-description: "Learn how a Microsoft 365 global admin can change a user's email address and display name when their name changes."

-## Watch: Change a user's name or email address

-## Before you begin

-## Change a user's email address

-4. You'll see a big yellow warning that you're about to change the person's sign-in information. Select **Save**, then **Close**.

-## Change a user's display name

-1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a> page.

-1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=850628" target="_blank">Active users</a> page.

-2. Select the user's name, and then on the **Account** tab select **Manage contact information**.

-3. In the **Display name** box, type a new name for the person, and then select **Save**.

- If you get the error message "**We're sorry, the user couldn't be edited. Review the user information and try again**, see [Resolve error messages](#resolve-error-messages).

-It might take up to 24 hours for this change to take effect across all services. After the change has taken effect, the person will have to sign in to Outlook, Skype for Business and SharePoint with their updated username.

-## What to do with old email addresses

-A person's previous primary email address is retained as an additional email address. **We strongly recommend that you don't remove the old email address.**

-Some people might continue to send email to the person's old email address and deleting it may result in NDR failures. Microsoft automatically routes it to the new one. Also, do not reuse old SMTP email addresses and apply them to new accounts. This can also cause NDR failures or delivery to an unintended mailbox.

-## What if the person's offline address book won't sync with the Global Address List?

-To fix this, log in to the [Microsoft Graph Powershell](/powershell/microsoftgraph/overview) with your Microsoft 365 administrator credentials. and use the following syntax:

-Update-MgUser -UserId anne.wallace@contoso.onmicrosoft.com -UserPrincipalName anne.jones@contoso.com

-To learn how to change someone's username in Active Directory, in Windows Server 2003 and earlier, see [Rename a user account](/previous-versions/windows/it-pro/windows-server-2003/cc772952(v=ws.10)).

-## Configure email forwarding

-You must be an Exchange administrator or Global administrator in Microsoft 365 to do these steps. For more information, see the topic [About admin roles](../add-users/about-admin-roles.md).

-2. Select the name of the user whose email you want to forward, then open the properties page.

-3. On the **Mail** tab, select **Manage email forwarding**.

-4. On the email forwarding page, select **Forward all emails sent to this mailbox**, enter the forwarding address, and choose whether you want to keep a copy of forwarded emails. If you don't see this option, make sure a license is assigned to the user account. Select **Save changes**.

- **To forward to multiple email addresses**, you can ask the user to set up a rule in Outlook to forward to the addresses.

-

- 1. Open **outlook** > **Home** > **Rules** > Select **Manage Rules & Alerts**

- 1. Select **New Rule** > **Select Apply rule on message I receive** located near bottom of list, then click **Next**.

- 1. Click **Yes** when asked This rule will be applied to every message you receive.

- 1. On the next list select the actions **redirect it to people or public group** and **stop processing more rules**

- 1. Click the underlined phrase **people or public group** in the bottom part of window.

- 1. Type the **email address** to forward mail to in the To field, then click **OK**.

- 1. Select **Finish**

-

- Or, in the admin center, [create a distribution group](../setup/create-distribution-lists.md), [add the addresses to it](add-user-or-contact-to-distribution-list.md), and then set up forwarding to point to the DL using the instructions in this article.

-## Related content

-[Resend a user's password - Admin Help](../add-users/resend-user-password.md) (article)

-### Enable risk-based multi-factor authentication

-Risk-based multi-factor authentication ensures that when our system detects suspicious activity, it can challenge the user to ensure that they are the legitimate account owner.

-Use Bookings to make your organizationΓÇÖs meetings virtual with online meetings via [Microsoft Teams](https://support.microsoft.com/office/overview-of-the-bookings-app-in-teams-7b8569e1-0c8a-444e-b712-d9968b05110b) and Skype for Business. Each appointment booked as an online meeting creates a unique meeting link that is sent to attendees so they can join via a web browser, phone dial-in, or the Skype or Teams app. Bookings is also available as an app within Teams, which allows you to create Bookings calendars, assign staff, and both schedule new and manage existing appointments without ever leaving Teams.

-**Does the auditing service support de-duplication of records?**

-No. The auditing service pipeline is near real time, and therefore can't support de-duplication.

-Watch this video for a quick summary of creating a trainable classifier. You'll still need to read this full article to get the details.

-</br>

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWyGL7]

-To access classifiers in the UI:

-You'll need accounts with these permissions to use classifiers in these scenarios:

-## Prepare for a custom trainable classifier

-It's helpful to understand what's involved in creating a custom trainable classifier before you dive in.

-> Opt-in is required the first time for trainable classifiers. It takes twelve days for Microsoft 365 to complete a baseline evaluation of your organizations content. Contact your global administrator to kick off the opt-in process.

-> You need to have at least 50 positive samples and as many as 500. The trainable classifier will process up to the 500 most recent created samples (by file created date/time stamp). The more samples you provide, the more accurate the predictions the classifier will make.

-1. Collect between 50-500 seed content items. These must be only samples that strongly represent the type of content you want the trainable classifier to positively identify as being in the category. See, [Default crawled file name extensions and parsed file types in SharePoint Server](/sharepoint/technical-reference/default-crawled-file-name-extensions-and-parsed-file-types) for the supported file types.

- > Make sure the items in your seed set are **strong** examples of the category. The trainable classifier initially builds its model based on what you seed it with. The classifier assumes all seed samples are strong positives and has no way of knowing if a sample is a weak or negative match to the category.

-3. Sign in to Microsoft Purview compliance portal with compliance admin or security admin role access and open <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> or <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> > **Data classification**.

-6. Fill in appropriate values for the `Name` and `Description` fields of the category of items you want this trainable classifier to identify.

-7. Pick the SharePoint Online site, library, and folder URL for the seed content site from step 2. Choose `Add`.

-8. Review the settings and choose `Create trainable classifier`.

-9. Within 24 hours the trainable classifier will process the seed data and build a prediction model. The classifier status is `In progress` while it processes the seed data. When the classifier is finished processing the seed data, the status changes to `Need test items`.

-12. Place the test content in a SharePoint Online folder that is dedicated to holding *the test content only*. Make note of the SharePoint Online site, library, and folder URL.

-13. Choose `Add items to test`.

-14. Pick the SharePoint Online site, library, and folder URL for the test content site from step 12. Choose `Add`.

-15. Finish the wizard by choosing `Done`. Your trainable classifier will take up to an hour to process the test files.

-16. When the trainable classifier is done processing your test files, the status on the details page will change to `Ready to review`. If you need to increase the test sample size, choose `Add items to test` and allow the trainable classifier to process the additional items.

-17. Choose `Tested items to review` tab to review items.

-18. Microsoft 365 will present 30 items at a time. Review them and in the `We predict this item is "Relevant". Do you agree?` box choose either `Yes` or `No` or `Not sure, skip to next item`. Model accuracy is automatically updated after every 30 items.

-19. Review *at least* 200 items. Once the accuracy score has stabilized, the **publish** option will become available and the classifier status will say `Ready to use`.

