Updates from: 06/21/2022 01:11:35
Category Microsoft Docs article Related commit history on GitHub Change details
bookings Add Staff https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/add-staff.md
Although Bookings is a feature of Microsoft 365, not all of your staff members a
## Steps
-1. Choose your calendar from the homepage.
+1. Choose your calendar from the homepage.
2. Go to staff option in left pane and select **Add new staff**.
bookings Create A Manual Booking https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/create-a-manual-booking.md
description: "Follow these instructions to create an appointment and assign an e
Bookings can be scheduled and staffed in two different ways. The first way is by the customer using a standalone booking page or an embedded booking page that you add to your website. The other way is for you or one of your employees to enter the bookings manually, such as when a customer calls for an appointment. This article covers the manual scenario.
+## Watch: Create a manual booking
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Zd77]
+
+## Steps
+ 1. In Microsoft 365, select the App launcher, and then select **Bookings**. 1. In the navigation pane, select **Calendar** \> **New booking**.
bookings Customize Booking Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/customize-booking-page.md
The Booking Page is where you set up what your external facing booking page will
To customize your booking page, sign in to [Office.com](https://office.com), and then go to **Bookings** \> **Booking page**. You can customize the booking page with the following options. Once you've setup up your Booking Page, you can publish it so people can start booking appointments with you.
+## Watch: Customize and publish your booking page
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWuYil]
+
+## Steps
+ 1. In Microsoft 365, select the app launcher, and then select **Bookings**. 1. Choose your calendar.
Once you publish your booking page, customers will see your booking page where t
:::image type="content" source="media/bookings-self-service-2.png" alt-text="Customer facing booking page.":::
-## Publish the booking page
+<!-- ## Publish the booking page
Watch this video or follow the steps below to publish or unpublish your booking page.
Watch this video or follow the steps below to publish or unpublish your booking
1. Select **Save and publish**. You'll see a confirmation message.
-1. Select **Open published page** to see your page in a web browser.
+1. Select **Open published page** to see your page in a web browser. -->
## Unpublish the booking page
bookings Define Service Offerings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/define-service-offerings.md
When you define your service offerings in Microsoft Bookings, you set a service
You can also add customized information and URLs to the email confirmation and reminders that you send when someone books a service through your booking page.
-## Create the service details
+## Watch: Create a new service
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWuKXH]
+
+## Steps
1. In Microsoft 365, select the App launcher, and then select **Bookings**.
bookings Employee Hours https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/employee-hours.md
Watch this video or follow the steps below to set an employee's working hours.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWuXUq]
-## Customize employee working hours
+## Steps
1. In Microsoft 365, select the app launcher, and then select **Bookings**.
bookings Schedule Closures Time Off Vacation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/schedule-closures-time-off-vacation.md
Schedule business closures or employee off.
1. In Microsoft 365, select the app launcher, and then select **Bookings**.
-1. Choose your calendar.
+1. Choose your calendar.
1. In the top navigation pane, select **Add time off**.
compliance Compliance Easy Trials https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials.md
Wondering what you can experience in your free trial? The Purview solutions tria
When the trial ends: - Your existing policies will stay turned on unless you turn them off.
- - If you edit DLP policies that include either the Teams or Devices locations after the trial ends, those locations will be removed from the policy.
+ - You'll no longer be able to edit or add Teams or Devices locations in existing or new policies.
- **eDiscovery**
compliance Microsoft 365 Solution Catalog https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/microsoft-365-solution-catalog.md
[!include[Purview banner](../includes/purview-rebrand-banner.md)]
-Are you looking for a way to quickly get started with compliance tasks in Microsoft 365? Check out the [Microsoft Purview solution catalog](https://compliance.microsoft.com/solutioncatalog) to discover, learn, and quickly get started with compliance and risk management solutions.
+Are you looking for a way to quickly get started with compliance tasks in Microsoft Purview? Check out the [Microsoft Purview solution catalog](https://compliance.microsoft.com/solutioncatalog) to discover, learn, and quickly get started with compliance and risk management solutions.
-Compliance solutions in Microsoft 365 are collections of integrated capabilities you can use to help you manage end-to-end compliance scenarios. A solution's capabilities and tools might include a combination of policies, alerts, reports, and more.
+Compliance solutions in Microsoft Purview are collections of integrated capabilities you can use to help you manage end-to-end compliance scenarios. A solution's capabilities and tools might include a combination of policies, alerts, reports, and more.
-Read this article to get acquainted with the new solution catalog in the Microsoft Purview compliance portal, [how to get it](#how-do-i-get-this) and your [next steps](#next-steps).
+Read this article to get acquainted with the new solution catalog in the Microsoft Purview compliance portal, [how to access](#how-do-i-access) and your [next steps](#next-steps).
## Catalog organization
The **Information protection & governance** section shows you at a glance how yo
From here, you'll see cards for the following solutions: -- [Microsoft Purview Data Loss Prevention](dlp-learn-about-dlp.md): Detects sensitive content as it's used and shared throughout your organization, in the cloud and on devices, and helps prevent accidental data loss.-- [Data Lifecycle Management](manage-data-governance.md): Manages your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you don't.-- [Information protection](information-protection.md): Discovers, classifies, and protects sensitive and business-critical content throughout its lifecycle across your organization.-- [Records management](records-management.md): Uses intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization.
+- [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp): Detects sensitive content as it's used and shared throughout your organization, in the cloud and on devices, and helps prevent accidental data loss.
+- [Data Lifecycle Management](/microsoft-365/compliance/manage-data-governance): Manages your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you don't.
+- [Information protection](/microsoft-365/compliance/information-protection): Discovers, classifies, and protects sensitive and business-critical content throughout its lifecycle across your organization.
+- [Records management](/microsoft-365/compliance/records-management): Uses intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization.
+
+## Privacy section
+
+The **Privacy** section on the home page shows you at a glance how your organization can build a more privacy-resilient workplace.
+
+![Microsoft Purview solution catalog privacy section.](../media/m365-solution-catalog-privacy.png)
+
+From here, you'll see cards for the following solutions:
+
+- [Privacy management](/privacy/priva/priva-overview): Generates actionable insights on enterprise personal data to help you spot issues and reduce risks. Provides easy-to-use policy templates that empower employees to safeguard data, and automation features for a smoother subject rights request process.
## Insider risk management section
The **Insider risk management** section on the home page shows you at a glance h
From here, you'll see cards for the following solutions: -- [Communication compliance](communication-compliance.md): Minimizes communication risks by helping you automatically capture inappropriate messages, investigate possible policy violations, and take steps to minimize harm.-- [Insider risk management](insider-risk-management.md): Detect risky activity across your organization to help you quickly identify, investigate, and take action on insider risks and threats.
+- [Communication compliance](/microsoft-365/compliance/communication-compliance): Minimizes communication risks by helping you automatically capture inappropriate messages, investigate possible policy violations, and take steps to minimize harm.
+- [Insider risk management](/microsoft-365/compliance/insider-risk-management): Detect risky activity across your organization to help you quickly identify, investigate, and take action on insider risks and threats.
## Discovery & response section
The **Discovery & response** section on the home page shows you at a glance how
From here, you'll see cards for the following solutions: -- [Audit](search-the-audit-log-in-security-and-compliance.md): Records user and admin activity from your organization so you can search the audit log and investigate a comprehensive list of activities across all locations and services.
+- [Audit](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance): Records user and admin activity from your organization so you can search the audit log and investigate a comprehensive list of activities across all locations and services.
- [Data subject requests](/compliance/regulatory/gdpr-manage-gdpr-data-subject-requests-with-the-dsr-case-tool): Finds and exports a user's personal data to help you respond to data subject requests for GDPR.-- [eDiscovery](manage-legal-investigations.md)
- - [eDiscovery (Standard)](./get-started-core-ediscovery.md): Searches across content locations to identify, preserve, and export data in response to legal discovery requests and eDiscovery cases.
- - [eDiscovery (Premium)](overview-ediscovery-20.md): Builds on eDiscovery capabilities by providing intelligent analytics and machine learning to help you further analyze data that's relevant to discovery requests.
