Updates from: 06/26/2021 03:16:46
Category Microsoft Docs article Related commit history on GitHub Change details
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
You can learn more about these configuration options from the DLP documentation:
Also similarly to DLP policy configuration, you can choose whether a condition must detect all sensitive information types, or just one of them. And to make your conditions more flexible or complex, you can add [groups and use logical operators between the groups](data-loss-prevention-policies.md#grouping-and-logical-operators).
+> [!NOTE]
+> Auto-labelling policies based on custom sensitive information types only apply to newly created or modified content in OneDrive and SharePoint.
+ ### Configuring trainable classifiers for a label This option is currently in preview. If you use this option, make sure you have published in your tenant at least one other sensitivity label that's configured for auto-labeling and the [sensitive info types option](#configuring-sensitive-info-types-for-a-label).
Make sure you're aware of the prerequisites before you configure auto-labeling p
- At the time the auto-labeling policy runs, the file mustn't be open by another process or user. A file that's checked out for editing falls into this category. - If you plan to use [custom sensitive information types](sensitive-information-type-learn-about.md) rather than the built-in sensitivity types:
- - Custom sensitivity information types are evaluated for content that is added to SharePoint or OneDrive after the custom sensitivity information types are saved.
+ - Custom sensitivity information types apply only to content that is added or modified in SharePoint or OneDrive after the custom sensitivity information types are enforced.
- To test new custom sensitive information types, create them before you create your auto-labeling policy, and then create new documents with sample data for testing. - One or more sensitivity labels [created and published](create-sensitivity-labels.md) (to at least one user) that you can select for your auto-labeling policies. For these labels:
compliance Archive 17A 4 Sql Database Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-sql-database-data.md
localization_priority: Normal - description: "Learn how to set up and use a 17a-4 SQL DataParser connector to import and archive SQL data in Microsoft 365."
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
Before you can archive third-party data in Microsoft 365, you have to work with
|[Refinitiv Eikon Messenger](archive-17a-4-refinitiv-messenger-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[ServiceNow ](archive-17a-4-servicenow-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[Slack ](archive-17a-4-slack-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[SQL ](archive-17a-4-sql-database-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|[Symphony ](archive-17a-4-symphony-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[Zoom ](archive-17a-4-zoom-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| ||||||||
compliance Compliance Manager Assessments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-assessments.md
Title: "Build and manage assessments in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
description: "Build assessments in Microsoft Compliance Manager to help you meet
**In this article:** Learn how to customize Compliance Manager for your organization by creating and managing **assessments**. This article walks you through how to create assessments, how to organize them into **groups**, working with **controls**, accepting **updates**, and exporting assessment **reports**.
-> [!IMPORTANT]
-> The assessments available to your organization depend on your licensing agreement. [Review the details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
- ## Introduction to assessments
-Compliance Manager helps you manage compliance with assessments for the regulations and certifications that apply to your organization. Assessments are groupings of controls from a specific regulation, standard, or policy. Compliance Manager makes it easy to start tracking your compliance by providing pre-built assessments that cover a variety of industry and regional regulations and certifications.
+Compliance Manager helps you create assessments that evaluate your compliance with industry and regional regulations that apply to your organization. Assessments are built upon the framework of assessment templates, which contain the necessary controls, improvement actions, and Microsoft actions for completing the assessment. Setting up the most relevant assessments for your organization can help you implement policies and operational procedures to limit your compliance risk.
-Each assessment is created from an [assessment template](compliance-manager-templates.md). Templates serve as a framework containing the necessary controls, improvement actions, and Microsoft actions for completing the assessment. Setting up the most relevant assessments for your organization can help you implement policies and operational procedures to limit your compliance risk.
+All of your assessments are listed on the assessments tab of Compliance Manager. Learn more about [how to filter your view of your assessments and interpret status states](compliance-manager-setup.md#assessments-page).
-All of your assessments are listed on the assessments page. Learn more about [how to filter your view of your assessments and interpret status states](compliance-manager-setup.md#assessments-page).
+> [!IMPORTANT]
+> The templates available to your organization for building assessments depend on your licensing agreement. [Review licensing details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
## Data Protection Baseline default assessment
This assessment is used to calculate your initial compliance score the first tim
Compliance Manager becomes more helpful as you build and manage your own assessments to meet your organization's particular needs.
-## Assessment creation overview
-
-There are three ways you can set up assessments:
-
-1. [Use a pre-built assessment](#use-a-pre-built-assessment).
-2. [Extend a pre-built assessment to suit your own needs](#extend-a-pre-built-assessment).
-3. [Create your own custom assessment](#create-your-own-custom-assessment).
-
-> [!NOTE]
-> Only users who hold a Global Administrator, Compliance Manager Administration, or Compliance Manager Assessor role can create and modify assessments. Learn more about [roles and permissions](compliance-manager-setup.md#set-user-permissions-and-assign-roles).
-
-**Use a pre-built assessment**
-
-Kickstart your compliance journey by choosing an assessment already set up by Compliance Manager. We provide a wide selection of [templates](compliance-manager-templates.md) for regulations and certifications that align to industries, regions, and common data protection standards, such as GDPR and ISO 27001. Templates contain the controls and improvement actions for helping you meet the requirements of a particular certification. YouΓÇÖll be asked to choose a template when you start [building an assessment](#use-a-pre-built-assessment).
-
-**Extend a pre-built assessment to suit your needs**
-
-You can modify a Compliance Manager assessmentΓÇöa process we refer to as "extending"ΓÇöby adding your own controls and actions to better suit your organizationΓÇÖs needs. For example, if you generally need to comply with HIPAA but require additional data protection or security controls, you can extend our HIPAA template by adding your own controls to it. See the instructions for [extending a pre-built assessment](#extend-a-pre-built-assessment).
-
-**Create your own custom assessment**
-
-You can create your own assessment entirely from scratch to track precisely what your organization needs. Creating your own assessment requires you to first create your own template for the assessment in Compliance Manager. See the instructions for [creating your own custom assessment](#create-your-own-custom-assessment).
- ## Understand groups before creating assessments
-Before you create or modify assessments, itΓÇÖs important to understand how groups work. When you create an assessment, youΓÇÖll need to assign it to a group during the process. That's why we recommend planning a grouping strategy for your assessments before you create assessments.
+When you create an assessment, youΓÇÖll need to assign it to a group. Groups are containers that allow you to organize assessments in a way that is logical to you, such as by year or regulation, or based on your organization's divisions or geographies. This is why we recommend planning a grouping strategy before you create assessments.
-### What are groups
-
-Groups are containers that allow you to organize assessments. You can group assessments in a way that is logical to you, such as by year or regulation, or based on your organization's divisions or geographies. Below are examples of two groups and their underlying assessments:
+Below are examples of two groups and their underlying assessments:
- **FFIEC IS assessment 2020** - FFIEC IS
Groups are containers that allow you to organize assessments. You can group asse
- ISO 27001:2013 - ISO 27018:2014
-When two different assessments in the same group share improvement actions that are managed by you, any updates you make to an action's implementation details or status will automatically synchronize to the same action in any other assessment in the group. This synchronization allows you to implement one improvement action and meet several requirements across multiple regulations.
-
-### How to create a group
+When two different assessments in the same group share improvement actions that you manage, any updates you make to an action's implementation details or status will automatically synchronize throughout the group. This synchronization allows you to implement one improvement action and meet several requirements simultaneously.
-You create a group during the process of [creating a new assessment](#to-create-an-assessment).
+### Create a group
-Groups can't be created as standalone entities. A group must contain at least one assessment. In order to create a group, you need to first create an assessment to put in the group.
+You can create a group while creating a new assessment. Groups can't be created as standalone entities.
### What to know when working with groups
+- A group must contain at least one assessment.
- Group names must be unique within your organization. - Groups don't have security properties. All permissions are associated with assessments. - Once you add an assessment to a group, the grouping can't be changed.-- Related assessment controls in different assessments within the same group automatically update when completed. - If you add a new assessment to an existing group, common information from assessments in that group are copied to the new assessment.
+- Related assessment controls in different assessments within the same group automatically update when completed.
+- When a change is made to an improvement that appears in multiple groups, that change is reflected in all instances of that improvement action.
- Groups can contain assessments for the same certification or regulation, but each group can only contain one assessment for a specific product-certification pair. For example, a group can't contain two assessments for Office 365 and NIST CSF. A group can contain multiple assessments for the same product only if the corresponding certification or regulation for each one is different. - Deleting an assessment breaks the relationship between that assessment and the group.-- Groups can't be deleted.-- When a change is made to an improvement that appears in multiple groups, that change is reflected in all instances of that improvement action.-
-## Use a pre-built assessment
-
-There are two starting points for creating an assessment from a Compliance Manager template.
-
-You can begin the process from your assessments page by selecting the **Add assessment** button and then working through the assessment creation wizard. The steps for this process are below.
+- Groups can't be manually deleted.
-You can also start from your assessment templates page by finding the template you want and selecting it from the list to arrive at its details page. On the template details page, select **Create assessment**. YouΓÇÖll then enter the wizard with your template already selected.
+## Create assessments
-### To create an assessment
+> [!NOTE]
+> Only users who hold a Global Administrator, Compliance Manager Administration, or Compliance Manager Assessor role can create and modify assessments. Learn more about [roles and permissions](compliance-manager-setup.md#set-user-permissions-and-assign-roles).
-1. Know which group youΓÇÖll assign your assessment to, or be prepared to create a new one for this assessment. [Learn more about groups](#understand-groups-before-creating-assessments).
+To begin building assessments, follow these steps.
-2. Go to your **assessments** page in Compliance Manager and select **Add assessment**. An assessment wizard will appear in a large flyout pane.
+1. Know which group youΓÇÖll assign your assessment to, or be prepared to create a new one for this assessment.
-3. **Select a template**: Choose a template to serve as the basis for your assessment. YouΓÇÖll see the list of templates divided into included and premium categories (see [Template types](compliance-manager-templates.md#template-types-included-and-premium-active-and-inactive) for more information). Select the radio button next to your chosen template, then select **Next**.
+2. Open the assessment wizard. You can access this flyout pane from one of two places:
+ - Go to your **assessments** page in Compliance Manager and select **Add assessment**; or
+ - Find the template you want to use on the **assessment templates** tab, view its details, and select **Create assessment**. This will populate the wizard's template selection field for you.
-4. **Name and group:** Enter a name for your assessment in the **Assessment name** field. Assessment names must be unique within groups. If the name of your assessment matches the name of another assessment in any given group, youΓÇÖll receive an error asking you to create a different name.
+3. **Select a template**: If you didn't already choose a template in step 2, choose a template to serve as the basis for your assessment. YouΓÇÖll see the list of templates divided into included and premium categories (see [Template types](compliance-manager-templates.md#template-availability-and-licensing) for more information). Select the radio button next to your chosen template, then select **Next**.
-5. Assign your assessment to a group. You can either:
- - Select **Use existing group** to assign it to a group youΓÇÖve already created; or
- - Select **Create new group** to create a new group and assign this assessment to it:
- - Determine a name for your group and enter it in the field beneath the radio button.
- - You can **copy data from an existing group**, such as implementation and testing details and documents, by selecting the appropriate boxes.
+4. **Name and group:** Set these properties to identify your assessment and assign it to a group.
+ - **Name**: Enter a name for your assessment in the **Assessment name** field. Assessment names must be unique within groups. If the name of your assessment matches the name of another assessment in any given group, youΓÇÖll receive an error asking you to create a different name.
+ - **Group**: Assign your assessment to a group. You can either:
+ - Select **Use existing group** to assign it to a group youΓÇÖve already created; or
+ - Select **Create new group** to create a new group and assign this assessment to it:
+ - Determine a name for your group and enter it in the field beneath the radio button.
+ - You can **copy data from an existing group**, such as implementation and testing details and documents, by selecting the appropriate boxes.
When finished, select **Next**.
-6. **Review and finish:** The last screen of the wizard shows the template, name, and group chosen for the assessment. You can edit any of these settings from the links on the screen, which take you back to the relevant steps in the wizard. When you're ready, select **Create assessment**.
+5. **Review and finish:** The last screen of the wizard shows the template, name, and group chosen for the assessment. You can edit any of these settings from the links on the screen, which take you back to the relevant steps in the wizard. When you're ready, select **Create assessment**.
-7. The next screen confirms that youΓÇÖve successfully created your new assessment. Select **Done** to close the wizard, and your new assessment's details page will appear on the screen.
+6. The next screen confirms that youΓÇÖve successfully created your new assessment. Select **Done** to close the wizard, and your new assessment's details page will appear on the screen.
If you see an **Assessment failed** screen after selecting **Create assessment**, select **Try again** to re-create your assessment. You can change the name of your assessment after you create it by selecting the **Edit name** button in the upper-right corner of the [assessment's details page](#monitor-assessment-progress-and-controls).
-## Extend a pre-built assessment
-
-You can modify a pre-built assessment by adding your own controls and improvement actions to the assessmentΓÇÖs template. This process is called ΓÇ£extending a Microsoft templateΓÇ¥ in Compliance Manager. When you extend the template of an assessment, it will receive any updates released by Microsoft, which may happen when there are changes to the related regulation or product (see [Accepting updates to assessments](#accepting-updates-to-assessments)).
-
-YouΓÇÖll complete this process by starting at your **assessment templates** page rather than your **assessments** page.
-
-**Before you begin**
-
-To prepare for this process, youΓÇÖll first need to assemble a specially formatted Excel spreadsheet to import the necessary template data. There are special requirements for the [formatted Excel files](compliance-manager-templates.md#formatting-your-template-data-with-excel) used in the extension process. See these additional points to help prevent errors in the import process:
--- Your spreadsheet should contain only the actions and controls you want to add to the assessment. -- The spreadsheet canΓÇÖt contain any of the controls or actions that already exist in the assessment you want to modify.-- Consider including ΓÇ£extensionΓÇ¥ in your templateΓÇÖs title, for example, ΓÇ£GDPR ΓÇô [your company name] extension.ΓÇ¥ This makes it easier to identify in the list on your **assessment templates** page as distinct from the standard Microsoft-provided template or a custom template with a similar name.-
-After you format your spreadsheet, follow the steps below.
-
-**Steps for extending a Compliance Manager template**
-
-1. Go to your **Assessment templates** page and select **Create new template**. A template creation wizard will open.
-
-2. Choose the type of template you want to create. In this case, select **Extend a Microsoft template**, then **Select Microsoft template**.
-
-3. A template selection flyout pane appears on the right side of your screen, showing a list of all templates and their status of active or inactive. Your **activated templates** counter shows how many templates are currently in use out of the total number available to use. If youΓÇÖre over your limit, a message bar will provide notice. See [Template types](compliance-manager-templates.md#template-types-included-and-premium-active-and-inactive) for more information.
-
-4. A template selection flyout pane appears on the right side of your screen. Use **Search** to apply filters for locating the template you want
-
-5. Once you locate your template, select the radio button to the left of its name, then select **Save**.
-
-6. The next screen shows the template you selected. If correct, select **Next**. (If incorrect, choose **Select a different template** to choose again.)
-
-7. At the **Upload file** screen, select **Browse** to find and upload your formatted Excel file containing all the required template data.
-
-8. If there are no problems with your file, the next screen shows the name of the file uploaded. Select **Next** to continue (if you need to change the file, select **Upload a different file**).
-
- - If thereΓÇÖs a problem with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix and re-upload your file. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields.
-
-9. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Next**. (If you need to make changes, select **Upload a different file**.)
-
-10. The last screen confirms a new template has been created. Select **Done** to exit the wizard.
-
-11. YouΓÇÖll arrive at your new templateΓÇÖs details page. From here you can create your assessment by selecting **Create assessment**. For guidance, start at step #4 in the [assessment creation instructions above](#to-create-an-assessment).
-
-## Create your own custom assessment
-
-Creating a custom assessment in Compliance Manager requires you to create your own template. To create your own template, youΓÇÖll first assemble a formatted Excel spreadsheet to import the necessary template data. It also helps to decide ahead of time which group youΓÇÖll assign your assessment to when you create it (learn more about [groups](#what-are-groups)).