-21. Once published your classifier will be available as a condition in [Office auto-labeling with sensitivity labels](apply-sensitivity-label-automatically.md), [auto-apply retention label policy based on a condition](apply-retention-labels-automatically.md#configuring-conditions-for-auto-apply-retention-labels) and in [Communication compliance](communication-compliance.md).

-This article shows you how to improve the performance of custom trainable classifiers by providing them more feedback.

-Watch this video for a quick summary of the tuning and retraining process. You'll still need to read this full article to get the details.

-</br>

-<!-- > [!VIDEO https://www.microsoft.com/videoplayer/embed/RWyGMs]-->

-You'll need accounts with these permissions to use classifiers in these scenarios:

-> You provide feedback in content explorer for auto-apply retention label policies to Exchange items and uses the classifier as a condition. **If you don't have a retention policy that auto-applies a retention label to Exchange items and uses a classifier as a condition, stop here.**

-As you use your classifiers, you may want to increase the precision of the classifications that they're making. You do this by evaluating the quality of the classifications made for items it has identified as being a match or not a match. After you make 30 evaluations for a classifier, it takes that feedback, and automatically retrains itself.

-3. Choose the trainable classifier you used in you auto-apply retention label policy. This is the trainable classifier you'll give feedback on.

-4. Choose an item and open it.

- > [!TIP]

-5. Choose **Provide feedback**.

-6. In the **Detailed feedback** pane, if the item is a true positive, choose, **Match**. If the item is a false positive, that is it was incorrectly included in the category, choose **Not a match**.

-7. If there's another classifier that would be more appropriate for the item, you can choose it from the **Suggest other trainable classifiers** list. This will trigger the other classifier to evaluate the item.

-8. Choose **Send feedback** to send your evaluation of the `match`, `not a match` classifications and suggest other trainable classifiers. When you've provided 30 instances of feedback to a classifier, it will automatically retrain. Retraining can take from one to four hours. Classifiers can only be retrained twice per day.

-9. Open **Trainable classifiers**.

-

-11. Once retraining completes, choose the classifier to open the retraining overview.

-12. Review the recommended action, and the prediction comparisons of the retrained and currently published versions of the classifier.

-13. If you satisfied with the results of the retraining, choose **Re-publish**.

-14. If you aren't satisfied with the results of the retraining, you can choose to provide more feedback to the classifier in the Content Explorer interface and start another retraining cycle or do nothing in which case the currently published version of the classifier will continue to be used.

-You can export an assessment to an Excel file for compliance stakeholders in your organization or for external auditors and regulators. On your assessment details page, select the **Generate report** button near the top of the page, which creates an Excel file you can save and share.

-The report is a snapshot of the assessment as of the date and time of the export. It contains the details for controls managed by both you and Microsoft, including implementation status, test date, and test results.

-description: "Learn how to create and import a custom sensitive information type for policies in the Compliance center."

-For custom content-matching development, testing, and debugging, you'll need to use your own internal IT resources, or use consulting services, such as Microsoft Consulting Services (MCS). Microsoft Support engineers can provide limited support for this feature, but they can't guarantee that custom content-matching suggestions will fully meet your needs.

-Here's the sample XML of the rule package that we'll create in this article. Elements and attributes are explained in the sections below.

-It's important that you understand the basic structure of the XML schema for a rule. Your understanding of the structure will help your custom sensitive information type to identify the right content.

-There are important points to consider for multiple pattern matches:

-2. Add a comment that contains the name of your custom entity, such as Employee ID. Later, you'll add the entity name to the localized strings section, and that name appears in the admin center when you create a policy.

-In the following diagram, all of the patterns reference the same regular expression. This RegEx looks for a nine-digit number `(\d{9})` surrounded by white space `(\s) ... (\s)`. This regular expression is referenced by the `IdMatch` element, and is the common requirement for all patterns that look for the Employee ID entity. `IdMatch` is the identifier that the pattern is to trying to match. A `Pattern` element must have exactly one `IdMatch` element.

-`Match` elements are joined by an implicit AND operator. In other words, all `Match` elements must be satisfied for the pattern to be matched.

-You can use the optional `minCount` attribute to specify how many instances of a match need to be found for each `Match` elements. For example, you can specify that a pattern is satisfied only when at least two keywords from a keyword list are found.

-In a `Pattern` element, all `IdMatch` and `Match` elements are joined by an implicit AND operator. In other words, all of the matches must be satisfied before the pattern can be satisfied.

-To require only a minimum number of `Match` elements, you can use the `minMatches` attribute. In effect, these `Match` elements are joined by an implicit OR operator. This `Any` element is satisfied if a US-formatted date or a keyword from either list is found.

-### Match none of children Match elements

-If you want to require the absence of specific evidence for a pattern to be satisfied, you can set both minMatches and maxMatches to 0. This can be useful if you have a keyword list or other evidence that are likely to indicate a false positive.

-### Match a number of unique terms

-If you want to match a number of unique terms, use the *uniqueResults* parameter, set to *true*, as shown in the following example:

-Note that for email, the message body and each attachment are treated as separate items. This means that the proximity window doesnΓÇÖt extend beyond the end of each of these items. For each item (attachment or body), both the idMatch and corroborative evidence needs to reside in that item.

-In addition to confidenceLevel for each Pattern, the Entity has a recommendedConfidence attribute. The recommended confidence attribute can be thought of as the default confidence level for the rule. When you create a rule in a policy, if you don't specify a confidence level for the rule to use, that rule will match based on the recommended confidence level for the entity. Please note that the recommendedConfidence attribute is mandatory for each Entity ID in the Rule Package, if missing you won't be able to save policies that use the Sensitive Information Type.

-## Do you want to support other languages in the UI of the Compliance center? [LocalizedStrings element]

-The Rules element must contain a LocalizedStrings element, which contains a Resource element that references the GUID of your custom entity. In turn, each Resource element contains one or more Name and Description elements that each use the langcode attribute to provide a localized string for a specific language.

-Most importantly, you'll need to generate a GUID for the RulePack. Above, you generated a GUID for the entity; this is a second GUID for the RulePack. There are several ways to generate GUIDs, but you can do it easily in PowerShell by typing [guid]::NewGuid().

-Previously, you might have used Exchange Online PowerShell to import your custom sensitive information types for DLP. Now your custom sensitive information types can be used in both the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a> and the Compliance center. As part of this improvement, you should use Security & Compliance PowerShell to import your custom sensitive information types ΓÇö you can't import them from Exchange Online PowerShell anymore. Your custom sensitive information types will continue to work just like before; however, it may take up to one hour for changes made to custom sensitive information types in the Compliance center to appear in the Exchange admin center.

-There is a limit of 50 keyword dictionary based sensitive information types that can be created per tenant. To find out how many keyword dictionaries you have in your tenant, connect follow the procedures in [Connect to the Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell) to connect to your tenant and then run this PowerShell script:

-3. Select **Create** and enter a **Name** and **Description** for your sensitive info type, then select **Next**.

-4. You can use your keyword dictionary as either the primary element or a secondary element. To use a keyword dictionary as the primary element, in the **Primary Element** field, select **Add Primary Element** and then select **Keyword dictionary** in the dropdown list.

-5. On the **Add keyword dictionary** page, you can choose from existing dictionaries, upload a dictionary, or create a dictionary.

- 1. To use an existing dictionary,choose **Choose from existing dictionaries**.

- 1. To upload a keyword dictionary, choose **Upload a dictionary** and follow the prompts to upload either a TXT or CSV file.

- 1. To create a dictionary:

- 1. Enter a **Name** for your custom dictionary.

- 1. In the **Keywords** field, enter each keyword in your dictionary on a separate line.

- 1. When you are finished, choose **Done**.

-6. On the next page, choose **Create**.

-7. If you want to add additional patterns to your sensitive information type, you can do so on the next page. When finished, choose **Next**.

-8. Confirm the confidence level for your sensitive information type and choose **Next**.

-9. Review and finalize your sensitive info type selections, then select **Create** and then **Done**.

-Paste the **identity** value into the XML for your custom sensitive information type as the **idRef**. Next, upload the XML file. Your dictionary will now appear in your list of sensitive information types and you can use it right in your policy, specifying how many keywords are required to match.

-> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), it is recommended to create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.

-When looking for sensitive information in content, you need to describe that information in what's called a *rule*. Microsoft Purview Data Loss Prevention (DLP) includes rules for the most common sensitive information types. You can use these rules right away. To use them, you must include them in a policy. You might find that you want to adjust these built-in rules to meet your organization's specific needs. You can do that by creating a custom sensitive information type. This topic shows you how to customize the XML file that contains the existing rule collection so you can detect a wider range of potential credit card information.

-3. Look for *Func_credit_card* to find the Credit Card Number rule definition. In the XML, rule names can't contain spaces, so the spaces are usually replaced with underscores, and rule names are sometimes abbreviated. An example of this is the U.S. Social Security number rule, which is abbreviated _SSN_. The Credit Card Number rule XML should look like the following code sample.

-Now that you have a new sensitive information type that you're able to upload to the Microsoft Purview compliance portal, the next step is to make the rule more specific. Modify the rule so that it only looks for a 16-digit number that passes the checksum but doesn't require additional (corroborative) evidence, like keywords. To do this, you need to remove the part of the XML that looks for corroborative evidence. Corroborative evidence is very helpful in reducing false positives. In this case there are usually certain keywords or an expiration date near the credit card number. If you remove that evidence, you should also adjust how confident you are that you found a credit card number by lowering the `confidenceLevel`, which is 85 in the example.

-You might want to require corroborative evidence but want different or additional keywords, and perhaps you want to change where to look for that evidence. You can adjust the `patternsProximity` to expand or shrink the window for corroborative evidence around the 16-digit number. To add your own keywords, you need to define a keyword list and reference it within your rule. The following XML adds the keywords "company card" and "Contoso card" so that any message that contains those phrases within 150 characters of a credit card number will be identified as a credit card number.

-|Functions|The XML file references `Func_credit_card`, which is a function in compiled code. Functions are used to run complex regexes and verify that checksums match for our built-in rules.) Because this happens in the code, some of the variables don't appear in the XML file.|

-|Keyword lists|The XML file also references `keyword_cc_verification` and `keyword_cc_name`, which are lists of keywords from which we are looking for matches within the `patternsProximity` for the entity. These aren't currently displayed in the XML.|

-The Endpoint DLP events for devices running Windows 10, Windows 11, and any of the three most recently release major versions of mac OS are:

-The [data classification overview](data-classification-overview.md) and [content explorer](data-classification-content-explorer.md) tabs give you visibility into what content has been discovered and labeled, and where that content is. [Activity explorer](https://compliance.microsoft.com/dataclassification?viewid=activitiesexplorer) rounds out this suite of functionality by allowing you to monitor what's being done with your labeled content. Activity explorer provides a historical view of activities on your labeled content. The activity information is collected from the Microsoft 365 unified audit logs, transformed, and made available in the Activity explorer UI. Activity explorer reports on up to 30 days worth of data.

-There are over 30 different filters available for use, some are:

-An account must be explicitly assigned membership in any one of these role groups or explicitly granted the role.

-Understanding the actions that are taken on content with sensitivity labels helps you determine whether the controls that you have in place, such as [Microsoft Purview Data Loss Prevention](dlp-learn-about-dlp.md) policies, are effective. If not, or if you discover something unexpectedΓÇösuch as a large number of items that are labeled `highly confidential` and are downgraded to `general`ΓÇöyou can manage your policies and take new actions to restrict the undesired behavior.

-Classifiers, like [sensitive information types](sensitive-information-type-learn-about.md) (SIT) and [trainable classifiers](classifier-learn-about.md) are used in various kinds of policies to identify sensitive information. Like most such models, sometimes they identify an item as being sensitive that isn't. Or, they may not identify an item as being sensitive when it actually is. These are called false positives and false negatives.

-This article shows you how to confirm whether items matched by a classifier are true positive (a **Match**) or a false positive (**Not a match**) and provide **Match**/**Not a match** feedback. You can use that feedback to tune your classifiers to increase accuracy. You can also send redacted versions of the document as well as the **Match**, **Not a Match** feedback to Microsoft if you want to help increase the accuracy of the classifiers that Microsoft provides.

-> The match/not a match feedback experience supports items in :

-> SharePoint sites & OneDrive sites - for Content Explorer, Sensitive Information Type/ Trainaable Classifier Matched Items, DLP Alerts and MTP Alerts.

-For information on the relevant licensing and subscriptions,7 -

-b

- see the [licensing requirements for Data classification analytics: Overview Content & Activity Explorer](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection-data-classification-analytics-overview-content--activity-explorer).

-This example shows you how to use the **Contextual Summary** tab to give feedback.

-1. Open the **Microsoft Purview compliance portal** and navigate to **Data classification** > **Trainable classifiers**.

->- Compliance administrator

->- Compliance Data administrator

->- Organization Management (Users who are not global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365)

->- Global administrator

->- DLP compliance management

->- View-only DLP compliance management

-This is the configuration for the quick setup created Teams and Exchange DLP policy. The policy name is **Adaptive Protection policy for Teams and Exchange DLP**.

-This is the configuration for the quick setup created Devices DLP policy. The policy name is **Adaptive Protection policy for Endpoint DLP**.

-> If a user is targeted by a default Adaptive Protection DEvice DLP policy and is targeted by an independent Device DLP policy, only the actions of the *most restrictive* policy will be applied.

-All eligible tenants for DLP can access the DLP alert management dashboard. To get started, you should be eligible for Microsoft Purview DLP for Exchange Online, SharePoint Online, and OneDrive for Business. For more information about the licensing requirements for DLP, see [Which licenses provide the rights for a user to benefit from the service?](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#which-licenses-provide-the-rights-for-a-user-to-benefit-from-the-service-16).

-**Single-event alert configuration**: Organizations that have an E1, F1, or G1 subscription or an E3 or G3 subscription can create alert policies only where an alert is triggered every time an activity occurs.

-**Aggregated alert configuration**: To configure aggregate alert policies based on a threshold, you must one of these licensing configurations:

-To access the DLP alert management dashboard, you need the:

-and either of these two roles:

-To access the Content preview feature and the Matched sensitive content and context features you must be a member of:

-which has the data classification content viewer role pre-assigned.

-To learn how to configure an alert in your DLP policy, see [Configure and view alerts for data loss prevention polices](dlp-configure-view-alerts-policies.md).

-> Your organizations audit log retention policy configuration controls how long an alert remains visible in the console. See, [Manage audit log retention policies](audit-log-retention-policies.md#manage-audit-log-retention-policies) for more information.

-If your org is licensed for [aggregated alert configuration options](#licensing-for-alert-configuration-options),

-If your org is licensed for [single-event alert configuration options](#licensing-for-alert-configuration-options), then you'll see these options when you create or edit a DLP policy. Use this option to create an alert that's raised every time a DLP rule match happens.

-4. Select the **Events** tab to view all of the events associated with the alert. You can choose a particular event to view its details. For a list of some of the available event details, see, [Learn about the data loss prevention Alerts dashboard](dlp-alerts-dashboard-learn.md).

-5. Select **Details** to open the **Overview** page for the alert. The overview page provides a summary:

- 1. information about the matched policy, and more

-7. Select the **Sensitive Info Types** tab to view details about the sensitive information types detected in the content. Details include confidence, count, and the content that matches the sensitive information type.

-8. After you investigate the alert, return to the **Overview** tab where you can manage triage and manage the disposition of the alert and add comments.

-When the criteria in a Microsoft Purview Data Loss Prevention (DLP) policy is matched by the actions a user is taking on a sensitive item, the policy can generate an alert. This situation can result in a high volume of alerts. DLP alerts are collected in the alerts dashboard. The alerts dashboard gives you a single place to go to do a deep investigation of all the details about the policy match.

-Here are some of the events associated with an alert. In the UI, you can choose a particular event to view its details.

-Incidents for Microsoft Purview Data Loss Prevention (DLP) can be managed in the Microsoft 365 Defender portal. See, [Investigate data loss incidents with Microsoft 365 Defender](../security/defender/investigate-dlp.md) for details. You can manage DLP incidents along with security incidents from **Incidents & alerts** > **Incidents** on the quick launch of the Microsoft 365 Defender portal.

-To use Microsoft Purview extension for Chrome, the device must be onboarded into endpoint DLP. Review these articles if you are new to DLP or endpoint DLP

-11. Select **Next**.

-12. Add or edit scope tags on the **Scope tags** tab as needed and select **Next**.

-13. Add the required deployment users, devices, and groups on the **Assignments** tab and select **Next**.

-14. Add applicability rules on the **Applicability Rules** tab as required and select **Next**.

-15. Select **Create**.

-1. Create or get a sensitive item and, try to upload a file to one of your organizationΓÇÖs restricted service domains. The sensitive data must match one of our built-in [Sensitive Info Types](sensitive-information-type-entity-definitions.md), or one of your organizationΓÇÖs sensitive information types. You should get a DLP toast notification on the device you are testing from that shows that this action is not allowed when the file is open.

- - To test, try to save the file to a removeable media storage.

-> To use advanced classification for Windows 10 devices, you must install KB5016688. To use advanced classification for Windows 11 devices, you must install KB5016691 be installed for Windows 11 devices. Additionally, you must enable advanced classification before **Activity explorer** will display contextual text for DLP rule-matched events. To learn more about contextual text, see [Contextual summary](dlp-learn-about-dlp.md#contextual-summary).

-When it identifies items that match policies on devices, DLP can copy them to an [Azure storage account](/azure/storage/common/storage-account-overview). This is useful for auditing policy activity and troubleshooting specific matches. Use this section to add the name and URL of the storage account.

-|Disabled |Enabled |- Just in time protection is applied only to the files on storage devices that are local to the endpoint. |

-|Enabled |Enabled |- DLP policies that are scoped to Devices are applied to all network shares and mapped drives that the device is connected to. [Devices actions](dlp-policy-reference.md#devices-actions) </br>- Just in time protection is applied to all network shares and mapped drives that the device is connected to. |

-> - The action (`audit`, `block with override`, or `block`) defined for apps that are on the restricted apps list only applies when a user attempts to ***access*** a protected item.

-> When the service restriction mode is set to `Allow`, you must have at least one service domain configured before restrictions are enforced.

-You can configure Up to 50 domains under **Sensitive Service domains**.

-> The **Service domains** setting only applies to files uploaded using Microsoft Edge or an instance of Google Chrome that has the [Microsoft Purview Chrome Extension](dlp-chrome-learn-about.md) installed.

-When you add a URL without a terminating slash mark ( `/`), that URL is scoped to that site and all subsites.

-You can control how users interact with the business justification option in DLP policy tip notifications. This option appears when users perform an activity that's protected by the **Block with override** setting in a DLP policy. This is a global setting. You can choose from one the following options:

- - **Corporate printer** - is a print queue shared through on-premises Windows print server in your domain. Its path might look like \\print-server\contoso.com\legal_printer_001

-1. Select **Close**.

-9. Select **Close**.

-1. Select **Close**.

-# Configure and view alerts for data loss prevention polices

-Microsoft Purview Data Loss Prevention (DLP) policies can take protective actions to prevent unintentional sharing of sensitive items. When an action is taken on a sensitive item, you can be notified by configuring alerts for DLP. This article shows you how to define rich alert policies that are linked to your data loss prevention (DLP) policies. You'll see how to use the

-new DLP alert management dashboard in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> to view alerts, events, and associated metadata for DLP policy violations.

- alerts for DLP policies that are enforced on the following workloads:

-All eligible tenants for Office 365 DLP can access the new DLP alert management dashboard. To get started, you should be eligible for Office

-365 DLP for Exchange Online, SharePoint Online, and OneDrive for Business. For more information about the licensing requirements for Office 365 DLP, see [Which licenses provide the rights for a user to benefit from the service?](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#which-licenses-provide-the-rights-for-a-user-to-benefit-from-the-service-16).

-Customers who use [Endpoint DLP](endpoint-dlp-learn-about.md) who are eligible for [Teams DLP](dlp-microsoft-teams.md) will see their endpoint DLP policy alerts and Teams DLP policy alerts in the DLP alert management dashboard.

-To access the DLP alert management dashboard, you need the Manage alerts role and either of the following roles:

-To prevent a flood of notification emails, all matches that occur within a one-minute time window and are for the same DLP rule and on the same location are grouped together in the same alert. The one minute aggregation time window feature is available in:

-1. Select the **Sensitive Info Types** tab to view details about the sensitive information types detected in the content. Details include confidence and count.

-2. After you investigate the alert, choose **Manage alert** to change the status (**Active**, **Investigating**, **Dismissed**, or

- **Resolved**). You can also add comments and assign the alert to someone in your organization.

- - To see the history of workflow management, choose **Management log**.

- - After you take the required action for the alert, set the status of the alert to **Resolved**.

-|Has sender overriden the policy tip|Yes|No|No|No|

-This feature makes copies of items that match DLP policies on onboarded Windows devices and places those copies in an Azure storage account. These copies aren't held in a changless state and aren't evidence in the legal sense of the term. If you need to find and hold items for legal purposes, you should use the [Microsoft Purview eDiscovery solutions](ediscovery.md). Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases.

- When an item and the activity that a user is taking on that item match the conditions defined in a DLP policy, a **DLPRuleMatch** event shows up in [Activity explorer](data-classification-activity-explorer.md). This is true for every location that DLP supports. The **DLPRuleMatch** event contains a limited amount of the text that surrounds the matched content. This limited amount of text is called [contextual summary](dlp-learn-about-dlp.md#contextual-summary).

-It's important to understand the difference between evidence collection for file activities on devices and contextual summary. Evidence collection for file activities on devices is only available for onboarded Windows devices and saves a copy of the entire item that matched a policy to the Azure storage account. Contextual summary is captured for every DLP policy rule match and only contains a limited amount of the text that surrounds the target text that triggered the match.

-## Design consideration

-To comply with regulatory requirements, make sure that the Azure storage accounts that you use are in the same geo-political or regulatory boundaries as the devices that they're being copied from. Also, be aware of the geo-political location of the DLP investigators who will be accessing the sensitive items once they're saved. Consider using [Administrative units (preview)](microsoft-365-compliance-center-permissions.md#administrative-units-preview) to scope the administration of the users and devices that the DLP policy will be scoped to. To learn how to use data loss prevention to comply with data privacy regulations, see [Deploy information protection for data privacy regulations with Microsoft Purview](../solutions/information-protection-deploy.md) (aka.ms/m365dataprivacy).

-Evidence collection for file activities on devices supports up to 10 Azure storage accounts.

-To learn how to use data loss prevention to comply with data privacy regulations, see [Deploy information protection for data privacy regulations with Microsoft Purview](../solutions/information-protection-deploy.md) (aka.ms/m365dataprivacy).

-9. Note: It is critical that updates_disabled is set to false so that the extension can automatically update over time.

- - To test, try to save the file to a removeable media storage.

-[Endpoint data loss prevention (endpoint DLP)](endpoint-dlp-learn-about.md) extends the activity monitoring and protection capabilities of [Microsoft Purview data loss prevention (DLP)](dlp-learn-about-dlp.md) to sensitive items that are on Windows 10 devices. Once devices are onboarded into the Microsoft Purview solutions, the information about what users are doing with sensitive items is made visible in [activity explorer](data-classification-activity-explorer.md) and you can enforce protective actions on those items via [DLP policies](dlp-learn-about-dlp.md).

-Once the Firefox extension is installed on a Windows 10 device, organizations can monitor when a user attempts to access or upload a sensitive item to a cloud service using Mozilla Firefox and enforce protective actions via DLP.

-<!--For more information on planning for DLP, including suggestions for deployment based on your needs and resources, see [Planning for data loss prevention](dlp-plan-for-dlp.md).-->

-You can apply DLP policies to data at rest, data in use, and data in motion in locations, such as:

-Each one has different prerequisites. Sensitive items in some locations, like Exchange online, can be brought under the DLP umbrella by just configuring a policy that applies to them. Others, such as on-premises file repositories require a deployment of Azure Information Protection (AIP) scanner. You'll need to prepare your environment, code draft policies, and test them thoroughly before activating any blocking actions.

-Once the policy meets all your objectives, turn it on. Continue to monitor the outcomes of the policy application and tune as needed.

- - A predefined policy template: Financial data, Medical and health data, Privacy data all for various countries and regions.

-4. **Choose the conditions that must be matched for a policy to be applied to an item** - You can accept preconfigured conditions or define custom conditions. Some examples are:

- - Windows 10, Windows 11, and macOS (three latest released versions) Devices: Audit or restrict copying a sensitive item to a removeable USB device

- > The conditions and the actions to take are defined in an object called a Rule.

-After the policy's synced to the right locations, it starts to evaluate content and enforce actions.

-DLP reports a vast amount of information into Microsoft Purview from monitoring, policy matches and actions, and user activities. You'll need to consume and act on that information to tune your policies and triage actions taken on sensitive items. The telemetry goes into the [Microsoft Purview compliance portal Audit Logs](audit-log-search.md#search-the-audit-log-in-the-compliance-portal) first, is processed, and makes its way to different reporting tools. Each reporting tool has a different purpose.

-The Activity explorer tab on the DLP page has the *Activity* filter preset to *DLPRuleMatch*. Use this tool to review activity related to content that contains sensitive info or has labels applied, such as what labels were changed, files were modified, and matched a rule.

-<!---->

-You can view the last 30 days of DLP information in [Activity Axplorer](data-classification-activity-explorer.md) using these preconfigured filters:

-[Get-DlpDetailReport](/powershell/module/exchange/get-dlpdetailreport)

-[Get-DlpDetectionsReport](/powershell/module/exchange/get-dlpdetectionsreport)

-[Get-DlpSiDetectionsReport](/powershell/module/exchange/get-dlpsidetectionsreport)

-However, DLP reports need pull data from across Microsoft 365, including Exchange Online. For this reason, the following cmdlets for DLP reports are available in Exchange Online Powershell. To use the cmdlets for these DLP reports, do these steps:

-1. [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell)

-[Get-DlpDetailReport](/powershell/module/exchange/get-dlpdetailreport)

-[Get-MailDetailDlpPolicyReport](/powershell/module/exchange/get-maildetaildlppolicyreport)

-**DLPRuleMatch** events are paired with the user activity event. The should be right next to (or at least very close to) each other in Activity explorer. You'll want to look at both because the **user activity event** contains details about the matched policy and the **DLPRuleMatch** event contains the details about the text that surrounds the matched content.

-Over the years, Microsoft has provided eDiscovery tools that let you search, preview, and export email content from Exchange Online. However, these tools no longer offer an effective way to search for non-Exchange content in other Microsoft 365 services, such as SharePoint Online and Microsoft 365 Groups. To address this, Microsoft offers other eDiscovery tools that help you search for a wide variety of Microsoft 365 content. And we've been working hard to incorporate the most current and powerful eDiscovery functionality in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">compliance portal</a>. This allows organizations to respond to legal, internal, and other document requests for content across many Microsoft 365 services, including Exchange Online.

-As a result of this new and improved eDiscovery functionality in the compliance portal, we're retiring the following eDiscovery-related features and functionality related to searching for email content in Exchange Online and Microsoft 365:

-## In-Place eDiscovery and In-Place Holds in the Exchange admin center

-|Teams Video Clip (TVC)|Search TVC with "Video-Clip" keyword and "save as" a .mp4 file for each TVC attachment by right-clicking the preview (search by keyword will be available in October 2022). TVC data is discoverable in eDiscovery [review sets](/microsoft-365/compliance/add-data-to-review-set).