+- [eDiscovery](/microsoft-365/compliance/manage-legal-investigations)
+ - [eDiscovery (Standard)](/microsoft-365/compliance/get-started-core-ediscovery): Searches across content locations to identify, preserve, and export data in response to legal discovery requests and eDiscovery cases.
+ - [eDiscovery (Premium)](/microsoft-365/compliance/overview-ediscovery-20): Builds on eDiscovery capabilities by providing intelligent analytics and machine learning to help you further analyze data that's relevant to discovery requests.
-## How do I get this?
+## How do I access?
-To visit the Microsoft Purview solution catalog, go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and sign in as a global administrator, compliance administrator, or compliance data administrator. Select **Catalog** in the navigation pane on the left side of the screen to open the catalog home page.
+To visit the Microsoft Purview solution catalog, go to the [compliance portal](https://compliance.microsoft.com) and sign in as a global administrator, compliance administrator, or compliance data administrator. Select **Catalog** in the navigation pane on the left side of the screen to open the catalog home page.
## Next steps -- **Visit Microsoft Purview Compliance Manager**, which helps you understand your organization's state of compliance with key standards and regulations. It provides recommended actions you can take to strengthen your overall compliance posture, and provides workflow capabilities to help you efficiently carry out those actions. To learn more, see [Compliance Manager](compliance-manager.md).--- **Configure insider risk management policies** to help minimize internal risks and enable you to detect, investigate, and take action for risky activities in your organization. See [Learn about insider risk management](insider-risk-management.md).--- **Learn about and create Communication compliance policies** to quickly identify and remediate corporate code-of-conduct policy violations. See [Communication compliance](communication-compliance.md).
+- **Visit Microsoft Purview Compliance Manager**, which helps you understand your organization's state of compliance with key standards and regulations. It provides recommended actions you can take to strengthen your overall compliance posture, and provides workflow capabilities to help you efficiently carry out those actions. To learn more, see [Compliance Manager](/microsoft-365/compliance/compliance-manager).
+- **Configure insider risk management policies** to help minimize internal risks and enable you to detect, investigate, and take action for risky activities in your organization. See [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management).
+- **Learn about and create Communication compliance policies** to quickly identify and remediate corporate code-of-conduct policy violations. See [Communication compliance](/microsoft-365/compliance/communication-compliance).
- **Microsoft Purview Information Protection**, learn how Microsoft Purview solutions help you discover, classify, and protect sensitive information wherever it lives or travels. - **Get acquainted with and set up Microsoft Defender for Cloud Apps**. See [Quickstart: Get started with Microsoft Defender for Cloud Apps](/cloud-app-security/getting-started-with-cloud-app-security).
- - **Get started with classifiers**. Classifying content and then labeling it so it can be protected and handled properly is the starting place for the information protection discipline. See [Learn about trainable classifiers (preview)](classifier-learn-about.md).
-
+ - **Get started with classifiers**. Classifying content and then labeling it so it can be protected and handled properly is the starting place for the information protection discipline. See [Learn about trainable classifiers (preview)](/microsoft-365/compliance/classifier-learn-about).
- **Visit your Microsoft Purview solution catalog often**, and make sure to review new solutions to help you with your compliance needs. Sign in at [https://compliance.microsoft.com](https://compliance.microsoft.com) and then select **Catalog** in the left navigation pane.
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
ms.prod: microsoft-365-enterprise
f1.keywords: - NOCSH Previously updated : 05/05/2022 Last updated : 06/20/2022 - it-pro
Commonly, during mergers or divestitures, you need the ability to move your user's Exchange Online mailbox into a new tenant. Cross-tenant mailbox migration allows tenant administrators to use well-known interfaces like Exchange Online PowerShell and MRS to transition users to their new organization.
-Administrators can use the New-MigrationBatch cmdlet, available through the Move Mailboxes management role, to execute cross-tenant moves.
+Administrators can use the **New-MigrationBatch** cmdlet, available through the _Move Mailboxes_ management role, to execute cross-tenant moves.
Users migrating must be present in the target tenant Exchange Online system as MailUsers, marked with specific attributes to enable the cross-tenant moves. The system will fail moves for users that aren't properly set up in the target tenant.
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
### How do I know this worked?
-You can verify cross-tenant mailbox migration configuration by running [Test-MigrationServerAvailability](/powershell/module/exchange/Test-MigrationServerAvailability) cmdlet against the cross-tenant migration endpoint that you created on your target tenant.
+You can verify cross-tenant mailbox migration configuration by running the [Test-MigrationServerAvailability](/powershell/module/exchange/Test-MigrationServerAvailability) cmdlet against the cross-tenant migration endpoint that you created on your target tenant.
- > [!NOTE]
- >
- > - Target tenant:
- >
- > Test-MigrationServerAvailability -Endpoint "[the name of your cross-tenant migration endpoint]"
- >
- > Get-OrganizationRelationship | fl name, DomainNames, MailboxMoveEnabled, MailboxMoveCapability
- >
- > - Source tenant:
- >
- > Get-OrganizationRelationship | fl name, DomainNames, MailboxMoveEnabled, MailboxMoveCapability
+```powershell
+Test-MigrationServerAvailability -EndPoint "Migration endpoint for cross-tenant mailbox moves" - TestMailbox "Primary SMTP of MailUser object in target tenant"
+```
### Move mailboxes back to the original source
Ensure the following objects and attributes are set in the target organization.
- UserPrincipalName: UPN will align to the user's NEW identity or target company (for example, user@northwindtraders.onmicrosoft.com). - Primary SMTPAddress: Primary SMTP address will align to the user's NEW company (for example, user@northwind.com). - TargetAddress/ExternalEmailAddress: MailUser will reference the user's current mailbox hosted in source tenant (for example user@contoso.onmicrosoft.com). When assigning this value, verify that you have/are also assigning PrimarySMTPAddress or this value will set the PrimarySMTPAddress, which will cause move failures.
- - You canΓÇÖt add legacy smtp proxy addresses from source mailbox to target MailUser. For example, you canΓÇÖt maintain contoso.com on the MEU in fabrikam.onmicrosoft.com tenant objects). Domains are associated with one Azure AD or Exchange Online tenant only.
+ - You can't add legacy smtp proxy addresses from source mailbox to target MailUser. For example, you can't maintain contoso.com on the MEU in fabrikam.onmicrosoft.com tenant objects). Domains are associated with one Azure AD or Exchange Online tenant only.
Example **target** MailUser object:
Once the mailbox moves from source to target, you should ensure that the on-prem
## Frequently asked questions
-**Do we need to update RemoteMailboxes in source on-premises after the move?**
+### Do we need to update RemoteMailboxes in source on-premises after the move?
Yes, you should update the targetAddress (RemoteRoutingAddress/ExternalEmailAddress) of the source on-premises users when the source tenant mailbox moves to target tenant. While mail routing can follow the referrals across multiple mail users with different targetAddresses, Free/Busy lookups for mail users MUST target the location of the mailbox user. Free/Busy lookups will not chase multiple redirects.
-**Do Teams meetings migrate cross-tenant?**
+### Do Teams meetings migrate cross-tenant?
The meetings will move, however the Teams meeting URL does not update when items migrate cross-tenant. Since the URL will be invalid in the target tenant, you will need to remove and recreate the Teams meetings.
-**Does the Teams chat folder content migrate cross-tenant?**
+### Does the Teams chat folder content migrate cross-tenant?
No, the Teams chat folder content does not migrate cross-tenant.
-**How can I see just moves that are cross-tenant moves, not my onboarding and off-boarding moves?**
+### How can I see just moves that are cross-tenant moves, not my onboarding and off-boarding moves?
Use the _Flags_ parameter. Here is an example.
Use the _Flags_ parameter. Here is an example.
Get-MoveRequest -Flags "CrossTenant" ```
-**Can you provide example scripts for copying attributes used in testing?**
+### Can you provide example scripts for copying attributes used in testing?