-
-**Follow the steps below to create your custom assessment:**
-
-1. **Format your Excel file.** Begin by formatting your template data into an Excel spreadsheet using [these instructions](compliance-manager-templates.md#formatting-your-template-data-with-excel).
-
-2. **Create your template** by following [these instructions](compliance-manager-templates.md#create-a-new-template).
-
-3. **Create your assessment** from the template. You can begin by opening the templateΓÇÖs details page and selecting **Create assessment**, or go to your **assessments** page and select **Create assessment**.
-
-4. An assessment creation wizard will appear in a large flyout pane. From here, you can follow the guidance starting at step #3 of the [assessment creation instructions](#to-create-an-assessment), using your new custom template for your assessment.
-
-## Delete an assessment
-
-Deleting an assessment removes it from the list on your assessments page. Note these important points about deleting assessments:
--- **Deleting an assessment is permanent; you cannot get it back.** If you want to use the same assessment again, you'll need to re-create it.-- If the improvement actions in the assessment don't appear in any other assessment, they'll be deleted when the assessment is deleted.-- We recommend [exporting a report](#export-an-assessment-report) of the assessment before you permanently delete it.-
-To delete an assessment, follow the steps below:
-
-1. From your **assessments** page, select the assessment you wish to delete to open that assessmentΓÇÖs details page.
-
-2. Select **Delete assessment** in the upper-right corner of your screen.
-
-3. A window will appear asking you to confirm that you want to permanently delete the assessment. Select **Delete assessment** to close the window. YouΓÇÖll get a confirmation window that your assessment was deleted from Compliance Manager.
-
-If you delete the only assessment in a group, then that group is also deleted from Compliance Manager.
-
-> [!NOTE]
-> You can't delete all of your assessments. Organizations need at least one assessment for Compliance Manager to function properly. If the assessment you want to delete is the only one, add another assessment before deleting the other assessment.
- ## Monitor assessment progress and controls Each assessment has a details page that gives an at-a-glance view of your progress in completing the assessment. The page shows your progress in completing controls, and the test status of key improvement actions within those controls.
The Microsoft actions tab lists all the actions in the assessment that are manag
Learn more about [how controls and improvement actions are tracked and scored.](compliance-score-calculation.md)
-## Accepting updates to assessments
+## Accept updates to assessments
When an update is available for an assessment, youΓÇÖll see a notification and have the option to accept the update or defer it for a later time.
If youΓÇÖre in the middle of completing an assessment, you may want to ensure yo
You can export an assessment to an Excel file for compliance stakeholders in your organization or for external auditors and regulators. On your assessment details page, select the **Generate report** button near the top of the page, which creates an Excel file you can save and share.
-The report is a snapshot of the assessment as of the date and time of the export. It contains the details for controls managed by both you and Microsoft, including implementation status, test date, and test results.
+The report is a snapshot of the assessment as of the date and time of the export. It contains the details for controls managed by both you and Microsoft, including implementation status, test date, and test results.
+
+## Delete an assessment
+
+Deleting an assessment removes it from the list on your assessments page. Note these important points about deleting assessments:
+
+- **Deleting an assessment is permanent; you cannot get it back.** If you want to use the same assessment again, you'll need to re-create it.
+- If the improvement actions in the assessment don't appear in any other assessment, they'll be deleted when the assessment is deleted.
+- We recommend [exporting a report](#export-an-assessment-report) of the assessment before you permanently delete it.
+
+To delete an assessment, follow the steps below:
+
+1. From your **assessments** page, select the assessment you wish to delete to open that assessmentΓÇÖs details page.
+
+2. Select **Delete assessment** in the upper-right corner of your screen.
+
+3. A window will appear asking you to confirm that you want to permanently delete the assessment. Select **Delete assessment** to close the window. YouΓÇÖll get a confirmation window that your assessment was deleted from Compliance Manager.
+
+If you delete the only assessment in a group, then that group is also deleted from Compliance Manager.
+
+> [!NOTE]
+> You can't delete all of your assessments. Organizations need at least one assessment for Compliance Manager to function properly. If the assessment you want to delete is the only one, add another assessment before deleting the other assessment.
compliance Compliance Manager Improvement Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-improvement-actions.md
Title: "Assign and complete improvement actions in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance Compliance Manager Mcca https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-mcca.md
Title: "Microsoft Compliance Configuration Analyzer for Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance Compliance Manager Quickstart https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-quickstart.md
Title: "Microsoft Compliance Manager quickstart guide" f1.keywords: - NOCSH--++ audience: Admin
Once you're familiar with the basics, it's time to set things up to meet your or
When you're comfortable managing assessments in Compliance Manager, you can work with templates to modify a Compliance Manager assessment with your own actions and controls. You can also create your own custom assessment. Custom assessments are helpful for: -- Managing compliance for non-Microsoft 365 products such as third-party apps and services, on-premises applications, and other assets.
+- Managing compliance for non-Microsoft 365 products such as third-party apps and services, on-premises applications, and other assets.
- Managing your own custom or business-specific compliance controls. You can also set up automated testing of all or a subset of improvement actions. Visit the links below to understand more advanced functionality in Compliance -- [Extend a Compliance Manager assessment by adding your own controls and improvement actions](compliance-manager-assessments.md#extend-a-pre-built-assessment)-- [Create your own custom assessment](compliance-manager-assessments.md#create-your-own-custom-assessment)
+- [Extend a Compliance Manager template by adding your own controls and improvement actions](compliance-manager-templates.md#extend-an-assessment-template)
+- [Create your own custom template](compliance-manager-templates.md#create-an-assessment-template)
- [Modify an existing template to add or remove controls and actions](compliance-manager-templates.md#modify-a-template) - [Set up automated testing of improvement actions](compliance-manager-setup.md#set-up-automated-testing) - [Reassign improvement actions to another user](compliance-manager-setup.md#reassign-improvement-actions-to-another-user)
compliance Compliance Manager Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md
Title: "Get started with Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
There are two ways you can take action from this screen:
The assessments page lists all the [assessments](compliance-manager-assessments.md) you set up for your organization. Your compliance score denominator is determined by all your tracked assessments. As you add more assessments, you'll see more improvement actions listed on your improvement actions page, and your compliance score denominator increases.
-The **activated templates** counter near the top of the page shows the number of active assessment templates currently in use out of the total number of templates available for your organization to use. See [Template type](compliance-manager-templates.md#template-types-included-and-premium-active-and-inactive) for more information.
+The **activated templates** counter near the top of the page shows the number of active assessment templates currently in use out of the total number of templates available for your organization to use. See [Template availability and licensing](compliance-manager-templates.md#template-availability-and-licensing) for more information.
The assessments page summarizes key information about each assessment:
By default, you'll see the [Data Protection Baseline](compliance-manager-assessm
A template is a framework for creating an assessment in Compliance Manager. The assessment templates page displays a list of templates and key details. The list includes templates provided by Compliance Manager as well as any templates your organization has modified or created. You can apply filters to find a template based on certification, product scope, country, industry, and who created it.
-The **activated templates** counter near the top of the page shows the number of active assessment templates currently in use out of the total number of templates available for your organization to use. See [Template type](compliance-manager-templates.md#template-types-included-and-premium-active-and-inactive) for more information.
+The **activated templates** counter near the top of the page shows the number of active assessment templates currently in use out of the total number of templates available for your organization to use. See [Template availability and licensing](compliance-manager-templates.md#template-availability-and-licensing) for more information.
Select a template from its row to bring up its details page, which contains a description of the template and further information about certification, scope, and controls details. From this page you can select the appropriate buttons to create an assessment, export the template data to Excel, or modify the template. **Learn more:** [Read how to work with assessment templates](compliance-manager-templates.md). ## Next step
-Customize Compliance Manager by [setting up assessments](compliance-manager-assessments.md).
+Customize Compliance Manager by [setting up assessments](compliance-manager-assessments.md).
compliance Compliance Manager Templates List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-list.md
Title: "Microsoft Compliance Manager templates list" f1.keywords: - NOCSH--++ audience: Admin
description: "Microsoft Compliance Manager provides templates for building asses
**In this article:** View the comprehensive list of **templates** available for creating assessments in Compliance Manager. > [!IMPORTANT]
-> The assessment templates that are available to your organization depends on your licensing agreement. [Review the details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+> The assessment templates that are available to your organization depend on your licensing agreement. [Review the details](compliance-manager-templates.md#template-availability-and-licensing).
## Overview [Microsoft Compliance Manager](compliance-manager.md) provides a comprehensive set of templates for creating assessments. These templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.
-Templates are added to Compliance Manager as new laws and regulations are enacted. Compliance Manager updates its templates when the underlying laws or regulations change. Learn more about how [review and accept updates](compliance-manager-assessments.md#accepting-updates-to-assessments).
-
-View detailed guidance on [working with templates](compliance-manager-templates.md) to create your assessments.
+Templates are added to Compliance Manager as new laws and regulations are enacted. Compliance Manager also updates its templates when the underlying laws or regulations change. Learn more about how to [review and accept updates](compliance-manager-assessments.md#accept-updates-to-assessments).
## List of templates and where to find them
-Below is the complete list of templates in Compliance Manager. Each template details page provides information about the regulation or standard to which it applies. The links in the template names below take you to related documentation about that standard, regulation, or law.
-
-**Where to find your templates**
-
-In Compliance Manager, go to your **Assessment templates** page. You'll see a list of all the templates available to your organization. ItΓÇÖs important to understand the distinction between included and premium templates:
--- **Included templates** are templates included as part of your organization's licensing agreement.
+Below is the complete list of templates in Compliance Manager. The links in the template names below take you to related documentation about that standard, regulation, or law.
-Read more about [how to view and manage your templates](compliance-manager-templates.md#viewing-and-managing-templates-from-the-assessment-templates-page).
+### Where to find your templates
-> [!NOTE]
-> See [Template types](compliance-manager-templates.md#template-types-included-and-premium-active-and-inactive) for more information about included and premium templates and understanding which ones are available for your organization to use.
+To review the templates available to your organization, go to your **Assessment templates** page. Learn more about [how to view and manage your templates](compliance-manager-templates.md#view-and-manage-templates).
## Included templates
+One or more of these templates will be available based on your licensing agreement. The Data Protection Baseline template is included for all users.
- [Microsoft Data Protection Baseline](compliance-manager-assessments.md#data-protection-baseline-default-assessment) - [European Union GDPR](/compliance/regulatory/gdpr) (Microsoft 365, Office 365, Intune)-- [ISO 27001:2013](/compliance/regulatory/offering-iso-27001)
+- [ISO/IEC 27001:2013](/compliance/regulatory/offering-iso-27001)
- NIST 800-53 Revs. 4 and 5 > [!NOTE] > For US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers: the Cybersecurity Maturity Model Certification (CMMC) Levels 1 through 5 templates are included, in addition to the templates listed above. ## Premium templates
+These templates may be purchased by your organization.
+### Global
+- Guidelines and Functional Requirements for Electronic Records Management Systems (ICA Module 2) (Microsoft 365)
+- ISO 15489-1:2016 (Microsoft 365)
+- ISO 16175-1:2020 (Microsoft 365)
+- ISO 19791 - Information technology ΓÇö Security techniques ΓÇö Security assessment of operational systems (Microsoft 365)
+- [ISO 22301:2019](/compliance/regulatory/offering-iso-22301) (Microsoft 365)
+- ISO 23081-1:2017 (Microsoft 365)
+- ISO 27005:2018 (Microsoft 365)
+- [ISO 27017:2015](/compliance/regulatory/offering-iso-27017) (Microsoft 365)
+- ISO 27034-1 Information technology ΓÇö Security techniques ΓÇö Application security (Microsoft 365)
+- ISO 27799: 2016, Health informatics ΓÇö Information security management in health (Microsoft 365)
+- ISO 28000 ΓÇô Specifications for Security Management Systems for the Supply Chain (Microsoft 365)
+- ISO 31000:2018 (Microsoft 365)
+- ISO 55001 ΓÇô Asset management -- Management systems--Requirements (Microsoft 365)
+- ISO IEC 80001-1:2010 (Microsoft 365)
+- ISO/IEC 27001:2013
+- [ISO/IEC 27018:2019](/compliance/regulatory/offering-iso-27018) (Microsoft 365)
+- ISO/IEC 27033-1:2015 (Microsoft 365)
+- [ISO/IEC 27701:2019](/compliance/regulatory/offering-iso-27701) (Microsoft 365)
+- [System and Organization Controls (SOC) 1](/compliance/regulatory/offering-soc)
+- [System and Organization Controls (SOC) 2](/compliance/regulatory/offering-soc)
+
+### Industry