-The Microsoft Purview compliance portal supports directly managing permissions for users who perform compliance tasks in Microsoft 365. This update means you'll no longer have to use the Office 365 Security & Compliance Center to manage permissions for compliance solutions. Using the new **Permissions** page in the compliance portal, you can manage permissions to users for compliance tasks in features like device management, Microsoft Purview Data Loss Prevention, eDiscovery, insider risk management, retention, and many others. Users can perform only the compliance tasks that you explicitly grant them access to.

-|**Security reader**|View and investigate active threats to your Microsoft 365 users, devices, and content, but (unlike the Security operator) they do not have permissions to respond by taking action. For more information, see [Security Reader](/azure/active-directory/roles/permissions-reference#security-reader).|

- - [Disposition review and verification](disposition.md): Restricted administrators will be able to add reviewers only from within their assigned administrative units, and see disposition reviews and items disposed only from users within their assigned administrative units

-Now, when these restricted administrators create or edit policies that support administrative units, they can select administrative units so that only the users in those administrative units will be eligible for the policy:

-Complete the following steps to remove users or groups rom a Microsoft Purview role group:

-4. On the **Name the role group** page, enter a name for the custom role group in the **Name** field. The name of the role group cannot be changed after creation of the role group. If needed, enter a description for the custom role group in the **Description** field. Select **Next** to continue.

-4. On the **Name the role group** page, update the description for the custom role group in the **Description** field. The name of the custom role group cannot be changed. Select **Next**.

-Because of these changes, do not enable this setting if you have any apps, services, scripts, or tools in your organization that reads or writes labeling metadata to the old location. If you do, some example consequences:

- - **Let users assign permissions when they apply the label** and the checkbox **In Word, PowerPoint, and Excel, prompt users to specify permissions** is selected. This configuration is sometimes referred to as "user-defined permissions".

- - **User access to content expires** is set to a value other than **Never**.

- - **Double Key Encryption**

- For labels with any of these encryption configurations, the labels display in Office apps. However, when users select these labels and nobody else is editing the document, they're warned that co-authoring and AutoSave won't be available. If somebody else is editing the document, users see a message that the labels can't be applied.

-After you've enabled co-authoring for files with sensitivity labels for your tenant, you can't disable this setting in the compliance portal and this action is supported only by using PowerShell. This is not a setting that you casually disable, and why it's so important that you check and understand the prerequisites, consequences, and limitations before you enable the setting.

-Enabling this feature also results in SharePoint and OneDrive being able to process the contents of Office files that have been encrypted by using a sensitivity label. The label can be applied in Office for the web, or in Office desktop apps and uploaded or saved in SharePoint and OneDrive. Until you enable this feature, these services can't process encrypted files, which means that coauthoring, eDiscovery, data loss prevention, search, and other collaborative features won't work for these files.

-If you are currently protecting documents in SharePoint by using SharePoint Information Rights Management (IRM), be sure to check the [SharePoint Information Rights Management (IRM) and sensitivity labels](#sharepoint-information-rights-management-irm-and-sensitivity-labels) section on this page.

- - **Let users assign permissions when they apply the label** and the checkbox **In Word, PowerPoint, and Excel, prompt users to specify permissions** is selected. This setting is sometimes referred to as "user-defined permissions".

- For labels with any of these encryption configurations, the labels aren't displayed to users in Office for the web. If they are parent labels, this means that users wonΓÇÖt see that label's sublabels, even if the sublabels aren't configured to apply encryption.

- Additionally, the new capabilities can't be used with labeled documents that already have these encryption settings. For example, these documents won't be returned in search results, even if they are updated.

-6. After you have downloaded the file, run the file and follow the steps in the Setup Wizard.

-For example: You create and publish a new sensitivity label that applies encryption and it very quickly appears in a user's desktop app. The user applies this label to a document and then uploads it to SharePoint or OneDrive. If the label replication hasn't completed for the service, the new capabilities won't be applied to that document on upload. As a result, the document won't be returned in search or for eDiscovery and the document can't be opened in Office for the web.

-As a safeguard, we recommend publishing new labels to just a few test users first, wait for at least one hour, and then verify the label behavior on SharePoint and OneDrive. Wait at least a day before making the label available to more users by either adding more users to the existing label policy, or adding the label to an existing label policy for your standard users. By the time your standard users see the label, it has already synchronized to SharePoint and OneDrive.

-|[Let users assign permissions: <br /> - Prompt users for custom permissions (users, groups, and organizations)](encryption-sensitivity-labels.md#support-for-organization-wide-custom-permissions)|Current Channel: 2212+ <br /><br> Monthly Enterprise Channel: 2302+ <br /><br> Semi-Annual Enterprise Channel: 2302+|Under review|Under review|Under review| Under review|

-|iOS | | &#x2714; &sup1; &sup2; | |

-Customers can join a virtual appointment from any web browser or through the Microsoft Teams app. List here if your organization has additional specifications, such as a high-quality webcam or microphone. If your healthcare organization has integrated your Electronic Health Record (EHR) system with Teams, patients can join visits from your healthcare portal.

-## Week of May 08, 2023

-| Published On |Topic title | Change |

-|||--|

-| 5/8/2023 | [Security Operations Guide for Defender for Endpoint](/microsoft-365/security/defender-endpoint/mde-sec-ops-guide?view=o365-worldwide) | added |

-| 5/8/2023 | [Manual deployment for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide) | modified |

-| 5/8/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified |

-| 5/8/2023 | [Manage automation file uploads](/microsoft-365/security/defender-endpoint/manage-automation-file-uploads?view=o365-worldwide) | modified |

-| 5/8/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified |

-| 5/8/2023 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide) | modified |

-| 5/8/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified |

-| 5/8/2023 | [Administration guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-admin-guide?view=o365-worldwide) | added |

-| 5/8/2023 | [Security operations guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-operations-guide?view=o365-worldwide) | added |

-| 5/8/2023 | Add a new user to your network and systems | removed |

-| 5/8/2023 | [Maintain your environment](/microsoft-365/business-premium/m365bp-maintain-environment?view=o365-worldwide) | modified |

-| 5/8/2023 | [Secure managed and unmanaged devices](/microsoft-365/business-premium/m365bp-managed-unmanaged-devices?view=o365-worldwide) | modified |

-| 5/8/2023 | Remove company data from devices | removed |

-| 5/8/2023 | Reset Windows devices to their factory settings | removed |

-| 5/8/2023 | Reset passwords | removed |

-| 5/8/2023 | Security operations guide for Microsoft 365 Business Premium | removed |

-| 5/8/2023 | [Microsoft Purview Compliance Manager regulations list](/microsoft-365/compliance/compliance-manager-templates-list?view=o365-worldwide) | modified |

-| 5/8/2023 | Security Operations Guide for Defender for Endpoint | removed |

-| 5/9/2023 | [Security administration guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-admin-guide?view=o365-worldwide) | added |

-| 5/9/2023 | [Document compliance with Microsoft Syntex](/microsoft-365/syntex/scenario-document-compliance) | added |

-| 5/9/2023 | [Find content details with Microsoft Syntex](/microsoft-365/syntex/scenario-find-content-details) | added |