> [!NOTE] > SAMPLE ΓÇô AS IS, NO WARRANTY
Get-MoveRequest -Flags "CrossTenant"
Start-ADSyncSyncCycle ```
-**How do we access Outlook on Day 1 after the use mailbox is moved?**
+### How do we access Outlook on Day 1 after the use mailbox is moved?
Since only one tenant can own a domain, the former primary SMTPAddress will not be associated to the user in the target tenant when the mailbox move completes; only those domains associated with the new tenant. Outlook uses the users new UPN to authenticate to the service and the Outlook profile expects to find the legacy primary SMTPAddress to match the mailbox in the target system. Since the legacy address is not in the target System the outlook profile will not connect to find the newly moved mailbox.
For this initial deployment, users will need to rebuild their profile with their
> [!NOTE] > Plan accordingly as you batch your users for completion. You need to account for network utilization and capacity when Outlook client profiles are created and subsequent OST and OAB files are downloaded to clients.
-**What Exchange RBAC roles do I need to be member of to set up or complete a cross-tenant move?**
+### What Exchange RBAC roles do I need to be member of to set up or complete a cross-tenant move?
There is a matrix of roles based on assumption of delegated duties when executing a mailbox move. Currently, two roles are required:
There is a matrix of roles based on assumption of delegated duties when executin
- The role of executing the actual move commands can be delegated to a lower-level function. The role of Move Mailboxes is assigned to the capability of moving mailboxes in or out of the organization.
-**How do we target which SMTP address is selected for targetAddress (TargetDeliveryDomain) on the converted mailbox (to MailUser conversion)?**
+### How do we target which SMTP address is selected for targetAddress (TargetDeliveryDomain) on the converted mailbox (to MailUser conversion)?
Exchange mailbox moves using MRS craft the targetAddress on the original source mailbox when converting to a MailUser by matching an email address (proxyAddress) on the target object. The process takes the -TargetDeliveryDomain value passed into the move command, then checks for a matching proxy for that domain on the target side. When we find a match, the matching proxyAddress is used to set the ExternalEmailAddress (targetAddress) on the converted mailbox (now MailUser) object.
-**How do mailbox permissions transition?**
+### How do mailbox permissions transition?
Mailbox permissions include Send on Behalf of and Mailbox Access: - Send On Behalf Of (AD:publicDelegates) stores the DN of recipients with access to a user's mailbox as a delegate. This value is stored in Active Directory and currently does not move as part of the mailbox transition. If the source mailbox has publicDelegates set, you will need to restamp the publicDelegates on the target Mailbox once the MEU to Mailbox conversion completes in the target environment by running `Set-Mailbox <principle> -GrantSendOnBehalfTo <delegate>`. -- Mailbox Permissions that are stored in the mailbox will move with the mailbox when both the principal and the delegate are moved to the target system. For example, the user TestUser_7 is granted FullAccess to the mailbox TestUser_8 in the tenant SourceCompany.onmicrosoft.com. After the mailbox move completes to TargetCompany.onmicrosoft.com, the same permissions are set up in the target directory. Examples using *Get-MailboxPermission* for TestUser_7 in both source and target tenants are shown below. Exchange cmdlets are prefixed with source and target accordingly.
+- Mailbox Permissions that are stored in the mailbox will move with the mailbox when both the principal and the delegate are moved to the target system. For example, the user TestUser_7 is granted FullAccess to the mailbox TestUser_8 in the tenant SourceCompany.onmicrosoft.com. After the mailbox move completes to TargetCompany.onmicrosoft.com, the same permissions are set up in the target directory. Examples using _Get-MailboxPermission_ for TestUser_7 in both source and target tenants are shown below. Exchange cmdlets are prefixed with source and target accordingly.
Here is an example of the output of the mailbox permission before a move.
TestUser_8@TargetCompany.onmicrosoft.com {FullAccess}
> [!NOTE] > Cross-tenant mailbox and calendar permissions are NOT supported. You must organize principals and delegates into consolidated move batches so that these connected mailboxes are transitioned at the same time from the source tenant.
-**What X500 proxy should be added to the target MailUser proxy addresses to enable migration?**
+### What X500 proxy should be added to the target MailUser proxy addresses to enable migration?
The cross-tenant mailbox migration requires that the LegacyExchangeDN value of the source mailbox object to be stamped as an x500 email address on the target MailUser object.
x500:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn
> [!NOTE] > In addition to this X500 proxy, you will need to copy all X500 proxies from the mailbox in the source to the mailbox in the target.
-**Can the source and target tenant utilize the same domain name?**
+### Can the source and target tenant utilize the same domain name?
No. The source and target tenant domain names must be unique. For example, a source domain of contoso.com and the target domain of fourthcoffee.com.
-**Will shared mailboxes move and still work?**
+### Will shared mailboxes move and still work?
Yes, however, we only keep the store permissions as described in these articles:
Yes, however, we only keep the store permissions as described in these articles:
- [Microsoft Support | How to grant Exchange and Outlook mailbox permissions in Office 365 dedicated](https://support.microsoft.com/topic/how-to-grant-exchange-and-outlook-mailbox-permissions-in-office-365-dedicated-bac01b2c-08ff-2eac-e1c8-6dd01cf77287)
-**Do you have any recommendations for batches?**
+### Do you have any recommendations for batches?
Do not exceed 2000 mailboxes per batch. We strongly recommend submitting batches two weeks prior to the cut-over date as there is no impact on the end users during synchronization. If you need guidance for mailboxes quantities over 50,000 you can reach out to the Engineering Feedback Distribution List at crosstenantmigrationpreview@service.microsoft.com.
-**What if I use Service encryption with Customer Key?**
+### What if I use Service encryption with Customer Key?
The mailbox will be decrypted prior to moving. Ensure Customer Key is configured in the target tenant if it is still required. See [here](/microsoft-365/compliance/customer-key-overview) for more information.
-**What is the estimated migration time?**
+### What is the estimated migration time?
To help you plan your migration, the table present [here](/exchange/mailbox-migration/office-365-migration-best-practices#estimated-migration-times) shows the guidelines about when to expect bulk mailbox migrations or individual migrations to complete. These estimates are based on a data analysis of previous customer migrations. Because every environment is unique, your exact migration velocity may vary. Do remember that this feature is currently in preview and the SLA, and any applicable Service Levels do not apply to any performance or availability issues during the preview status of this feature.
-**Protecting documents in the source tenant consumable by users in the destination tenant.**
+### Protecting documents in the source tenant consumable by users in the destination tenant.**
Cross-tenant migration only migrates mailbox data and nothing else. There are multiple other options, which are documented in the following blog post that may help: <https://techcommunity.microsoft.com/t5/security-compliance-and-identity/mergers-and-spinoffs/ba-p/910455>
-**Can I have the same labels in the destination tenant as you had in the source tenant, either as the only set of labels or an additional set of labels for the migrated users depending on alignment between the organizations.**
+### Can I have the same labels in the destination tenant as you had in the source tenant, either as the only set of labels or an additional set of labels for the migrated users depending on alignment between the organizations.**
Because cross-tenant migrations do not export labels and there is no way to share labels between tenants, you can only achieve this by recreating the labels in the destination tenant.
-**Do you support moving Microsoft 365 Groups?**
+### Do you support moving Microsoft 365 Groups?
Currently the Cross-Tenant mailbox migrations feature does not support the migration of Microsoft 365 Groups.
-**Can a source tenant admin perform an eDiscovery search against a mailbox after the mailbox has been migrated to the new/target tenant?**
+### Can a source tenant admin perform an eDiscovery search against a mailbox after the mailbox has been migrated to the new/target tenant?
No, after a cross tenant mailbox migration, eDiscovery against the migrated user's mailbox in the source does not work. This is because there is no longer a mailbox in the source to search against as the mailbox has been migrated to the target tenant and now belongs to the target tenant. eDiscovery, post mailbox migration can only be done in the target tenant (where the mailbox now exists). If a copy of the source mailbox needs to persist in the source tenant after migration, the admin in the source can copy the contents to an alternate mailbox pre migration for future eDiscovery operations against the data.
+### At which point will the destination MailUser be converted to a destination mailbox and the source mailbox converted to a source MailUser?
+
+These conversions happen automatically during the migration process. No manual steps are necessary.
+
+### At which step should I assign the Exchange Online license to destination MailUsers?
+
+This can be done before the migration is complete, but you should not assign a license prior to stamping the _ExchangeGuid_ attribute or the conversion of MailUser object to mailbox will fail and a new mailbox will be created instead. To mitigate this risk, it is best to wait until after the migration is complete, and assign licenses during the 30 day grace period.
+ ## Known issues - **Issue: Post migration Teams functionality in the source tenant will be limited.** After the mailbox is migrated to the target tenant, Teams in the source tenant will no longer have access to the user's mailbox. So, if a user logs into Teams with the source tenant credential, then there will be a loss of functionality such as the inability to update your profile picture, no calendar application, and an inability to search and join public teams.
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of June 13, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 6/13/2022 | [Investigate data loss incidents with Microsoft 365 Defender](/microsoft-365/security/defender/investigate-dlp?view=o365-21vianet) | added |
+| 6/13/2022 | [Microsoft Defender for Cloud Apps in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-21vianet) | added |
+| 6/13/2022 | [Microsoft 365 Defender streaming event types supported in Event Streaming API](/microsoft-365/security/defender/supported-event-types?view=o365-21vianet) | modified |
+| 6/13/2022 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
+| 6/14/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
+| 6/14/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
+| 6/14/2022 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
+| 6/14/2022 | [Add a new user to your network and systems](/microsoft-365/business-premium/m365bp-add-users?view=o365-21vianet) | added |
+| 6/14/2022 | [Reset passwords](/microsoft-365/business-premium/m365bp-reset-passwords?view=o365-21vianet) | added |
+| 6/14/2022 | [Audit new search](/microsoft-365/compliance/audit-new-search?view=o365-21vianet) | added |
+| 6/14/2022 | [Security incident management](/microsoft-365/business-premium/m365bp-security-incident-management?view=o365-21vianet) | modified |
+| 6/14/2022 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-21vianet) | modified |
+| 6/14/2022 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 6/14/2022 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
+| 6/14/2022 | [Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/purview-compliance?view=o365-21vianet) | added |
+| 6/15/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
+| 6/15/2022 | [Partner access through Microsoft Defender for Endpoint APIs](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners?view=o365-21vianet) | modified |
+| 6/15/2022 | [Create an app to access Microsoft Defender for Endpoint without a user](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-21vianet) | modified |
+| 6/15/2022 | [Create an app to access Microsoft 365 Defender APIs on behalf of a user](/microsoft-365/security/defender/api-create-app-user-context?view=o365-21vianet) | modified |
+| 6/15/2022 | [Create an app to access Microsoft 365 Defender without a user](/microsoft-365/security/defender/api-create-app-web?view=o365-21vianet) | modified |
+| 6/15/2022 | [Partner access through Microsoft 365 Defender APIs](/microsoft-365/security/defender/api-partner-access?view=o365-21vianet) | modified |
+| 6/15/2022 | [Automatically apply a retention label](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-21vianet) | modified |
+| 6/15/2022 | [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about?view=o365-21vianet) | modified |
+| 6/15/2022 | [Learn about assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates?view=o365-21vianet) | modified |
+| 6/15/2022 | [Network connectivity in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) | modified |
+| 6/15/2022 | [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-21vianet) | modified |
+| 6/15/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
+| 6/15/2022 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop?view=o365-21vianet) | modified |
+| 6/15/2022 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies?view=o365-21vianet) | modified |
+| 6/15/2022 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |
+| 6/15/2022 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
+| 6/15/2022 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-21vianet) | modified |
+| 6/15/2022 | [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments?view=o365-21vianet) | modified |
+| 6/15/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
+| 6/15/2022 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-attachments-policies?view=o365-21vianet) | modified |
+| 6/15/2022 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-links-policies?view=o365-21vianet) | modified |
+| 6/16/2022 | [Request to change access level](/microsoft-365/test-base/accesslevel?view=o365-21vianet) | added |
+| 6/16/2022 | [Admin training video library # < 60 chars](/microsoft-365/admin/admin-video-library?view=o365-21vianet) | modified |
+| 6/16/2022 | [Common mistakes to avoid when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 6/16/2022 | [Microsoft Defender Antivirus Virtual Desktop Infrastructure deployment guide](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 6/16/2022 | [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-21vianet) | modified |
+| 6/16/2022 | [Microsoft Defender for Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-21vianet) | modified |
+| 6/16/2022 | [Use Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo?view=o365-21vianet) | modified |
+| 6/16/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
+| 6/16/2022 | [View the results of an automated investigation in Microsoft 365](/microsoft-365/security/office-365-security/air-view-investigation-results?view=o365-21vianet) | modified |
+| 6/16/2022 | [Ensuring you always have the optimal security controls with preset security policies](/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies?view=o365-21vianet) | modified |
+| 6/17/2022 | [Microsoft 365 admin center Project activity ](/microsoft-365/admin/activity-reports/project-activity?view=o365-21vianet) | added |
+| 6/17/2022 | [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
+| 6/17/2022 | [Allow or block emails using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-email-spoof?view=o365-21vianet) | added |
+| 6/17/2022 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-files?view=o365-21vianet) | added |
+| 6/17/2022 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-urls?view=o365-21vianet) | added |
+| 6/17/2022 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/manage-tenant-allow-block-list?view=o365-21vianet) | added |
+| 6/17/2022 | [Deploy Microsoft Whiteboard on Windows 10 devices](/microsoft-365/whiteboard/deploy-on-windows-organizations?view=o365-21vianet) | added |
+| 6/17/2022 | [Enable and manage access to Microsoft Whiteboard for GCC High environments](/microsoft-365/whiteboard/enable-whiteboard-access-gcc-high?view=o365-21vianet) | added |
+| 6/17/2022 | [Enable and manage access to Microsoft Whiteboard for your organization](/microsoft-365/whiteboard/enable-whiteboard-access-organizations?view=o365-21vianet) | added |
+| 6/17/2022 | [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-21vianet) | added |
+| 6/17/2022 | [Manage clients for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-clients-gcc-high?view=o365-21vianet) | added |
+| 6/17/2022 | [Manage data for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-data-gcc-high?view=o365-21vianet) | added |
+| 6/17/2022 | [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-21vianet) | added |
+| 6/17/2022 | [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-21vianet) | added |
+| 6/17/2022 | [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-21vianet) | added |
+| 6/17/2022 | Manage your allows in the Tenant Allow/Block List | removed |
+| 6/17/2022 | Manage your blocks in the Tenant Allow/Block List | removed |
+| 6/17/2022 | Modify and remove entries in the Tenant Allow/Block List | removed |
++ ## Week of June 06, 2022
| 5/20/2022 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified | | 5/20/2022 | [Anti-malware protection FAQ](/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-21vianet) | modified | | 5/20/2022 | [Smart reports and insights](/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance?view=o365-21vianet) | modified |--
-## Week of May 09, 2022
--
-| Published On |Topic title | Change |
-|||--|
-| 5/9/2022 | [Microsoft Defender Experts for Hunting preview](/microsoft-365/security/defender/defenderexpertsforhuntingprev?view=o365-21vianet) | added |
-| 5/9/2022 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |
-| 5/9/2022 | [Allow cookies for LMS URLs in your browser](/microsoft-365/lti/browser-cookies?view=o365-21vianet) | added |
-| 5/9/2022 | [A collaboration governance framework for Microsoft 365](/microsoft-365/solutions/collaboration-governance-overview?view=o365-21vianet) | modified |
-| 5/9/2022 | [Deploy a data governance solution](/microsoft-365/compliance/data-governance-solution?view=o365-21vianet) | added |
-| 5/9/2022 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-21vianet) | modified |
-| 5/9/2022 | [What's new in Microsoft Purview](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
-| 5/10/2022 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
-| 5/10/2022 | [Configure retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-21vianet) | modified |
-| 5/10/2022 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |
-| 5/10/2022 | [Enable Corelight integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/corelight-integration?view=o365-21vianet) | modified |
-| 5/10/2022 | [Microsoft Defender Experts for Hunting preview](/microsoft-365/security/defender/defenderexpertsforhuntingprev?view=o365-21vianet) | modified |
-| 5/10/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
-| 5/10/2022 | [Use the admin log for data connectors to view status about importing data](/microsoft-365/compliance/data-connector-admin-logs?view=o365-21vianet) | added |
-| 5/10/2022 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-21vianet) | added |
-| 5/10/2022 | [Use file plan to manage retention labels](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |
-| 5/10/2022 | [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-21vianet) | modified |
-| 5/10/2022 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 5/10/2022 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-21vianet) | modified |
-| 5/10/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 5/10/2022 | [Enable domain-joined Windows 10 devices to be managed by Microsoft 365 for business](/microsoft-365/business-premium/m365bp-manage-windows-devices?view=o365-21vianet) | modified |
-| 5/10/2022 | [Prepare for Office client deployment by Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-prepare-for-office-client-deployment?view=o365-21vianet) | modified |
-| 5/10/2022 | [Protect your administrator accounts in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-admin-accounts?view=o365-21vianet) | modified |
-| 5/10/2022 | [Edit or set application protection settings for Windows devices](/microsoft-365/business-premium/m365bp-protection-settings-for-windows-10-devices?view=o365-21vianet) | modified |
-| 5/10/2022 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup?view=o365-21vianet) | modified |
-| 5/10/2022 | [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-21vianet) | modified |
-| 5/10/2022 | View policies and devices | removed |
-| 5/10/2022 | [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 5/11/2022 | [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
-| 5/11/2022 | [Learn about information barriers](/microsoft-365/compliance/information-barriers?view=o365-21vianet) | modified |
-| 5/11/2022 | [What's new in Microsoft Purview](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
-| 5/11/2022 | [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-21vianet) | modified |
-| 5/11/2022 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) | modified |
-| 5/11/2022 | [Turn on network protection](/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-21vianet) | modified |
-| 5/11/2022 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
-| 5/12/2022 | [Certificate assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-certificate-inventory-assessment?view=o365-21vianet) | added |
-| 5/12/2022 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-21vianet) | added |
-| 5/12/2022 | [Security baselines assessment configurations](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations?view=o365-21vianet) | added |
-| 5/12/2022 | [Security baselines assessment profiles](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-profiles?view=o365-21vianet) | added |
-| 5/12/2022 | [Compare Microsoft Defender Vulnerability Management offerings](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-21vianet) | added |
-| 5/12/2022 | [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-21vianet) | added |
-| 5/12/2022 | [Get Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management?view=o365-21vianet) | added |
-| 5/12/2022 | [Add users and assign licenses in Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/mdvm-add-users?view=o365-21vianet) | added |
-| 5/12/2022 | [Event timeline](/microsoft-365/security/defender-vulnerability-management/threat-and-vuln-mgt-event-timeline?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Assign device value](/microsoft-365/security/defender-vulnerability-management/tvm-assign-device-value?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-21vianet) | added |
-| 5/12/2022 | [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-21vianet) | added |
-| 5/12/2022 | [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-21vianet) | added |
-| 5/12/2022 | [Dashboard insights](/microsoft-365/security/defender-vulnerability-management/tvm-dashboard-insights?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Plan for end-of-support software and software versions](/microsoft-365/security/defender-vulnerability-management/tvm-end-of-support-software?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Create and view exceptions for security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-exception?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Exposure score in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Hunt for exposed devices](/microsoft-365/security/defender-vulnerability-management/tvm-hunt-exposed-devices?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Microsoft Secure Score for Devices](/microsoft-365/security/defender-vulnerability-management/tvm-microsoft-secure-score-devices?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Network share configuration assessment](/microsoft-365/security/defender-vulnerability-management/tvm-network-share-assessment?view=o365-21vianet) | added |
-| 5/12/2022 | [Prerequisites & permissions for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Remediate vulnerabilities](/microsoft-365/security/defender-vulnerability-management/tvm-remediation?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Security baselines assessment](/microsoft-365/security/defender-vulnerability-management/tvm-security-baselines?view=o365-21vianet) | added |
-| 5/12/2022 | [Security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-security-recommendation?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Software inventory in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Supported operating systems platforms and capabilities](/microsoft-365/security/defender-vulnerability-management/tvm-supported-os?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Vulnerable devices report](/microsoft-365/security/defender-vulnerability-management/tvm-vulnerable-devices-report?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Vulnerabilities in my organization](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Mitigate zero-day vulnerabilities](/microsoft-365/security/defender-vulnerability-management/tvm-zero-day-vulnerabilities?view=o365-21vianet) | renamed |
-| 5/12/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
-| 5/12/2022 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-21vianet) | modified |
-| 5/12/2022 | Threat and vulnerability management | removed |
-| 5/12/2022 | [Manage Microsoft 365 Groups with PowerShell](/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershell?view=o365-21vianet) | modified |
-| 5/12/2022 | [Discover opportunities in SharePoint Syntex by using the Microsoft 365 Assessment tool](/microsoft-365/contentunderstanding/adoption-assessment-tool) | added |
-| 5/12/2022 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |
-| 5/12/2022 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-21vianet) | modified |
-| 5/12/2022 | [Enable archive mailboxes for Microsoft 365](/microsoft-365/compliance/enable-archive-mailboxes?view=o365-21vianet) | modified |
-| 5/12/2022 | [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-21vianet) | modified |
-| 5/12/2022 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-21vianet) | modified |
-| 5/12/2022 | [Quarantine notifications (end-user spam notifications) in Microsoft 365](/microsoft-365/security/office-365-security/use-spam-notifications-to-release-and-report-quarantined-messages?view=o365-21vianet) | modified |
-| 5/12/2022 | [Use file plan to manage retention labels](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |
-| 5/12/2022 | [Get started with information barriers](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
-| 5/12/2022 | [Manage information barriers policies](/microsoft-365/compliance/information-barriers-edit-segments-policies?view=o365-21vianet) | modified |
-| 5/12/2022 | [Information barriers](/microsoft-365/compliance/information-barriers-solution-overview?view=o365-21vianet) | modified |
-| 5/12/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
-| 5/13/2022 | [Add your brand to encrypted messages](/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-21vianet) | modified |
-| 5/13/2022 | [Set up and configure the Moodle plugin](/microsoft-365/lti/moodle-plugin-configuration?view=o365-21vianet) | modified |
-| 5/13/2022 | [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-21vianet) | added |
-| 5/13/2022 | [Troubleshooting mode scenarios in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshooting-mode-scenarios?view=o365-21vianet) | added |
-| 5/13/2022 | [Bookings in Outlook](/microsoft-365/bookings/bookings-in-outlook?view=o365-21vianet) | modified |
-| 5/13/2022 | [Microsoft Purview solutions trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-21vianet) | modified |
-| 5/13/2022 | [Enhancing mail flow with MTA-STS ](/microsoft-365/compliance/enhancing-mail-flow-with-mta-sts?view=o365-21vianet) | modified |
-| 5/13/2022 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |
-| 5/13/2022 | [Allow cookies for LMS URLs in your browser](/microsoft-365/lti/browser-cookies?view=o365-21vianet) | modified |
-| 5/13/2022 | [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-21vianet) | modified |
-| 5/13/2022 | [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-21vianet) | modified |
-| 5/13/2022 | [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-21vianet) | modified |
-| 5/13/2022 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
-| 5/13/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
-| 5/13/2022 | [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-21vianet) | modified |
-| 5/13/2022 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-21vianet) | modified |
-| 5/13/2022 | [Security baselines assessment configurations](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations?view=o365-21vianet) | modified |
-| 5/13/2022 | [Security baselines assessment profiles](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-profiles?view=o365-21vianet) | modified |
-| 5/13/2022 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |
-| 5/13/2022 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-21vianet) | modified |
-| 5/13/2022 | [Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-manage-log4shell-guidance?view=o365-21vianet) | modified |
-| 5/13/2022 | [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-21vianet) | modified |
-| 5/13/2022 | [Block vulnerable applications (beta)](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-21vianet) | modified |
-| 5/13/2022 | [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-21vianet) | modified |
-| 5/13/2022 | [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-21vianet) | modified |
-| 5/13/2022 | [Microsoft Defender Experts for Hunting preview](/microsoft-365/security/defender/defenderexpertsforhuntingprev?view=o365-21vianet) | modified |
-| 5/13/2022 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
-| 5/13/2022 | [Remove blocked connectors from the Restricted entities portal in Microsoft 365](/microsoft-365/security/office-365-security/remove-blocked-connectors?view=o365-21vianet) | modified |
lighthouse M365 Lighthouse Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-whats-new.md
We're continuously adding new features to [Microsoft 365 Lighthouse](m365-lighth
> [!NOTE] > Some features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, you should see it soon.
+## May 2022
+
+### Redesigned left navigation pane
+
+We've given the left navigation pane in Microsoft 365 Lighthouse a new look. You'll notice a sleeker design, with top-level nodes like Tenants, Users, and Devices that expand to show related subnodes, like Risky users, Device compliance, and Threat management. This navigation model aligns with the model used by other Microsoft 365 admin centers.
+
+### Enriched user details pane
+
+We've redesigned the user details pane to include more user information and more actions that you can take to better manage users. It now has the same look and feel as the user details pane in the Microsoft 365 admin center. To access the user details pane in Microsoft 365 Lighthouse, select **Users** from the left navigation pane, and then select either **Search users** or **Risky users**. Select any user to open the details pane.
+ ## April 2022 ### Delegated access type and roles on Tenants page
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
ms.technology: mde Previously updated : 06/06/2022 Last updated : 06/20/2022 # Microsoft Defender for Endpoint Device Control Removable Storage Access Control
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
## Deploying and managing policy by using Intune user interface
-(*Coming soon!*) This capability will be available in the Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>). Go to **Endpoint Security** > **Attack Surface Reduction** > **Create Policy**. Choose **Platform: Windows 10 and later** with **Profile: Device Control**.
+This capability is available in the Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>). Go to **Endpoint Security** > **Attack Surface Reduction** > **Create Policy**. Choose **Platform: Windows 10 and later** with **Profile: Device Control**.
## Deploying and managing Removable Storage Access Control by using Group Policy
security Microsoft Defender Antivirus Compatibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility.md
This article describes what happens with Microsoft Defender Antivirus and a non-
## Antivirus protection without Defender for Endpoint
-This section describes what happens when you use Microsoft Defender Antivirus alongside non-Microsoft antivirus/antimalware products on endpoints that are not onboarded to Defender for Endpoint.
+This section describes what happens when you use Microsoft Defender Antivirus alongside non-Microsoft antivirus/antimalware products on endpoints that aren't onboarded to Defender for Endpoint.
> [!NOTE] > In general, Microsoft Defender Antivirus does not run in passive mode on devices that are not onboarded to Defender for Endpoint.
The following table summarizes what to expect:
|Windows Server 2022 <br/> Windows Server 2019<br/> Windows Server, version 1803, or newer <br/> Windows Server 2016 <br/> Windows Server 2012 R2 |Microsoft Defender Antivirus|Active mode| |Windows Server 2022<br/>Windows Server 2019<br/>Windows Server, version 1803, or newer <br/> Windows Server 2016 |A non-Microsoft antivirus/antimalware solution|Disabled (set manually) <sup>[[1](#fn1)]</sup>|
-(<a id="fn1">1</a>) On Windows Server, if you are running a non-Microsoft antivirus product, you can uninstall Microsoft Defender Antivirus to prevent conflict. If the device is onboarded to Microsoft Defender for Endpoint, you can use Microsoft Defender Antivirus in passive mode (see below).
+(<a id="fn1">1</a>) On Windows Server, if you're running a non-Microsoft antivirus product, you can uninstall Microsoft Defender Antivirus to prevent conflict. If the device is onboarded to Microsoft Defender for Endpoint, you can use Microsoft Defender Antivirus in passive mode (see below).
> [!TIP] > On Windows Server 2016, you might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus*.
The following table summarizes the state of Microsoft Defender Antivirus in seve
| Windows Server 2016 <br/> Windows Server 2012 R2 | A non-Microsoft antivirus/antimalware solution | Yes | Microsoft Defender Antivirus must be set to passive mode (manually) <sup>[[2](#fn2)]<sup> | |Windows Server 2016 <br/> Windows Server 2012 R2 | A non-Microsoft antivirus/antimalware solution | No | Microsoft Defender Antivirus must be disabled (manually) <sup>[[3](#fn3)]<sup> |
-(<a id="fn2">2</a>) On Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, or Windows Server 2012 R2, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, set Microsoft Defender Antivirus to passive mode to prevent problems caused by having multiple antivirus products installed on a server. You can set Microsoft Defender Antivirus to passive mode using PowerShell, Group Policy, or a registry key.
+(<a id="fn2">2</a>) On Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, or Windows Server 2012 R2, Microsoft Defender Antivirus doesn't enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, set Microsoft Defender Antivirus to passive mode to prevent problems caused by having multiple antivirus products installed on a server. You can set Microsoft Defender Antivirus to passive mode using PowerShell, Group Policy, or a registry key.
**Registry Key Method**
The following table summarizes the state of Microsoft Defender Antivirus in seve
**GPO Method** -- Open Group Policy Management Editor > **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus**.-- Select **Turn Off Microsoft Defender Antivirus**.-- Set the GPO to **Enabled**.
+1. Open Group Policy Management Editor > **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus**.
-You can view the Protection status in PowerShell with the command "Get-MpComputerStatus" and the key "AMRunningMode".
+2. Select **Turn Off Microsoft Defender Antivirus**.
-## SYNTAX
+3. Set the GPO to **Enabled**.
+
+You can view your protection status in PowerShell by using the command [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus) and the key `AMRunningMode`. Here's an example of what the output looks like:
```
-PS C:\Users\tommaso> Get-MpComputerStatus
+PS C:\Users\contoso> Get-MpComputerStatus
AMEngineVersion : 0.0.0.0
TroubleShootingStartTime :
PSComputerName : ```
-In the following example, the Defender status is **Not Running**.
+In the preceding example, the Defender status is **Not Running**.
> [!NOTE] > For passive mode to work on endpoints running Windows Server 2016 and Windows Server 2012 R2, those endpoints must be onboarded with the modern, unified solution described in [Onboard Windows servers](configure-server-endpoints.md#windows-server-2012-r2-and-windows-server-2016).
In the following example, the Defender status is **Not Running**.
> [!TIP] > On Windows Server 2016, you might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus*.
-> [!IMPORTANT]
-> Microsoft Defender Antivirus is only available on devices running Windows 10 and 11, Windows Server 2022, Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, and Windows Server 2012 R2.
->
-> In Windows 8.1, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](/previous-versions/system-center/system-center-2012-R2/hh508760(v=technet.10)), which is managed through Microsoft Endpoint Configuration Manager.
->
-> Windows Defender is also offered for [consumer devices on Windows 8.1](/previous-versions/windows/it-pro/windows-8.1-and-8/dn344918(v=ws.11)#BKMK_WindowsDefender), although Windows Defender does not provide enterprise-level management.
- Defender for Endpoint includes capabilities that further extend the antivirus protection that is installed on your endpoint. You can benefit from running Microsoft Defender Antivirus alongside another antivirus solution. For example, [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md) provides added protection from malicious artifacts even if Microsoft Defender Antivirus is not the primary antivirus product. Such capabilities require Microsoft Defender Antivirus to be installed and running in passive mode or active mode.
-### Requirements for Microsoft Defender Antivirus to run in passive mode
+## Requirements for Microsoft Defender Antivirus to run in passive mode
In order for Microsoft Defender Antivirus to run in passive mode, endpoints must meet the following requirements:
In order for Microsoft Defender Antivirus to run in passive mode, endpoints must
- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution - Endpoints must be onboarded to Defender for Endpoint
-## How Microsoft Defender Antivirus affects Defender for Endpoint functionality
+> [!IMPORTANT]
+> - Microsoft Defender Antivirus is only available on devices running Windows 10 and 11, Windows Server 2022, Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, and Windows Server 2012 R2.
