Updates from: 06/25/2021 03:16:37
Category Microsoft Docs article Related commit history on GitHub Change details
admin Browser Usage Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/browser-usage-report.md
description: "Learn how to get a Microsoft browser usage report using the Micros
# Microsoft 365 Reports in the admin center - Microsoft browser usage
-The Microsoft 365 **Reports** dashboard shows you an activity overview across the products in your organization. It enables you to drill into individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the Microsoft browser usage report, you can gain insights on Internet Explorer, Microsoft Edge Legacy, and new Microsoft Edge usage. Usage reporting is based on Microsoft 365 online services accessed via a Microsoft browser.
+The Microsoft 365 **Reports** dashboard shows you an activity overview across the products in your organization. It enables you to drill into individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the Microsoft browser usage report, you can gain insights on Internet Explorer, Microsoft Edge Legacy, and new Microsoft Edge usage. Usage reporting is based on Microsoft 365 online services accessed by using a Microsoft browser.
> [!NOTE] > You must be a global administrator, global reader or reports reader in Microsoft 365 or an Exchange, SharePoint, or Skype for Business administrator to see reports.
The Microsoft 365 **Reports** dashboard shows you an activity overview across th
1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page. 2. From the dashboard homepage, click on the **View more** button on the Microsoft browser usage card.
+## How to notify users to upgrade their browser
+
+![Microsoft browser usage report action flow](../../media/1ef4eb08-18b8-4dda-aa15-1aad013ecd70.png)
+
+Global admins can opt-in to sending messages to users using Microsoft 365 services on Edge Legacy (unsupported) and Internet Explorer (soon to be unsupported). This targeted message notifies users that support for these browsers will end soon, and it links to a support article with information on Microsoft Edge and simple steps to follow to switch browsers.
+
+You can find this feature on the report page. Once the message is created, users are notified at the frequency specified until August 17, 2021. You can turn off this feature at any time to stop sending notifications to users. To begin sending notifications again, turn the feature back on.
+
+For more information, see [Microsoft Edge help & learning](https://support.microsoft.com/microsoft-edge).
+ ## Interpret the Microsoft browser usage report ![Microsoft browser usage report](../../media/95557c88-24ee-417d-a828-96ba00b17aaf.png)
compliance Export Search Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-search-results.md
The first step is to prepare the search results for exporting. When you prepare
2. Select the **Include versions for SharePoint files** checkbox to export all versions of SharePoint documents. This option appears only if the content sources of the search include SharePoint or OneDrive for Business sites. 3. Select the **Export files in a compressed (zipped) folder. Includes only individual messages and SharePoint documents** checkbox to export search results to compressed folders. This option appears only when you choose to export Exchange items as individual messages and when the search results include SharePoint or OneDrive documents. This option is primarily used to work around the 260 character limit in Windows file path names when items are exported. See the "Filenames of exported items" in the [More information](#more-information) section.
+ > [!IMPORTANT]
+ > Exporting files in a compressed (zipped) folder will increase export times.
6. Click **Export** to start the export process. The search results are prepared for downloading, which means they're collected from the original content locations and then uploaded to an Azure Storage location in the Microsoft cloud. This may take several minutes.
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
When you configure a label policy, you can:
Consider using a default label to set a base level of protection settings that you want applied to all your content. However, without user training and other controls, this setting can also result in inaccurate labeling. It's usually not a good idea to select a label that applies encryption as a default label to documents. For example, many organizations need to send and share documents with external users who might not have apps that support the encryption or they might not use an account that can be authorized. For more information about this scenario, see [Sharing encrypted documents with external users](sensitivity-labels-office-apps.md#sharing-encrypted-documents-with-external-users). -- **Require a justification for changing a label.** If a user tries to remove a label or replace it with a label that has a lower-order number, you can require the user provides a justification to perform this action. For example, a user opens a document labeled Confidential (order number 3) and replaces that label with one named Public (order number 1). Administrators can read the justification reason along with the label change in [activity explorer](data-classification-activity-explorer.md).
+- **Require a justification for changing a label.** If a user tries to remove a label or replace it with a label that has a lower-order number, you can require the user provides a justification to perform this action. For example, a user opens a document labeled Confidential (order number 3) and replaces that label with one named Public (order number 1). For Office apps, this justification prompt is triggered once per app session when you use built-in labeling, and per file when you use the Azure Information Protection unified labeling client. Administrators can read the justification reason along with the label change in [activity explorer](data-classification-activity-explorer.md).
![Prompt where users enter a justification](../media/Sensitivity-label-justification-required.png)
compliance Use Content Search For Targeted Collections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-content-search-for-targeted-collections.md
After you've run the script to collect a list of folder IDs or document links fo
2. In the left pane of the compliance center, click **Show all** > **Content search**, and then click **New search**.
-3. In the **Keywords** box, paste the `folderid:<folderid>` or `documentlink:<path>` value that was returned by the script in Step 1.
+3. In the **Keywords** box, paste the `folderid:<folderid>` or `documentlink:<path>/*` value that was returned by the script in Step 1.
For example, the query in the following screenshot will search for any item in the Purges subfolder in the user's Recoverable Items folder (the value of the `folderid` property for the Purges subfolder is shown in the screenshot in Step 1): ![Paste the folderid or documentlink in to the keyword box of the search query](../media/FolderIDSearchQuery.png)
+ > [!IMPORTANT]
+ > documentlink searches require the use of a trailing `asterisk '/*'`.
4. Under **Locations**, select **Specific locations** and then click **Modify**.
Here are some examples of using the `folderid` and `documentlink` properties i
- This example searches a site folder (and any subfolders) for documents that contain the letters "NDA" in the title. ```powershell
- documentlink:<path> AND filename:nda
+ documentlink:"<path>/*" AND filename:nda
``` - This example searches a site folder (and any subfolder) for documents there were changed within a date range. ```powershell
- documentlink:<path> AND (lastmodifiedtime>=01/01/2017 AND lastmodifiedtime<=01/21/2017)
+ documentlink:"<path>/*" AND (lastmodifiedtime>=01/01/2017 AND lastmodifiedtime<=01/21/2017)
``` ## More information
lti Teams Classes Lms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-lms.md
- Title: Use Microsoft Teams classes with Blackboard-------- CSH-
-localization_priority: Normal
-
-description: "Integrate Microsoft Teams classes in your Learning Management System"
---
-# Use Microsoft Teams classes with Blackboard
-
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-Microsoft Teams classes is a Learning Tools Interoperability (LTI) app that helps educators and students easily navigate between their Learning Management System (LMS) and Teams. Users can access their class teams associated with their course directly from within their LMS.
-
-## Approve the app in the Microsoft Azure tenant
-
-The following tasks are completed by the Microsoft Office 365 admin and the Blackboard Learn Ultra admin.
-
-Before managing the integration within Blackboard Learn Ultra, the Microsoft Office 365 admin must approve the Blackboard **MSFT Teams for Learn Ultra Azure** app for the institutionΓÇÖs Microsoft Azure tenant.
-
-1. Find your Microsoft Tenant ID. See [how to find the tenant](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant).
-
-2. Redirect the Microsoft Identity Platform Admin Consent Endpoint according to the following example:
-
- `https://login.microsoftonline.com/{tenant}/adminconsent?client_id=2d94989f-457a-47c1-a637-e75acdb11568`
-
- > [!NOTE]
- > Replace {tenant} with your organizationΓÇÖs Microsoft tenant ID.
-
-## Register the integration apps
-
-As a Blackboard Learn Ultra admin, you'll need to register 2 LTI 1.3 integration apps within your Test environment:
--- The Blackboard Learn Class Teams integration to support the roster sync--- The Microsoft Teams class team LTI app-
-1. Make a note of the following LTI Client IDs for both Apps:
-
- - Blackboard - f1561daa-1b21-4693-ba90-6c55f1a0eb41
-
- - Microsoft - 027328b7-c2e3-4c9e-aaa1-07802dae6c89
-
-2. Access the Admin Panel, and under **Integrations**, locate the LTI Tool Providers.
