-description: "Understand how to use Configuration Analyzer for Microsoft Purview to get up and running quickly with Microsoft Purview Compliance Manager."

-# Configuration Analyzer for Microsoft Purview (CAMP)

-**In this article:** Learn how to install and run the Configuration Analyzer for Microsoft Purview (CAMP) tool to get quickly started with Microsoft Purview Compliance Manger.

-## Compliance Configuration Analyzer (CAMP) overview

-The Configuration Analyzer for Microsoft Purview (CAMP) is a tool that can help you get started with [Microsoft Purview Compliance Manager](compliance-manager.md). CAMP is a PowerShell-based utility that will fetch your organization's current configurations and validate them against Microsoft 365 recommended best practices. These best practices are based on a set of controls that include key regulations and standards for data protection and data governance.

-CAMP can help you quickly see which improvement actions in Compliance Manager apply to your current Microsoft 365 environment. Each action identified by CAMP will give you recommendations for implementation, with direct links to Compliance Manager and the applicable solution to start taking corrective action.

-For more details about CAMP, including prerequisites and full installation instructions, visit the [README instructions on GitHub](https://github.com/OfficeDev/CAMP#overview). You don't need a GitHub account to access this page.

-#### Availability

-CAMP is available to all organizations with Office 365 and Microsoft 365 licenses and US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers.

-#### Roles

-Certain user roles are required to access and use CAMP, and to access information in reports. Visit the [CAMP prerequisite information on GitHub](https://github.com/OfficeDev/CAMP#pre-requisites).

-## Install CAMP and run a report

-You can install the CAMP tool using Windows PowerShell. Once you download and install the tool, you don't need to repeat those steps in order to run reports. Each time you open CAMP, it will ask you for you to log in, and it will generate a new, updated report.

-### Step 1: Install the Exchange Online PowerShell module

-To begin, you'll need the Exchange Online PowerShell module (v2.0.3 or higher) that's available in the PowerShell gallery. For installation instructions, see [Install and maintain the Exchange Online PowerShell module](/powershell/exchange/exchange-online-powershell-v2#install-and-maintain-the-exchange-online-powershell-module).

-### Step 2: Install CAMP

-To install CAMP, start by using PowerShell in administrator mode. Follow the steps below:

-1. Select the Windows **Start** button.

-1. Type **PowerShell**, right-click on **Windows PowerShell**, then select **Run as administrator**.

-1. At the command prompt, type:

- ```powershell

- Install-Module -Name CAMP

- ```

-### Step 3: Run a report

-After you install CAMP, you can run CAMP and generate a report. To run a report:

-1. Open PowerShell

-2. Run the cmdlet:

- ```powershell

- Get-CAMPReport

- ```

- If you're a GCC High customer, you'll need to provide an additional input parameter to run the report:

- ```powershell

- Get-CAMPReport -ExchangeEnvironmentName O365USGovGCCHigh

- ```

-3. Once CAMP runs, it does an initial version check and ask for credentials. At the Input the user name prompt, sign in with your Microsoft 365 account email address ([view the roles eligible to create reports](https://github.com/OfficeDev/CAMP#pre-requisites)). Then enter your password at the password prompt.

-Your report will then take approximately 2-5 minutes to generate. When it's done, a browser window opens and displays your HTML report. Every time you run the tool, it will ask for your credentials and generate a new report. This report is stored locally in the directory C: \ Users \ *username* \ AppData \ Local \ Microsoft \ CAMP.

-You can access previously generated reports from this directory.

-## Understanding your report

-Your report reflects data based on the date and time at which it was generated. The top section provides details on when it was generated, your organization name, and tenant ID.

-### Geolocation-based reporting

-The **Note** section shows that your report is customized based on the geographic location of your tenant. Recommendations listed in the tool will be specific to your country or region.

-Your geolocation selection is used to assess sensitive information types (SITs) which are relevant to that geolocation and generate a report that aligns to your country or region. Choose geolocations based on data you have in your tenant.

-To change your report's location information, you need provide a geolocation (-Geo) input parameter. You can choose either one or multiple geolocations applicable for your tenant.

-Follow these instructions to run a report based on a specific location:

-1. Open PowerShell

-2. To specify a certain region, you'll run a cmdlet using the numbers from the table below that correspond to the country or region. Enter multiple numbers by separating them with a comma. For example, the cmdlet below will run a customized report for Asia-Pacific and Japan:

- ```powershell

- Get-CAMPReport -Geo @(1,7)

- ```

- | Input | Country or Region |

- | :- | :: |

- | 1 | Asia-Pacific |

- | 2 | Australia |

- | 3 | Canada |

- | 4 | Europe (excluding France) / Middle East / Africa |

- | 5 | France |

- | 6 | India |

- | 7 | Japan |

- | 8 | Korea |

- | 9 | North America (excluding Canada) |

- | 10 | South America |

- | 11 | South Africa |

- | 12 | Switzerland |

- | 13 | United Arab Emirates |

- | 14 | United Kingdom |

- > [!NOTE]

- > The report will always include CAMP supported international sensitive information types such as SWIFT code, credit card number, etc.

-### Role-based reporting

-Your report will also be customized based on your role. The [CAMP prerequisite information on GitHub](https://github.com/OfficeDev/CAMP#pre-requisites) outlines which roles have access to which sections of the report. Other roles within your organization may not be able to run the tool, or they may run the tool and have limited access to information in the final report.

-### Solutions Summary section

-The **Solutions Summary** section of the report gives an overview of improvement actions that your organization can take in Compliance Manager to help improve your compliance posture.

-

-CAMP evaluates your current configurations against the recommended improvement actions in Compliance Manager. Any improvement action identified by the CAMP tool as needing attention will be listed in this section.

-Next to each Microsoft solution are color-coded boxes indicating the number of items that correspond to improvement actions in Compliance Manager. The actions are broken down into three status states:

-Select a box to view improvements and recommendations.

-#### Items with the Improvement status

-Select the dropdown next to the **Improvement** label to the right of the improvement action. You'll see a quick summary and details about your current settings and the recommended improvement actions. The summary includes direct links into Compliance Manager, the applicable solution in the Microsoft Purview compliance portal, and relevant documentation.

-Selecting the Compliance Manager link takes you to a filtered view of all the improvement actions within that solution that you haven't yet implemented. From there, you can see the number of points you can achieve to increase your [compliance score](compliance-score-calculation.md), and the assessments they apply to, and the applicable regulations and certifications.

-For DLP, there's a **Remediation Script** button that gives you a pre-generated PowerShell script based on what's recommended. You can copy and paste it directly in your PowerShell console. It will create a DLP policy in test mode

-#### Items with Recommendation status

-Select the dropdown next to the **Recommendation** label to the right of the improvement action. You'll see a summary of your organization's current Microsoft 365 environment related to the improvement action, along with recommended best practices.

-## Resources

-For more detailed information on installing, setting up, and using CAMP, see the [README instructions on GitHub](https://github.com/OfficeDev/CAMP#overview) (no GitHub account required).

-For more information on Windows PowerShell, start at [How to use the PowerShell documentation](/powershell/scripting/how-to-use-docs). See also [Starting Windows PowerShell](/powershell/scripting/windows-powershell/starting-windows-powershell).

-License requirements for Microsoft Purview Information Protection depend on the scenarios and features you use, rather than set licensing requirements for each capability listed on this page. To understand your licensing requirements and options for Microsoft Purview Information Protection, see the **Information Protection** sections from [Microsoft 365 guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance) and the related [PDF download](https://go.microsoft.com/fwlink/?linkid=2139145) for feature-level licensing requirements.

-|[Scope labels to files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails) |Current Channel: 2301+ <br /><br> Monthly Enterprise Channel: Under review <br /><br> Semi-Annual Enterprise Channel: Under review |16.69+ |Preview: Rolling out to [Beta Channel](https://insider.office.com/join/ios) |Preview: Rolling out to [Beta Channel](https://insider.office.com/join/android)| [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |

-|[Scope labels to files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails) |Current Channel: 2303+ <br /><br> Monthly Enterprise Channel: Under review <br /><br> Semi-Annual Enterprise Channel: 2302+ |Rolling out: 16.70+ ^\* | Rolling out: 4.2309+ |Rolling out: 4.2309+ |Yes |

-3. In the Microsoft Purview compliance portal \> left navigation \> **Data loss prevention** \> **Policy** \> **+ Create a policy**.

-6. To choose the locations that you want the DLP policy to protect, do one of the following:

- - Choose **All locations in Office 365** \> **Next**.

-7. Choose **Use advanced settings** \> **Next**.

-8. Choose **+ New rule**.

-9. In the rule editor, under **User notifications**, switch the status on.

- 

-## Data Residency commitments available

-You'll need to take some additional steps after UKG enables SSO for your organization.

-#### Change user accounts to Federated accounts

-Each user that will be using the connector will need a Federated account.

-1. From the left menu on UKG Dimensions, go to **Maintenance** and select **People information**.

-After UKG enables SSO for your organization, you'll need to configure the connector's redirection URL. This will allow UKG Dimensions to redirect the user to the Shifts app in Microsoft Teams as part of the SSO flow.

-|Some users have failed to map correctly|Mapping failed for some users: \<X\> succeeded, \<X\> failed AAD user(s) and \<X\> failed workforce management system user(s).|Use the [Get-CsTeamsShiftsConnectionSyncResult](/powershell/module/teams/get-csteamsshiftsconnectionsyncresult) cmdlet or [this PowerShell script](shifts-connector-powershell-manage.md#user-mapping-errors) to identify the users for whom the mapping failed. Make sure that the users in the mapped team match the users in the WFM instance.|

-|&nbsp; |This AAD team couldn't be found.|Make sure that the team exists or create a new team.|

-You can use the [Shifts connector wizard](shifts-connector-wizard-ukg.md) (Preview) in the Microsoft 365 admin center or [PowerShell](shifts-connector-ukg-powershell-setup.md) to create a connection and connection instances. After they're set up, you can manage them in the Microsoft 365 admin center. The Connector Management Console page lists each connection and connection instance that you've set up, along with information such as health status and sync interval details. You can also access the wizard to create a new connection and connection instances or make changes to any of your existing ones. Select the name of a connection instance to view the details of any errors.

-|Some users have failed to map correctly|Mapping failed for some users: \<X\> succeeded, \<X\> failed AAD user(s) and \<X\> failed workforce management system user(s).|Use the [Get-CsTeamsShiftsConnectionSyncResult](/powershell/module/teams/get-csteamsshiftsconnectionsyncresult) cmdlet or [this PowerShell script](shifts-connector-ukg-powershell-manage.md#user-mapping-errors) to identify the users for whom the mapping failed. Make sure that the users in the mapped team match the users in the WFM instance.|

-|&nbsp; |This AAD team couldn't be found.|Make sure that the team exists or create a new team.|

-The [Microsoft Teams Shifts connector for UKG Dimensions](shifts-connectors.md#microsoft-teams-shifts-connector-for-ukg-dimensions) enables you to integrate Shifts with UKG Dimensions to manage your schedules and keep them up to date. In this article, we walk you through how to run the wizard to set up a connection and a connection instance to UKG Dimensions through the connector.

-> You can also use PowerShell to integrate Shifts with UKG Dimensions. To learn more, see [Use PowerShell to connect Shifts to UKG Dimensions](shifts-connector-ukg-powershell-setup.md).

-## Before you begin

-You must be a Microsoft 365 global admin to run the wizard.

-<a name="prerequisites"> </a>

-### Prerequisites

-> [!NOTE]

-> Complete this step if you're mapping UKG Dimensions instances to existing teams that have schedule entities. If you're mapping to teams that don't have any schedules or if you've already created new teams to map to, you can skip this step.

-1. First, you'll need to install the PowerShell modules and get set up. Follow the steps to [set up your environment](shifts-connector-ukg-powershell-manage.md#set-up-your-environment)

-1. Run the following command:

-## Run the wizard

-1. In the left navigation of the [Microsoft 365 admin center](https://admin.microsoft.com/), choose **Setup**, and then under **Featured collections**, select **Frontline workers**.

-1. Enter your UKG Dimensions account username (which enables access to all instances created in UKG Dimensions) and password and service URLs. If you don't know one or more of your connection details, contact your UKG Dimensions delivery partner or account manager.

-1. When you're done, select **Save connection**.

-> If you need to create another connection, go to the Connector Management Console page, and then select **Add connection**.

-4. Enter your Microsoft 365 system account. This is the [account that you created as a prerequisite](#before-you-begin) that is a team owner of all the teams you want to map.

-> You can also use PowerShell to integrate Shifts with Blue Yonder WFM. To learn more, see [Use PowerShell to connect Shifts to Blue Yonder Workforce Management](shifts-connector-blue-yonder-powershell-setup.md).

-## Before you begin

-You must be a Microsoft 365 global admin to run the wizard.

-### Prerequisites

-<a name="prerequisites"> </a>

-## Run the wizard

-# Use the Virtual Appointments app in Microsoft Teams

-## Tenant progress

-## User progress

-## Deployment insights table

-## Deployment insights details by tenant

-### Overview tab

-### Dismissed tasks tab

-### Excluded users tab

-### Required licenses tab

-## Deployment insights table by task

-> Each version of Defender for Endpoint on Linux has an expiration date, after which it will no longer continue to protect your device. You must update the product prior to this date. To check the expiration date, run the following command: