Updates from: 06/28/2022 01:11:12
Category Microsoft Docs article Related commit history on GitHub Change details
contentunderstanding Difference Between Document Understanding And Form Processing Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model.md
Use the following table to understand when to use form processing and when to us
| Model creation | Model created in AI builder with seamless access from SharePoint document library.| Model created in SharePoint in a new site, the content center. | | Classification type| Settable classifier is used to give clues to the system on what data to extract.| Trainable classifier with optional extractors using machine teaching to assign document location on what data to extract.| | Locations | Trained for a single document library.| Can be applied to multiple libraries.|
-| Supported file types| Train on PDF, JPG, PNG format, total 50 MB and 500 pages.| Train on 5-10 PDF, Office, or email files, including negative examples.<br>Office files are truncated at 64K characters. OCR-scanned files are limited to 20 pages.|
+| Supported file types| Train on PDF, JPG, PNG format, total 50 MB and 500 pages.| Train on 5-10 PDF, Office, or email files, including negative examples.<br>Office files are truncated at 64K characters. OCR-scanned files are limited to 20 pages. Document understanding models support the following file types doc, docx, eml, heic, heif, htm, html, jpeg, jpg, markdown, md, msg, pdf, png, ppt, pptx, rtf, tif, tiff, txt, xls and xlsx.|
| Integrate with Managed Metadata | No | Yes, by training entity extractor referencing a configured managed metadata field.| | Compliance feature integration with Microsoft Purview Information Protection | Set published retention labels.<br>Set sensitivity labels is coming. | Set published retention labels.<br>Set published sensitivity labels. | | Supported regions| Form processing relies on Power Platform. For information about global availability for Power Platform and AI Builder, see [Power Platform availability](https://dynamics.microsoft.com/geographic-availability/). | Available in all regions.|
security Enable Troubleshooting Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
Microsoft Defender for Endpoint troubleshooting mode allows you to troubleshoot various Microsoft Defender antivirus features by enabling them from the device and testing different scenarios, even if they're controlled by the organization policy. The troubleshooting mode is disabled by default and requires you to turn it on for a device (and/or group of devices) for a limited time. Note that this is exclusively an Enterprise-only feature, and requires Microsoft 365 Defender access.
Microsoft Defender for Endpoint troubleshooting mode allows you to troubleshoot
- Use troubleshooting mode to disable/change the tamper protection setting to perform: - Microsoft Defender Antivirus functional troubleshooting /application compatibility (false positive application blocks).- - Microsoft Defender Antivirus performance troubleshooting by using the troubleshooting mode and manipulating tamper protection and other antivirus settings. - If a tampering event occurs (for example, the `MpPreference` snapshot is altered or deleted), troubleshooting mode will end and tamper protection will be enabled on the device.
Microsoft Defender for Endpoint troubleshooting mode allows you to troubleshoot
- Local admins, with appropriate permissions, can change configurations on individual endpoints that are usually locked by policy. Having a device in troubleshooting mode can be helpful when diagnosing Microsoft Defender Antivirus performance and compatibility scenarios. - Local admins won't be able to turn off Microsoft Defender Antivirus, or uninstall it.- - Local admins will be able to configure all other security settings in the Microsoft Defender Antivirus suite (for example, cloud protection, tamper protection). - Admins with "Manage Security settings" permissions will have access to turn on troubleshooting mode.
Microsoft Defender for Endpoint troubleshooting mode allows you to troubleshoot
- Microsoft Defender for Endpoint collects logs and investigation data throughout the troubleshooting process. - Snapshot of `MpPreference` will be taken before troubleshooting mode begins.- - Second snapshot will be taken just before troubleshooting mode expires.- - Operational logs from during troubleshooting mode will also be collected. - All the above logs and snapshots will be collected and will be available for an admin to collect using the [Collect investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices) feature on the device page. Note that Microsoft won't remove this data from the device until an admin collects them.