-
- ![this is the LTI Tool Provider dialog shows a list of providers](../media/lti-media/lti-tool-providers.png)
-
-3. Select **Register LTI1.3/Advantage Tool**.
-
-4. Enter the first of the Client IDs provided (either Blackboard or Microsoft), and select **Submit**.
-
-5. Review the pre-populated settings and ensure that the tool status is marked as approved.
-
-6. Scroll to the bottom, and then select **Submit**.
-
-7. Repeat the previous steps to register the second of the LTI apps within your environment.
-
-## Set up the REST Application and Cross Origin Resource Sharing
-
-The Blackboard Learn Ultra admin will also need to configure the REST Application and the Cross Origin Resource Sharing configuration.
-
-Complete the following to set up the REST Application
-
-1. Access the Learn Administration Tools, and then select **REST API Integrations** from the **Integrations** section.
-
-2. Select **Create integrations** and enter the same Application/Client ID that you entered for the Blackboard Learn Class Teams Integration LTI tool.
-
-3. Enter the Learn User (this could be your own learn admin username), or select **Browse** to locate.
-
-4. Select **Yes** for **End User Access**.
-
-5. Select **Yes** for **Authorized to Act as User**
-
-6. Select **Submit** once complete.
-
-## Set up Cross-Origin Resource Sharing
-
-1. Access the Learn Administration Tools, and select **Cross-Origin Resource Sharing** from the **Integrations** section.
-
-2. Select **Create Configuration**.
-
-3. Enter `https://bb-ms-teams-ultra-ext.api.blackboard.com` in the origin.
-
-4. Add the word **Authorization** in the **Allowed Headers**.
-
-5. Set **Available** to **Yes**.
-
-6. Select **Submit** once complete.
-
-## Enable Class Teams in Blackboard Learn
-
-Once you've enabled the LTI tools, your next step will be to set up the Microsoft Class Teams integration from your own Microsoft Office 365 tenant. You can do this by following these steps as the Blackboard Learn Ultra admin.
-
-1. In **Learn Admin** > **Tools and Utilities**, select **Microsoft Teams Integration Admin**.
-
- ![the tools and utilities dialog with a list of available tools](../media/lti-media/tools-utilities.png)
-
-2. Select the checkbox for **Enable Microsoft Teams**.
-
-3. Enter your tenant ID as referenced in the section under Microsoft O365 Admin
-
- > [!NOTE]
- > You won't be able to save the settings until the app has been approved by the O365 admin. See [Approve the app in Microsoft Azure tenant](#approve-the-app-in-the-microsoft-azure-tenant).
-
-4. When the global O365 admin has approved the Blackboard Teams application in your Microsoft Tenant, select **Submit**.
lti Teams Classes With Canvas https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-with-canvas.md
Before managing the Microsoft Teams integration within Instructure Canvas, it is
3. In the admin navigation, select the **Settings** link, and then the **Integrations** tab.
-4. Enter your Microsoft tenant name and login attribute.
+4. Enable Microsoft Teams Sync by turning the toggle on.
+
+ ![teams-sync](media/teams-sync.png)
+
+5. Enter your Microsoft tenant name and login attribute.
The login attribute will be used for associating the Canvas user with an Azure Active Directory user.
-5. Select **Update Settings** once done.
+6. Select **Update Settings** once done.
-6. To approve access for CanvasΓÇÖs **Microsoft-Teams-Sync-for-Canvas** Azure app, select the **Grant tenant access** link. You'll be redirected to the Microsoft Identity Platform Admin Consent Endpoint.
+7. To approve access for CanvasΓÇÖs **Microsoft-Teams-Sync-for-Canvas** Azure app, select the **Grant tenant access** link. You'll be redirected to the Microsoft Identity Platform Admin Consent Endpoint.
![permissions](media/permissions.png)
-7. Select **Accept**.
+8. Select **Accept**.
-8. Enable the Microsoft Teams sync by turning the toggle on.
-
- ![teams-sync](media/teams-sync.png)
- ## Canvas Admin Set up the Microsoft Teams LTI 1.3 Integration.
security Linux Static Proxy Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration.md
ms.technology: mde
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
-Microsoft Defender for Endpoint can discover a proxy server using the ```HTTPS_PROXY``` environment variable. This setting must be configured **both** at installation time and after the product has been installed.