+> - In Windows 8.1, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](/previous-versions/system-center/system-center-2012-R2/hh508760(v=technet.10)), which is managed through Microsoft Endpoint Configuration Manager.
+> - Windows Defender is also offered for [consumer devices on Windows 8.1](/previous-versions/windows/it-pro/windows-8.1-and-8/dn344918(v=ws.11)#BKMK_WindowsDefender), although Windows Defender does not provide enterprise-level management.
-Defender for Endpoint affects whether Microsoft Defender Antivirus can run in passive mode. Microsoft Defender Antivirus can affect certain capabilities in Defender for Endpoint, too. For example, real-time protection works when Microsoft Defender Antivirus is in active or passive mode, but not when Microsoft Defender Antivirus is disabled or uninstalled.
+## How Microsoft Defender Antivirus affects Defender for Endpoint functionality
-The table in this section summarizes the features and capabilities that are actively working or not, according to whether Microsoft Defender Antivirus is in active mode, passive mode, or disabled/uninstalled.
+Defender for Endpoint affects whether Microsoft Defender Antivirus can run in passive mode. And, the state of Microsoft Defender Antivirus can affect certain capabilities in Defender for Endpoint. For example, real-time protection works when Microsoft Defender Antivirus is in active or passive mode, but not when Microsoft Defender Antivirus is disabled or uninstalled.
> [!IMPORTANT]
-> The following table is designed to be informational only. **Do not turn off capabilities**, such as real-time protection, cloud-delivered protection, or limited periodic scanning if you are using Microsoft Defender Antivirus in passive mode, or if you are using [EDR in block mode](edr-in-block-mode.md), which works behind the scenes to detect and remediate malicious artifacts that were detected post-breach.
+> - The table in this section summarizes the features and capabilities that are actively working or not, according to whether Microsoft Defender Antivirus is in active mode, passive mode, or disabled/uninstalled. This table designed to be informational only.
+> - **Do not turn off capabilities**, such as real-time protection, cloud-delivered protection, or limited periodic scanning if you are using Microsoft Defender Antivirus in passive mode, or if you are using [EDR in block mode](edr-in-block-mode.md), which works behind the scenes to detect and remediate malicious artifacts that were detected post-breach.
| Protection | Microsoft Defender Antivirus <br/>(*Active mode*) | Microsoft Defender Antivirus <br/>(*Passive mode*) | Microsoft Defender Antivirus <br/>(*Disabled or uninstalled*) | [EDR in block mode](edr-in-block-mode.md) | |:|:|:|:|:|
The table in this section summarizes the features and capabilities that are acti
| [Device control](device-control-report.md) | Yes | Yes | No | No | | [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) | Yes | No | No | No |
-(<a id="fn4">4</a>) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
+(<a id="fn4">4</a>) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection doesn't provide any blocking or enforcement, even though it's enabled and in passive mode.
-(<a id="fn5">5</a>) When Microsoft Defender Antivirus is in passive mode, scans are not scheduled.
+(<a id="fn5">5</a>) When Microsoft Defender Antivirus is in passive mode, scans aren't scheduled.
-(<a id="fn6">6</a>) When Microsoft Defender Antivirus is in passive mode, it does not remediate threats. However, threats can be remediated by [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md). In this case, you might see alerts showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode.
+(<a id="fn6">6</a>) When Microsoft Defender Antivirus is in passive mode, it doesn't remediate threats. However, threats can be remediated by [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md). In this case, you might see alerts showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode.
-(<a id="fn7">7</a>) The security intelligence update cadence is controlled by Windows Update settings only. Defender-specific update schedulers (daily/weekly at specific time, interval-based) settings only work when Microsoft Defender Antivirus is in active mode. They are ignored in passive mode.
+(<a id="fn7">7</a>) The security intelligence update cadence is controlled by Windows Update settings only. Defender-specific update schedulers (daily/weekly at specific time, interval-based) settings only work when Microsoft Defender Antivirus is in active mode. They're ignored in passive mode.
(<a id="fn8">8</a>) When Microsoft Defender Antivirus is in passive mode, web content filtering only works with the Microsoft Edge browser.
The table in this section summarizes the features and capabilities that are acti
## Important notes -- Do not disable, stop, or modify any of the associated services that are used by Microsoft Defender Antivirus, Defender for Endpoint, or the Windows Security app. This recommendation includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and processes. Manually modifying these services can cause severe instability on your devices and can make your network vulnerable. Disabling, stopping, or modifying those services can also cause problems when using non-Microsoft antivirus solutions and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
+- Don't disable, stop, or modify any of the associated services that are used by Microsoft Defender Antivirus, Defender for Endpoint, or the Windows Security app. This recommendation includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and processes. Manually modifying these services can cause severe instability on your devices and can make your network vulnerable. Disabling, stopping, or modifying those services can also cause problems when using non-Microsoft antivirus solutions and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
-- In Defender for Endpoint, turn EDR in block mode on, even if Microsoft Defender Antivirus is not your primary antivirus solution. EDR in block mode detects and remediate malicious items that are found on the device (post breach). To learn more, see [EDR in block mode](edr-in-block-mode.md).
+- In Defender for Endpoint, turn EDR in block mode on, even if Microsoft Defender Antivirus isn't your primary antivirus solution. EDR in block mode detects and remediate malicious items that are found on the device (post breach). To learn more, see [EDR in block mode](edr-in-block-mode.md).
