Updates from: 06/30/2021 03:12:02
Category Microsoft Docs article Related commit history on GitHub Change details
commerce Manage Billing Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-billing-notifications.md
To receive your invoices as attachments to your invoice notifications, use the f
## Related content [View your bill or invoice](view-your-bill-or-invoice.md) (article)\
-[Billing information for Microsoft 365 for business in Mexico](/microsoft-365/commerce/billing-and-payments/mexico-billing-info) (article) \
+[Billing information for Microsoft 365 for business in Mexico](mexico-billing-info.md) (article) \
[Understand your bill or invoice for Microsoft 365 for business](understand-your-invoice2.md) (article)\ [Add users and assign licenses at the same time](../../admin/add-users/add-users.md) (article)
commerce Understand Your Invoice2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md
If you pay by invoice, you can add or change the purchase order (PO) number for
## Related content [Learn how to find and view your bill or invoice](view-your-bill-or-invoice.md) (article)\
-[Billing information for Microsoft 365 for business in Mexico](/microsoft-365/commerce/billing-and-payments/mexico-billing-info) (article) \
+[Billing information for Microsoft 365 for business in Mexico](mexico-billing-info.md) (article) \
[Change your billing addresses](change-your-billing-addresses.md) (article)\ [Change your organization's address, technical contact email, and other information](../../admin/manage/change-address-contact-and-more.md) (article)\ [Pay for your Microsoft 365 for business subscription](pay-for-your-subscription.md) (article)\
commerce View Your Bill Or Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
If you have a balance and would like to pay it, you can do that online. To learn
[Pay by invoice, credit card, or bank account](pay-for-your-subscription.md) (article) \ [Manage payment methods](manage-payment-methods.md) (article) \
-[Billing information for Microsoft 365 for business in Mexico](/microsoft-365/commerce/billing-and-payments/mexico-billing-info) (article) \
+[Billing information for Microsoft 365 for business in Mexico](mexico-billing-info.md) (article) \
[Minecraft: Education Edition payment options](/education/windows/school-get-minecraft) (article)
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
You can learn more about these configuration options from the DLP documentation:
Also similarly to DLP policy configuration, you can choose whether a condition must detect all sensitive information types, or just one of them. And to make your conditions more flexible or complex, you can add [groups and use logical operators between the groups](data-loss-prevention-policies.md#grouping-and-logical-operators). > [!NOTE]
-> Auto-labelling policies based on custom sensitive information types only apply to newly created or modified content in OneDrive and SharePoint.
+> Auto-labeling policies that are based on custom sensitive information types apply only to newly created or modified content in OneDrive and SharePoint; not to existing content.
### Configuring trainable classifiers for a label
Make sure you're aware of the prerequisites before you configure auto-labeling p
- At the time the auto-labeling policy runs, the file mustn't be open by another process or user. A file that's checked out for editing falls into this category. - If you plan to use [custom sensitive information types](sensitive-information-type-learn-about.md) rather than the built-in sensitivity types:
- - Custom sensitivity information types apply only to content that is added or modified in SharePoint or OneDrive after the custom sensitivity information types are enforced.
+ - Custom sensitivity information types apply only to content that is added or modified in SharePoint or OneDrive after the custom sensitivity information types are enforced.
- To test new custom sensitive information types, create them before you create your auto-labeling policy, and then create new documents with sample data for testing. - One or more sensitivity labels [created and published](create-sensitivity-labels.md) (to at least one user) that you can select for your auto-labeling policies. For these labels:
compliance Assign Ediscovery Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/assign-ediscovery-permissions.md
For more information, see [Work with communications in Advanced eDiscovery](mana
This role lets users run the Content Search tool in the Microsoft 365 compliance center to search mailboxes and public folders, SharePoint Online sites, OneDrive for Business sites, Skype for Business conversations, Microsoft 365 groups, and Microsoft Teams, and Yammer groups. This role allows a user to get an estimate of the search results and create export reports, but other roles are needed to initiate content search actions such as previewing, exporting, or deleting search results.