-| 5/9/2023 | [Generate documents in bulk with Microsoft Syntex](/microsoft-365/syntex/scenario-generate-documents-bulk) | added |

-| 5/9/2023 | [Automatically generate routine documents with Microsoft Syntex](/microsoft-365/syntex/scenario-generate-routine-documents) | added |

-| 5/9/2023 | [Handle incoming documents with Microsoft Syntex](/microsoft-365/syntex/scenario-handle-incoming-documents) | added |

-| 5/9/2023 | [Make information easier to find with Microsoft Syntex](/microsoft-365/syntex/scenario-organize-repositories) | added |

-| 5/9/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified |

-| 5/9/2023 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified |

-| 5/9/2023 | [Create and manage insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) | modified |

-| 5/9/2023 | [Get started with insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified |

-| 5/9/2023 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) | modified |

-| 5/9/2023 | [Scenarios and use cases for Microsoft Syntex](/microsoft-365/syntex/adoption-scenarios) | modified |

-| 5/9/2023 | [Protect against malware and other threats with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-against-malware-cyberthreats?view=o365-worldwide) | modified |

-| 5/9/2023 | [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) | modified |

-| 5/9/2023 | [Top 10 ways to secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified |

-| 5/10/2023 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365-business-premium-setup?view=o365-worldwide) | renamed |

-| 5/10/2023 | Sign up for Microsoft 365 Business Premium | removed |

-| 5/10/2023 | Get Microsoft 365 for Campaigns | removed |

-| 5/10/2023 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) | modified |

-| 5/10/2023 | [Setup overview for Microsoft 365 for Campaigns](/microsoft-365/business-premium/m365-campaigns-setup?view=o365-worldwide) | modified |

-| 5/10/2023 | [Why choose Microsoft 365 Business Premium? Productivity and security](/microsoft-365/business-premium/why-choose-microsoft-365-business-premium?view=o365-worldwide) | modified |

-| 5/10/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified |

-| 5/10/2023 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) | modified |

-| 5/10/2023 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365-business-premium-setup?view=o365-worldwide) | modified |

-| 5/10/2023 | Get Microsoft Defender for Business servers | removed |

-| 5/10/2023 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) | modified |

-| 5/10/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified |

-| 5/10/2023 | [Manage devices in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-worldwide) | modified |

-| 5/10/2023 | [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | modified |

-| 5/10/2023 | Recover from a ransomware attack | removed |

-| 5/11/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified |

-| 5/11/2023 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) | modified |

-| 5/11/2023 | [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) | modified |

-| 5/11/2023 | [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/reports-defender-for-office-365?view=o365-worldwide) | modified |

-| 5/11/2023 | [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) | modified |

-| 5/11/2023 | [Malaysia passport number entity definition](/microsoft-365/compliance/sit-defn-malaysia-passport-number?view=o365-worldwide) | added |

-| 5/11/2023 | [Singapore driver's license number entity definition](/microsoft-365/compliance/sit-defn-singapore-drivers-license-number?view=o365-worldwide) | added |

-| 5/11/2023 | [Singapore passport number entity definition](/microsoft-365/compliance/sit-defn-singapore-passport-number?view=o365-worldwide) | added |

-| 5/11/2023 | [South Korea driver's license number entity definition](/microsoft-365/compliance/sit-defn-south-korea-drivers-license-number?view=o365-worldwide) | added |

-| 5/11/2023 | [South Korea passport number entity definition](/microsoft-365/compliance/sit-defn-south-korea-passport-number?view=o365-worldwide) | added |

-| 5/11/2023 | [UAE identity card number entity definition](/microsoft-365/compliance/sit-defn-uae-identity-card-number?view=o365-worldwide) | added |

-| 5/11/2023 | [UAE passport number entity definition](/microsoft-365/compliance/sit-defn-uae-passport-number?view=o365-worldwide) | added |

-| 5/11/2023 | [Data Residency Legacy Move Program](/microsoft-365/enterprise/m365-dr-legacy-move-program?view=o365-worldwide) | modified |

-| 5/11/2023 | [Overview and Definitions](/microsoft-365/enterprise/m365-dr-overview?view=o365-worldwide) | modified |

-| 5/11/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified |

-| 5/12/2023 | [Restore a deleted Microsoft 365 group](/microsoft-365/admin/create-groups/restore-deleted-group?view=o365-worldwide) | modified |

-| 5/12/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified |

-| 5/12/2023 | [Malaysia passport number entity definition](/microsoft-365/compliance/sit-defn-malaysia-passport-number?view=o365-worldwide) | modified |

-| 5/12/2023 | [Singapore passport number entity definition](/microsoft-365/compliance/sit-defn-singapore-passport-number?view=o365-worldwide) | modified |

-| 5/12/2023 | [South Korea driver's license number entity definition](/microsoft-365/compliance/sit-defn-south-korea-drivers-license-number?view=o365-worldwide) | modified |

-| 5/12/2023 | [South Korea passport number entity definition](/microsoft-365/compliance/sit-defn-south-korea-passport-number?view=o365-worldwide) | modified |

-| 5/12/2023 | [UAE identity card number entity definition](/microsoft-365/compliance/sit-defn-uae-identity-card-number?view=o365-worldwide) | modified |

-| 5/12/2023 | [UAE passport number entity definition](/microsoft-365/compliance/sit-defn-uae-passport-number?view=o365-worldwide) | modified |

-| 5/12/2023 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) | modified |

-| 5/12/2023 | [Impersonation insight](/microsoft-365/security/office-365-security/anti-phishing-mdo-impersonation-insight?view=o365-worldwide) | modified |

-| 5/12/2023 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) | modified |

-description: Learn how to manage Loop components in Teams.

-# Overview of Loop components in Teams

-Loop components in Teams chat offer a new way to ideate, create, and make decisions together. Send a component - like a table, task list, or paragraph ΓÇö where everyone in your chat can edit inline and see changes as they're made.

-> Loop components is the first feature of the [Microsoft Loop app](https://www.microsoft.com/en-us/microsoft-loop) to become available in Teams.

-**Share components.** In this release, you can share Loop components into different Teams chats. Recipients can edit from wherever they are and see updates instantly no matter where the changes were made.

-**Start in chat, build from there.** Every component you create from Teams chat is automatically saved to a file in OneDrive. So, you might begin collaborating in chat then later move to the file on Office.com, where you have a larger visual space for editing and can add as many components as you like.

-For information on admin settings for Loop components in Teams, see [Manage Loop components in SharePoint](loop-components-sharepoint.md).

-Available on Teams apps on Windows, Mac, iOS, and Android.

-## Loop components and .fluid files

-Loop components created in Teams are backed by a .fluid (will be changed to .loop in the near future) file stored in the creator's OneDrive. Being a file in OneDrive means that users can create, discover, and manage Loop components (.fluid files) as easily as any Office document.

-## How are .fluid files stored?