## How to confirm the state of Microsoft Defender Antivirus
You can use one of several methods to confirm the state of Microsoft Defender An
| Method | Procedure | |:|:|
- | Windows Security app | 1. On a Windows device, open the Windows Security app.<br/>2. Select **Virus & threat protection**.<br/>3. Under **Who's protecting me?** select **Manage providers**.<br/>4. On the **Security providers** page, under **Antivirus**, you should see **Microsoft Defender Antivirus is turned on**. |
- | Task Manager | 1. On a Windows device, open the Task Manager app.<br/>2. Select the **Details** tab.<br/>3. Look for **MsMpEng.exe** in the list. |
- | Windows PowerShell <br/> (To confirm that Microsoft Defender Antivirus is running) | 1. On a Windows device, open Windows PowerShell. <br/>2. Run the following PowerShell cmdlet: `Get-Process`.<br/>3. Review the results. You should see **MsMpEng.exe** if Microsoft Defender Antivirus is enabled. |
- | Windows PowerShell <br/>(To confirm that antivirus protection is in place) | You can use the [Get-MpComputerStatus PowerShell cmdlet](/powershell/module/defender/get-mpcomputerstatus).<br/>1. On a Windows device, open Windows PowerShell.<br/>2. Run following PowerShell cmdlet:<br/> Get-MpComputerStatus \| select AMRunningMode <br/>3. Review the results. You should see either **Normal**, **Passive**, or **EDR Block Mode** if Microsoft Defender Antivirus is enabled on the endpoint. |
+ | Windows Security app | <ol><li>On a Windows device, open the Windows Security app.</li><li>Select **Virus & threat protection**.</li><li>Under **Who's protecting me?** select **Manage providers**.</li><li>On the **Security providers** page, under **Antivirus**, you should see **Microsoft Defender Antivirus is turned on**.</li></ol> |
+ | Task Manager | <ol><li>On a Windows device, open the Task Manager app.</li><li>Select the **Details** tab.</li><li>Look for **MsMpEng.exe** in the list.</li></ol> |
+ | Windows PowerShell <br/> (To confirm that Microsoft Defender Antivirus is running) | <ol><li>On a Windows device, open Windows PowerShell. </li><li>Run the following PowerShell cmdlet: `Get-Process`.</li><li>Review the results. You should see **MsMpEng.exe** if Microsoft Defender Antivirus is enabled.</li></ol> |
+ | Windows PowerShell <br/>(To confirm that antivirus protection is in place) | You can use the [Get-MpComputerStatus PowerShell cmdlet](/powershell/module/defender/get-mpcomputerstatus).<ol><li>On a Windows device, open Windows PowerShell.</li><li>Run following PowerShell cmdlet:<br/>`Get-MpComputerStatus | select AMRunningMode`.</li><li>Review the results. You should see either **Normal**, **Passive**, or **EDR Block Mode** if Microsoft Defender Antivirus is enabled on the endpoint. </li></ol> |
## More details about Microsoft Defender Antivirus states
The table in this section describes various states you might see with Microsoft
| State | What happens | |:|:| | Active mode | In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. Settings that are configured by using Configuration Manager, Group Policy, Microsoft Intune, or other management products will apply. Files are scanned, threats are remediated, and detection information is reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the endpoint itself). |
- | Passive mode <br/><br/> or <br/><br/> EDR Block mode | In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are *not* remediated by Microsoft Defender Antivirus. <br/><br/>Threats can be remediated by [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md) when running in EDR Block Mode, however. <br/><br/> Files are scanned by EDR, and reports are provided for threat detections that are shared with the Defender for Endpoint service. You might see alerts showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode. <br/><br/> When Microsoft Defender Antivirus is in passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into active mode if your devices have a non-Microsoft antivirus product that is providing real-time protection from malware. <br/><br/> For optimal security layered defense and detection efficacy, make sure to get your antivirus and antimalware updates, even if Microsoft Defender Antivirus is running in passive mode. See [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md). <br/><br/> Note that passive mode is only supported on Windows Server 2012 R2 & 2016 when the machine is onboarded using the [modern, unified solution](/microsoft-365/security/defender-endpoint/configure-server-endpoints). |
- | Disabled <br/><br/> or <br/><br/> Uninstalled | When disabled or uninstalled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. <br/><br/> Disabling or uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution. <br/><br/> In cases where Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the non-Microsoft antivirus/antimalware product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. The automatic re-enabling of Microsoft Defender Antivirus helps to ensure that antivirus protection is maintained on your endpoints. <br/><br/> You might also use [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which works with the Microsoft Defender Antivirus engine to periodically check for threats if you are using a non-Microsoft antivirus app. |
+ | Passive mode or EDR Block mode | In passive mode, Microsoft Defender Antivirus isn't used as the antivirus app, and threats are *not* remediated by Microsoft Defender Antivirus. <p>Threats can be remediated by [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md) when running in EDR Block Mode, however. <p> Files are scanned by EDR, and reports are provided for threat detections that are shared with the Defender for Endpoint service. You might see alerts showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode. <p> When Microsoft Defender Antivirus is in passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into active mode if your devices have a non-Microsoft antivirus product that is providing real-time protection from malware. <p> For optimal security layered defense and detection efficacy, make sure to get your antivirus and antimalware updates, even if Microsoft Defender Antivirus is running in passive mode. See [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md). <p> Note that passive mode is only supported on Windows Server 2012 R2 & 2016 when the machine is onboarded using the [modern, unified solution](/microsoft-365/security/defender-endpoint/configure-server-endpoints). |
+ | Disabled or Uninstalled | When disabled or uninstalled, Microsoft Defender Antivirus isn't used as the antivirus app. Files aren't scanned and threats aren't remediated. <p> Disabling or uninstalling Microsoft Defender Antivirus isn't recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you're using a non-Microsoft antimalware/antivirus solution. <p> In cases where Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the non-Microsoft antivirus/antimalware product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. The automatic re-enabling of Microsoft Defender Antivirus helps to ensure that antivirus protection is maintained on your endpoints. <p> You might also use [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which works with the Microsoft Defender Antivirus engine to periodically check for threats if you're using a non-Microsoft antivirus app. |
> [!TIP] > If you're looking for Antivirus related information for other platforms, see:
security Streaming Api Event Hub https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/streaming-api-event-hub.md
To get the data types for event properties, do the following steps:
:::image type="content" source="../defender-endpoint/images/machine-info-datatype-example.png" alt-text="An example query for device info" lightbox="../defender-endpoint/images/machine-info-datatype-example.png":::
+## Estimating initial Event Hub capacity
+The following Advanced Hunting query can help provide a rough estimate of data volume throughput and initial event hub capacity based on events/sec and estimated MB/sec. We recommend running the query during regular business hours so as to capture ΓÇÿrealΓÇÖ throughput.
+
+```kusto
+let bytes_ = 500;
+union withsource=MDTables*
+| where Timestamp > startofday(ago(6h))
+| summarize count() by bin(Timestamp, 1m), MDTables
+| extend EPS = count_ /60
+| summarize avg(EPS), estimatedMBPerSec = (avg(EPS) * bytes_ ) / (1024*1024) by MDTables
+| sort by toint(estimatedMBPerSec) desc
+```
+
+## Monitoring created resources
+
+You can monitor the resources created by the streaming API using **Azure Monitor**.
+For more information, see [Log Analytics workspace data export in Azure Monitor](/azure/azure-monitor/logs/logs-data-export).
+ ## Related topics - [Overview of Advanced Hunting](advanced-hunting-overview.md)
security Allow Block Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/allow-block-files.md
Allow Files on the **Submissions** page in Microsoft 365 Defender.
6. From the **Remove after** drop-down list, specify for how long you want the allow option to work.
-7. When you're finished, click the **Submit** button.
+7. Add why you are adding allow using the **Optional Note**.
+
+8. When you're finished, click the **Submit** button.
:::image type="content" source="../../media/submit-email-for-analysis.png" alt-text="Submit email for analysis." lightbox="../../media/submit-email-for-analysis.png":::
For detailed syntax and parameter information, see [Remove-TenantAllowBlockListI
- [Report false positives and false negatives](report-false-positives-and-false-negatives.md) - [Manage your allows and blocks in the Tenant Allow/Block List](manage-tenant-allow-block-list.md) - [Allow or block emails in the Tenant Allow/Block List](allow-block-email-spoof.md)-- [Allow or block URLs in the Tenant Allow/Block List](allow-block-urls.md)
+- [Allow or block URLs in the Tenant Allow/Block List](allow-block-urls.md)
security Allow Block Urls https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/allow-block-urls.md
Allow URLs on the **Submissions** page in Microsoft 365 Defender.
6. From the **Remove after** drop-down list, specify for how long you want the allow option to work.
-7. When you're finished, click the **Submit** button.
+7. Add why you are adding allow using the **Optional Note**.
+
+8. When you're finished, click the **Submit** button.
:::image type="content" source="../../media/submit-url-for-analysis.png" alt-text="Submit URL for analysis" lightbox="../../media/submit-url-for-analysis.png":::
For detailed syntax and parameter information, see [Remove-TenantAllowBlockListI
- [Report false positives and false negatives](report-false-positives-and-false-negatives.md) - [Manage your allows and blocks in the Tenant Allow/Block List](manage-tenant-allow-block-list.md) - [Allow or block files in the Tenant Allow/Block List](allow-block-files.md)-- [Allow or block emails in the Tenant Allow/Block List](allow-block-email-spoof.md)
+- [Allow or block emails in the Tenant Allow/Block List](allow-block-email-spoof.md)
security Whats New In Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md
For more information on what's new with other Microsoft Defender security produc
## June 2022
+- [Configurable impersonation protection custom users and domains and increased scope within Preset policies](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/configurable-impersonation-protection-and-scope-for-preset/ba-p/3294459):
+ΓÇó (Choose to) Apply Preset Strict/Standard policies to entire organization and avoid the hassle of selecting specific recipient users, groups, or domains, thereby securing all recipient users of your organization.
+ΓÇó Configure impersonation protection settings for custom users and custom domains within Preset Strict/Standard policies and automatically protect your targeted users and targeted domain against impersonation attacks.
+ - [simplifying the quarantine experience part Two in Microsoft 365 Defender for office 365](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/simplifying-the-quarantine-experience-part-two/ba-p/3354687): simplifying the quarantine experience part Two with Microsoft Defender for Office 365. ## April 2022