-Users who are assigned the Compliance Search role but don't have the Preview role can preview the results of a search in which the preview action has been initiated by a user who is assigned the Preview role. The user without the Preview role can preview results for up to two weeks after the initial preview action was created.
+In Content search and Core eDiscovery, users who are assigned the Compliance Search role but don't have the Preview role can preview the results of a search in which the preview action has been initiated by a user who is assigned the Preview role. The user without the Preview role can preview results for up to two weeks after the initial preview action was created.
-Similarly, users who are assigned the Compliance Search role but don't have the Export role can download the results of a search in which the export action was initiated by a user who is assigned the Export role. The user without the Export role can download the results of a search for up to two weeks after the initial export action was created. After that, they can't download the results unless someone with the Export role restarts the export.
+Similarly, users in Content search and Core eDiscovery who are assigned the Compliance Search role but don't have the Export role can download the results of a search in which the export action was initiated by a user who is assigned the Export role. The user without the Export role can download the results of a search for up to two weeks after the initial export action was created. After that, they can't download the results unless someone with the Export role restarts the export.
-For more information, see [Content search in Office 365](content-search.md).
+The two-week grace period for previewing and exporting search results (without the corresponding search and export roles) doesn't apply to Advanced eDiscovery. Users must be assigned the Preview and Export roles to preview and export content in Advanced eDiscovery.
### Custodian
compliance Close Or Delete Case https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/close-or-delete-case.md
To close a case:
2. On the **Settings** tab, under **Case Information**, click **Select**.
-3. At the bottom of the **Case Information** flyout page, click (**...**) **More options**, and then click **Close case**.
+ ![Access the case information flyout page in an Advanced eDiscovery case](..\media\AeDSelectCaseInformation.png)
- ![Option in the More options menu to close an Advanced eDiscovery case](..\Media\CloseAdvancedeDiscoveryCase.png)
+3. At the bottom of the **Case Information** flyout page, click **Actions**, and then click **Close case**.
It might take up to 60 minutes for the closing process to complete.
To reopen a closed case:
2. On the **Settings** tab, under **Case Information**, click **Select**.
-3. At the bottom of the **Case Information** flyout page, click (**...**) **More options**, and then click **Reopen case**.
-
- ![Option in the More options menu to reopen an Advanced eDiscovery case](..\Media\ReopenAdvancedeDiscoveryCase.png)
+3. At the bottom of the **Case Information** flyout page, click **Actions**, and then click **Reopen case**.
It might take up to 60 minutes for the reopening process to complete.
To delete a case:
2. On the **Settings** tab, under **Case Information**, click **Select**.
-3. At the bottom of the **Case Information** flyout page, click (**...**) **More options**, and then click **Delete case**.
+3. At the bottom of the **Case Information** flyout page, click **Actions**, and then click **Delete case**.
- ![Option in the More options menu to delete an Advanced eDiscovery case](..\Media\DeleteAdvancedeDiscoveryCase.png)
compliance Set Up Compliance Boundaries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-compliance-boundaries.md
Search permissions filters also let you control where content is routed for expo
To simplify the concept, the **Region** parameter controls the datacenter that is used to search for content in SharePoint and OneDrive. This doesn't apply to searching for content in Exchange because Exchange content searches aren't bound by the geographic location of datacenters. Also, the same **Region** parameter value may also dictate the datacenter that exports are routed through. This is often necessary to control the movement of data across geographic boarders. > [!NOTE]
-> If you're using Advanced eDiscovery, the **Region** parameter doesn't control the region that data is exported from. Data is exported from the organization's primary datacenter. Also, searching for content in SharePoint and OneDrive isn't bound by the geographic location of datacenters. All datacenters are searched. For more information about Advanced eDiscovery, see [Overview of the Advanced eDiscovery solution in Microsoft 365](overview-ediscovery-20.md).