Microsoft Defender for Endpoint troubleshooting mode allows you to troubleshoot
Here are some pre-built advanced hunting queries to give you visibility into the troubleshooting events that are occurring in your environment. You can also use these queries to [create detection rules](/defender/custom-detection-rules.md#create-a-custom-detection-rule) that'd alert you when the devices are in troubleshooting mode. ### Get troubleshooting events for a particular device-
+Search by deviceId or deviceName by commenting out the respective lines.
```kusto
-let deviceName = "<device name>"; // update with device name
-let deviceId = "<device id>"; // update with device id
-search in (DeviceEvents)
-(DeviceName == deviceName
-) and ActionType == "AntivirusTroubleshootModeEvent"
+//let deviceName = "<deviceName>"; // update with device name
+let deviceId = "<deviceID>"; // update with device id
+DeviceEvents
+| where DeviceId == deviceId
+//| where DeviceName == deviceName
+| where ActionType == "AntivirusTroubleshootModeEvent"
| extend _tsmodeproperties = parse_json(AdditionalFields)
-| project $table, Timestamp,DeviceId, DeviceName, _tsmodeproperties,
+| project Timestamp,DeviceId, DeviceName, _tsmodeproperties,
_tsmodeproperties.TroubleshootingState, _tsmodeproperties.TroubleshootingPreviousState, _tsmodeproperties.TroubleshootingStartTime, _tsmodeproperties.TroubleshootingStateExpiry, _tsmodeproperties.TroubleshootingStateRemainingMinutes, _tsmodeproperties.TroubleshootingStateChangeReason, _tsmodeproperties.TroubleshootingStateChangeSource ```
-### Devices currently in troubleshooting mode
+### Devices currently in troubleshooting mode
```kusto
-search in (DeviceEvents)
-ActionType == "AntivirusTroubleshootModeEvent"
+DeviceEvents
+| where ActionType == "AntivirusTroubleshootModeEvent"
| extend _tsmodeproperties = parse_json(AdditionalFields)
-| where Timestamp > ago(3h)
| where _tsmodeproperties.TroubleshootingStateChangeReason contains "started" |summarize (Timestamp, ReportId)=arg_max(Timestamp, ReportId), count() by DeviceId
+| order by Timestamp desc
``` ### Count of troubleshooting mode instances by device ```kusto
-search in (DeviceEvents)
-ActionType == "AntivirusTroubleshootModeEvent"
+DeviceEvents
+| where ActionType == "AntivirusTroubleshootModeEvent"
| extend _tsmodeproperties = parse_json(AdditionalFields) | where Timestamp > ago(30d) // choose the date range you want | where _tsmodeproperties.TroubleshootingStateChangeReason contains "started"
ActionType == "AntivirusTroubleshootModeEvent"
### Total count ```kusto
-search in (DeviceEvents)
-ActionType == "AntivirusTroubleshootModeEvent"
+DeviceEvents
+| where ActionType == "AntivirusTroubleshootModeEvent"
| extend _tsmodeproperties = parse_json(AdditionalFields) | where Timestamp > ago(2d) //beginning of time range | where Timestamp < ago(1d) //end of time range
solutions Manage Creation Of Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-creation-of-groups.md
You must use the preview version of [Azure Active Directory PowerShell for Graph
- If you have the 2.0 general availability version of the Azure AD PowerShell module (AzureAD) installed, you must uninstall it by running `Uninstall-Module AzureAD` in your PowerShell session, and then install the preview version by running `Install-Module AzureADPreview`. -- If you have already installed the preview version, run `Install-Module AzureADPreview` to make sure it's the latest version of this module.
+- If you have already installed the preview version, run `Update-Module AzureADPreview` to make sure it's the latest version of this module.
Copy the script below into a text editor, such as Notepad, or the [Windows PowerShell ISE](/powershell/scripting/components/ise/introducing-the-windows-powershell-ise).