-.fluid files appear on Office.com and OneDrive, such as in the Recent and Recommended areas. Users can search for content in .fluid files from Office.com and OneDrive. .fluid files can be restored to previous versions from OneDrive. To create Loop components chat participants must have a OneDrive account. Without a valid OneDrive account, chat participants might still be able to collaborate on a component created by other users who have a valid OneDrive account, but can't create their own.

-Moving a .fluid file from OneDrive to a SharePoint site will result in the live component failing to load in Teams chat.

-OneDrive retention policies apply to .fluid files just as they do to other content created by the user.

-## How are .fluid files shared?

-Loop components can be inserted in Teams chat or copied from one chat to another. (Loop components aren't yet supported in channels.) They default to the organization's existing permissions, but users can change permissions before sending to ensure everyone has access.

-Opening components from Teams chat in Office.com offers share functionality at the top of the window, similar to the sharing options offered for other Office documents.

-## What if a .fluid file becomes corrupted or damaged?

-## What apps can open and edit .fluid files?

-.fluid files can only be opened as links in your browser, such as Office.com, and as Loop components in Teams chat. If downloaded, they can't be opened again without first uploading them back to OneDrive or SharePoint.

-## Does .fluid files support eDiscovery?

-Currently, .fluid files are stored in the creator's OneDrive and are available for search and collection in eDiscovery (Standard) and available for search, collection, review, and export in eDiscovery (Premium). More information about eDiscovery support is outlined in the [Settings management](loop-components-sharepoint.md#settings-management-for-loop-functionality-in-teams) section.

-If you disable these experiences as outlined in the [Settings management](loop-components-sharepoint.md#settings-management-for-loop-functionality-in-teams) section, the following experience changes will apply:

-To view the list of devices that are onboarded to Defender for Business, go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). In the navigation pane, go to **Assets** > **Devices**.

-| **Global administrators** (also referred to as global admins) <p> *As a best practice, limit the number of global admins.* | Global admins can perform all kinds of tasks. The person who signed up your company for Microsoft 365 or for Defender for Business is a global administrator by default. <p> Global admins are able to modify settings across all Microsoft 365 portals, such as: <br/>- The Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com))<br/>- Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |

-| **Security administrators** (also referred to as security admins) | Security admins can perform the following tasks: <br/>- View and manage security policies<br/>- View and manage security threats and alerts (these activities include taking response actions on endpoints)<br/>- View security information and reports |

-| **Security reader** | Security readers can perform the following tasks:<br/>- View security policies<br/>- View security threats and alerts<br/>- View security information and reports |

- - Global administrator

- - Security administrator

- - Security reader

-| [Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md) <br/>[Defender for Endpoint Plan 1 or Plan 2](defender-endpoint-plan-1-2.md) | - [Automatic exclusions](#automatic-exclusions) (for Windows Server 2016 and later)<br/>- [Custom exclusions](#custom-exclusions), such as process-based exclusions, folder location-based exclusions, file extension exclusions, or contextual file and folder exclusions<br/>- [Custom remediation actions](#custom-remediation-actions) based on threat severity or for specific threats<br/><br/>*The standalone versions of Defender for Endpoint Plan 1 and Plan 2 don't include server licenses. To onboard servers, you'll need another license, such as Microsoft Defender for Endpoint for Servers or [Microsoft Defender for Servers Plan 1 or 2](/azure/defender-for-cloud/defender-for-servers-introduction). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).*<br/><br/>*If you're a small or medium-sized business using [Microsoft Defender for Business](../defender-business/mdb-overview.md), you can get [Microsoft Defender for Business servers](../defender-business/get-defender-business.md#how-to-get-microsoft-defender-for-business-servers).* |

-Defender for Endpoint Plan 1 and 2 (standalone), Defender for Business (standalone), and Microsoft 365 Business Premium don't include server licenses. To onboard servers, choose from the following options:

-## More resources

-> [!TIP]

-> For more details about supported operating systems, see the following articles:

->

-> - [Defender for Endpoint Hardware and software requirements](minimum-requirements.md#hardware-and-software-requirements)

-> - [Defender for Endpoint capabilities by platform](supported-capabilities-by-platform.md)

-> - [Microsoft licensing and product terms](https://www.microsoft.com/en-us/licensing/product-licensing/products)

-| Operating systems | Windows 11, or Windows 10, version 1709, or later <br/>macOS (the three most recent releases are supported) <br/>iOS <br/>Android OS <br/><br/>Note that the standalone version of Defender for Endpoint Plan 1 does not include server licenses. To onboard servers, you'll need either Microsoft Defender for Endpoint for Servers, or Defender for Servers Plan 1 or Plan 2 (as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)) offering. To learn more. see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md). |

-> - The standalone versions of [Defender for Endpoint Plan 1 and Plan 2](defender-endpoint-plan-1-2.md) do not include server licenses. To onboard servers to those plans, you'll need either Defender for Endpoint for Servers, or Defender for Servers Plan 1 or Plan 2 (as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) offering). To learn more. see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).

-keywords: Network protection, exploits, malicious website, ip, domain, domains, command and control, SmartScreen, toast notification

-ms.sitesec: library

-ms.pagetype: security

-> Network protection does not monitor msedge.exe on Windows devices.

-> For Mac and Linux, you must have network protection in block mode to get support for these features in Edge.

-> For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage Network Protection for inspection and enforcement:

-keywords: migration, Microsoft Defender for Endpoint, best practice

-ms.sitesec: library

-ms.pagetype: security

-> The standalone versions of Defender for Endpoint Plan 1 and Plan 2 do not include server licenses. To onboard servers, you'll need an additional license, such as either Defender for Endpoint for Servers, or [Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).

-> The standalone versions of Defender for Endpoint Plan 1 and Plan 2 do not include server licenses. To onboard servers, you'll need an additional license, such as either Defender for Endpoint for Servers, or [Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).

-keywords: MMA, agent, azure log

-ms.sitesec: library

-ms.pagetype: security

-In ant-phishing policies, you can control whether `p=quarantine` or `p=reject` values in sender DMARC policies are honored. If a messages fails DMARC checks, you can specify separate actions for `p=quarantine` or `p=reject` in the sender's DMARC policy. The following settings are involved:

- :::image type="content" source="../../media/safety-tip-first-contact-multiple-recipients.png" alt-text="The First contact safety tip for messages with with multiple recipients" lightbox="../../media/safety-tip-first-contact-multiple-recipients.png":::

-By default, Syntex processes a file every time the file is uploaded or edited. If you want Syntex to process new files only and not every time a file is modified, you can enable the setting.

-3. On the **Manage Microsoft Syntex** page, select **OCR**.

-4. On the **OCR** page, select the SharePoint libraries where you want to enable OCR. The default is no SharePoint libraries, but you can select **Edit** to choose specific SharePoint libraries or to choose all SharePoint libraries.

-## Scenarios and use cases

- :::column span="3":::

- Syntex can help your organization automate business processes, improve search accuracy, and manage compliance risk.

- With content AI services and capabilities, you can build content understanding and classification directly into the content management flow.

- :::column-end:::

- :::column span="":::

- 

- :::column-end:::

-[Learn more about how to use Syntex to streamline processes in your organization.](adoption-scenarios.md)