+Microsoft Defender for Endpoint can discover a proxy server using the `HTTPS_PROXY` environment variable. This setting must be configured **both** at installation time and after the product has been installed.
## Installation time configuration
-During installation, the ```HTTPS_PROXY``` environment variable must be passed to the package manager. The package manager can read this variable in any of the following ways:
+During installation, the `HTTPS_PROXY` environment variable must be passed to the package manager. The package manager can read this variable in any of the following ways:
-- The ```HTTPS_PROXY``` variable is defined in ```/etc/environment``` with the following line:
+- The `HTTPS_PROXY` variable is defined in `/etc/environment` with the following line:
- ```bash
- HTTPS_PROXY="http://proxy.server:port/"
- ```
+ ```bash
+ HTTPS_PROXY="http://proxy.server:port/"
+ ```
- The `HTTPS_PROXY` variable is defined in the package manager global configuration. For example, in Ubuntu 18.04, you can add the following line to `/etc/apt/apt.conf.d/proxy.conf`:
- ```bash
- Acquire::https::Proxy "http://proxy.server:port/";
- ```
+ ```bash
+ Acquire::https::Proxy "http://proxy.server:port/";
+ ```
- > [!CAUTION]
- > Note that above two methods could define the proxy to use for other applications on your system. Use this method with caution, or only if this is meant to be a generally global configuration.
+ > [!CAUTION]
+ > Note that above two methods could define the proxy to use for other applications on your system. Use this method with caution, or only if this is meant to be a generally global configuration.
- The `HTTPS_PROXY` variable is prepended to the installation or uninstallation commands. For example, with the APT package manager, prepend the variable as follows when installing Microsoft Defender for Endpoint:
- ```bash
- HTTPS_PROXY="http://proxy.server:port/" apt install mdatp
- ```
+ ```bash
+ HTTPS_PROXY="http://proxy.server:port/" apt install mdatp
+ ```
- > [!NOTE]
- > Do not add sudo between the environment variable definition and apt, otherwise the variable will not be propagated.
+ > [!NOTE]
+ > Do not add sudo between the environment variable definition and apt, otherwise the variable will not be propagated.
The `HTTPS_PROXY` environment variable may similarly be defined during uninstallation.
Note that installation and uninstallation will not necessarily fail if a proxy i
After installation, the `HTTPS_PROXY` environment variable must be defined in the Defender for Endpoint service file. To do this, open `/lib/systemd/system/mdatp.service` in a text editor while running as the root user. You can then propagate the variable to the service in one of two ways:
- > [!NOTE]
- > On CentOS or RedHat Linux distributions the location of the Endpoint service file is `/usr/lib/systemd/system/mdatp.service`.
+> [!NOTE]
+> On CentOS or RedHat Linux distributions the location of the Endpoint service file is `/usr/lib/systemd/system/mdatp.service`.
- Uncomment the line `#Environment="HTTPS_PROXY=http://address:port"` and specify your static proxy address. - Add a line `EnvironmentFile=/path/to/env/file`. This path can point to `/etc/environment` or a custom file, either of which needs to add the following line:
- ```bash
- HTTPS_PROXY="http://proxy.server:port/"
- ```
+ ```bash
+ HTTPS_PROXY="http://proxy.server:port/"
+ ```
After modifying the `mdatp.service` file, save and close it. Restart the service so the changes can be applied. In Ubuntu, this involves two commands:
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/preview.md
You'll know you have preview features turned on when you see that the **Turn on
The following features and enhancements are currently available on preview:
+- **[View reports per threat tags](threat-analytics.md#view-reports-per-threat-tags)** - Threat tags help you focus on specific threat categories and review the most relevant reports.
- **[Streaming API](../defender-endpoint/raw-data-export.md)** - Microsoft 365 Defender supports streaming all the events available through Advanced Hunting to an Event Hubs and/or Azure storage account. - **[Microsoft 365 Defender APIs](api-overview.md)** - The top-level Microsoft 365 Defender APIs will enable you to automate workflows based on the shared incident and advanced hunting tables. - **[Take action in advanced hunting](advanced-hunting-take-action.md)** - Quickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md).
