantCdnPolicy.html) and [Get-PnPTenantCdnPolicies](https://pnp.github.io/powershell/cmdlets/Get-PnPTenantCdnPolicies.html).

+For more information about this command and its syntax, see [Add-PnPTenantCdnOrigin](https://pnp.github.io/powershell/cmdlets/Add-PnPTenantCdnOrigin.html).

+For more information about this command and its syntax, see [Add-PnPTenantCdnOrigin](https://pnp.github.io/powershell/cmdlets/Add-PnPTenantCdnOrigin.html).

+For more information about this command and its syntax, see [Add-PnPTenantCdnOrigin](https://pnp.github.io/powershell/cmdlets/Add-PnPTenantCdnOrigin.html).

+For more information about this command and its syntax, see [Add-PnPTenantCdnOrigin](https://pnp.github.io/powershell/cmdlets/Add-PnPTenantCdnOrigin.html).

+For information on how to use this cmdlet, see [Remove-PnPTenantCdnOrigin](https://pnp.github.io/powershell/cmdlets/Remove-PnPTenantCdnOrigin.html).

+For more information about this cmdlet, see [Set-PnPTenantCdnEnabled](https://pnp.github.io/powershell/cmdlets/Set-PnPTenantCdnEnabled.html).

+- Use the [Microsoft Remote Connectivity Analyzer](https://testconnectivity.microsoft.com/) to test your connection settings. Use the Outlook Anywhere (RPC over HTTP) or Outlook Autodiscover tests.

+For many DNS providers, there are specific instructions to change your MX record. If your DNS provider isn't included, or if you want to get a sense of the general directions, [general MX record instructions](/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide#add-an-mx-record-for-email-outlook-exchange-online) are provided as well.

+For a tool to build and test complex queries, see the [Search Query Tool](https://github.com/pnp/PnP-Tools/tree/master/Solutions/SharePoint.Search.QueryTool#download-the-tool).

+> To run this command, you must install the [Skype for Business Online PowerShell Module](/skypeforbusiness/set-up-your-computer-for-windows-powershell/download-and-install-the-skype-for-business-online-connector).

+[Use Windows PowerShell to create reports in Microsoft 365](use-windows-powershell-to-create-reports-in-microsoft-365.md)

+- See if the issue is listed in [Known issues with Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-known-issues?view=o365-worldwide).

+[Troubleshooot and resolve problems and error messages in Microsoft 365 Lighthouse](m365-lighthouse-troubleshoot.md) (article)

+> - If you plan to use the Microsoft Teams Sync feature of Canvas concurrently with MicrosoftΓÇÖs School Data Sync (SDS), don't include class and class roster data in your SDS sync. You can continue to use SDS to sync all other data including users, organizations, parent contacts, and demographics.

+> - You can use Teams Meetings LTI without enabling **Course Sync**. However, you won't be able to use the **Add entire class** option. You can either type or copy and paste attendees' email addresses, or add channels of existing teams to the meetings.

+- Microsoft Teams meetings - 170000000000703

+- Microsoft Defender for Endpoint Plan 1

+> [!IMPORTANT]

+> **Add exclusions with caution**. Exclusions for Microsoft Defender Antivirus scans reduce the level of protection for devices.

+You can define an exclusion list for items that you don't want Microsoft Defender Antivirus to scan. However, excluded items could contain threats that make your device vulnerable. This article describes some common mistakes that you should avoid when defining exclusions.

+Certain files, file types, folders, or processes shouldn't be excluded from scanning even though you trust them to be not malicious.

+Don't define exclusions for the folder locations, file extensions, and processes that are listed in the following sections:

+- [Folder locations](#folder-locations)

+- [File extensions](#file-extensions)

+- [Processes](#processes)

+### Folder locations

+> [!IMPORTANT]

+> Certain folders shouldn't be excluded from scans because they end up being folders where malicious files can get dropped.

+In general, don't define exclusions for the following folder locations:

+- `%systemdrive%`

+- `C:`, `C:\`, or `C:\*`

+- `%ProgramFiles%\Java` or `C:\Program Files\Java`

+- `%ProgramFiles%\Contoso\`, `C:\Program Files\Contoso\`, `%ProgramFiles(x86)%\Contoso\`, or `C:\Program Files (x86)\Contoso\`

+- `C:\Temp`, `C:\Temp\`, or `C:\Temp\*`

+- `C:\Users\` or `C:\Users\*`

+- `C:\Users\<UserProfileName>\AppData\Local\Temp\` or `C:\Users\<UserProfileName>\AppData\LocalLow\Temp\`. **Note the following important exceptions for SharePoint**: **Do exclude** `C:\Users\ServiceAccount\AppData\Local\Temp` or `C:\Users\Default\AppData\Local\Temp` when you use [file-level antivirus protection in SharePoint](https://support.microsoft.com/office/certain-folders-may-have-to-be-excluded-from-antivirus-scanning-when-you-use-file-level-antivirus-software-in-sharepoint-01cbc532-a24e-4bba-8d67-0b1ed733a3d9).

+- `%Windir%\Prefetch`, `C:\Windows\Prefetch`, `C:\Windows\Prefetch\`, or `C:\Windows\Prefetch\*`

+- `%Windir%\System32\Spool` or `C:\Windows\System32\Spool`

+- `C:\Windows\System32\CatRoot2`

+- `%Windir%\Temp`, `C:\Windows\Temp`, `C:\Windows\Temp\`, or `C:\Windows\Temp\*`

+In general, don't define exclusions for the following folder locations:

+- `/`

+- `/bin` or `/sbin`

+- `/usr/lib`

+> [!IMPORTANT]

+> Certain file extensions shouldn't be excluded because they can be file types that are used in an attack.

+In general, don't define exclusions for the following file extensions:

+- `.7z`

+- `.bat`

+- `.bin`

+- `.cab`

+- `.cmd`

+- `.com`

+- `.cpl`

+- `.dll`

+- `.exe`

+- `.fla`

+- `.gif`

+- `.gz`

+- `.hta`

+- `.inf`

+- `.java`

+- `.jar`

+- `.job`

+- `.jpeg`

+- `.jpg`

+- `.js`

+- `.ko` or `.ko.gz`

+- `.msi`

+- `.ocx`

+- `.png`

+- `.ps1`

+- `.py`

+- `.rar`

+- `.reg`

+- `.scr`

+- `.sys`

+- `.tar`

+- `.tmp`

+- `.url`

+- `.vbe`

+- `.vbs`

+- `.wsf`

+- `.zip`

+> [!IMPORTANT]

+> Certain processes shouldn't be excluded because they get used during attacks.

+In general, don't define exclusions for the following processes:

+- `AcroRd32.exe`

+- `addinprocess.exe`

+- `addinprocess32.exe`

+- `addinutil.exe`

+- `bash.exe`

+- `bginfo.exe`

+- `bitsadmin.exe`

+- `cdb.exe`

+- `csi.exe`

+- `dbghost.exe`

+- `dbgsvc.exe`

+- `dnx.exe`

+- `dotnet.exe`

+- `excel.exe`

+- `fsi.exe`

+- `fsiAnyCpu.exe`

+- `iexplore.exe`

+- `java.exe`

+- `kd.exe`

+- `lxssmanager.dll`

+- `msbuild.exe`

+- `mshta.exe`

+- `ntkd.exe`

+- `ntsd.exe`

+- `outlook.exe`

+- `psexec.exe`

+- `powerpnt.exe`

+- `powershell.exe`

+- `rcsi.exe`

+- `svchost.exe`

+- `schtasks.exe`

+- `system.management.automation.dll`

+- `windbg.exe`

+- `winword.exe`

+- `wmic.exe`

+- `wuauclt.exe`

+> [!NOTE]

+> You can choose to exclude file types, such as `.gif`, `.jpg`, `.jpeg`, or `.png` if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.

+In general, don't define exclusions for the following processes:

+- `bash`

+- `java`

+- `python` and `python3`

+- `sh`

+- `zsh`

+Don't use a single exclusion list to define exclusions for multiple server workloads. Split the exclusions for different application or service workloads into multiple exclusion lists. For example, the exclusion list for your IIS Server workload must be different from the exclusion list for your SQL Server workload.

+Microsoft Defender Antivirus Service runs in system context using the LocalSystem account, which means it gets information from the system environment variable, and not from the user environment variable. Use of environment variables as a wildcard in exclusion lists is limited to system variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. Therefore, don't use user environment variables as wildcards when adding Microsoft Defender Antivirus folder and process exclusions. See the table under [System environment variables](configure-extension-file-exclusions-microsoft-defender-antivirus.md#system-environment-variables) for a complete list of system environment variables.

+- [Enable attack surface reduction rules](enable-attack-surface-reduction.md)

+The following table summarizes what's included in each Defender for Endpoint plan.

+| Plan | What's included |

+| [Defender for Endpoint Plan 1](defender-endpoint-plan-1.md) | <ul><li>[Next-generation protection](defender-endpoint-plan-1.md#next-generation-protection) (includes antimalware and antivirus)</li><li>[Attack surface reduction](defender-endpoint-plan-1.md#attack-surface-reduction)</li><li> [Manual response actions](defender-endpoint-plan-1.md#manual-response-actions)</li><li>[Centralized management](defender-endpoint-plan-1.md#centralized-management)</li><li>[Security reports](defender-endpoint-plan-1.md#reporting)</li><li>[APIs](defender-endpoint-plan-1.md#apis)</li><li>[Support for Windows 10, iOS, Android OS, and macOS devices](defender-endpoint-plan-1.md#cross-platform-support)</li></ul>|

+| [Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) | All of the Defender for Endpoint Plan 1 capabilities, plus:<ul><li>[Device discovery](device-discovery.md)</li><li>[Device inventory](machines-view-overview.md)</li><li>[Core Defender Vulnerability Management capabilities](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md)</li><li>[Threat Analytics](threat-analytics.md)</li><li>[Automated investigation and response](automated-investigations.md)</li><li>[Advanced hunting](advanced-hunting-overview.md)</li><li>[Endpoint detection and response](overview-endpoint-detection-response.md)</li><li>[Microsoft Threat Experts](microsoft-threat-experts.md)</li><li>Support for [Windows](configure-endpoints.md) (client and server) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux)</li></ul> |

+| [Defender Vulnerability Management add-on](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md) | Additional Defender Vulnerability Management for Defender for Endpoint Plan 2:<ul><li>[Security baselines assessment](../defender-vulnerability-management/tvm-security-baselines.md)</li><li>[Block vulnerable applications](../defender-vulnerability-management/tvm-block-vuln-apps.md)</li><li>[Browser extensions](../defender-vulnerability-management/tvm-browser-extensions.md)</li><li>[Digital certificate assessment](../defender-vulnerability-management/tvm-certificate-inventory.md)</li><li>[Network share analysis](../defender-vulnerability-management/tvm-network-share-assessment.md)</li><li>Support for [Windows](configure-endpoints.md) (client and server) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux)</li></ul> |

+## Mixed licensing scenarios

+Suppose that your organization is using a mix of Microsoft endpoint security subscriptions, such as Defender for Endpoint Plan 1 and Defender for Endpoint Plan 2. **Currently, the highest functional Microsoft endpoint security subscription sets the experience for your tenant**. In this example, your tenant experience would be Defender for Endpoint Plan 2 for all users.

+However, **you can contact support and request an override for your tenant experience**. That is, you could request an override to keep the Defender for Endpoint Plan 1 experience for all users.

+- For details about licenses and product terms, see [Licensing and product terms for Microsoft 365 subscriptions](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA).

+- For information about how to contact support, see [Contact Microsoft Defender for Endpoint support](contact-support.md).

+> [!TIP]

+> If your organization is a small or medium-sized business, see the following articles:

+> - [What is Microsoft Defender for Business?](../defender-business/mdb-overview.md)

+> - [Compare security features in Microsoft 365 plans for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md).

+In addition to standard on-premises or hardware configurations, you can use Microsoft Defender Antivirus in a remote desktop (RDS) or non-persistent virtual desktop infrastructure (VDI) environment. With the ability to easily deploy updates to VMs running in VDIs, you can get updates on your machines quickly and easily. You no longer need to create and seal golden images on a periodic basis, as updates are expanded into their component bits on the host server and then downloaded directly to the VM when it's turned on.

+> [!NOTE]

+> The Defender for Endpoint demo site at `demo.wd.microsoft.com` is deprecated and will be removed in the future.

+For more information on Microsoft Remote Desktop Services and VDI support, see [Azure Virtual Desktop Documentation](/azure/virtual-desktop).

+For Azure-based virtual machines, see [Install Endpoint Protection in Microsoft Defender for Cloud](/azure/defender-for-cloud/endpoint-protection-recommendations-technical).

+This is possible when the devices have the share and NTFS permissions for the read access to the share so they can grab the updates. To do this:

+ `\\fileserver.fqdn\mdatp$\wdav-update`

+## Disable the `ScanOnlyIfIdle` option

+Use the following cmdlet, to stop a quick or scheduled scan whenever the device goes idle if it is in passive mode.

+```PowerShell

+Set-MpPreference -ScanOnlyIfIdleEnabled $false

+```

+You can also disable the `ScanOnlyIfIdle` option in Microsoft Defender Antivirus by configuration via local or domain group policy. This prevents the significant CPU contention in high density environments.

+For more information, see [Start the scheduled scan only when computer is on but not in use](https://admx.help/?Category=SystemCenterEndpointProtection&Policy=Microsoft.Policies.Antimalware::scan_scanonlyifidle).

+ Title: Get started with troubleshooting mode in Microsoft Defender for Endpoint

+# Get started with troubleshooting mode in Microsoft Defender for Endpoint

+ Title: Troubleshooting mode scenarios in Microsoft Defender for Endpoint

+# Troubleshooting mode scenarios in Microsoft Defender for Endpoint

+|**Partially Investigated**|The automated investigation found issues, but there are no specific remediation actions to resolve those issues. <p> The **Partially Investigated** status can occur when some type of user activity was identified but no cleanup actions are available. Examples include any of the following user activities: <ul><li>A [data loss prevention](../../compliance/dlp-learn-about-dlp.md) event</li><li>An email sending anomaly</li><li>Sent malware</li><li>Sent phish</li></ul> <p> **Note**: This **Partially Investigated** status used to be labeled as **Threats Found**. <p> The investigation found no malicious URLs, files, or email messages to remediate, and no mailbox activity to fix, such as turning off forwarding rules or delegation. <p> **TIP**: If you suspect something was missed (such as a false negative), you can investigate and take action using [Threat Explorer](threat-explorer.md)|

+|**Remediated**|The investigation finished and all remediation actions were approved (noted as fully remediated). <p> **NOTE**: Approved remediation actions can have errors that prevent the actions from being taken. Regardless of whether remediation actions are successfully completed, the investigation status doesn't change. View investigation details.|

+|**Failed**|At least one investigation analyzer ran into a problem where it couldn't complete properly. <p> **NOTE** If an investigation fails after remediation actions were approved, the remediation actions might still have succeeded. View the investigation details.|

+- The email counts shown for the email clusters on the **Email** tab and the email quantity value shown on cluster flyout are calculated at the time of investigation, and don't change.

+- You don't have to approve every action. If you don't agree with the recommended action or your organization doesn't choose certain types of actions, then you can choose to **Reject** the actions or simply ignore them and take no action.

+ > [!NOTE]

+ > Users can't release their own messages that were quarantined as malware. At best, admins can configure the quarantine policy so users can request the release of their quarantined malware messages.

+ - If you select this option, the message is quarantined. A copy of the message is delivered to the recipients, but _all_ attachments (not just malware attachments) are replaced with a single text file named **Malware Alert Text.txt**.

+ >

+ > Users can't release their own messages that were quarantined as high confidence phishing. At best, admins can configure the quarantine policy so users can request the release of their quarantined high confidence phishing messages.

+> [!NOTE]

+> Users can't release their own messages that were quarantined as malware (anti-malware policies) or high confidence phishing (anti-spam policies), regardless of how the quarantine policy is configured. At best, admins can configure the quarantine policy so users can request the release of their quarantined malware or high confidence phishing messages.

+1. Select **All Recipients** to apply Exchange Online Protection tenant wide, or select **Specific recipients** to manually add add users, groups, or domains you want to apply the protection policy to. Click the **Next** button.

+1. Select **All Recipients** to apply Defender for Office 365 Protection tenant wide, or select **Specific recipients** to manually add add users, groups, or domains you want to apply the protection policy to. Click the **Next** button.

+1. On the **Impersonation Protection** section, add email addresses & domains to protect from impersonation attacks, then add any trusted senders and domains you do not want the impersonation protection to apply to, then press **Next**

+3. Click on the **Confirm** button.

+4. Select the **Manage** link in the Strict protection preset.

+5. Repeat steps 7-10 again, but for the users strict protection should be applied to. (if applicable)

+7. Click on the **Confirm** button.

+- It is not the same as multi-tenant and requires additional [user provisioning](/azure/active-directory/hybrid/how-to-connect-sync-feature-preferreddatalocation) workflows.

+- [Create a custom sensitive information type in the Security & Compliance Center](../compliance/create-a-custom-sensitive-information-type.md)

+- [Create a custom sensitive information type in Security & Compliance Center PowerShell](../compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md)

+- [Create custom sensitive information types with Exact Data Match based classification](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide)

+ Title: 'Request to change access level'

+description: How to request to change access level

+search.appverid: MET150

+audience: Software-Vendor

+ms.localizationpriority: medium

+f1.keywords: NOCSH

+# Request to change access level

+We're now making access to pre-release Windows update content more available. Once your request for access to pre-release updates is approved, your uploaded packages will automatically get scheduled to be tested against the pre-release Windows updates for the OS versions selected during onboarding.

+To request access, select the "Access level change request" option in the left navigation bar and fill out all the details for your organization and submit the request. You'll be notified on the registered email address once your request is approved. Once approved, when a new pre-release build is available, your packages will automatically get tested against the new update for the versions selected.

+> [!div class="mx-imgBorder"]

+> [  ](Media/accesslevelchange.png#lightbox)