- AICPA/CICA Generally Accepted Privacy Principles (GAPP) (Microsoft 365)-- Alabama - Policy 621: Data Breach Notification - DRAFT (Microsoft 365)-- Alaska - Chapter 48 - Personal Information Protection Act (Microsoft 365)-- Albania - The Law on the Protection of Personal Data No. 9887-- Antigua and Barbuda-Data Protection Act /2013 (Microsoft 365)-- Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources-- [Argentina - Personal Data Protection Act 25.326](/compliance/regulatory/offering-pdpa-argentina) (Microsoft 365)-- Arizona - Notification of Breaches in Security Systems (Microsoft 365)-- Arkansas Code Title 4, Subtitle 7, Chapter 110, Personal Information Protection Act (Microsoft 365) - ARMA - Implementing the Generally Accepted Record Keeping Principles (GARP) (Microsoft 365)-- Armenia - Law of the Republic of Armenia on the Protection of Personal Data (Microsoft 365)-- Asia Pacific Economic Cooperation (APEC) Privacy Framework-- Australia - ASD Essential 8 (Microsoft 365)-- Australia - National Archives Act-- Australia - Public Records Office Victoria Recordkeeping Standards (Microsoft 365)-- Australia - Spam Act 2003 (Microsoft 365)-- Australia Privacy (Credit Reporting) Code (Microsoft 365)-- Australia Privacy Act (Microsoft 365)-- Australian Energy Sector Cyber Security Framework (AESCSF) (Microsoft 365)-- [Australian Information Security Registered Assessor Program (IRAP) Version 3](/compliance/regulatory/offering-ccsl-irap-australia) (Microsoft 365)-- [Australian Prudential Regulation Authority CPS](/compliance/regulatory/offering-apra-australia) (Microsoft 365)-- Austrian Telecommunications Act 2003 (Microsoft 365)-- Bahamas - Data Protection Act (Microsoft 365)-- Barbados - Data Protection Bill 2019 (Microsoft 365)-- Barbados - Electronic Transactions Act (Microsoft 365)-- Belarus Law On Information, Informatization and Protection of information (Microsoft 365)-- Belgium - Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Microsoft 365)-- [Belgium NBB Dec 2015](/compliance/regulatory/offering-nbb-fsma-belgium) (Microsoft 365)-- Bermuda - Electronic Transaction Act (Microsoft 365)-- Bosnia and Herzegovina Law on the Protection of Personal Data-- Botswana - Data Protection Act (Microsoft 365)-- Brazil - Consumer Protection Code Law No. 8078 (Office 365)-- Brazil - General Data Protection Law (LGPD) (Microsoft 365)-- Bulgaria Law for Protection of Personal Data 2002 (Microsoft 365)-- California - Civil Code Section 1798-- California - Database Breach Act (California SB 1386)-- California - Education Code-EDC, Title 3, Division 14, Part 65, Chapter 2.5- Social Media Privacy-- California - Privacy Rights Act (CPRA) (Microsoft 365)-- California - SB-327 Information Privacy: Connected Devices (Microsoft 365)-- California Consumer Credit Reporting Agencies Act (Microsoft 365)-- [California Consumer Privacy Act (CCPA)](/compliance/regulatory/offering-ccpa) (Microsoft 365)-- Canada - Breach of Security Safeguards Regulations (Microsoft 365)-- Canada - British Columbia - Information Privacy & Security - FOIPPA (Microsoft 365)-- [Canada - Office of the Superintendent of Financial Institutions Cyber Security Self-Assessment Guide](/compliance/regulatory/offering-osfi-canada) (Microsoft 365)-- Canada - Personal Health Information Protection Act (PHIPA) 2020 (Microsoft 365)-- Canada - Personal Information Protection and Electronic Documents Act (PIPEDA) (Microsoft 365)-- Canada - Protected B-- Canada Cybersecure - Baseline Cyber Security Controls for Small and Medium Organizations (Microsoft 365)-- CAN-SPAM Act (Microsoft 365) - [CDSA Content Protection & Security Standard](/compliance/regulatory/offering-cdsa) (Microsoft 365)-- Central Bank of Kuwait Cybersecurity Framework (Microsoft 365)-- [CFR - Code of Federal Regulations Title 21, Part 11, Electronic Records, Electronic Signatures](/compliance/regulatory/offering-fda-cfr-title-21-part-11) (Microsoft 365)-- Children's Online Privacy Protection Rule (COPPA) (Microsoft 365)-- China - Personal Information Security Specification (Microsoft 365) - [CIS Implementation Group 1, Group 2, Group 3](/compliance/regulatory/offering-cis-benchmark)
+- CIS Microsoft 365 Foundation Level 1 and 2
- [Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)](/compliance/regulatory/offering-csa-star-attestation)
+- COBIT 5 (Microsoft 365)
+- FINRA Cybersecurity Checklist (Microsoft 365)
+- ITU X.1052 Information Security Management Framework (Microsoft 365)
+- Joint Commission Information Management Standard (Microsoft 365)
+- [Motion Picture Association (MPA) Content Security Best Practices](/compliance/regulatory/offering-mpaa) (Microsoft 365)
+- [NERC CIP](/compliance/regulatory/offering-nerc-cip) (Microsoft 365)
+- SWIFT Customer Security Controls (Microsoft 365)
+- OWASP ProActive Controls for Developers 2018 v3.0 (Microsoft 365)
+- (NAIC) Standards for Safeguarding Customer Information Model Regulation MDL-673
+- [PCI DSS v3.2.1](/compliance/regulatory/offering-pci-dss) (Microsoft 365)
+- Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017 (Microsoft 365)
+- Revisions to the principles for the sound management of operational risk (Basel III Ops Risks) (Microsoft 365)
+- Standardized Information Gathering (SIG) Questionnaire (Microsoft 365)
+- [Trusted Information Security Assessment Exchange](/compliance/regulatory/offering-tisax-germany)
+
+### US Government
+- Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources
+- [CFR - Code of Federal Regulations Title 21, Part 11, Electronic Records, Electronic Signatures](/compliance/regulatory/offering-fda-cfr-title-21-part-11) (Microsoft 365)
+- Children's Online Privacy Protection Rule (COPPA) (Microsoft 365)
- CMMC Level 1, Level 2, Level 3, Level 4, Level 5 (Microsoft 365) - CMS Information Systems Security and Privacy Policy (IS2P2) (Microsoft 365)-- COBIT 5 (Microsoft 365)-- Code of Maryland State Government - Protection of Information by Government Agencies (Microsoft 365)-- Colombia - Decree No. 1377/2013 (Microsoft 365)-- Colombia - External Circular Letter 007 of 2018 (Microsoft 365)-- Colombia - Law 1266/2008- Habeas Data Act (Microsoft 365)-- Colorado Protections for Consumer Data Privacy (Microsoft 365)-- Colorado Revised Statutes, Section 6-1-716, Notice of Security Breach (Microsoft 365) - Computer Fraud and Abuse Act (CFAA) (Microsoft 365)-- Connecticut - Display and Use of Social Security Numbers and Personal Information (Microsoft 365)-- Connecticut General Statutes - General Provisions for state contractors who receive confidential information (Microsoft 365)-- Connecticut Information Security Program to Safeguard Personal Information (Microsoft 365)-- Connecticut State Law - Breach of security re computerized data containing personal information (Microsoft 365) - Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (Microsoft 365) - [Criminal Justice Information Services (CJIS) Security Policy](/compliance/regulatory/offering-cjis) (Microsoft 365) - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software - FDA (Microsoft 365)-- Cybersecurity Law of the People's Republic of China (Microsoft 365) - Cybersecurity Maturity Model Certification (CMMC) Levels 1 through 5 (Microsoft 365)-- Cyprus The Processing of Personal Data Law (Microsoft 365)-- Czech - Act No. 110/2019 Coll. on Personal Data Processing - 2019 (Microsoft 365)-- Czech - On Cyber Security and Change of Related Acts (Act on Cyber Security) - Act No. 181 (Microsoft 365)-- D.C. Law 16-237 - Consumer Personal Information Security Breach Notification Act (Microsoft 365)-- Delaware - Student Data Privacy Protection Act (Microsoft 365)-- Delaware Computer Security Breaches- Commerce and Trade Subtitle II - 12B-100 to 12B-104-- Denmark - Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment-- Denmark - The Data Protection Act (Microsoft 365) - [DFARS](/compliance/regulatory/offering-dfars) (Microsoft 365)-- Directive 2013/40/EU Of The European Parliament And Of The Council (Microsoft 365)-- Dubai - Health Data Protection Regulation (Microsoft 365)-- Dubai Consumer Protection Regulations (Telecommunications Regulatory Authority)(Microsoft 365)-- Dubai ISR (Microsoft 365) - e-CFR - Identity Theft Rules (Microsoft 365) - Electronic Code of Federal Regulations - Part 748.0 and Appendix A (Microsoft 365)-- Estonia - Personal Data Protection Act (Microsoft 365)-- Estonia - The system of security measures for information systems (Microsoft 365)-- EU - Directive 2006/24/EC (Microsoft 365)-- EU - ePrivacy Directive 2002 58 EC (Microsoft 365)-- EudraLex - The Rules Governing Medicinal Products in the European Union (Microsoft 365)-- European Network and Information Security Agency (ENISA) - Cloud Computing Information Assurance Framework (Microsoft 365) - FDIC Privacy Rules (Microsoft 365) - [Federal Financial Institutions Examination Council (FFIEC) Information Security Booklet](/compliance/regulatory/offering-ffiec-us) (Microsoft 365, Intune) - [FedRAMP Moderate](/compliance/regulatory/offering-fedramp) (Microsoft 365) - FedRAMP SSP High Baseline (Microsoft 365)-- Finland - Data Protection Act (Microsoft 365)-- Finnish Criteria for Assessment of Information Security of Cloud Services-- FINRA Cybersecurity Checklist (Microsoft 365)-- Florida Title XXXII, Chapter 501, Section 501.171, Security of confidential personal information (Microsoft 365)-- France - The Data Protection Act (Microsoft 365) - Freedom of Information Act (FOIA) (Microsoft 365) - FTC Privacy of Consumer Financial Information (Microsoft 365)-- Georgia (US) Personal Identity Protection Act (Microsoft 365)-- Georgia Law on Personal Data Protection (Microsoft 365)-- Germany - Annotated text of the Minimum Requirements for Risk Management (Microsoft 365)-- [Germany - Cloud Computing Compliance Controls Catalog (C5)](/compliance/regulatory/offering-c5-germany) (Microsoft 365)-- Germany - Federal Data Protection Act (Microsoft 365)-- Germany - Supervisory Requirements for IT in Financial Institutions (BAIT) (Microsoft 365)-- Ghana - Data Protection Act (Microsoft 365) - [Gramm-Leach-Bliley Act, Title V, Subtitle A, Financial Privacy](/compliance/regulatory/offering-GLBA) (Microsoft 365)-- Guam's Notification of Breaches of Personal Information (Microsoft 365)-- Guidelines and Functional Requirements for Electronic Records Management Systems (ICA Module 2) (Microsoft 365)-- Hawaii - Security Breach of Personal Information Chapter 487N - [HIPAA/HITECH](/compliance/regulatory/offering-hipaa-hitech) (Microsoft 365, Intune) - [HITRUST](/compliance/regulatory/offering-hitrust) (Microsoft 365) - Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection (Microsoft 365)-- Hong Kong - Personal Data (Privacy) Ordinance (Microsoft 365)
+- IRS - Revenue Procedure 98-25 Automated Records (Microsoft 365)
+- IRS-P1075 (Microsoft 365)
+- Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 (Microsoft 365)
+- National Archives Universal Electronic Records Management (ERM) Requirements (Microsoft 365)
+- NIST 800-37 (Microsoft 365)
+- NIST 800-53 rev.5 (Microsoft 365)
+- NIST 800-63 Digital Identity Guidelines (Microsoft 365)
+- NIST 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification (Microsoft 365)
+- NIST 800-137A -- Assessing Information Security Continuous Monitoring (ISCM) Programs (Microsoft 365)
+- [NIST 800-171](/compliance/regulatory/offering-nist-sp-800-171) (Microsoft 365)
+- NIST 800-184: Guide for Cybersecurity Event Recovery (Microsoft 365)
+- [NIST CSF](/compliance/regulatory/offering-nist-csf) (Microsoft 365)
+- NIST Privacy Framework
+- NIST SP 1800-5 IT Asset Management (Microsoft 365)
+- NIST Special Publication 1800-1 Securing Electronic Health Records on Mobile Devices (Microsoft 365)
+- NIST Special Publication 800-128 (Microsoft 365)
+- NIST Special Publication 800-210: General Access Control Guidance for Cloud Systems (Microsoft 365)
+- [Sarbanes-Oxley Act](/compliance/regulatory/offering-sox)
+- [SEC 17-4(a)](/compliance/regulatory/offering-sec-17a-4) (Microsoft 365)
+- United States of America Privacy Act (Microsoft 365)
+- US - Clarifying Lawful Overseas Use of Data (CLOUD) Act (Microsoft 365)
+- US - Commission Statement and Guidance on Public Company Cybersecurity Disclosures (Microsoft 365)
+- US - Department of Energy (DOE) Assistance to Foreign Atomic Energy Activities (Microsoft 365)
+- [US - Family Educational Rights and Privacy Act (FERPA)](/compliance/regulatory/offering-ferpa)
+- US - Federal Information Security Modernization Act of 2014 (FISMA) (Microsoft 365)
+- US - Protecting and Securing Chemical Facilities From Terrorist Attacks Act (Microsoft 365)
+
+### US States and Territories
+- Alabama - Policy 621: Data Breach Notification - DRAFT (Microsoft 365)
+- Alaska - Chapter 48 - Personal Information Protection Act (Microsoft 365)
+- Arizona - Notification of Breaches in Security Systems (Microsoft 365)
+- Arkansas Code Title 4, Subtitle 7, Chapter 110, Personal Information Protection Act (Microsoft 365)
+- California - Civil Code Section 1798
+- California - Database Breach Act (California SB 1386)
+- California - Education Code-EDC, Title 3, Division 14, Part 65, Chapter 2.5- Social Media Privacy
+- California - Privacy Rights Act (CPRA) (Microsoft 365)
+- California - SB-327 Information Privacy: Connected Devices (Microsoft 365)
+- California Consumer Credit Reporting Agencies Act (Microsoft 365)
+- [California Consumer Privacy Act (CCPA)](/compliance/regulatory/offering-ccpa) (Microsoft 365)
+- Colorado Protections for Consumer Data Privacy (Microsoft 365)
+- Colorado Revised Statutes, Section 6-1-716, Notice of Security Breach (Microsoft 365)
+- Connecticut - Display and Use of Social Security Numbers and Personal Information (Microsoft 365)
+- Connecticut General Statutes - General Provisions for state contractors who receive confidential information (Microsoft 365)
+- Connecticut Information Security Program to Safeguard Personal Information (Microsoft 365)
+- Connecticut State Law - Breach of security re computerized data containing personal information (Microsoft 365)
+- D.C. Law 16-237 - Consumer Personal Information Security Breach Notification Act (Microsoft 365)
+- Delaware - Student Data Privacy Protection Act (Microsoft 365)
+- Delaware Computer Security Breaches- Commerce and Trade Subtitle II - 12B-100 to 12B-104
+- Florida Title XXXII, Chapter 501, Section 501.171, Security of confidential personal information (Microsoft 365)
+- Georgia (US) Personal Identity Protection Act (Microsoft 365)
+- Guam's Notification of Breaches of Personal Information (Microsoft 365)
+- Hawaii - Security Breach of Personal Information Chapter 487N
- Idaho Identity Theft (Microsoft 365) - Illinois (740 ILCS 14/1) Biometric Information Privacy Act (Microsoft 365) - Illinois Personal Information Protection Act (Microsoft 365)-- India Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules-- India - Information Technology Act (Microsoft 365) - Indiana Disclosure of Security Breach (Microsoft 365)-- Indonesia - Law 11/2008 (Microsoft 365)-- Information Management Standard for Australian Government - National Archives of Australia (NAA) (Microsoft 365) - Iowa - Student Personal Information Protection Act (Microsoft 365) - Iowa Code. Title XVI. Chapter 715C. Personal Information Security Breach Protection (Microsoft 365)-- Ireland Data Protection Act (Microsoft 365)-- IRS - Revenue Procedure 98-25 Automated Records (Microsoft 365)-- IRS-P1075 (Microsoft 365)-- ISO 15489-1:2016 (Microsoft 365)-- ISO 16175-1:2020 (Microsoft 365)-- ISO 19791 - Information technology — Security techniques — Security assessment of operational systems (Microsoft 365)-- [ISO 22301:2019](/compliance/regulatory/offering-iso-22301) (Microsoft 365)-- ISO 23081-1:2017 (Microsoft 365)-- ISO 27005:2018 (Microsoft 365)-- [ISO 27017:2015](/compliance/regulatory/offering-iso-27017) (Microsoft 365)-- ISO 27034-1 Information technology — Security techniques — Application security (Microsoft 365)-- ISO 27799: 2016, Health informatics — Information security management in health (Microsoft 365)-- ISO 28000 – Specifications for Security Management Systems for the Supply Chain (Microsoft 365)-- ISO 31000:2018 (Microsoft 365)-- ISO 55001 – Asset management -- Management systems--Requirements (Microsoft 365)-- ISO IEC 80001-1:2010 (Microsoft 365)-- ISO/IEC 27001:2013 (Microsoft 365)-- [ISO/IEC 27018:2019](/compliance/regulatory/offering-iso-27018) (Microsoft 365)-- ISO/IEC 27033-1:2015 (Microsoft 365)-- [ISO/IEC 27701:2019](/compliance/regulatory/offering-iso-27701) (Microsoft 365)-- Israel - Privacy Protection (Transfer of Data to Databases Abroad) Regulations (Microsoft 365)-- Israel Privacy Law (Microsoft 365)-- ITU X.1052 Information Security Management Framework (Microsoft 365)-- Japan - Act on Prohibition of Unauthorized Computer Access (Microsoft 365)-- Japan - Common Model of Information Security Measures for Government Agencies and Related Agencies (Microsoft 365)-- Japan - Common Standards for Information Security Measures for Government Agencies and Related Agencies (Microsoft 365)-- Japan Privacy Mark - JIS Q 15001 : 2017 (Microsoft 365)-- Japanese Act on the Protection of Personal Information (Law No. 57 of 2003) (Microsoft 365)-- Joint Commission Information Management Standard (Microsoft 365)-- Jordan Cloud Platforms & Services Policy (Microsoft 365) - Kansas Consumer Information, Security Breach Statute (Microsoft 365) - Kentucky Data Breach Notification (Microsoft 365)-- Kenya Data Protection Act (Microsoft 365)-- Korea - Credit Information Use And Protection Act (Microsoft 365)-- Korea - The Act on Promotion of Information and Communications Network Utilization and Data Protection (Microsoft 365)-- Korea Personal Information Protection Act (Microsoft 365)-- Law of The Republic of Uzbekistan on Personal Data (Microsoft 365) - Louisiana Database Security Breach Notification Law (Act No. 382) (Microsoft 365)-- Luxembourg Act (Microsoft 365) - Maine - Act to Protect the Privacy of Online Consumer Information - Maine - Notice of Risk to Personal Data (Microsoft 365)-- Malaysia - Personal Data Protection Act (PDPA) (Microsoft 365)-- Malaysia Risk Management in Technology (RMiT) (Microsoft 365)-- Malta - Data Protection Act (Microsoft 365)
+- Code of Maryland State Government - Protection of Information by Government Agencies (Microsoft 365)
- Maryland Personal Information Protection Act - Security Breach Notification Requirements, HB 1154 (Microsoft 365) - Maryland's Student Data Privacy Act (Microsoft 365)
+- Massachusetts - 201 CMR 17.00: Standards For The Protection Of Personal Information Of Residents Of The Commonwealth