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/threat-analytics.md
Each report includes charts that provide an overview of how resilient your organ
- **Secure configuration status**ΓÇöshows the number of devices with misconfigured security settings. Apply the recommended security settings to help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings. - **Vulnerability patching status**ΓÇöshows the number of vulnerable devices. Apply security updates or patches to address vulnerabilities exploited by the threat.
+#### View reports per threat tags
+You can filter the threat report list and view the most relevant reports according to a specific threat tag (category) or a report type.
+- **Threat tags**ΓÇöassist you in viewing the most relevant reports according to a specific threat category. For example, all reports related to ransomware.
+- **Report types**ΓÇöassist you in viewing the most relevant reports according to a specific report type. For example, all reports that cover tools and techniques.
+- **Filters**ΓÇöassist you in efficiently reviewing the threat report list and filtering the view based on a specific threat tag or report type. For example, review all threat reports related to ransomware category, or threat reports that cover vulnerabilities.
+
+##### How does it work?
+The Microsoft Threat Intelligence team has added threat tags to each threat report:
+- Four threat tags are now available:
+ - Ransomware
+ - Phishing
+ - Vulnerability
+ - Activity group
+- Threat tags are presented at the top of the threat analytics page, with counters for the number of available reports under each tag.
+ ![threat tags](../../media/threat-analytics/ta-threattags-mtp.png)
+- The list can also be sorted by threat tags:
+ ![lists](../../media/threat-analytics//ta-taglist-mtp.png)
+- Filters are available per threat tag and report type:
+ ![filters](../../media/threat-analytics/ta-threattag-filters-mtp.png)
+ ### Analyst report: Get expert insight from Microsoft security researchers In the **Analyst report** section, read through the detailed expert write-up. Most reports provide detailed descriptions of attack chains, including tactics and techniques mapped to the MITRE ATT&CK framework, exhaustive lists of recommendations, and powerful [threat hunting](advanced-hunting-overview.md) guidance.
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
Title: Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes
+f1.keywords:
- NOCSH Previously updated : Last updated : audience: ITPro localization_priority: Normal
+search.appverid:
- MET150-+ - M365-security-compliance-+ description: Admins can learn how to use the advanced delivery policy in Exchange Online Protection (EOP) to identify messages that should not be filtered in specific supported scenarios (third-party phishing simulations and messages delivered to security operations (SecOps) mailboxes. ms.technology: mdo ms.prod: m365-security
Messages that are identified by the advanced delivery policy aren't security thr
- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the **Advanced delivery** page, open <https://security.microsoft.com/advanceddelivery>.
+- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+ - You need to be assigned permissions before you can do the procedures in this article:
- - To create, modify, or remove configured settings in the advanced delivery policy, you need to be a member of the **Security Administrator** role group in the **Microsoft 365 Defender portal** and a member of the **Organization Management** role group in **Exchange Online**.
+ - To create, modify, or remove configured settings in the advanced delivery policy, you need to be a member of the **Security Administrator** role group in the **Microsoft 365 Defender portal** and a member of the **Organization Management** role group in **Exchange Online**.
- For read-only access to the advanced delivery policy, you need to be a member of the **Global Reader** or **Security Reader** role groups. For more information, see [Permissions in the Microsoft 365 Defender portal](permissions-microsoft-365-security-center.md) and [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo).
The third-party phishing simulation entries that you configured are displayed on
In addition to the two scenarios that the advanced delivery policy can help you with, there are other scenarios that might require you bypass filtering: -- **Third-party filters**: If your domain's MX record *doesn't* point to Office 365 (messages are routed somewhere else first), [secure by default](secure-by-default.md) *is not available*.-
- To bypass Microsoft filtering for messages that have already been evaluated by third-party filtering, use mail flow rules (also known as transport rules). For more information, see [Use mail flow rules to set the SCL in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl.md).