+> If you're using Advanced eDiscovery, the **Region** parameter doesn't control the region that data is exported from. Data is exported from the organization's central location. Also, searching for content in SharePoint and OneDrive isn't bound by the geographic location of datacenters. All datacenters are searched. For more information about Advanced eDiscovery, see [Overview of the Advanced eDiscovery solution in Microsoft 365](overview-ediscovery-20.md).
Here are examples of using the **Region** parameter when creating search permission filters for compliance boundaries. This assumes that the Fourth Coffee subsidiary is located in North America and that Coho Winery is in Europe.
Keep the following things in mind when searching and exporting content in multi-
- When searching for content in SharePoint and OneDrive, the **Region** parameter directs searches to either the primary or satellite location where the eDiscovery manager will conduct eDiscovery investigations. If an eDiscovery manager searches SharePoint and OneDrive sites outside of the region that's specified in the search permissions filter, no search results are returned. -- When exporting search results, content from all content locations (including Exchange, Skype for Business, SharePoint, OneDrive, and other services that you can search by using the Content Search tool) are uploaded to the Azure Storage location in the datacenter that's specified by the **Region** parameter. This helps organizations stay within compliance by not allowing content to be exported across controlled borders. If no region is specified in the search permissions filter, content is uploaded to the organization's primary datacenter.
+- When exporting search results from Core eDiscovery, content from all content locations (including Exchange, Skype for Business, SharePoint, OneDrive, and other services that you can search by using the Content Search tool) are uploaded to the Azure Storage location in the datacenter that's specified by the **Region** parameter. This helps organizations stay within compliance by not allowing content to be exported across controlled borders. If no region is specified in the search permissions filter, content is uploaded to the organization's primary datacenter.
+
+ When exporting content from Advanced eDiscovery, you can't control where content is uploaded by using the **Region** parameter. Content is uploaded to an Azure Storage location in a datacenter in your organization's central location. For a list of geo locations based on your central location, see [Microsoft 365 Multi-Geo eDiscovery configuration](../enterprise/multi-geo-ediscovery-configuration.md).
- You can edit an existing search permissions filter to add or change the region by running the following command:
enterprise Microsoft 365 Isolation In Microsoft 365 Video https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-isolation-in-microsoft-365-video.md
- Title: "Tenant Isolation in Office 365 Video"-----
-localization_priority: Normal
-- MET150--- Strat_O365_IP-- M365-security-compliance-- NOCSH
-description: In this article, find an explanation of how tenant isolation keeps each tenant's stored videos separate in Office 365 Video.
---
-# Tenant Isolation in Office 365 Video
-
-> [!NOTE]
-> Office 365 Video will be replaced by Microsoft Stream. To learn more about the new enterprise video service that adds intelligence to video collaboration and learn about the transition plans for current Microsoft 365 Video customers, see [Office 365 Video transition to Microsoft Stream overview](/stream/migrate-from-office-365).
-
-## Introduction
-
-Azure Storage is used to store data for multiple Office 365 services, including Office 365 Video and Sway. Azure Storage includes Blob storage, which is a highly-scalable, REST-based, cloud object store that is used for storing unstructured data. Azure Storage uses a simple access control model; each Azure subscription can create one or more Storage Accounts. Each Storage Account has a single secret key that is used to control access to all data in that Storage Account. This supports the typical scenario where storage is associated with applications and those applications have full control over their associated data; for example, Sway storing content in Azure Storage. All customer content for Sway is stored in shared Azure storage accounts. Each user's content is in a separate directory tree of blobs in Azure storage.
-
-The systems managing access to customer environments (e.g., the Azure Portal, SMAPI, etc.) are isolated within an Azure application operated by Microsoft. This logically separates the customer access infrastructure from the customer applications and storage layer.
-
-## Tenant Isolation in Office 365 Video
-
-[Office 365 Video](https://support.office.com/article/Meet-Office-365-Video-ca1cc1a9-a615-46e1-b6a3-40dbd99939a6) is an enterprise portal that provides organizations with a highly secure, organization-wide destination for posting, sharing, and discovering video content. In Office 365 Video, each tenant's videos are kept isolated and encrypted in all locations, and are only available to authenticated users that have access and permissions to the organization's videos. Office 365 Video uses a combination of technologies to accomplish this:
--- SharePoint Online is used for storing the video file and metadata (video title, description, etc.). It also provides the security and compliance layer (including authentication), and search features.-- Azure Media Services provides transcoding, adaptive streaming, secure delivery (using AES encryption), and thumbnail features.-
-[Azure Media Services](https://azure.microsoft.com/services/media-services/) is a platform-as-a-service offering for enabling end-to-end media workflows in the cloud. The platform provides a REST API for uploading, encoding, encrypting (with PlayReady), and delivery of media through Azure datacenters around the world.
-
-All uploads for Office 365 Video occur via HTTPS. When a video file is uploaded, it is stored in SharePoint Online, and a copy of the file is sent via an encrypted channel to Azure Media Services. Azure Media Services transcodes the video into multiple formats that are optimized for viewing experience (e.g., mobile, low-bandwidth, high-bandwidth, etc.). These files, along with the original file acquired during upload, are stored in Azure Blob storage. The files are encrypted using AES 128 per the MPEG Common Encryption packaging algorithm (or an earlier PlayReady version) for playback, and encrypted using AES 256 storage encryption before being stored in Azure Blob storage. (Using the Azure Media Services Client SDK, customers can control which encryption is used. For example, a customer could apply Azure Media Services storage encryption (AES 256) to a high-value media asset before uploading it Azure Blob storage.)
-
-Azure Media Services also generates a thumbnail for the video, which it transmits along with thumbnail metadata to SharePoint Online via an encrypted channel.
enterprise Microsoft 365 Tenant Isolation Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-tenant-isolation-overview.md
Together, the above-listed protections provide robust logical isolation controls
- [Isolation and Access Control in Azure Active Directory](microsoft-365-isolation-in-azure-active-directory.md) - [Tenant Isolation in the Office Graph and Delve](microsoft-365-isolation-in-graph-and-delve.md) - [Tenant Isolation in Microsoft 365 Search](microsoft-365-isolation-in-microsoft-365-search.md)-- [Tenant Isolation in Office 365 Video](microsoft-365-isolation-in-microsoft-365-video.md) - [Resource Limits](/compliance/assurance/assurance-resource-limits) - [Monitoring and Testing Tenant Boundaries](/compliance/assurance/assurance-monitoring-and-testing) - [Isolation and Access Control in Microsoft 365](microsoft-365-isolation-in-microsoft-365.md)
enterprise Routing With Expressroute https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/routing-with-expressroute.md
For Microsoft to route back to your network for these bi-directional traffic flo
When you configure a peering relationship using the Microsoft peering routing domain and are approved for the appropriate access, you'll be able to see all PaaS and SaaS services available over ExpressRoute. The Office 365 services designed for ExpressRoute can be managed with [BGP communities](./bgp-communities-in-expressroute.md) or [route filters](/azure/expressroute/how-to-routefilter-portal).
-Other applications such as Office 365 Video, is an Office 365 application; however, Office 365 Video is comprised of three different components, the portal, the streaming service, and the content delivery network. The portal lives within SharePoint Online, the streaming service lives within Azure Media Services, and the content delivery network lives within the Azure CDN. The following table outlines these components.
-
-|**Component**|**Underlying application**|**Included in SharePoint Online BGP Community?**|**Use**|
-|:--|:--|:--|:--|
-|Office 365 Video portal <br/> |SharePoint Online <br/> |Yes <br/> |Configuration, upload <br/> |
-|Office 365 Video streaming service <br/> |Azure Media Services <br/> |No <br/> |Streaming service, used in the event the video is unavailable from the CDN <br/> |
-|Office 365 Video content delivery network <br/> |Azure CDN <br/> |No <br/> |Primary source of video download/streaming. [Learn more about Office 365 video networking](https://support.office.com/article/Office-365-Video-networking-Frequently-Asked-Questions-FAQ-2bed67a1-4052-49ff-a4ce-b7e6530eb98e). <br/> |
- Each of the Office 365 features that are available using Microsoft peering are listed in the [Office 365 endpoints article](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2) by application type and FQDN. The reason for using the FQDN in the tables is to allow customers to manage traffic using PAC files or other proxy configurations, see our guide to [managing Office 365 endpoints](./managing-office-365-endpoints.md) for example PAC files. In some situations we've used a wildcard domain where one or more sub-FQDNs are advertised differently than the higher-level wildcard domain. This usually happens when the wildcard represents a long list of servers that are all advertised to ExpressRoute and the Internet, while a small subset of destinations is only advertised to the Internet, or the reverse. Refer to the tables below to understand where the differences are.
enterprise Urls And Ip Address Ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
Title: "Office 365 URLs and IP address ranges"
Previously updated : 05/28/2021 Last updated : 06/28/2021 audience: Admin
Office 365 requires connectivity to the Internet. The endpoints below should be
|||| |:--|:--|:--|
-|**Last updated:** 05/28/2021 - ![RSS](../medi#pacfiles) <br/> |
+|**Last updated:** 06/28/2021 - ![RSS](../medi#pacfiles) <br/> |
Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you are using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
managed-desktop Prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/prerequisites.md
Area | Prerequisite details
| Licensing |Microsoft Managed Desktop requires the Microsoft 365 E3 license with Microsoft Defender for Endpoint (or equivalents) assigned to your users.<br>For details about the specific service plans, see [More about licenses](#more-about-licenses) in this topic.<br>For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans). Connectivity | All Microsoft Managed Desktop devices require connectivity to numerous Microsoft service endpoints from the corporate network.<br><br>For the full list of required IPs and URLs, see [Network configuration](../get-ready/network.md).
-Azure Active Directory | Azure Active Directory (Azure AD) must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure AD Connect.<br><br>[Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) must be enabled for Microsoft Managed Desktop users.<br><br>For more information, see [Azure AD Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect).<br><br>For more information on supported Azure AD Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).
+Azure Active Directory | Azure Active Directory (Azure AD) must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure AD Connect.<br><br>For more information, see [Azure AD Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect).<br><br>For more information on supported Azure AD Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).
Authentication | If Azure AD is not the source of primary authentication for user accounts, you must configure one of these in Azure AD Connect:<br>- Password hash synchronization<br>- Pass-through authentication<br>- An external identity provider (including Windows Server ADFS and non-Microsoft IDPs) configured to meet Azure AD integration requirements. See the [guidelines](https://www.microsoft.com/download/details.aspx?id=56843) for more information. <br><br>When setting authentication options with Azure AD Connect, password writeback is also recommended. For more information, see [Password writeback](/azure/active-directory/authentication/howto-sspr-writeback). <br><br>If an external identity provider is implemented, you must validate the solution:<br>- Meets Azure AD integration requirements<br>- Supports Azure AD Conditional Access, which allows the Microsoft Managed Desktop device compliance policy to be configured<br>- Enables device enrollment and use of Microsoft 365 services or features required as part of Microsoft Managed Desktop <br><br>For more information on authentication options with Azure AD, see [Azure AD Connect user sign-in options](/azure/active-directory/connect/active-directory-aadconnect-user-signin). Microsoft 365 | OneDrive for Business must be enabled for Microsoft Managed Desktop users.<br><br>Though it is not required to enroll with Microsoft Managed Desktop, we highly recommended that the following services be migrated to the cloud:<br>- Email: Migrate to cloud-based mailboxes, Exchange online, or configure with Exchange Online Hybrid with Exchange 2013 or higher, on-premises.<br>- Files and folders: Migrate to OneDrive for Business or SharePoint Online.<br>- Online collaboration tools: Migrate to Teams. Device management | Microsoft Managed Desktop devices require management using Microsoft Intune. Intune must be set as the Mobile Device Management authority.<br><br>For more information, see [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune).
managed-desktop Enterprise State Roaming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/enterprise-state-roaming.md
# Enable Enterprise State Roaming
-For the best experience with Microsoft Managed Desktop, enable [Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-overview), which lets users securely synchronize user and application settings data to the cloud. This means they'll have the same experience no matter which Windows device they sign into. For example, if you replace one of their Microsoft Managed Desktop devices with a new one, it will look and behave exactly the same as the last one.
+[Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) lets users securely synchronize user and application settings data to the cloud. This means they'll have the same experience no matter which Windows device they sign into. For example, if you replace one of their Microsoft Managed Desktop devices with a new one, it will look and behave exactly the same as the last one. Enterprise State Roaming is an optional feature for the Microsoft Managed Desktop service that you can configure for your users and isn't included or managed as part of Microsoft Managed Desktop.
-To enable Enterprise State Roaming, follow the steps in [Enable Enterprise State Roaming in Azure Active Directory](/azure/active-directory/devices/enterprise-state-roaming-enable), and then return to this documentation.
-
-If you have any difficulty with Enterprise State Roaming, contact Admin [support](../working-with-managed-desktop/admin-support.md).
+To enable Enterprise State Roaming, follow the steps in [Enable Enterprise State Roaming in Azure Active Directory](/azure/active-directory/devices/enterprise-state-roaming-enable).
## Steps to get started with Microsoft Managed Desktop
If you have any difficulty with Enterprise State Roaming, contact Admin [support
5. Enable Enterprise State Roaming (this topic) 6. [Set up devices](set-up-devices.md) 7. [Get your users ready to use devices](get-started-devices.md)
-8. [Deploy apps](deploy-apps.md)
+8. [Deploy apps](deploy-apps.md)
managed-desktop Technologies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/intro/technologies.md
Microsoft 365 Enterprise licensing is required for all Microsoft Managed Desktop
This article summarizes the components included in the required Enterprise licenses, with a description of how the service uses each component with Microsoft Managed Desktop devices. Specific roles and responsibilities for each area are detailed throughout Microsoft Managed Desktop documentation. ## Office 365 E3 or E5
- |Product |Information
+| Product |Information |
+ |
Microsoft 365 Apps for enterprise (64-bit) | These Office applications will be shipped with the device: Word, Excel, PowerPoint, Outlook, Publisher, Access, Skype for Business, OneNote.<br><br>The 64-bit full versions of Microsoft Project and Microsoft Visio aren't included. However, since the installation of these applications depends on the Microsoft 365 Apps for enterprise installation, Microsoft Managed Desktop has created default Microsoft Intune deployments and security groups that you can then use to deploy these applications to licensed users. For more information, see [Install Microsoft Project or Microsoft Visio on Microsoft Managed Desktop devices](../get-started/project-visio.md). OneDrive |Azure Active Directory Single Sign On is enabled for users when they first sign in to OneDrive.<br><br>Known Folder Redirection for "Desktop", "Document", and "Pictures" folders is included; enabled and configured by Microsoft Managed Desktop. Store Apps | Microsoft Sway and Power BI aren't shipped with the device. These apps are available for download from Microsoft Store.
Win32 Applications | Teams isn't shipped with the device, but is packaged and pr
Web Applications | Yammer, Office in a browser, Delve, Flow, StaffHub, PowerApps, and Planner aren't shipped with the device. Users can access the web version of these applications with a browser. + ## Windows 10 Enterprise E5 or E3 with Microsoft Defender for Endpoint We recommend that your IT admins configure the following settings. These settings aren't included or managed as part of Microsoft Managed Desktop.
- |Product |Information
+Product |Information
+ |
Windows Hello for Business | You should implement Windows Hello for Business to replace passwords with strong two-factor authentication for Microsoft Managed Desktop devices. For more information, see [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification). Application Virtualization | You can deploy Application Virtualization (App-V) packages using the Intune Win32 app management client. For more information, see [Application Virtualization](/windows/application-management/app-v/appv-technical-reference). Microsoft 365 data loss prevention | You should implement Microsoft 365 data loss prevention to monitor the actions that are being taken on items you've determined to be sensitive and to help prevent the unintentional sharing of those items. For more information, see [Microsoft 365 data loss prevention](../../compliance/endpoint-dlp-learn-about.md).
Microsoft 365 data loss prevention | You should implement Microsoft 365 data los
Features included and managed as part of Microsoft Managed Desktop:
- |Product |Information
+Product |Information
+ |
BitLocker Drive Encryption | BitLocker Drive Encryption is used to encrypt all system drives. For more information, see [BitLocker Drive Encryption](/windows/security/information-protection/bitlocker/bitlocker-overview). Windows Defender System Guard | Protects the integrity of the system at startup and validates that system integrity has truly been maintained. For more information, see [Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows). Windows Defender Credential Guard | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. For more information, see [Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows).
User Account Control | User Account Control switches to the Secure Desktop when
## Enterprise Mobility + Security E5
- |Product |Information
- |
+Product |Information
| Enterprise Mobility + Security E3<br>Azure Active Directory Premium P2 | You can use all features of Enterprise Mobility + Security E3 to manage MDM devices. You can use Azure Active Directory Premium P2 as an optional feature with Microsoft Managed Desktop. Microsoft Cloud App Security | You can use this optional feature with Microsoft Managed Desktop.
security Ios Configure Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-configure-features.md
While enabled by default, there might be some cases that require you to disable
Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
+## Configure Microsoft Defender for Endpoint risk signal in app protection policy (MAM)
+
+Microsoft Defender for Endpoint can be configured to send threat signals to be used in App Protection Policies (APP, also known as MAM) on iOS/iPadOS. With this capability, you can use Microsoft Defender for Endpoint to protect access to corporate data from unenrolled devices as well.
+
+Steps to setup app protection policies with Microsoft Defender for Endpoint are as below:
+
+1. Set up the connection from your Microsoft Endpoint Manager tenant to Microsoft Defender for Endpoint. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Tenant Administration** > **Connectors and tokens** > **Microsoft Defender for Endpoint** (under Cross platform) or **Endpoint Security** > **Microsoft Defender for Endpoint** (under Setup) and turn on the toggles under **App Protection Policy Settings for iOS**.
+1. Select Save. You should see **Connection status** is now set to **Enabled**.
+1. Create app protection policy: After your Microsoft Defender for Endpoint connector setup is complete, navigate to **Apps** > **App protection policies** (under Policy) to create a new policy or update an existing one.
+1. Select the platform, **Apps, Data protection, Access requirements** settings that your organization requires for your policy.
+1. Under **Conditional launch** > **Device conditions**, you will find the setting **Max allowed device threat level**. This will need to be configured to either Low, Medium, High, or Secured. The actions available to you will be **Block access** or **Wipe data**. You may see an informational dialog to make sure you have your connector set up prior to this setting take effect. If your connector is already set up, you may ignore this dialog.
+1. Finish with Assignments and save your policy.
+
+For more details on MAM or app protection policy, see [iOS app protection policy settings](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-ios).
+
+### Deploying Microsoft Defender for Endpoint for MAM or on unenrolled devices
+
+Microsoft Defender for Endpoint on iOS enables the App Protection Policy scenario and is available in the Apple app store.
+
+End-users should install the latest version of the app directly from the Apple app store.
## Configure compliance policy against jailbroken devices
Follow the steps below to create a compliance policy against jailbroken devices.
> [!div class="mx-imgBorder"] > ![Policy Settings](images/ios-jb-settings.png)
-4. In the *Action for noncompliance* section, select the actions as per your requirements and select **Next**.
+4. In the **Action for noncompliance** section, select the actions as per your requirements and select **Next**.
> [!div class="mx-imgBorder"] > ![Policy Actions](images/ios-jb-actions.png)
-5. In the *Assignments* section, select the user groups that you want to include for this policy and then select **Next**.
+5. In the **Assignments** section, select the user groups that you want to include for this policy and then select **Next**.
6. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. ## