Updates from: 06/28/2023 03:06:51
Category Microsoft Docs article Related commit history on GitHub Change details
admin Experience Insights Dashboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/experience-insights-dashboard.md
description: "Get a periodic report about how people in your organization use Mi
The Experience insights (preview) dashboard shows you data across usage and sentiment to give you a fuller view of your organization's experience with Microsoft 365. Experience insights is optimized for organizations with 2000 plus seats. We are working on bringing the experience to smaller organizations in the future. This information and data on the dashboard will help you better understand and improve your users' experience with Microsoft 365. The dashboard shows you data across usage and user sentiment and helps give you a fuller picture of your users' overall experience. You can drill down into specific information such as feature usage for certain apps, exact feedback and Net Promoter Score (NPS) comments, and top help articles viewed by users in your organization. This info can help you identify opportunities to improve usersΓÇÖ Microsoft 365 products and app experiences in your organization.
-## How to get to the Experience insights dashboard
+## Watch: Experience insights dashboard overview
-There are a couple of ways to get the Experience insights dashboard page. If youΓÇÖre a member of the global admin or global reader roles, when you log in to the Microsoft 365 admin center, youΓÇÖll see a one-time prompt to go to the Experience insights (preview) dashboard. You can access it at any time by selecting Experience insights (preview) from the admin home page.
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RW16N2s?autoplay=false]
+
+## Go to the Experience insights dashboard
+
+There are a couple of ways to get the Experience insights dashboard page. If youΓÇÖre a member of the global admin or global reader roles, when you log in to the Microsoft 365 admin center, youΓÇÖll see a one-time prompt to go to the Experience insights (preview) dashboard. You can access it at any time by selecting **Experience insights (preview)** from the admin home page.
:::image type="content" source="../../media/experience-insights-fre.png" alt-text="Screenshot: Image showing how to get to the experience insights dashboard":::
compliance Ediscovery Find Sensitive Data Stored On Sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-find-sensitive-data-stored-on-sites.md
+
+ Title: "Find sensitive data stored on sites with eDiscovery"
+description: Use eDiscovery to discover documents that contain sensitive data in your organization.
+f1.keywords:
+- NOCSH
+++ Last updated : 6/26/2023
+audience: Admin
+++
+- tier1
+- purview-compliance
+- ediscovery
+ms.localizationpriority: medium
+search.appverid:
+- MOE150
+- MET150
++
+# Find sensitive data stored on sites with eDiscovery
+
+Users often store sensitive data, such as credit card numbers, social security numbers, or personal, on their sites, and over time this can expose an organization to significant risk of data loss. Documents stored on sitesΓÇöincluding OneDrive for Business sitesΓÇöcould be shared with people outside the organization who shouldn't have access to the information.
+
+With Microsoft Purview eDiscovery, you can discover documents that contain sensitive data throughout your tenant. After discovering the documents, you can work with the document owners to protect the data. This article can help you form a query to search for sensitive data.
++
+## Forming a basic query
+
+There are three parts that make up a basic query: SensitiveType, count range, and confidence range. For example, **SensitiveType:"\<type\>"** is required, and both **|\<count range\>** and **|\<confidence range\>** are optional.
+
+### Sensitive type - required
+
+Queries typically begin with the property `SensitiveType:"` and an information type name from the [sensitive information types inventory](/Exchange/what-the-sensitive-information-types-in-exchange-look-for-exchange-2013-help), and end with a `"`. You can also use the name of a [custom sensitive information type](create-a-custom-sensitive-information-type.md) that you created for your organization. For example, you might be looking for documents that contain credit card numbers.
+
+In such an instance, you'd use the following format: `SensitiveType:"Credit Card Number"`. Because you didn't include count range or confidence range, the query returns every document in which a credit card number is detected. This is the simplest query that you can run, and it returns the most results. Keep in mind that the spelling and spacing of the sensitive type matters.
+
+### Ranges - optional
+
+Both of the next two parts are ranges, so let's quickly examine what a range looks like. In SharePoint queries, a basic range is represented by two numbers separated by two periods, which looks like this: `[number]..[number]`. For instance, if `10..20` is used, that range would capture numbers from 10 through 20. There are many different range combinations and several are covered in this article.
+
+Let's add a count range to the query. You can use count range to define the number of occurrences of sensitive information a document needs to contain before it's included in the query results. For example, if you want your query to return only documents that contain exactly five credit card numbers, use this: `SensitiveType:"Credit Card Number|5"`. Count range can also help you identify documents that pose high degrees of risk. For example, your organization might consider documents with five or more credit card numbers a high risk. To find documents fitting this criterion, you would use this query: `SensitiveType:"Credit Card Number|5.."`. Alternatively, you can find documents with five or fewer credit card numbers by using this query: `SensitiveType:"Credit Card Number|..5"`.
+
+#### Confidence range
+
+Finally, confidence range is the level of confidence that the detected sensitive type is actually a match. The values for confidence range work similarly to count range. You can form a query without including a count range. For example, to search for documents with any number of credit card numbersΓÇöas long as the confidence range is 85 percent or higherΓÇöyou would use this query: `SensitiveType:"Credit Card Number|*|85.."`.
+
+> [!IMPORTANT]
+> The asterisk ( `*` ) is a wildcard character that means any value works. You can use the wildcard character ( `*` ) either in the count range or in the confidence range, but not in a sensitive type.
+
+### Additional query properties and search operators available in the eDiscovery Center
+
+Queries in SharePoint also contains the LastSensitiveContentScan property, which can help you search for files scanned within a specific timeframe. For query examples with the `LastSensitiveContentScan` property, see the [Examples of complex queries](#examples-of-complex-queries) in the next section.
+
+You can use SharePoint eDiscovery search properties such as `Author` or `FileExtension`. You can use operators to build complex queries. For the list of available properties and operators, see the [Using Search Properties and Operators with eDiscovery](/archive/blogs/quentin/using-search-properties-and-operators-with-ediscovery) blog post.
+
+## Examples of complex queries
+
+The following examples use different sensitive types, properties, and operators to illustrate how you can refine your queries to find exactly what you're looking for.
+
+|Query|Explanation|
+|||
+|`SensitiveType:"International Banking Account Number (IBAN)"`|The name might seem strange because it's so long, but it's the correct name for that sensitive type. Make sure to use exact names from the [sensitive information types inventory](/Exchange/what-the-sensitive-information-types-in-exchange-look-for-exchange-2013-help). You can also use the name of a [custom sensitive information type](create-a-custom-sensitive-information-type.md) that you created for your organization.|
+|`SensitiveType:"Credit Card Number|1..4294967295|1..100"`|This returns documents with at least one match to the sensitive type "Credit Card Number." The values for each range are the respective minimum and maximum values. A simpler way to write this query is `SensitiveType:"Credit Card Number"`, but where's the fun in that?|
+|`SensitiveType:"Credit Card Number|5..25" AND LastSensitiveContentScan:"8/11/2018..8/13/2018"`|This returns documents with 5-25 credit card numbers that were scanned from August 11, 2018 through August 13, 2018.|
+|`SensitiveType:"Credit Card Number|5..25" AND LastSensitiveContentScan:"8/11/2018..8/13/2018" NOT FileExtension:XLSX`|This returns documents with 5-25 credit card numbers that were scanned from August 11, 2018 through August 13, 2018. Files with an XLSX extension aren't included in the query results. `FileExtension` is one of many properties that you can include in a query. For more information, see [Using Search Properties and Operators with eDiscovery](/archive/blogs/quentin/using-search-properties-and-operators-with-ediscovery).|
+|`SensitiveType:"Credit Card Number" OR SensitiveType:"U.S. Social Security Number (SSN)"`|This returns documents that contain either a credit card number or a social security number.|
+|
+
+## Examples of queries to avoid
+
+Not all queries are created equal. The following table gives examples of queries that don't work in SharePoint and describes why.
+
+|Unsupported query|Reason|
+|||
+|`SensitiveType:"Credit Card Number|.."`|You must add at least one number.|
+|`SensitiveType:"NotARule"`|"NotARule" isn't a valid sensitive type name. Only names in the [sensitive information types inventory](/Exchange/what-the-sensitive-information-types-in-exchange-look-for-exchange-2013-help) work in eDiscovery queries.|
+|`SensitiveType:"Credit Card Number|0"`|Zero isn't valid as either the minimum value or the maximum value in a range.|
+|`SensitiveType:"Credit Card Number"`|It's might be difficult to see, but there's extra white space between "Credit" and "Card" that makes the query invalid. Use exact sensitive type names from the [sensitive information types inventory](/Exchange/what-the-sensitive-information-types-in-exchange-look-for-exchange-2013-help).|
+|`SensitiveType:"Credit Card Number|1. .3"`|The two-period portion shouldn't be separated by a space.|
+|`SensitiveType:"Credit Card Number| |1..|80.."`|There are too many pipe delimiters (\|). Follow this format instead: `SensitiveType: "Credit Card Number|1..|80.."`|
+|`SensitiveType:"Credit Card Number|1..|80..101"`|Because confidence values represent a percentage, they can't exceed 100. Choose a number from 1 through 100 instead.|
+|
+
+## For more information
+
+- [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md)
+- [Run a Content Search](ediscovery-content-search.md)
+- [Keyword queries and search conditions for Content Search](ediscovery-keyword-queries-and-search-conditions.md)
compliance Ediscovery Keyword Queries And Search Conditions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions.md
f1.keywords:
Previously updated : 06/12/2023 Last updated : 06/26/2023 audience: Admin f1_keywords:
For example, to find content related to specific employees (*User 1* and *User 2
- For **Keyword**, use *Tradewinds* - For **Date Range**, use the *January 1, 2020* to *January 31, 2022* range
+> [!IMPORTANT]
+> For emails, when a keyword is used, we search subject, body and many properties related to the participants. However, due to recipient expansion, search may not return expected results when using the alias or part of the alias. Therefore we recommend using the full UPN.
+ ## Searchable email properties The following table lists the email message properties that can be searched by using the eDiscovery search tools in the compliance portal or by using the **New-ComplianceSearch** or the **Set-ComplianceSearch** cmdlet.
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
For standard retention labels (they don't mark items as a [record or regulatory
- You use the Power Automate compliance action of **Apply a retention label on the item**. If the item already has a retention label applied, it will be replaced.
- - The existing label was applied as a default label. When you use a default label, there are some scenarios when it can be replaced by another default label, or automatically removed.
-
- For more information about the label behavior when it's applied by using a default label:
- - [Label behavior when you use a default label for SharePoint](create-apply-retention-labels.md#label-behavior-when-you-use-a-default-label-for-sharepoint)
- - [Label behavior when you use a default label for Outlook](/microsoft-365/compliance/create-apply-retention-labels&tabs=manual-outlook%2Cdefault-label-for-outlook#label-behavior-when-you-use-a-default-label-for-outlook)
+ - The existing label was applied as a default label. When you use a default label, there are some scenarios when it can be replaced by another default label, or automatically removed. For more information, see [Default labels for SharePoint and Outlook](create-apply-retention-labels.md#default-labels-for-sharepoint-and-outlook).
For retention labels that mark items as a record or a regulatory record:
lighthouse M365 Lighthouse Dismiss Task https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-dismiss-task.md
Additionally, each partner tenant user must meet the following requirements:
You can also select **More actions** (ellipsis icon) option directly from the task list to dismiss the task.
-## Next Steps
+## Next steps
-If the status of a dismissed tasks changes, you can reinstate the task. For more information, see [Reinstate a task in Microsoft 365 Lighthouse](m365-lighthouse-reinstate-task.md).
+If the status of a dismissed task changes, you can reinstate the task. For more information, see [Reinstate a task in Microsoft 365 Lighthouse](m365-lighthouse-reinstate-task.md).
## Related content
loop Loop Workspaces Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-workspaces-configuration.md
If you prefer, you can also create other types of groups to use with Cloud Polic
### Exchange Online license
-Loop workspaces currently require each user to have an Exchange Online license. If not, users will experience failures in the Loop app; won't receive notifications or signals when they collaborate and update; and encounter failures in other experiences also.
+Loop workspaces currently require each user to have an Exchange Online license and the user account cannot be a resource account (e.g. a shared mailbox user). If these requirements are not met, users will experience failures in the Loop app; won't receive notifications or signals when they collaborate and update; and encounter failures in other experiences also.
### WebSocket connections
security Manage Tamper Protection Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune.md
Title: Manage tamper protection for your organization using Microsoft Intune
description: Turn tamper protection on or off for your organization in Microsoft Intune.
-keywords: malware, defender, antivirus, tamper protection, Microsoft Intune
ms.localizationpriority: medium Previously updated : 05/24/2023 Last updated : 06/27/2023 audience: ITPro-+
If your organization has [exclusions defined for Microsoft Defender Antivirus](c
||| | Microsoft Defender platform | Devices are running Microsoft Defender platform `4.18.2211.5` or later. For more information, see [Monthly platform and engine versions](microsoft-defender-antivirus-updates.md#monthly-platform-and-engine-versions). | | `DisableLocalAdminMerge` setting | Also known as preventing local list merging, `DisableLocalAdminMerge` is enabled so that settings configured on a device are not merged with organization policies, such as settings in Intune. For more information, see [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp). |
-| Tamper protection deployment | Tamper protection is deployed through Intune. |
| Device management | Devices are managed in Intune only (not co-managed). | | Antivirus exclusions | Microsoft Defender Antivirus exclusions are managed in Microsoft Intune. For more information, see [Settings for Microsoft Defender Antivirus policy in Microsoft Intune for Windows devices](/mem/intune/protect/antivirus-microsoft-defender-settings-windows). <br/><br/>Functionality to protect Microsoft Defender Antivirus exclusions is enabled on devices. For more information, see [How to determine whether antivirus exclusions are tamper protected on a Windows device](#how-to-determine-whether-antivirus-exclusions-are-tamper-protected-on-a-windows-device). |
security Minimum Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/minimum-requirements.md
Access to Defender for Endpoint is done through a browser, supporting the follow
## Hardware and software requirements
+Devices on your network must be running one of these editions. New features or capabilities are typically provided only on operating systems that haven't yet reached the end of their support lifecycle. See [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform) for more information. Microsoft recommends the installation of the latest available security patches for any operating system.
+ ### Supported Windows versions - Windows 11 Enterprise
Access to Defender for Endpoint is done through a browser, supporting the follow
- Windows 11 Pro Education - Windows 10 Enterprise - [Windows 10 Enterprise LTSC 2016 (or later)](/windows/whats-new/ltsc/)-- Windows 10 Enterprise IoT-
- > [!NOTE]
- > While Windows 10 IoT Enterprise is a supported OS in Microsoft Defender for Endpoint and enables OEMs/ODMs to distribute it as part of their product or solution, customers should follow the OEM/ODM's guidance around host-based installed software and supportability.
-
+- Windows 10 Enterprise IoT*
- Windows 10 Education - Windows 10 Pro - Windows 10 Pro Education-- Windows 8.1 Enterprise-- Windows 8.1 Pro-- Windows 7 SP1 Enterprise ([Requires ESU for support](/troubleshoot/windows-client/windows-7-eos-faq/windows-7-extended-security-updates-faq).)-- Windows 7 SP1 Pro ([Requires ESU for support](/troubleshoot/windows-client/windows-7-eos-faq/windows-7-extended-security-updates-faq).)
+- Windows 8.1 Enterprise**
+- Windows 8.1 Pro**
+- Windows 7 SP1 Enterprise**
+- Windows 7 SP1 Pro**
- Windows server
- - Windows Server 2008 R2 SP1 ([Requires ESU for support](/windows-server/get-started/extended-security-updates-deploy))
+ - Windows Server 2008 R2 SP1**
- Windows Server 2012 R2 - Windows Server 2016 - Windows Server, version 1803 or later
Access to Defender for Endpoint is done through a browser, supporting the follow
- Windows Server 2019 core edition - Windows Server 2022 - Azure Virtual Desktop-- Windows 365-
-Devices on your network must be running one of these editions.
+- Windows 365 running one of the above operating systems/versions
-The hardware requirements for Defender for Endpoint on devices are the same as the requirements for the Windows operating system itself (that is, they are not in addition to the requirements for the operating system) for supported editions.
-
-> Cores: 2 minimum, 4 preferred
-> Memory: 1 GB minimum, 4 preferred
+### Other supported operating systems
-For more information on supported versions of Windows 10, see [Windows 10 release information](/windows/release-health/release-information).
+- [macOS](microsoft-defender-endpoint-mac.md)
+- [Linux](microsoft-defender-endpoint-linux.md)
+- [Android](microsoft-defender-endpoint-android.md)
+- [iOS](microsoft-defender-endpoint-ios.md)
> [!NOTE]
->
+> You'll need to confirm the Linux distributions and versions of Android, iOS, and macOS are compatible with Defender for Endpoint.
+> - *While Windows 10 IoT Enterprise is a supported OS in Microsoft Defender for Endpoint and enables OEMs/ODMs to distribute it as part of their product or solution, customers should follow the OEM/ODM's guidance around host-based installed software and supportability.
+> - **Requires the use of the [Log Analytics](/azure/azure-monitor/agents/log-analytics-agent) / Microsoft Monitoring Agent (MMA)
> - Endpoints running mobile versions of Windows (such as Windows CE and Windows 10 Mobile) aren't supported.
->
> - Virtual Machines running Windows 10 Enterprise 2016 LTSB may encounter performance issues if run on non-Microsoft virtualization platforms.
->
> - For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 or later.
->
> - The standalone versions of [Defender for Endpoint Plan 1 and Plan 2](defender-endpoint-plan-1-2.md) do not include server licenses. To onboard servers to those plans, you'll need an additional license, such as Microsoft Defender for Servers Plan 1 or Plan 2 (as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) offering). To learn more. see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).
-When components are up-to-date on Microsoft Windows operating systems, Microsoft Defender for Endpoint support follows the respective operating system's lifecycle. For more information, see [Lifecycle FAQ](/lifecycle/faq/general-lifecycle). New features or capabilities are typically provided only on operating systems that haven't yet reached the end of their lifecycle. Security intelligence updates (definition and engine updates) and detection logic continues to be provided until at least:
+### Hardware requirements
+The minimum hardware requirements for Defender for Endpoint on Windows devices are the same as the requirements for the operating system itself (that is, they are not in addition to the requirements for the operating system).
-- The [end of support date](/lifecycle/products/) (for operating systems that don't have an Extended Security Updates (ESU) program).-- The [end of ESU date](/lifecycle/faq/extended-security-updates) (for operating systems that have an ESU program).-
-### Other supported operating systems
--- [macOS](microsoft-defender-endpoint-mac.md)-- [Linux](microsoft-defender-endpoint-linux.md)-- [Android](microsoft-defender-endpoint-android.md)-- [iOS](microsoft-defender-endpoint-ios.md)-
-> [!NOTE]
-> You'll need to confirm the Linux distributions and versions of Android, iOS, and macOS are compatible with Defender for Endpoint for the integration to work.
+> Cores: 2 minimum, 4 preferred
+> Memory: 1 GB minimum, 4 preferred
### Network and data storage and configuration requirements
The Defender for Endpoint agent depends on the ability of Microsoft Defender Ant
Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus).
-When Microsoft Defender Antivirus isn't the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode.
+When Microsoft Defender Antivirus isn't the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes into passive mode.
If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
security Onboard Windows Multi Session Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device.md
Title: Onboard Windows devices in Azure Virtual Desktop description: Learn about onboarding Windows devices to Defender for Endpoint in Azure Virtual Desktop
-keywords: Azure Virtual Desktop, AVD, microsoft defender, endpoint, onboard
-ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium audience: ITPro -+ - m365-security - tier3 search.appverid: met150 Previously updated : 03/06/2023 Last updated : 06/27/2023 # Onboard Windows devices in Azure Virtual Desktop
Also, if you're using FSlogix user profiles, we recommend you exclude the follow
Note on licensing: When using Windows Enterprise multi-session, depending on your requirements, you can choose to either have all users licensed through Microsoft Defender for Endpoint (per user), Windows Enterprise E5, Microsoft 365 E5 Security, or Microsoft 365 E5, or have the VM licensed through Microsoft Defender for Cloud. Licensing requirements for Microsoft Defender for Endpoint can be found at: [Licensing requirements](minimum-requirements.md#licensing-requirements).
-### Known issues and limitations
-
-Only Microsoft Edge is supported for web filtering in Windows 10 multi-session.
- #### Related Links [Add exclusions for Defender for Endpoint via PowerShell](/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#add-exclusions-for-microsoft-defender-for-cloud-by-using-powershell)