- Massachusetts Data Breach Notification Law 93H section 1-6 (Microsoft 365)-- Mauritius Data Protection Act 2004 (Microsoft 365)-- Mexico - Federal Consumer Protection Law (Microsoft 365)-- Mexico - Federal Law on Protection of Personal Data Held by Private Parties (Microsoft 365) - Michigan Identity Theft Protection Act (Microsoft 365)-- Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 (Microsoft 365) - Mississippi Security Breach Notification (Microsoft 365) - Montana - Impediment of Identity Theft (Microsoft 365)-- Montenegro - Law on Personal Data Protection (Microsoft 365)-- [Motion Picture Association (MPA) Content Security Best Practices](/compliance/regulatory/offering-mpaa) (Microsoft 365)-- Myanmar - Law Protecting the Privacy and Security of Citizens-- National Archives Universal Electronic Records Management (ERM) Requirements (Microsoft 365) - Nebraska's Data Protection and Consumer Notification of Data Security Breach Act (Microsoft 365)-- Nepal - Right to Information Act-- [NERC CIP](/compliance/regulatory/offering-nerc-cip) (Microsoft 365) - Nevada Chapter 603A - Security and Privacy of Personal Information (Microsoft 365) - Nevada Senate Bill 220 Online Privacy Law (Microsoft 365) - New Hampshire Right to Privacy Act (Microsoft 365)
Read more about [how to view and manage your templates](compliance-manager-templ
- New York City Administrative Code - Security Breach Notification (Microsoft 365) - New York General Business Law - Data Security Breach Notification and Data Security Protections (Microsoft 365) - New York Privacy Act - DRAFT (Microsoft 365)
+- North Carolina - Identity Theft Protection Act (Microsoft 365)
+- North Dakota Chapter 51-30 Notice of Security Breach for Personal Information (Microsoft 365)
+- Ohio - Security Breach Notification (Microsoft 365)
+- Ohio Data Protection Act 2018 (Microsoft 365)
+- Oklahoma Security Breach Notification Act (Microsoft 365)
+- Oregon Consumer Identity Theft Information Protection Act (Microsoft 365)
+- Pennsylvania Breach of Personal Information Notification Act (Microsoft 365)
+- Puerto Rico - Citizen Information on Data Banks Security Act (Microsoft 365)
+- Rhode Island - Identity Theft Protection Act (Microsoft 365)
+- South Carolina - Breach Notification (Microsoft 365)
+- South Dakota - Notice of Breach (Microsoft 365)
+- Tennessee 47-18-2107 Release of Personal Consumer Information (Microsoft 365)
+- Texas - Identity Theft Enforcement and Protection Act (Microsoft 365)
+- Texas Privacy Policy to Protect Social Security Numbers (Microsoft 365)
+- Utah Consumer Credit Protection Act (Microsoft 365)
+- Utah Electronic Information or Data Privacy (Microsoft 365)
+- Vermont - Act on Data Privacy and Consumer Protection (Microsoft 365)
+- Virginia Breach of Personal Information Act (Microsoft 365)
+- Washington DC - Consumer Security Breach Notification Standard (Microsoft 365)
+- West Virginia - Breach of Security of Consumer Information (Microsoft 365)
+- Wisconsin Security Breach Notification (Microsoft 365)
+
+### Regional
+
+#### Asia-Pacific Countries
+- Asia Pacific Economic Cooperation (APEC) Privacy Framework
+- Australia - ASD Essential 8 (Microsoft 365)
+- Australia - National Archives Act
+- Australia - Public Records Office Victoria Recordkeeping Standards (Microsoft 365)
+- Australia - Spam Act 2003 (Microsoft 365)
+- Australia Privacy (Credit Reporting) Code (Microsoft 365)
+- Australia Privacy Act (Microsoft 365)
+- Australian Energy Sector Cyber Security Framework (AESCSF) (Microsoft 365)
+- [Australian Information Security Registered Assessor Program (IRAP) Version 3](/compliance/regulatory/offering-ccsl-irap-australia) (Microsoft 365)
+- [Australian Prudential Regulation Authority CPS](/compliance/regulatory/offering-apra-australia) (Microsoft 365)
+- Victorian Protective Data Security Standards V2.0 (VPDSS 2.0) (Microsoft 365)
+- Information Management Standard for Australian Government - National Archives of Australia (NAA) (Microsoft 365)
+- China - Personal Information Security Specification (Microsoft 365)
+- Cybersecurity Law of the People's Republic of China (Microsoft 365)
+- Hong Kong - Personal Data (Privacy) Ordinance (Microsoft 365)
+- India Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules
+- India - Information Technology Act (Microsoft 365)
+- [Reserve Bank of India Cyber Security Framework](/compliance/regulatory/offering-rbi-irdai-india) (Microsoft 365)
+- Indonesia - Law 11/2008 (Microsoft 365)
+- Japan - Act on Prohibition of Unauthorized Computer Access (Microsoft 365)
+- Japan - Common Model of Information Security Measures for Government Agencies and Related Agencies (Microsoft 365)
+- Japan - Common Standards for Information Security Measures for Government Agencies and Related Agencies (Microsoft 365)
+- Japan Privacy Mark - JIS Q 15001 : 2017 (Microsoft 365)
+- Japanese Act on the Protection of Personal Information (Law No. 57 of 2003) (Microsoft 365)
+- Korea - Credit Information Use And Protection Act (Microsoft 365)
+- Korea - The Act on Promotion of Information and Communications Network Utilization and Data Protection (Microsoft 365)
+- Korea Personal Information Protection Act (Microsoft 365)
+- Malaysia - Personal Data Protection Act (PDPA) (Microsoft 365)
+- Malaysia Risk Management in Technology (RMiT) (Microsoft 365)
+- Myanmar - Law Protecting the Privacy and Security of Citizens
+- Nepal - Right to Information Act
- New Zealand - Privacy Act / 2020 (Microsoft 365) - New Zealand - Public Records Act (Microsoft 365) - New Zealand - Reserve Bank BS11 Outsourcing Policy (Microsoft 365)
Read more about [how to view and manage your templates](compliance-manager-templ
- New Zealand Health Information Privacy Code (Microsoft 365) - New Zealand Health Information Security Framework (HISF) (Microsoft 365) - New Zealand Information Security Manual (NZISM)-- Nigeria Data Protection Regulation (Microsoft 365)-- NIST 800-37 (Microsoft 365)-- NIST 800-53 rev.5 (Microsoft 365)-- NIST 800-63 Digital Identity Guidelines (Microsoft 365)-- NIST 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification (Microsoft 365)-- NIST 800-137A -- Assessing Information Security Continuous Monitoring (ISCM) Programs (Microsoft 365)-- [NIST 800-171](/compliance/regulatory/offering-nist-sp-800-171) (Microsoft 365)-- NIST 800-184: Guide for Cybersecurity Event Recovery (Microsoft 365)-- [NIST CSF](/compliance/regulatory/offering-nist-csf) (Microsoft 365)-- NIST Privacy Framework-- NIST SP 1800-5 IT Asset Management (Microsoft 365)-- NIST Special Publication 1800-1 Securing Electronic Health Records on Mobile Devices (Microsoft 365)-- NIST Special Publication 800-128 (Microsoft 365)-- NIST Special Publication 800-210: General Access Control Guidance for Cloud Systems (Microsoft 365)-- North Carolina - Identity Theft Protection Act (Microsoft 365)-- North Dakota Chapter 51-30 Notice of Security Breach for Personal Information (Microsoft 365)-- Ohio - Security Breach Notification (Microsoft 365)-- Ohio Data Protection Act 2018 (Microsoft 365)-- Oklahoma Security Breach Notification Act (Microsoft 365)-- Oman - Electronic Transactions Law (Microsoft 365)-- Oregon Consumer Identity Theft Information Protection Act (Microsoft 365)-- OWASP ProActive Controls for Developers 2018 v3.0 (Microsoft 365) - Pakistan - Electronic Data Protection Act - DRAFT (Microsoft 365)-- [PCI DSS v3.2.1](/compliance/regulatory/offering-pci-dss) (Microsoft 365)-- Pennsylvania Breach of Personal Information Notification Act (Microsoft 365)-- Peruvian Legislation Law 29733 Law of Data Privacy Protection - Philippines BSP Information Security Management Guidelines (Microsoft 365) - Philippines Data Privacy Act of 2012 (Microsoft 365)-- Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017 (Microsoft 365)-- Puerto Rico - Citizen Information on Data Banks Security Act (Microsoft 365)-- Qatar Cloud Security Policy-- Republic of Moldova Law on Personal Data Protection (Microsoft 365)-- [Reserve Bank of India Cyber Security Framework](/compliance/regulatory/offering-rbi-irdai-india) (Microsoft 365)-- Revisions to the principles for the sound management of operational risk (Basel III Ops Risks) (Microsoft 365)-- Rhode Island - Identity Theft Protection Act (Microsoft 365)-- Romania - Data Protection Law 190/2018 (Microsoft 365)-- Russia - Federal Law 149-FZ On Information, Information Technology and Information Security-- [Russian Federation Federal Law Regarding Personal Data](/compliance/regulatory/offering-russia-data-localization) (Microsoft 365)-- Saint Lucia Data Protection Act (Microsoft 365)-- [Sarbanes-Oxley Act](/compliance/regulatory/offering-sox)-- [SEC 17-4(a)](/compliance/regulatory/offering-sec-17a-4) (Microsoft 365) - Singapore - ABS Guidelines on Control Objectives and Procedures for Outsourced Service Providers (Microsoft 365) - Singapore - Banking Act (Cap.19) - Singapore - Cybersecurity 2018 (Microsoft 365)
Read more about [how to view and manage your templates](compliance-manager-templ
- [Singapore - Multi-Tier Cloud Security (MTCS) Standard](/compliance/regulatory/offering-mtcs-singapore) (Microsoft 365) - Singapore - Personal Data Protection Act / 2012 (Microsoft 365) - Singapore Spam Control Act (Microsoft 365)-- Slovakia Act on the Protection of Personal Data (Microsoft 365)-- South Africa Consumer Protection ACT 68 2008 (Microsoft 365)-- South Africa Electronic Communications and Transactions Act, 2002 (Microsoft 365)-- South Africa - Promotion of Access to Information Act (Microsoft 365)-- South African POPIA (Microsoft 365)-- South Carolina - Breach Notification (Microsoft 365)-- South Dakota - Notice of Breach (Microsoft 365)-- Spain - Nation Security Framework (Microsoft 365)-- Standardized Information Gathering (SIG) Questionnaire (Microsoft 365)-- SWIFT Customer Security Controls (Microsoft 365)-- Switzerland - Federal Act on Data Protection (FADP) (Microsoft 365)-- [System and Organization Controls (SOC) 1](/compliance/regulatory/offering-soc)-- [System and Organization Controls (SOC) 2](/compliance/regulatory/offering-soc) - Taiwan - Implementation Rules for the Internal Audit and Internal Control System of Electronic Payment Institutions - 2015 (Microsoft 365)
+- Taiwan - Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking
- Taiwan - Regulations Governing Approval and Administration of Financial Information Service Enterprises Engaging in Interbank Funds Transfer and Settlement (Microsoft 365) - Taiwan - Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions (Microsoft 365) - Taiwan Personal Data Protection Act (PDPA) (Microsoft 365)-- Tennessee 47-18-2107 Release of Personal Consumer Information (Microsoft 365)-- Texas - Identity Theft Enforcement and Protection Act (Microsoft 365)-- Texas Privacy Policy to Protect Social Security Numbers (Microsoft 365) - Thailand PDPA (Microsoft 365) - Trade Secrets Act of The Republic of China (Microsoft 365)-- Trinidad and Tobago Data Protection (Act 13 of 2011) (Microsoft 365)-- [Trusted Information Security Assessment Exchange](/compliance/regulatory/offering-tisax-germany)
+- Law of The Republic of Uzbekistan on Personal Data (Microsoft 365)
+- Vietnam - Consumer Rights Protection Law (Microsoft 365)
+- Vietnam - Law of Cybersecurity (Microsoft 365)
+- Vietnam - Law of Network Information Security
+- Vietnam - Law on Information Technology (Microsoft 365)
+
+#### Europe, Middle East, and Africa (EMEA)
+- Albania - The Law on the Protection of Personal Data No. 9887
+- Austrian Telecommunications Act 2003 (Microsoft 365)
+- Armenia - Law of the Republic of Armenia on the Protection of Personal Data (Microsoft 365)
+- Belarus Law On Information, Informatization and Protection of information (Microsoft 365)
+- Belgium - Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Microsoft 365)
+- [Belgium NBB Dec 2015](/compliance/regulatory/offering-nbb-fsma-belgium) (Microsoft 365)
+- Bosnia and Herzegovina Law on the Protection of Personal Data
+- Botswana - Data Protection Act (Microsoft 365)
+- Bulgaria Law for Protection of Personal Data 2002 (Microsoft 365)
+- Central Bank of Kuwait Cybersecurity Framework (Microsoft 365)
+- Cyprus The Processing of Personal Data Law (Microsoft 365)
+- Czech - Act No. 110/2019 Coll. on Personal Data Processing - 2019 (Microsoft 365)
+- Czech - On Cyber Security and Change of Related Acts (Act on Cyber Security) - Act No. 181 (Microsoft 365)
+- Denmark - The Data Protection Act (Microsoft 365)
+- Denmark - Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment
+- Directive 2013/40/EU Of The European Parliament And Of The Council (Microsoft 365)
+- Dubai - Health Data Protection Regulation (Microsoft 365)
+- Dubai Consumer Protection Regulations (Telecommunications Regulatory Authority)(Microsoft 365)
+- Dubai ISR (Microsoft 365)
+- Estonia - Personal Data Protection Act (Microsoft 365)
+- Estonia - The system of security measures for information systems (Microsoft 365)
+- EU - Directive 2006/24/EC (Microsoft 365)
+- EU - ePrivacy Directive 2002 58 EC (Microsoft 365)
+- EudraLex - The Rules Governing Medicinal Products in the European Union (Microsoft 365)
+- European Network and Information Security Agency (ENISA) - Cloud Computing Information Assurance Framework (Microsoft 365)
+- Finland - Data Protection Act (Microsoft 365)
+- Finnish Criteria for Assessment of Information Security of Cloud Services
+- France - The Data Protection Act (Microsoft 365)
+- Georgia Law on Personal Data Protection (Microsoft 365)
+- Germany - Annotated text of the Minimum Requirements for Risk Management (Microsoft 365)
+- [Germany - Cloud Computing Compliance Controls Catalog (C5)](/compliance/regulatory/offering-c5-germany) (Microsoft 365)
+- Germany - Federal Data Protection Act (Microsoft 365)
+- Germany - Supervisory Requirements for IT in Financial Institutions (BAIT) (Microsoft 365)
+- Ghana - Data Protection Act (Microsoft 365)
+- Ireland Data Protection Act (Microsoft 365)
+- Israel - Privacy Protection (Transfer of Data to Databases Abroad) Regulations (Microsoft 365)
+- Israel Privacy Law (Microsoft 365)
+- Jordan Cloud Platforms & Services Policy (Microsoft 365)
+- Kenya Data Protection Act (Microsoft 365)
+- Luxembourg Act (Microsoft 365)
+- Malta - Data Protection Act (Microsoft 365)
+- Mauritius Data Protection Act 2004 (Microsoft 365)
+- Republic of Moldova Law on Personal Data Protection (Microsoft 365)
+- Montenegro - Law on Personal Data Protection (Microsoft 365)
+- Nigeria Data Protection Regulation (Microsoft 365)
+- Oman - Electronic Transactions Law (Microsoft 365)
+- Qatar Cloud Security Policy
+- Romania - Data Protection Law 190/2018 (Microsoft 365)
+- Russia - Federal Law 149-FZ On Information, Information Technology and Information Security
+- [Russian Federation Federal Law Regarding Personal Data](/compliance/regulatory/offering-russia-data-localization) (Microsoft 365)
+- South Africa Consumer Protection ACT 68 2008 (Microsoft 365)
+- South Africa Electronic Communications and Transactions Act, 2002 (Microsoft 365)
+- South Africa - Promotion of Access to Information Act (Microsoft 365)
+- South African POPIA (Microsoft 365)
+- Slovakia Act on the Protection of Personal Data (Microsoft 365)
+- Spain - Nation Security Framework (Microsoft 365)
+- Switzerland - Federal Act on Data Protection (FADP) (Microsoft 365)
- Turkey - KVKK Protection of Personal Data 6698 (Microsoft 365) - UAE - Federal Decree Law on Combating Cyber Crimes (Microsoft 365) - UAE - Federal Law Concerning Electronic Transactions and Commerce
Read more about [how to view and manage your templates](compliance-manager-templ
- UK Data Retention Act (Microsoft 365) - UK Privacy and Electronic Communications (Microsoft 365) - Ukraine - Protection of Personal Data Law (Microsoft 365)-- United States of America Privacy Act (Microsoft 365)-- US - Clarifying Lawful Overseas Use of Data (CLOUD) Act (Microsoft 365)-- US - Commission Statement and Guidance on Public Company Cybersecurity Disclosures (Microsoft 365)-- US - Department of Energy (DOE) Assistance to Foreign Atomic Energy Activities (Microsoft 365)-- [US - Family Educational Rights and Privacy Act (FERPA)](/compliance/regulatory/offering-ferpa)-- US - Federal Information Security Modernization Act of 2014 (FISMA) (Microsoft 365)-- US - Protecting and Securing Chemical Facilities From Terrorist Attacks Act (Microsoft 365)-- Utah Consumer Credit Protection Act (Microsoft 365)-- Utah Electronic Information or Data Privacy (Microsoft 365)-- Vermont - Act on Data Privacy and Consumer Protection (Microsoft 365)-- Victorian Protective Data Security Standards V2.0 (VPDSS 2.0) (Microsoft 365)-- Vietnam - Consumer Rights Protection Law (Microsoft 365)-- Vietnam - Law of Cybersecurity (Microsoft 365)-- Vietnam - Law of Network Information Security-- Vietnam - Law on Information Technology (Microsoft 365)-- Virginia Breach of Personal Information Act (Microsoft 365)-- Washington DC - Consumer Security Breach Notification Standard (Microsoft 365)-- West Virginia - Breach of Security of Consumer Information (Microsoft 365)-- Wisconsin Security Breach Notification (Microsoft 365)-- Yemen - Yemen Law of the Right of Access to Information (Microsoft 365)
+- Yemen - Yemen Law of the Right of Access to Information (Microsoft 365)
+
+#### Latin America
+- Antigua and Barbuda - Data Protection Act /2013 (Microsoft 365)
+- Bahamas - Data Protection Act (Microsoft 365)
+- Barbados - Data Protection Bill 2019 (Microsoft 365)
+- Barbados - Electronic Transactions Act (Microsoft 365)
+- Bermuda - Electronic Transaction Act (Microsoft 365)
+- Saint Lucia Data Protection Act (Microsoft 365)
+- Trinidad and Tobago Data Protection (Act 13 of 2011) (Microsoft 365)
+
+#### North America
+- Canada - Breach of Security Safeguards Regulations (Microsoft 365)
+- Canada - British Columbia - Information Privacy & Security - FOIPPA (Microsoft 365)
+- [Canada - Office of the Superintendent of Financial Institutions Cyber Security Self-Assessment Guide](/compliance/regulatory/offering-osfi-canada) (Microsoft 365)
+- Canada - Personal Health Information Protection Act (PHIPA) 2020 (Microsoft 365)
+- Canada - Personal Information Protection and Electronic Documents Act (PIPEDA) (Microsoft 365)
+- Canada - Protected B
+- Canada Cybersecure - Baseline Cyber Security Controls for Small and Medium Organizations (Microsoft 365)
+- CAN-SPAM Act (Microsoft 365)
+- Mexico - Federal Consumer Protection Law (Microsoft 365)
+- Mexico - Federal Law on Protection of Personal Data Held by Private Parties (Microsoft 365)
+
+#### South America
+- [Argentina - Personal Data Protection Act 25.326](/compliance/regulatory/offering-pdpa-argentina) (Microsoft 365)
+- Brazil - Consumer Protection Code Law No. 8078 (Office 365)
+- Brazil - General Data Protection Law (LGPD) (Microsoft 365)
+- Colombia - Decree No. 1377/2013 (Microsoft 365)
+- Colombia - External Circular Letter 007 of 2018 (Microsoft 365)
+- Colombia - Law 1266/2008- Habeas Data Act (Microsoft 365)
+- Peruvian Legislation Law 29733 Law of Data Privacy Protection
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
Title: "Working with assessment templates in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
description: "Understand how to use and manage templates for building assessment
# Working with assessment templates in Compliance Manager
-**In this article:** Understand **how templates work** and **how to manage them** from your assessment templates page. Get instructions for **creating** new templates, **modifying** existing templates, **formatting your template data with Excel**, and exporting template **reports**.
+**In this article:** Understand **how templates work** and **how to manage them** from your assessment templates page. Get instructions for **creating** new templates, **extending** and **modifying** existing templates, **formatting your template data with Excel**, and exporting template **reports**.
> [!IMPORTANT]
-> The assessment templates that are available to your organization depends on your licensing agreement. [Review the details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+> The assessment templates that are available to your organization depend on your licensing agreement. [Review the details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
## Templates overview
-A template is a framework of controls for creating an assessment in Compliance Manager. Our comprehensive set of templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data. We refer to templates by the same name as their underlying certification or regulation, such as the EU GDPR template and the ISO 27001:2013 template.
+A template is a framework of controls for creating an assessment in Compliance Manager. Our comprehensive set of templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data. We refer to templates by the same name as their underlying certification or regulation, such as the EU GDPR template and the ISO/IEC 27701:2019 template.
- View the [full list of templates](compliance-manager-templates-list.md).
+## Template availability and licensing
-## Template types: included and premium, active and inactive
+The templates available for use are based on your organizationΓÇÖs licensing agreement ([view licensing details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager)). There are two categories of templates: included and premium.
#### Included and premium templates
-The templates available for use are based on your organizationΓÇÖs licensing agreement ([view licensing details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager)). There are two categories of templates: included and premium.
+1. **Included templates** are granted by your license and cover key regulations and requirements.
+2. **Premium templates** can be purchased to expand your library and cover specific needs. Once purchased, you may create as many assessments from a template as needed. [Learn how you can purchase premium templates](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager).
-1. **Included templates** are available for use as part of your organizationΓÇÖs licensing agreement.
-2. **Premium templates** must be purchased in order to create assessments from them. Once purchased, you may create as many assessments from a template as needed. [Learn how you can purchase premium templates](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager).
+View the [full list of templates](compliance-manager-templates-list.md).
#### Active and inactive templates
Templates will display an activation status as either active or inactive:
- A template is considered **active** once you create an assessment from that template. - A template is considered **inactive** if your organization isnΓÇÖt using it for an assessment.
-When you purchase a premium template and create an assessment from it, that template is active for one year. Your purchase will automatically renew unless you cancel renewal.
+When you purchase a premium template and create an assessment from it, that template is active for one year. Your purchase will automatically renew unless you cancel.
-**Activated templates counter**
+You may also try premium templates on a trial basis. Trial licenses are good for up to 25 templates for 30 days. Once your trial begins, the templates should become available in your tenant within 48 hours. Trials can be activated through the Microsoft 365 admin center.
-Your assessment page and assessment templates page have an **activated templates** counter near the top. The counter displays the number of templates in use out of the number eligible to use according to your licensing agreement.
+#### Activated templates counter
+
+Your assessment page and assessment templates page have an **activated templates** counter near the top. The counter displays the number of templates in use out of the number you're eligible to use according to your licensing agreement. Template use is counted at the certification level.
For example, if your counter shows 2/5, this means your organization has activated 2 templates out of the 5 that are available to use. If your counter shows 5/2, this indicates that your organization exceeds its limits and needs to purchase 3 of the premium templates in use.
-See [Compliance Manager licensing guidance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager) for further details.
+For further details, see [Compliance Manager licensing guidance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager).
-## Viewing and managing templates from the assessment templates page
+## View and manage templates
-The assessment templates page in Compliance Manager displays a list of templates and key details. The list includes templates provided by Compliance Manager as well as any templates your organization has modified or created. You can apply filters to find a template based on certification, product scope, country, industry, who created it, and whether the template is enabled for assessment creation.
+The assessment templates page in Compliance Manager displays a list of templates and key details about them. The list includes templates provided by Compliance Manager as well as any templates your organization has modified or created. You can apply filters to find a template based on certification, product scope, country, industry, who created it, and whether the template is enabled for assessment creation.
Select a template from its row to bring up its details page. This page contains a description of the template and further information about certification, scope, and controls details. From this page you can select the appropriate buttons to create an assessment, export the template data to Excel, or modify the template.
-## Creating and modifying templates overview
-
-To modify an existing template or to create your own new template, youΓÇÖll use a specially formatted Excel spreadsheet ([download an example](https://go.microsoft.com/fwlink/?linkid=2124865)) to assemble the necessary control data. After completing the spreadsheet, you import it into Compliance Manager during the process of creating or modifying a template.
+## Format template data with Excel
-> [!NOTE]
-> The spreadsheet has a specific format and schema that must be used, or it will not import correctly into Compliance Manager. The [formatting instructions](#formatting-your-template-data-with-excel) are below.
-
-**Required roles**
-
-Only users who hold a Global Administrator or Compliance Manager Administration role can create and modify templates. Learn more about [roles and permissions](compliance-manager-setup.md#set-user-permissions-and-assign-roles).
-
-## Create a new template
-
-To create your own new template (used for building custom assessments), follow the steps below.
-
-1. Go to your **assessment templates** page in Compliance Manager.
-2. Select **Create new template**. A template creation wizard will open.
-3. Choose the type of template you want to create. In this case, select **Create a custom template**, then select **Next**.
-4. At the **Upload file** screen, select **Browse** to find and upload your formatted Excel file containing all the required template data (see [instructions for properly formatting your file](#formatting-your-template-data-with-excel)).
-5. If there are no problems with your file, the name of the file uploaded will be displayed. Select **Next** to continue. (If you need to change the file, select **Upload a different file**).
- - If thereΓÇÖs an error with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix your file and upload it again. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields (refer again to the [formatting instructions](#formatting-your-template-data-with-excel)).
-
-6. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Create template.** (If you need to make changes, select **Back**.)
-7. The last screen confirms a new template has been created. Select **Done** to exit the wizard.
-8. YouΓÇÖll arrive at your new templateΓÇÖs details page, where you can [create your assessment](compliance-manager-assessments.md#create-your-own-custom-assessment).
-
-## Formatting your template data with Excel
-
-The Excel spreadsheet used to create templates contains four tabs, three of which are required:
+The Excel spreadsheet ([download an example](https://go.microsoft.com/fwlink/?linkid=2124865)) used to create or modify templates has a specific format and schema that must be used in order to import correctly into Compliance Manager. It contains four tabs, three of which are required:
1. [Template](#template-tab) (required) 2. [ControlFamily](#controlfamily-tab) (required) 3. [Actions](#actions-tab) (required) 4. [Dimensions](#dimensions-tab) (optional)
-When filling out your spreadsheet with template data, the spreadsheet **must include the tabs in the order listed above**, otherwise your data won't successfully import to a template.
+When filling out your spreadsheet with template data, the spreadsheet **must include the tabs in the order listed above**, otherwise your data won't successfully import to a template.
##### Template tab
-The **Template** tab is required. The information in this tab provides metadata about the template. There are four required columns. The columns must retain the order on the Excel sheet as listed below. You can add your own column **after** the four columns to provide your own dimensions. If you do this, be sure to add them to the **Dimensions** tab using the [instructions below](#dimensions-tab).
+The **Template** tab is required. The information in this tab provides metadata about the template. There are four required columns. The columns must retain the order on the Excel sheet as listed below. You can add your own column **after** the four columns to provide your own dimensions. If you do this, be sure to add them to the **Dimensions** tab.
- **title**: This is the title for your template, which must be unique. It can't share a name with another template you have in Compliance Manager, including your own templates or a Compliance Manager template.
The **Actions** tab is required. It designates improvement actions managed by y
- **implementationType**: In this required field, list one of the three implementation types below: - **Operational** - actions implemented by people and processes to protect the confidentiality, integrity, and availability of organizational systems, assets, data, and personnel (example: security awareness and training)
- - **Technical** - actions completed through the use of technology and mechanisms contained in the hardware, software, or firmware components of the information system to protect the confidentiality, integrity, and availability of organizational systems and data (example: multi-factor authentication)
+ - **Technical** - actions completed by using technology and mechanisms contained in the hardware, software, or firmware components of the information system to protect the confidentiality, integrity, and availability of organizational systems and data (example: multi-factor authentication)
- **Documentation** - actions implemented through documented policies and procedures establishing and defining the controls required to protect the confidentiality, integrity, and availability of organizational systems, assets, data, and personnel (example: an information security policy) -- **actionScore**: In this required field, provide a numeric score value for your action. It must be a whole number ranging from 1 to 99; it cannot be 0, null, or blank. The higher the number, the greater its value toward improving your compliance posture. The image below demonstrates how Compliance Manager scores controls:
+- **actionScore**: In this required field, provide a numeric score value for your action. The value must be a whole number ranging from 1 to 99; it cannot be 0, null, or blank. The higher the number, the greater its value toward improving your compliance posture. The image below demonstrates how Compliance Manager scores controls:
![Compliance Manager controls point values](../media/compliance-score-action-scoring.png "Compliance Manager controls point values")
The **Dimensions** tab is optional. However, if you reference a dimension elsewh
- **dimensionKey**: list as "product", "certifications," "action purpose" - **dimensionValue**: examples: Office 365, HIPPA, Preventative, Detective
-You can view your existing dimensions by going to **Tenant Management** and selecting the **Dimensions** tab. Also, anytime you export an existing template, the exported spreadsheet will have the **Dimensions** tab, which lists all the dimensions used in the template.
+When you export an existing template, the exported spreadsheet will have the **Dimensions** tab, which lists all the dimensions used in the template.
-## Modify a template
+## Create an assessment template
-You may want to modify a template youΓÇÖve already created, such as to add controls, or add or remove improvement actions. The process is similar to the template creation process in that youΓÇÖll upload formatted Excel file with your template data.
+To create your own new template for custom assessments, you'll use your specially formatted Excel spreadsheet to assemble the necessary control data. After completing the spreadsheet, you will import it into Compliance Manager.
-However, there are particular details to be aware of as you format your file with changes to existing template data. **We recommend you review these instructions carefully to ensure you donΓÇÖt overwrite any existing data that you want to retain.**
+#### Required roles
-### Template modification process steps
+Only users who hold a Global Administrator or Compliance Manager Administration role can create and modify templates. Learn more about [roles and permissions](compliance-manager-setup.md#set-user-permissions-and-assign-roles).
-To modify a template, follow the steps below:
+### Create new template in Compliance Manager
-1. From your **assessment templates** page, select the template you want to modify, which will bring up its details page.
-2. Select **Export to Excel**. An Excel file with all your template data will download. Save the file to your local machine.
-3. Make your template changes by [modifying the Excel file using the instructions below](#formatting-your-excel-file-to-modify-a-template).
-4. When you're done making changes to your Excel file, save the file.
-5. At your templateΓÇÖs details page, select **Modify template** to initiate the modification wizard.
-6. At the **Upload file** screen, select **Browse** to find and upload your Excel file.
-7. If there are no problems with your file, the next screen shows the name of the file uploaded. Select **Next** to continue (if you need to change the file, select **Upload a different file**).
- - If thereΓÇÖs a problem with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix your file and upload it again. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields.
+1. Go to your **assessment templates** page in Compliance Manager.
+2. Select **Create new template**. A template creation wizard will open.
+3. Choose the type of template you want to create. In this case, select **Create a custom template**, then select **Next**.
+4. At the **Upload file** screen, select **Browse** to find and upload your formatted Excel file containing all the required template data.
+5. If there are no problems with your file, the name of the file uploaded will be displayed. Select **Next** to continue. (If you need to change the file, select **Upload a different file**).
+ - If thereΓÇÖs an error with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix your file and upload it again. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields.
+6. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Create template.** (If you need to make changes, select **Back**.)
+7. The last screen confirms a new template has been created. Select **Done** to exit the wizard.
+8. YouΓÇÖll arrive at your new templateΓÇÖs details page, where you can [create your assessment](compliance-manager-assessments.md#create-assessments).
-8. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Next**.
-9. The last screen confirms that the template has been modified. Select **Done** to exit the wizard.
+## Extend an assessment template
-Your template will now include the changes you made. Any assessments that use this modified template will now show pending updates, and youΓÇÖll need to accept the updates to the assessments to reflect the changes made in the template. Learn more about [updates to assessments](compliance-manager-assessments.md#accepting-updates-to-assessments).
+Compliance Manager offers the option to add your own controls and improvement actions to an existing Microsoft-provided template. This process is called extending a Microsoft template. When you extend a template, it can still receive updates released by Microsoft, which may happen when there are changes to the related regulation or product (see [Accept updates to assessments](compliance-manager-assessments.md#accept-updates-to-assessments)).
-> [!NOTE]
-> If you use Compliance Manager in a language other than English, youΓÇÖll notice that some text appears in English when you export a template to Excel. The titles of actions (both your improvement actions and Microsoft actions) must be in English to be recognized by controls. If you make changes to an action title, be sure to write it in English so that the file imports correctly.
+To prepare, youΓÇÖll need to assemble a specially formatted Excel spreadsheet to import the necessary template data. The Excel files follow the same general format outlined above, but there are special requirements for extensions. See these additional points to help prevent errors:
+
+- Your spreadsheet should contain only the actions and controls you want to add to the assessment.
+- The spreadsheet canΓÇÖt contain any of the controls or actions that already exist in the assessment you want to modify.
+- Consider including ΓÇ£extensionΓÇ¥ in your templateΓÇÖs title, for example, ΓÇ£GDPR ΓÇô [your company name] extension.ΓÇ¥ This makes it easier to identify in the list on your **assessment templates** page as distinct from the standard Microsoft-provided template or a custom template with a similar name.
+
+After you format your spreadsheet, follow the steps below.
+
+1. Go to your **Assessment templates** page and select **Create new template**. A template creation wizard will open.
+
+2. Choose the type of template you want to create. In this case, select **Extend a Microsoft template**, then **Select Microsoft template**.
+
+3. A template selection flyout pane appears on the right side of your screen, showing a list of all templates and their status of active or inactive. Your **activated templates** counter shows how many templates are currently in use out of the total number available to use. If youΓÇÖre over your limit, a message bar will provide notice.
+
+4. A template selection flyout pane appears on the right side of your screen. Use **Search** to apply filters for locating the template you want
+
+5. Once you locate your template, select the radio button to the left of its name, then select **Save**.
-### Formatting your Excel file to modify a template
+6. The next screen shows the template you selected. If correct, select **Next**. (If incorrect, choose **Select a different template** to choose again.)
-Jump to a section below to quickly find the instructions you need:
+7. At the **Upload file** screen, select **Browse** to find and upload your formatted Excel file containing all the required template data.
+
+8. If there are no problems with your file, the next screen shows the name of the file uploaded. Select **Next** to continue (if you need to change the file, select **Upload a different file**).
+
+ - If thereΓÇÖs a problem with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix and re-upload your file. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields.
+
+9. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Next**. (If you need to make changes, select **Upload a different file**.)
+
+10. The last screen confirms a new template has been created. Select **Done** to exit the wizard.
+
+11. YouΓÇÖll arrive at your new templateΓÇÖs details page. From here you can create your assessment by selecting **Create assessment**. For guidance, see [Build and manage assessments](compliance-manager-assessments.md#create-assessments).
+
+## Modify a template
+
+You may want to modify a template youΓÇÖve already created, such as to add controls, or add or remove improvement actions. The process is similar to the template creation process in that youΓÇÖll upload formatted Excel file with your template data.
+
+However, there are details to be aware of as you format your file with changes to existing template data. **We recommend you review these instructions carefully to ensure you donΓÇÖt overwrite any existing data that you want to retain.**
+
+### Format your Excel file to modify an existing template
+
+From your **assessment templates** page, select the template you want to modify, which will bring up its details page. Then select **Export to Excel**. An Excel file with all your template data will download. Save the file to your local machine.
+
+To work with this file, jump to a section below to quickly find the instructions you need:
- [Edit the main template attributes](#edit-the-main-template-attributes) - [Add an improvement action](#add-an-improvement-action)
To remove a control, modify your spreadsheet by following the steps below, then
When you import your spreadsheet back into the template, your control will be removed from the template.
+### Modify template info in Compliance Manager
+
+After your Excel file is completed and saved, follow these steps.
+
+1. Open the assessment template page again and select your template. At your templateΓÇÖs details page, select **Modify template** to initiate the modification wizard.
+2. At the **Upload file** screen, select **Browse** to find and upload your Excel file.
+3. If there are no problems with your file, the next screen shows the name of the file uploaded. Select **Next** to continue (if you need to change the file, select **Upload a different file**).
+ - If thereΓÇÖs a problem with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix your file and upload it again. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields.
+
+4. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Next**.
+5. The last screen confirms that the template has been modified. Select **Done** to exit the wizard.
+
+Your template will now include the changes you made. Any assessments that use this modified template will now show pending updates, and youΓÇÖll need to accept the updates to the assessments to reflect the changes made in the template. Learn more about [updates to assessments](compliance-manager-assessments.md#accept-updates-to-assessments).
+
+> [!NOTE]
+> If you use Compliance Manager in a language other than English, youΓÇÖll notice that some text appears in English when you export a template to Excel. The titles of actions (both your improvement actions and Microsoft actions) must be in English to be recognized by controls. If you make changes to an action title, be sure to write it in English so that the file imports correctly.
+ ## Export a template
-You can export an Excel file that contains all of a templateΓÇÖs data. YouΓÇÖll need to export a template in order to modify the template, as this will be the Excel file you edit and upload in the [modification process](#modify-a-template).
+You can export an Excel file that contains all of a templateΓÇÖs data. YouΓÇÖll need to export a template in order to modify it, since this will be the Excel file you edit and upload in the [modification process](#modify-a-template).
To export your template, go to your template details page and select the **Export to Excel** button.
-Note that when exporting a template you extended from a Compliance Manager template, the exported file will only contain the attributes you added to the template. The exported file wonΓÇÖt include the original template data provided by Microsoft. To get such a report, see the instructions for [exporting an assessment report](compliance-manager-assessments.md#export-an-assessment-report).
+Note that when exporting a template you extended from a Compliance Manager template, the exported file will only contain the attributes you added to the template. The exported file wonΓÇÖt include the original template data provided by Microsoft. To get such a report, see the instructions for [exporting an assessment report](compliance-manager-assessments.md#export-an-assessment-report).
compliance Compliance Manager Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-whats-new.md
Title: "What's new in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
Compliance Manager is now available to US Government DoD customers, in addition
### Active and inactive templates
-Each assessment page and assessment template page has an activated templates counter. This counter shows how many eligible templates you're using according to your licensing agreement. View [Template types: included and premium, active and inactive](compliance-manager-templates.md#template-types-included-and-premium-active-and-inactive) to learn more.
+Each assessment page and assessment template page has an activated templates counter. This counter shows how many eligible templates you're using according to your licensing agreement. View [Template availability and licensing](compliance-manager-templates.md#template-availability-and-licensing) to learn more.
compliance Compliance Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager.md
Title: "Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance Compliance Score Calculation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-score-calculation.md
Title: "Compliance score calculation" f1.keywords: - NOCSH--++ audience: Admin
compliance Dlp Teams Default Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-teams-default-policy.md
f1.keywords:
Previously updated : Last updated : audience: ITPro
description: "Learn about the default data loss prevention policy in Microsoft T
# Learn about the default data loss prevention policy in Microsoft Teams (preview)
-[Data loss prevention](dlp-learn-about-dlp.md) capabilities have been extended to include Microsoft Teams chat and channel messages, including private channel messages. As a part of this release, we created a default DLP policy for first-time customers to Compliance center.
+[Data loss prevention](dlp-learn-about-dlp.md) capabilities have been extended to include Microsoft Teams chat and channel messages, including private channel messages. As a part of this release, we created a default DLP policy for Microsoft Teams for first-time customers to Compliance center.
## Applies to
Any tenant who is licensed with one or more of the below licenses and have activ
## What does the default policy do?
-The default DLP policy tracks all the credit card numbers shared internally and externally to the organization. This policy is on by default for all users of the tenant. It does not generate any policy tips for end users but does generate an Alert event and also triggers a low severity email to the admin (added in the policy). Administrator can view the activities and edit the policies details by logging into the Compliance center.
+The default DLP policy for Teams tracks all the credit card numbers shared internally and externally to the organization. This policy is on by default for all users of the tenant. It does not generate any policy tips for end users but does generate an Alert event and also triggers a low severity email to the admin (added in the policy). Administrator can view the activities and edit the policies details by logging into the Compliance center.
Admins can view this policy in the [Compliance center](https://compliance.microsoft.com/compliancesettings) > Data Loss prevention policies page.
compliance Dlp Use Policies Non Microsoft Cloud Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-use-policies-non-microsoft-cloud-apps.md
f1.keywords:
Previously updated : Last updated : audience: ITPro f1_keywords:
When you create a rule in the DLP policy, you can select an action for non-Micro
![Restrict third-party apps](../media/4-dlp-non-microsoft-cloud-app-restrict-third-party-apps.png)
+>[NOTE]
+>DLP policies applied to non-Microsoft apps use Microsoft Cloud App Security. When the DLP policy for a non-Microsoft app is created, the same policy will be automatically created in Microsoft Cloud App Security.
+ For information about creating and configuring DLP policies, see [Create test and tune a DLP policy](./create-test-tune-dlp-policy.md?view=o365-worldwide). ## See Also - [Create test and tune a DLP policy](./create-test-tune-dlp-policy.md?view=o365-worldwide) - [Get started with the default DLP policy](./get-started-with-the-default-dlp-policy.md?view=o365-worldwide)-- [Create a DLP policy from a template](./create-a-dlp-policy-from-a-template.md?view=o365-worldwide)
+- [Create a DLP policy from a template](./create-a-dlp-policy-from-a-template.md?view=o365-worldwide)
compliance How Dlp Works Between Admin Centers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/how-dlp-works-between-admin-centers.md
f1.keywords:
Previously updated : 04/19/2019 Last updated : audience: Admin
description: "Learn how DLP in the Security & Compliance Center works with DLP a
-# How DLP works between the Security & Compliance Center and Exchange admin center
+# How DLP works between the Microsoft 365 Compliance Center and Exchange admin center
-In Office 365, you can create a data loss prevention (DLP) policy in two different admin centers:
+In Microsoft 365, you can create a data loss prevention (DLP) policy in two different admin centers:
-- In the **Security & Compliance Center**, you can create a single DLP policy to help protect content in SharePoint, OneDrive, Exchange, and now Microsoft Teams. When possible, we recommend that you create a DLP policy here. For more information, see [Data Loss Prevention reference](data-loss-prevention-policies.md).
+- In the **Microsoft 365 Compliance Center**, you can create a single DLP policy to help protect content in SharePoint, OneDrive, Exchange, Teams, and now Endpoint Devices. We recommend that you create a DLP policy here. For more information, see [Data Loss Prevention reference](data-loss-prevention-policies.md).
- In the **Exchange admin center**, you can create a DLP policy to help protect content only in Exchange. This policy can use Exchange mail flow rules (also known as transport rules), so it has more options specific to handling email. For more information, see [DLP in the Exchange admin center](/exchange/security-and-compliance/data-loss-prevention/data-loss-prevention).
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
In this scenario, when items can be subject to multiple retention settings that
The outcome isn't which single retention policy or single retention label wins, but how long an item is retained (if applicable) and when an item is deleted (if applicable). These two actions are calculated independently from each other, from all the retention settings applied to an item.
-For example, an item might be subject to one retention policy that is configured for a delete-only action, and another retention policy that is configured to retain and then delete. Consequently, this item has just one retain action but two delete actions. The retention and deletion actions could be in conflict with one another and the two deletion actions might have a conflicting date. To work out the outcome, you must apply the principles of retention.
+For example, an item might be subject to one retention policy that is configured for a delete-only action, and another retention policy that is configured to retain and then delete. Consequently, this item has just one retain action but two delete actions. The retention and deletion actions could be in conflict with one another and the two deletion actions might have a conflicting date. The principles of retention explain the outcome.
-At a high level, you can be assured that retention always takes precedence over deletion, and the longest retention period wins. These two simple rules always decide how long an item will be retained.
+At a high level, you can be assured that retention always takes precedence over permanent deletion, and the longest retention period wins. These two simple rules always decide how long an item will be retained.
-There are a few more factors that determine when an item will be deleted, which include the delete action from a retention label always takes precedence over the delete action from a retention policy.
+There are a few more factors that determine when an item will be permanently deleted, which include the delete action from a retention label always takes precedence over the delete action from a retention policy.
Use the following flow to understand the retention and deletion outcomes for a single item, where each level acts as a tie-breaker for conflicts, from top to bottom. If the outcome is determined by the first level because there are no further conflicts, there's no need to progress to the next level, and so on.
Use the following flow to understand the retention and deletion outcomes for a s
![Diagram of the principles of retention](../media/principles-of-retention.png)
-Explanation for the four different levels:
+Explanation for the four different principles:
-1. **Retention wins over deletion.** Content won't be permanently deleted when it also has retention settings to retain it.
+1. **Retention wins over deletion.** Content won't be permanently deleted when it also has retention settings to retain it. While this principle ensures that content is preserved for compliance reasons, the delete process is still initiated and can remove the content from user view and searches. For SharePoint, for example, a document moves from the original folder to the Preservation Holds folder. However, permanent deletion is suspended. For more information about how and where content is retained, use the following links for each workload:
+
+ - [How retention works for SharePoint and OneDrive](retention-policies-sharepoint.md#how-retention-works-for-sharepoint-and-onedrive)
+ - [How retention works with Microsoft Teams](retention-policies-teams.md#how-retention-works-with-microsoft-teams)
+ - [How retention works with Yammer](retention-policies-yammer.md#how-retention-works-with-yammer)
+ - [How retention works for Exchange](retention-policies-exchange.md#how-retention-works-for-exchange)
Example: An email message is subject to a retention policy for Exchange that is configured to delete items after three years and it also has a retention label applied that is configured to retain items for five years.
- The email message is retained for five years because this retention action takes precedence over deletion. The email message is deleted at the end of the five years because of the deferred delete action.
+ The email message is retained for five years because this retention action takes precedence over deletion. The email message is permanently deleted at the end of the five years because of the delete action that was suspended while the retention action was in effect.
2. **The longest retention period wins.** If content is subject to multiple retention settings that retain content for different periods of time, the content will be retained until the end of the longest retention period.
Explanation for the four different levels:
Example: A document is subject to two retention policies that have a delete action of five years and ten years respectively, and also a retention label that has a delete action of seven years.
- The document is deleted after seven years because the delete action from the retention label takes precedence.
+ The document is permanently deleted after seven years because the delete action from the retention label takes precedence.
2. When you have retention policies only: If a retention policy for a location is scoped to use an include configuration (such as specific users for Exchange email) that retention policy takes precedence over unscoped retention policies for the same location.
Explanation for the four different levels:
Example 1: An email message is subject to two retention policies. The first retention policy is unscoped and deletes items after ten years. The second retention policy is scoped to specific mailboxes and deletes items after five years.
- The email message is deleted after five years because the deletion action from the scoped retention policy takes precedence over the unscoped retention policy.
+ The email message is permanently deleted after five years because the deletion action from the scoped retention policy takes precedence over the unscoped retention policy.
Example 2: A document in a user's OneDrive account is subject to two retention policies. The first retention policy is scoped to include this user's OneDrive account and has a delete action after 10 years. The second retention policy is scoped to include this user's OneDrive account and has a delete action after seven years.
- When this document will be deleted can't be determined at this level because both retention policies are scoped.
+ When this document will be permanently deleted can't be determined at this level because both retention policies are scoped.
-4. **The shortest deletion period wins.** Applicable to determine when items will be deleted from retention policies and the outcome couldn't be resolved from the previous level: Content is deleted at the end of the shortest retention period.
+4. **The shortest deletion period wins.** Applicable to determine when items will be deleted from retention policies and the outcome couldn't be resolved from the previous level: Content is permanently deleted at the end of the shortest retention period.
Example: A document in a user's OneDrive account is subject to two retention policies. The first retention policy is scoped to include this user's OneDrive account and has a delete action after 10 years. The second retention policy is scoped to include this user's OneDrive account and has a delete action after seven years.
- This document will be deleted after seven years because that's the shortest retention period for these two scoped retention policies.
+ This document will be permanently deleted after seven years because that's the shortest retention period for these two scoped retention policies.
-Note that items subject to eDiscovery hold also fall under the first principle of retention; they cannot be deleted by any retention policy or retention label. When that hold is released, the principles of retention continue to apply to them. For example, they could then be subject to an unexpired retention period or a deferred delete action.
+Note that items subject to eDiscovery hold also fall under the first principle of retention; they cannot be permanently deleted by any retention policy or retention label. When that hold is released, the principles of retention continue to apply to them. For example, they could then be subject to an unexpired retention period or a delete action.
More complex examples that combine retain and delete actions:
More complex examples that combine retain and delete actions:
- A retention policy that retains for three years and then deletes - A retention label that retains-only for seven years
- **Outcome**: The item is retained for seven years because retention takes precedence over deletion and seven years is the longest retention period. At the end of this retention period, the item is deleted because of the delete action from the retention policies that was deferred while the item was retained.
+ **Outcome**: The item is retained for seven years because retention takes precedence over deletion and seven years is the longest retention period. At the end of this retention period, the item is permanently deleted because of the delete action from the retention policies.
- Although the two retention policies have different dates for the delete actions, the earliest the item can be deleted is at the end of the longest retention period, which is longer than both deletion dates. In this example, there is no conflict to resolve for the deletion dates so all conflicts are resolved by the second level.
+ Although the two retention policies have different dates for the delete actions, the earliest the item can be permanently deleted is at the end of the longest retention period, which is longer than both deletion dates.
2. An item has the following retention settings applied to it:
More complex examples that combine retain and delete actions:
- A scoped retention policy that retains for five years and then deletes - A retention label that retains for three years and then deletes
- **Outcome**: The item is retained for five years because that's the longest retention period. At the end of that retention period, the item is deleted because of the delete action of three years from the retention label that was deferred while the item was retained. Deletion from retention labels takes precedence over deletion from all retention policies. In this example, all conflicts are resolved by the third level.
+ **Outcome**: The item is retained for five years because that's the longest retention period. At the end of that retention period, the item is permanently deleted because of the delete action of three years from the retention label. Deletion from retention labels takes precedence over deletion from all retention policies. In this example, all conflicts are resolved by the third level.
## Use Preservation Lock to restrict changes to policies
compliance Sensitivity Labels Teams Groups Sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-teams-groups-sites.md
Not all apps support authentication contexts. If a user with an unsupported app
- Office for the web, which includes Outlook for the web
+- Microsoft Teams for Windows and macOS (excludes Teams web app)
+ - Microsoft Planner - Microsoft 365 Apps for Word, Excel, and PowerPoint; minimum versions:
contentunderstanding Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/index.md
Learn more about how to use and implement SharePoint Syntex in your organization
| If you're looking for this information: | Go to this resource: | |:--|:--| |Learn how to start planning to use SharePoint Syntex |[SharePoint Syntex adoption: get started](./adoption-getstarted.md)|
+|See example scenarios to give you ideas about how you can use SharePoint Syntex in your organization |[Scenarios and use cases for Microsoft SharePoint Syntex](./adoption-scenarios.md)|
|Learn how to use SharePoint Syntex to automate document processes |[Manage contracts using a Microsoft 365 solution](./solution-manage-contracts-in-microsoft-365.md)| ## Set up SharePoint Syntex
contentunderstanding Rest Applymodel Method https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-applymodel-method.md
Title: Apply model
+ Title: Batch apply model
localization_priority: Priority
description: Use REST API to apply a document understanding model to one or more libraries.
-# Apply model
+# Batch Apply model
Applies (or syncs) a trained document understanding model to one or more libraries (see [example](rest-applymodel-method.md#examples)).
None
## Request body
+| Name | Required | Type | Description |
+|--|-|--||
+|__metadata|yes|string|Set the object meta on the SPO. Always use the value: {"type": "Microsoft.Office.Server.ContentCenter.SPMachineLearningPublicationsEntityData"}.|
+|Publications|yes|MachineLearningPublicationEntityData[]|The collection of MachineLearningPublicationEntityData each of which specifices the model and target document library.|
+
+### MachineLearningPublicationEntityData
| Name | Required | Type | Description | |--|-|--|| |ModelUniqueId|yes|string|The unique ID of the model file.|
-TargetSiteUrl|yes|string|The full URL of the target library site.|
-TargetWebServerRelativeUrl|yes|string|The server relative URL of the web for the target library.|
-TargetLibraryServerRelativeUrl|yes|string|The server relative URL of the target library.|
-ViewOption|no|string|Specifies whether to set new model view as the library default.|
+|TargetSiteUrl|yes|string|The full URL of the target library site.|
+|TargetWebServerRelativeUrl|yes|string|The server relative URL of the web for the target library.|
+|TargetLibraryServerRelativeUrl|yes|string|The server relative URL of the target library.|
+|ViewOption|no|string|Specifies whether to set new model view as the library default.|
## Response | Name | Type | Description| |--|-||
-|200 OK| |Success|
-|201 Created| |Note that because this API supports applying model to multiple libraries, a 201 could be returned even if there's a failure applying the model to one of the libraries. <br>Check the response body to understand if the model has been successfully applied to all the specified libraries. See [Request body](rest-applymodel-method.md#request-body) for details.|
+|201 Created||This a customized API to support applying a model to multi document libraries. In the case of failing, 201 created could still be returned and the caller needs to inspect the response body to understand if the model has been successfully applied to the doc lib.|
+
+## Response Body
+| Name | Type | Description|
+|--|-||
+|TotalSuccesses|int|The total number of a model being sucessfully applied to a document library.|
+|TotalFailures|int|The total number of a model failing to be applied to a document library.|
+|Details|MachineLearningPublicationResult[]|The collection of MachineLearningPublicationResult each of which specififies the detailed result of applying the model to the document library.|
+
+### MachineLearningPublicationResult
+| Name | Type | Description|
+|--|-||
+|StatusCode|int|The status code|
+|ErrorMessage|string|The error message which tells what's wrong when apply the model to the document library.|
+|Publication|MachineLearningPublicationEntityData|It specifies the model info and the target document library.|
+
+### MachineLearningPublicationEntityData
+| Name | Type | Description |
+|--|--||
+|ModelUniqueId|string|The unique ID of the model file.|
+|TargetSiteUrl|string|The full URL of the target library site.|
+|TargetWebServerRelativeUrl|string|The server relative URL of the web for the target library.|
+|TargetLibraryServerRelativeUrl|string|The server relative URL of the target library.|
## Examples
contentunderstanding Rest Batchdelete Method https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-batchdelete-method.md
None
## Request body
+| Name | Required | Type | Description |
+|--|-|--||
+|Publications|yes|MachineLearningPublicationEntityData[]|The collection of MachineLearningPublicationEntityData each of which specifices the model and target document library.|
+
+### MachineLearningPublicationEntityData
| Name | Required | Type | Description | |--|-|--|| |ModelUniqueId|yes|string|The unique ID of the model file.|
-TargetSiteUrl|yes|string|The full URL of the target library site.|
-TargetWebServerRelativeUrl|yes|string|The server relative URL of the web for the target library.|
-TargetLibraryServerRelativeUrl|yes|string|The server relative URL of the target library.|
-ViewOption|no|string|Specifies whether to set new model view as the library default.|
+|TargetSiteUrl|yes|string|The full URL of the target library site.|
+|TargetWebServerRelativeUrl|yes|string|The server relative URL of the web for the target library.|
+|TargetLibraryServerRelativeUrl|yes|string|The server relative URL of the target library.|
## Response | Name | Type | Description| |--|-||
-|200 OK| |Success|
+|200 OK||This a customized API to support removing a model from multi document libraries. In the case of failing, 200 OK could still be returned and the caller needs to inspect the response body to understand if the model has been successfully removed from the doc lib.|
+
+## Response Body
+| Name | Type | Description|
+|--|-||
+|TotalSuccesses|int|The total number of a model being sucessfully remvoed from a document library.|
+|TotalFailures|int|The total number of a model failing to be removed from a document library.|
+|Details|MachineLearningPublicationResult[]|The collection of MachineLearningPublicationResult each of which specififies the detailed result of removing the model from the document library.|
+### MachineLearningPublicationResult
+| Name | Type | Description|
+|--|-||
+|StatusCode|int|The status code|
+|ErrorMessage|string|The error message which tells what's wrong when apply the model to the document library.|
+|Publication|MachineLearningPublicationEntityData|It specifies the model info and the target document library.|
+
+### MachineLearningPublicationEntityData
+| Name | Type | Description |
+|--|--||
+|ModelUniqueId|string|The unique ID of the model file.|
+|TargetSiteUrl|string|The full URL of the target library site.|
+|TargetWebServerRelativeUrl|string|The server relative URL of the web for the target library.|
+|TargetLibraryServerRelativeUrl|string|The server relative URL of the target library.|
## Examples
In this sample, the ID of the Contoso Contract document understanding model is `
#### Sample request ```HTTP
-{
- "__metadata": {
- "type": "Microsoft.Office.Server.ContentCenter.SPMachineLearningPublicationsEntityData"
- },
- "Publications": {
- "results": [
- {
- "ModelUniqueId": "7645e69d-21fb-4a24-a17a-9bdfa7cb63dc",
- "TargetSiteUrl": "https://contoso.sharepoint.com/sites/repository/",
- "TargetWebServerRelativeUrl": "/sites/repository",
- "TargetLibraryServerRelativeUrl": "/sites/repository/contracts",
- "ViewOption": "NewViewAsDefault"
- }
- ]
- }
-}
+{
+ "publications": [
+ {
+ "ModelUniqueId": "7645e69d-21fb-4a24-a17a-9bdfa7cb63dc",
+ "TargetSiteUrl": "https://constco.sharepoint-df.com/sites/docsite",
+ "TargetWebServerRelativeUrl": "/sites/docsite ",
+ "TargetLibraryServerRelativeUrl": "/sites/dcocsite/joedcos"
+ }
+ ]
+}
``` #### Sample response
-In the response, TotalFailures and TotalSuccesses refer to the number of failures and successes of the model being applies to the specified libraries.
+In the response, TotalFailures and TotalSuccesses refer to the number of failures and successes of the mdoel being removed from the specified libraries.
**Status code:** 200
contentunderstanding Rest Createclassificationrequest https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-createclassificationrequest.md
None
|Name |Type |Description | |--|-||
-|_metadata|string |Set the object meta on the SPO. Always use the value: {"type": "Microsoft.Office.Server.ContentCenter.SPMachineLearningModelEntityData"}. |
+|_metadata|string |Set the object meta on the SPO. Always use the value: {"type": "Microsoft.Office.Server.ContentCenter.SPMachineLearningWorkItemEntityData"}. |
|TargetSiteId|guid|The id of the site where the file to classify is located.| |TargetWebId|guid|The id of the web where the file to classify is located.| |TargetUniqueId|guid|The id of the file to classify.|
None
``` { "__metadata": {
- "type": "Microsoft.Office.Server.ContentCenter.SPMachineLearningModelEntityData"
+ "type": "Microsoft.Office.Server.ContentCenter.SPMachineLearningWorkItemEntityData"
}, "TargetSiteId": "f686e63b-aba7-48e5-97c7-68c4c1df292f", "TargetWebId": "66d6b64d-6f88-4dd9-b3db-47e6f00c53e8",
contentunderstanding Rest Createmodel Method https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-createmodel-method.md
None
"type": "Microsoft.Office.Server.ContentCenter.SPMachineLearningModelEntityData" }, "ContentTypeGroup": "Intelligent Document Content Types",
- "ContentTypeName": "Contoso Contract",
+ "ContentTypeName": "Contoso Contract"
} ```
contentunderstanding Rest Getbytitle Method https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-getbytitle-method.md
Gets or updates information about a SharePoint Syntex document understanding mod
## HTTP request ```HTTP
-GET /_api/machinelearning/models/getbytitle('{modelFileName') HTTP/1.1
+GET /_api/machinelearning/models/getbytitle('{modelFileName}') HTTP/1.1
``` This same method can be used for deleting a model, too. ```HTTP
-DELETE /_api/machinelearning/models/getbytitle('{modelFileName') HTTP/1.1
+DELETE /_api/machinelearning/models/getbytitle('{modelFileName}') HTTP/1.1
``` ## URI parameters
In this sample, the name of the Syntex document understanding model is `Contoso
#### Sample request ```HTTP
-GET /_api/machinelearning/models/getbytitle('{Contoso Contract') HTTP/1.1
+GET /_api/machinelearning/models/getbytitle('Contoso Contract') HTTP/1.1
``` #### Sample response
contentunderstanding Rest Getbyuniqueid Method https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-getbyuniqueid-method.md
Gets or updates information about a SharePoint Syntex document understanding mod
## HTTP request ```HTTP
-GET /_api/machinelearning/models/getbyuniqueid(ΓÇÿ{modelUniqueId}') HTTP/1.1
+GET /_api/machinelearning/models/getbyuniqueid('{modelUniqueId}') HTTP/1.1
``` This same method can be used for deleting a model, too. ```HTTP
-DELETE /_api/machinelearning/models/getbyuniqueid(ΓÇÿ{modelUniqueId}') HTTP/1.1
+DELETE /_api/machinelearning/models/getbyuniqueid('{modelUniqueId}') HTTP/1.1
``` ## URI parameters
In this sample, the ID of the Contoso Contract document understanding model is `
#### Sample request ```HTTP
-GET /_api/machinelearning/models/getbyuniqueid(ΓÇÿ{7645e69d-21fb-4a24-a17a-9bdfa7cb63dc}') HTTP/1.1
+GET /_api/machinelearning/models/getbyuniqueid('7645e69d-21fb-4a24-a17a-9bdfa7cb63dc') HTTP/1.1
``` #### Sample response
-**Status code:** 204
+**Status code:** 200
```HTTP {
contentunderstanding Rest Getmodelandlibraryinfo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-getmodelandlibraryinfo.md
GET /_api/machinelearning/publications/getbyuniqueid(ΓÇÿ{modelUniqueId}ΓÇÖ) HTTP
## URI parameters | Name | In | Required | Type | Description |
-|--|-|--||
+|--|-|--||--|
|ModelUniqueId|query|True|GUID|The unique id of the model file.| ## Request headers
GET /_api/machinelearning/publications/getbyuniqueid(ΓÇÿ{modelUniqueId}ΓÇÖ) HTTP
|Accept|application/json;odata=verbose|
-## Request body
-
-| Name | Required | Type | Description |
-|--|-|--||
-|ModelUniqueId|yes|string|The unique ID of the model file.|
-|TargetSiteUrl|yes|string|The full URL of the target library site.|
-|TargetWebServerRelativeUrl|yes|string|The server relative URL of the web for the target library.|
-|TargetLibraryServerRelativeUrl|yes|string|The server relative URL of the target library.|
-|TargetLibraryRemoved|yes|int|The flag that indicates if the target library has been removed or not.|
- ## Response | Name | Type | Description| |--|-|| |200 OK| |Success|
-|201 Created| |Note that because this API supports applying model to multiple libraries, a 201 could be returned even if there's a failure applying the model to one of the libraries. <br>Check the response body to understand if the model has been successfully applied to all the specified libraries. See [Request body](rest-getmodelandlibraryinfo.md#request-body) for details.|
## Examples
GET /sites/TestCC/_api/machinelearning/publications/getbymodeluniqueid(ΓÇÿ{7645e
} ] }```
-```
## See also
contentunderstanding Rest Updatemodelsettings Method https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/rest-api/rest-updatemodelsettings-method.md
Updates available models settings (associated retention label and model descript
## HTTP request ```HTTP
-POST /_api/machinelearning/models/updatemodelsettings HTTP/1.1
+POST /_api/machinelearning/models/getbytitle('{modelFileName}')/updatemodelsettings HTTP/1.1
``` ## URI parameters
-None
+|Name |In |Required|Type|Description|
+|--||--|-|--|
+|modelFileName|query|True|string|Name of the Syntex model file.|
## Request headers
contentunderstanding Solution Manage Contracts Step2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/solution-manage-contracts-step2.md
This section defines how "Client" will display on the card, and uses the value f
This section defines how the "Contractor" will display on the card, and uses the value for the specific contract. ```JSON
- {
- "elmType": "div",
- "style": {
- "color": "#767676",
- "font-size": "12px"
- },
- "txtContent": "Client"
- },
- {
- "elmType": "div",
- "style": {
- "margin-bottom": "12px",
- "font-size": "16px",
- "font-weight": "600"
- },
- "txtContent": "[$Client]"
-},
+ {
+ "elmType": "div",
+ "txtContent": "Contractor",
+ "style": {
+ "color": "#767676",
+ "font-size": "12px",
+ "margin-bottom": "2px"
+ }
+ },
+ {
+ "elmType": "div",
+ "style": {
+ "margin-bottom": "12px",
+ "font-size": "14px"
+ },
+ "txtContent": "[$Contractor]"
+ },
``` ### Fee amount
enterprise Modern Desktop Deployment And Management Lab https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab.md
The resulting lab is designed to be connected to trials for:
Detailed lab guides take you through multiple deployment and management scenarios. The labs have been updated for the latest versions of Intune and Configuration Manager. ### Plan and prepare infrastructure + - Desktop Analytics - Cloud Management Gateway & Cloud Distribution Point -- Tenant attach, co-management, and switching workloads
+- NEW! Tenant attach and co-management
+- NEW! Endpoint analytics
- Remote access (VPN) ### Prepare configuration
Detailed lab guides take you through multiple deployment and management scenario
- Enterprise managed deployment using Microsoft Intune - LOB Deployment and Management with Microsoft Intune - Deploy Microsoft Teams
+- NEW! Assignment filters
### Deploy Windows Virtual Desktop
enterprise Network And Migration Planning https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/network-and-migration-planning.md
These topics contain detailed Office 365 network reference information.
- [Office 365 Network Connectivity Principles](./microsoft-365-network-connectivity-principles.md) -- [Office 365 video networking Frequently Asked Questions (FAQ)](office-365-video-networking-faq.md)
-
- [Plan for network devices that connect to Office 365 services](plan-for-network-devices.md) - [Setup guides for Office 365 services](setup-guides-for-microsoft-365.md)
enterprise Office 365 Video Networking Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-video-networking-faq.md
- Title: "Office 365 Video networking Frequently Asked Questions"--- Previously updated : 3/14/2019--
-localization_priority: Normal
--- CSH-- MET150-- MOE150-- BCS160--- Adm_O365-- seo-marvel-apr2020
-description: "Find answers to some on the most frequently asked questions around bandwidth planning, encryption, & how the service leverages Content Delivery Networks (CDNs)."
--
-# Office 365 Video networking Frequently Asked Questions
-
-The Office 365 Video repository and streaming services make storing and streaming videos within your organization simple. There's a lot of great [information about Office 365 Video](https://support.office.com/article/Find-help-about-Office-365-Video-b435f99a-f47e-4ebd-a946-f5c965844f50); this networking FAQ is designed to answer the most common questions around bandwidth planning, encryption, and how the service leverages [Content Delivery Networks](content-delivery-networks.md) (CDNs).
-
-If you don't already have a thorough understanding of what happens when a video is uploaded or played back, have a look at this video we put together, [What happens to a video file when uploaded to Office 365 Video](https://www.youtube.com/watch?v=HXSZ0jYBKlM).
-
-## What are the Office 365 Video bandwidth requirements?
-
-There are a numerous [supported video formats](https://support.office.com/article/dd1af01c-fd8e-4640-b17b-93ee02b9b817) that can be uploaded to Office 365. Each video file is then encoded to a standard format with several different video qualities for playback. Office 365 Video uses adaptive bitrate streaming to select the best video playback quality based on the available network bandwidth and size of the video player. To do this, the player initially requests the lowest playback quality. The service then begins sending 2-second video segments to the video player. The player can then request higher or lower playback quality based on how quickly each segment is delivered.
-
-The adaptive bitrate streaming does all this in the background while the video plays with the least amount of disruption or buffering. During video playback, the video player allows the viewer to manually override the automatic playback quality, to select a specific video playback quality.
-
-Here's a quick table that outlines the network requirements for each of the video playback qualities. The minimum bandwidth per person needed to play a video is 802Kbps.
-
-| Playback Quality | Network Speed |
-|:--|:--|
-|288p <br/> |802Kbps <br/> |
-|360p <br/> |1.2 Mbps <br/> |
-|576p <br/> |2.5 Mbps <br/> |
-|720p <br/> |3.8 Mbps <br/> |
-
-([Back to top](office-365-video-networking-faq.md))
-
-## How do Content Delivery Networks (CDNs) help video playback?
-
-If several people from the same organization within the same geographic location are streaming the same video(s), CDNs will store a copy of these videos in a location closer to that geographic region. With the video stored, or cached at the closest location, each person streams the video from the location closest to them instead of a location further away. Office 365 Video uses Azure Media Services to manage what is cached in the Azure CDNs, and for how long. Azure Media Services can use any of the [Azure CDN locations](/azure/cdn/cdn-pop-locations) to cache video fragments and manifests for a few days. If people in your organization continue to watch the cached videos they'll stay in the cache. If no one accesses the video for several days, the video will eventually drop be dropped from the cache. The next time someone attempts to watch the video it's once again cached at the nearest CDN location.
-
-Everyone who attempts to watch the video while the content is cached at a nearby CDN benefits from the video being closer, and in most cases less hops, away. This improves video playback speed; however, it doesn't change the network requirement to play the video.
-
-> [!NOTE]
-> There are some circumstances, such as our capacity limit being reached, where the video may be removed before the three days has been reached.
-
-([Back to top](office-365-video-networking-faq.md))
-
-## Can I cache the videos locally for faster playback?
-
-Yes. Office 365 won't prevent you from using a local CDN or a caching proxy to bring video or other Office 365 content into your local network for faster access. There are several ways to implement a local caching solution on your network, the most common method is to use a proxy solution that caches content locally. Once a proxy or private CDN has cached the video fragments and manifests, future requests for those files that route through the proxy or private CDN are pulled from the local cache and not pulled from an internet location. Consider network bandwidth, capacity, and video playback concurrency during the planning of a solution like this.
-
-([Back to top](office-365-video-networking-faq.md))
-
-## How videos are encrypted and secured?
-
-Office 365 Video knows how important it is to keep your data secure and private. [Microsoft Trust Center](https://products.office.com/business/office-365-trust-center-welcome) describes our commitment to the privacy and security of your content. With video playback, speed is important for a good experience; however, we don't compromise your security or privacy in exchange for speed. Here's how we accommodate speed, security and privacy.
-
-When you or someone in your organization uploads a new video, that video is transcoded, encrypted with AES-128 encryption, and stored in Azure Media Services. This means the videos are encrypted both in transit and at rest.
-
-When someone in your organization attempts to watch a new video, they follow these steps:
-
-1. Ask SharePoint Online if they have permission to view the video.
-
-2. SharePoint Online uses the file permissions to determine if the person can watch the video.
-
-3. If they're allowed, SharePoint Online retrieves a token from Azure to give to the video player.
-
-4. The video player then uses the token to request the decryption key from Azure.
-
-5. With the decryption key in hand, the video player is able to stream the video.
-
-![O365 Video Playback](../media/9d3c6e76-151d-48a3-a30e-ba8dd07db0b7.png)
-
-([Back to top](office-365-video-networking-faq.md))
-
-## What are the requirements to playback Office 365 Video?
-
-Office 365 Video supported operating systems and web browsers are the same as the SharePoint Online requirements in [Office 365 system requirements](https://support.office.com/article/Office-365-system-requirements-719254c0-2671-4648-9c84-c6a3d4f3be45). Depending on which operating system and web browser configuration you have will determine the specific needs of the video player. Here's more information on [video playback requirements](https://support.office.com/article/ca1cc1a9-a615-46e1-b6a3-40dbd99939a6).
-
-([Back to top](office-365-video-networking-faq.md))
-
-## I can't get Office 365 video to work, where should I start?
-
-Troubleshooting connectivity to Office 365 Video involves troubleshooting your network, your ISP(s), and your configuration of Office 365. The first place to start is the service health dashboard. This will tell you of Office 365 Video is having a problem or not. If everything looks great there, here's some additional resources to help you.
-
-- Make sure you can connect to the [network endpoints required for Office 365 Video](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).--- Check your network connectivity using our [Office 365 network troubleshooting guide](https://support.office.com/article/Office-365-performance-tuning-and-troubleshooting-Admin-and-IT-Pro-1492cb94-bd62-43e6-b8d0-2a61ed88ebae).--- See our [best practices for using Office 365 on a slow network](https://support.office.com/article/Best-practices-for-using-Office-365-on-a-slow-network-fd16c8d2-4799-4c39-8fd7-045f06640166).--- [Find help about Office 365 Video configuration](https://support.office.com/article/Find-help-about-Office-365-Video-b435f99a-f47e-4ebd-a946-f5c965844f50).-
-([Back to top](office-365-video-networking-faq.md))
-
-## Office 365 Video resources
-
-Here's a few other resources to help you successfully deploy and use Office 365 Video:
-
-[Find help about Office 365 Video configuration](https://support.office.com/article/Find-help-about-Office-365-Video-b435f99a-f47e-4ebd-a946-f5c965844f50)
-
-[Meet Office 365 Video](https://support.office.com/article/Meet-Office-365-Video-ca1cc1a9-a615-46e1-b6a3-40dbd99939a6)
-
-[Create and manage a channel in Office 365 Video](https://support.office.com/article/Create-and-manage-a-channel-in-Office-365-Video-1fede4cc-13c0-435a-b585-e7fbf1c83bb2)
-
-[Manage your Office 365 Video portal](https://support.office.com/article/Manage-your-Office-365-Video-portal-c059465b-eba9-44e1-b8c7-8ff7793ff5da)
-
-[Video formats that work in Office 365 Video](https://support.office.com/article/Video-formats-that-work-in-Office-365-Video-dd1af01c-fd8e-4640-b17b-93ee02b9b817)
-
-([Back to top](office-365-video-networking-faq.md))
-
-Here's a short link you can use to come back: [https://aka.ms/video365networkfaq]()
enterprise Use Microsoft 365 Cdn With Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo.md
If you want to use the full URL to the asset instead of a relative path, constru
`https://<TenantHostName>.sharepoint.com/sites/site/CDN_origins/public/image.png` > [!NOTE]
-> In general, you should not hardcode URLs directly to assets in the CDN. However, you can manually construct URLs for assets in public origins if needed. For more information, see [Hardcoding CDN URLs for public assets](use-microsoft-365-cdn-with-spo.md).
+> In general, you should not hardcode URLs directly to assets in the CDN. However, you can manually construct URLs for assets in public origins if needed. For more information, see [Hardcoding CDN URLs for public assets](use-microsoft-365-cdn-with-spo.md#constructing-cdn-urls-for-public-assets).
To learn about how to verify that assets are being served from the CDN, see [How do I confirm that assets are being served by the CDN?](use-microsoft-365-cdn-with-spo.md#CDNConfirm) in [Troubleshooting the Office 365 CDN](use-microsoft-365-cdn-with-spo.md#CDNTroubleshooting).
You can choose to work with the Office 365 CDN using either the **SharePoint Onl
[Network planning and performance tuning for Office 365](./network-planning-and-performance.md)
-[SharePoint Performance Series - Office 365 CDN video series](https://www.youtube.com/playlist?list=PLR9nK3mnD-OWMfr1BA9mr5oCw2aJXw4WA)
+[SharePoint Performance Series - Office 365 CDN video series](https://www.youtube.com/playlist?list=PLR9nK3mnD-OWMfr1BA9mr5oCw2aJXw4WA)
knowledge Topic Experiences Knowledge Rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-knowledge-rules.md
description: "Learn how to administer topic visibility in Microsoft Viva Topics.
# Manage topic visibility in Microsoft Viva Topics
-You can manage the set of users who can see topic highlights, topic cards, and the topic center in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a global administrator or SharePoint administrator to perform these tasks.
+You can manage who can see topic highlights, topic cards, and the topic center in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a global administrator or SharePoint administrator and Groups admin to do these tasks.
## To access topics management settings:
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
Messages that are identified by the advanced delivery policy aren't security thr
## What do you need to know before you begin? -- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the **Advanced delivery** page, open <https://security.microsoft.com/advanceddelivery>.
+- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the **Advanced delivery** page, open <https://security.microsoft.com/advanceddelivery>.
- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
security Configure Your Spam Filter Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-your-spam-filter-policies.md
Creating a custom anti-spam policy in the Microsoft 365 Defender portal creates
Multiple values in the same condition use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_).
- - **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recpient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions.
+ - **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions.
When you're finished, click **Next**.
Creating a custom anti-spam policy in the Microsoft 365 Defender portal creates
> > Think very carefully before you add domains to the allowed domains list. For more information, see [Create safe sender lists in EOP](create-safe-sender-lists-in-office-365.md) >
- > Never add your own [accepted domains](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains) or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, allow attackers an easily send email into your organization.
+ > Never add your own [accepted domains](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains) or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, attackers can easily send messages that spoof these trusted domains into your organization.
> > Manually blocking domains by adding the domains to the blocked domains list isn't dangerous, but it can increase your administrative workload. For more information, see [Create block sender lists in EOP](create-block-sender-lists-in-office-365.md). >
security High Risk Delivery Pool For Outbound Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages.md
Possible causes for a surge in NDRs include:
- A rogue email server. All of these issues can result in a sudden increase in the number of NDRs being processed by the service. Many times, these NDRs appear to be spam to other email servers and services (also known as _[backscatter](backscatter-messages-and-eop.md)_).++
+### Relay pool
+
+Messages that are forwarded or relayed via Microsoft 365 in certain scenarios will be sent using a special relay pool, because the destination should not consider Microsoft 365 as the actual sender. It's important for us to isolate this email traffic, because there are legitimate and invalid scenarios for auto forwarding or relaying email out of Microsoft 365. Similar to the high-risk delivery pool, a separate IP address pool is used for relayed mail. This address pool is not published because it can change often, and it's not part of published SPF record for Microsoft 365.
+
+Microsoft 365 needs to verify that the original sender is legitimate so we can confidently deliver the forwarded message.
+
+The forwarded/relayed message should meet one of the following criteria to avoid using the relay pool:
+
+- The outbound sender is in an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).
+- SPF passes when the message comes to Microsoft 365.
+- DKIM on the sender domain passes when the message comes to Microsoft 365.
+
+You can tell that a message was sent via the relay pool by looking at the outbound server IP (the relay pool will be in the 40.95.0.0/16 range), or by looking at the outbound server name (will have "rly" in the name).
+
+In cases where we can authenticate the sender, we use Sender Rewriting Scheme (SRS) to help the recipient email system know that the forwarded message is from a trusted source. You can read more about how that works and what you can do to help make sure the sending domain passes authentication in [Sender Rewriting Scheme (SRS) in Office 365](/office365/troubleshoot/antispam/sender-rewriting-scheme).
+
+For DKIM to work, make sure you enable DKIM for sending domain. For example, fabrikam.com is part of contoso.com and is defined in the accepted domains of the organization. If the message sender is sender@fabrikam.com, DKIM needs to be enabled for fabrikam.com. you can read on how to enable at [Use DKIM to validate outbound email sent from your custom domain](use-dkim-to-validate-outbound-email.md).
+
+To add a custom domains follow the steps in [Add a domain to Microsoft 365](../../admin/setup/add-domain.md).