+- **Third-party filters**: If your domain's MX record *doesn't* point to Office 365 (messages are routed somewhere else first), [secure by default](secure-by-default.md) *is not available*. If you'd like to add protection, you'll need to enable Enhanced Filtering for Connectors (also known as *skip listing*). For more information, see [Manage mail flow using a third-party cloud service with Exchange Online](/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud). If you don't want Enhanced Filtering for Connectors,use mail flow rules (also known as transport rules) to bypass Microsoft filtering for messages that have already been evaluated by third-party filtering. For more information, see [Use mail flow rules to set the SCL in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl.md).
- **False positives under review**: You might want to temporarily allow certain messages that are still being analyzed by Microsoft via [admin submissions](admin-submission.md) to report known good messages that are incorrectly being marked as bad to Microsoft (false positives). As with all overrides, we ***highly recommended*** that these allowances are temporary.+
+## Exchange Online PowerShell procedures for SecOps mailboxes in the advanced delivery policy
+
+In Exchange Online PowerShell, the basic elements of SecOps mailboxes in the advanced delivery policy are:
+
+- **The SecOps override policy**: Controlled by the **\*-SecOpsOverridePolicy** cmdlets.
+- **The SecOps override rule**: Controlled by the **\*-SecOpsOverrideRule** cmdlets.
+
+This behavior has the following results:
+
+- You create the policy first, then you create the rule that identifies the policy that the rule applies to.
+- When you remove a policy from PowerShell, the corresponding rule is also removed.
+- When you remove a rule from PowerShell, the corresponding policy is not removed. You need to remove the corresponding policy manually.
+
+### Use PowerShell to configure SecOps mailboxes
+
+Configuring a SecOps mailbox in the advanced delivery policy in PowerShell is a two-step process:
+
+1. Create the SecOps override policy.
+2. Create the SecOps override rule that specifies the policy that the rule applies to.
+
+#### Step 1: Use PowerShell to create the SecOps override policy
+
+To create the SecOps override policy, use the following syntax:
+
+```powershell
+New-SecOpsOverridePolicy -Name SecOpsOverridePolicy -SentTo <EmailAddress1>,<EmailAddress2>,...<EmailAddressN>
+```
+
+**Note**: Regardless of the Name value you specify, the policy name will be SecOpsOverridePolicy, so you might as well use that value.
+
+This example creates the SecOps mailbox policy.
+
+```powershell
+New-SecOpsOverridePolicy -Name SecOpsOverridePolicy -SendTo secops@contoso.com
+```
+
+For detailed syntax and parameter information, see [New-SecOpsOverridePolicy](/powershell/module/exchange/new-secopsoverridepolicy).
+
+#### Step 2: Use PowerShell to create the SecOps override rule
+
+This example creates the SecOps mailbox rule with the specified settings.
+
+```powershell
+New-SecOpsOverrideRule -Name SecOpsOverrideRule -Policy SecOpsOverridePolicy
+```
+
+**Note**: **Regardless of the Name value you specify, the rule name will be SecOpsOverrideRule\<GUID\> where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
+
+For detailed syntax and parameter information, see [New-SecOpsOverrideRule](/powershell/module/exchange/new-secopsoverriderule).
+
+### Use PowerShell to view the SecOps override policy
+
+This example returns detailed information about the one and only SecOps mailbox policy.
+
+```powershell
+Get-SecOpsOverridePolicy
+```
+
+For detailed syntax and parameter information, see [Get-SecOpsOverridePolicy](/powershell/module/exchange/get-secopsoverridepolicy).
+
+### Use PowerShell to view SecOps override rules
+
+This example returns detailed information about SecOps override rules.
+
+```powershell
+Get-SecOpsOverrideRule
+```
+
+Although the previous command should return only one rule, any rules that are pending deletion might also be included in the results.
+
+This example identifies the valid rule (one) and any invalid rules.
+
+```powershell
+Get-SecOpsOverrideRule | Format-Table Name,Mode
+```
+
+After you identify the invalid rules, you can remove them by using the **Remove-SecOpsOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-secops-override-rules).
+
+For detailed syntax and parameter information, see [Get-SecOpsOverrideRule](/powershell/module/exchange/get-secopsoverriderule)
+
+### Use PowerShell to modify the SecOps override policy
+
+To modify the SecOps override policy, use the following syntax:
+
+```powershell
+Set-SecOpsOverridePolicy -Identity SecOpsOverridePolicy [-AddSentTo <EmailAddress1>,<EmailAddress2>,...<EmailAddressN>] [-RemoveSentTo <EmailAddress1>,<EmailAddress2>,...<EmailAddressN>]
+```
+
+This example adds secops2@contoso.com to the SecOps override policy.
+
+```powershell
+Set-SecOpsOverridePolicy -Identity SecOpsOverridePolicy -AddSentTo secops2@contoso.com
+```
+
+**Note**: If an associated, valid SecOps override rule exists, the email addresses in the rule will also be updated.
+
+For detailed syntax and parameter information, see [Set-SecOpsOverridePolicy](/powershell/module/exchange/set-secopsoverridepolicy).
+
+### Use PowerShell to modify a SecOps override rule
+
+The **Set-SecOpsOverrideRule** cmdlet does not modify the email addresses in the SecOps override rule. To modify the email addresses in the SecOps override rule, use the **Set-SecOpsOverridePolicy** cmdlet.
+
+For detailed syntax and parameter information, see [Set-SecOpsOverrideRule](/powershell/module/exchange/set-secopsoverriderule).
+
+### Use PowerShell to remove the SecOps override policy
+
+This example removes the SecOps Mailbox policy and the corresponding rule.
+
+```powershell
+Remove-SecOpsOverridePolicy -Identity SecOpsOverridePolicy
+```
+
+For detailed syntax and parameter information, see [Remove-SecOpsOverridePolicy](/powershell/module/exchange/remove-secopsoverridepolicy).
+
+### Use PowerShell to remove SecOps override rules
+
+To remove a SecOps override rule, use the following syntax:
+
+```powershell
+Remove-SecOpsOverrideRule -Identity <RuleIdentity>
+```
+
+This example removes the specified SecOps override rule.
+
+```powershell
+Remove-SecOpsOverrideRule -Identity SecOpsOverrideRule6fed4b63-3563-495d-a481-b24a311f8329
+```
+
+For detailed syntax and parameter information, see [Remove-SecOpsOverrideRule](/powershell/module/exchange/remove-secopsoverriderule).
+
+## Exchange Online PowerShell procedures for third-party phishing simulations in the advanced delivery policy
+
+In Exchange Online PowerShell, the basic elements of third-party phishing simulations in the advanced delivery policy are:
+
+- **The phishing simulation override policy**: Controlled by the **\*-PhishSimOverridePolicy** cmdlets.
+- **The phishing simulation override rule**: Controlled by the **\*-PhishSimOverrideRule** cmdlets.
+
+This behavior has the following results:
+
+- You create the policy first, then you create the rule that identifies the policy that the rule applies to.
+- You modify the settings in the policy and the rule separately.
+- When you remove a policy from PowerShell, the corresponding rule is also removed.
+- When you remove a rule from PowerShell, the corresponding policy is not removed. You need to remove the corresponding policy manually.
+
+### Use PowerShell to configure third-party phishing simulations
+
+Configuring a third-party phishing simulation in the advanced delivery policy in PowerShell is a two-step process:
+
+1. Create the phishing simulation override policy.
+2. Create the phishing simulation override rule that specifies the policy that the rule applies to.
+
+#### Step 1: Use PowerShell to create the phishing simulation override policy
+
+This example creates the phishing simulation override policy.
+
+```powershell
+New-PhishSimOverridePolicy -Name PhishSimOverridePolicy
+```
+
+**Note**: Regardless of the Name value you specify, the policy name will be PhishSimOverridePolicy, so you might as well use that value.
+
+For detailed syntax and parameter information, see [New-PhishSimOverridePolicy](/powershell/module/exchange/new-phishsimoverridepolicy).
+
+#### Step 2: Use PowerShell to create the phishing simulation override rule
+
+Use the following syntax:
+
+```powershell
+New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -SenderDomainIs <Domain1>,<Domain2>,...<DomainN> -SenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>
+```
+
+Regardless of the Name value you specify, the rule name will be PhishSimOverrideRule\<GUID\> where \<GUID\> is a unique GUID value (for example, a0eae53e-d755-4a42-9320-b9c6b55c5011).
+
+A valid IP address entry is one of the following values:
+
+- Single IP: For example, 192.168.1.1.
+- IP range: For example, 192.168.0.1-192.168.0.254.
+- CIDR IP: For example, 192.168.0.1/25.
+
+This example creates the phishing simulation override rule with the specified settings.
+
+```powershell
+New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -SenderDomainIs fabrikam.com,wingtiptoys.com -SenderIpRanges 192.168.1.55
+```
+
+For detailed syntax and parameter information, see [New-PhishSimOverrideRule](/powershell/module/exchange/new-phishsimoverriderule).
+
+### Use PowerShell to view the phishing simulation override policy
+
+This example returns detailed information about the one and only phishing simulation override policy.
+
+```powershell
+Get-PhishSimOverridePolicy
+```
+
+For detailed syntax and parameter information, see [Get-PhishSimOverridePolicy](/powershell/module/exchange/get-phishsimoverridepolicy).
+
+### Use PowerShell to view phishing simulation override rules
+
+This example returns detailed information about phishing simulation override rules.
+
+```powershell
+Get-PhishSimOverrideRule
+```
+
+Although the previous command should return only one rule, any rules that are pending deletion might also be included in the results.
+
+This example identifies the valid rule (one) and any invalid rules.
+
+```powershell
+Get-PhishSimOverrideRule | Format-Table Name,Mode
+```
+
+After you identify the invalid rules, you can remove them by using the **Remove-PhisSimOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-phishing-simulation-override-rules).
+
+For detailed syntax and parameter information, see [Get-PhishSimOverrideRule](/powershell/module/exchange/get-phishsimoverriderule).
+
+### Use PowerShell to modify the phishing simulation override policy
+
+To modify the phishing simulation override policy, use the following syntax:
+
+```powershell
+Set-PhishSimOverridePolicy -Identity PhishSimOverridePolicy [-Comment "<DescriptiveText>"] [-Enabled <$true | $false>]
+```
+
+This example disables the phishing simulation override policy.
+
+```powershell
+Set-PhishSimOverridePolicy -Identity PhishSimOverridePolicy -Enabled $false
+```
+
+For detailed syntax and parameter information, see [Set-PhishSimOverridePolicy](/powershell/module/exchange/set-phishsimoverridepolicy).
+
+### Use PowerShell to modify a phishing simulation override rule
+
+To modify the phishing simulation override rule, use the following syntax:
+
+```powershell
+Set-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011 [-Comment "<DescriptiveText>"] [-AddSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-RemoveSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-AddSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>] [-RemoveSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>]
+```
+
+This example modifies the specified phishing simulation override rule with the following settings:
+
+- Add the domain entry blueyonderairlines.com.
+- Remove the IP address entry 192.168.1.55.
+
+Note that these changes don't affect existing entries.
+
+```powershell
+Set-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011 -AddSenderDomainIs blueyonderairlines.com -RemoveSenderIpRanges 192.168.1.55
+```
+
+For detailed syntax and parameter information, see [Set-PhishSimOverrideRule](/powershell/module/exchange/set-phishsimoverriderule).
+
+### Use PowerShell to remove a phishing simulation override policy
+
+This example removes the phishing simulation override policy and the corresponding rule.
+
+```powershell
+Remove-PhishSimOverridePolicy -Identity PhishSimOverridePolicy
+```
+
+For detailed syntax and parameter information, see [Remove-PhishSimOverridePolicy](/powershell/module/exchange/remove-phishsimoverridepolicy).
+
+### Use PowerShell to remove phishing simulation override rules
+
+To remove a phishing simulation override rule, use the following syntax:
+
+```powershell
+Remove-PhishSimOverrideRule -Identity <RuleIdentity>
+```
+
+This example removes the specified phishing simulation override rule.
+
+```powershell
+Remove-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011
+```
+
+For detailed syntax and parameter information, see [Remove-PhishSimOverrideRule](/powershell/module/exchange/remove-phishsimoverriderule).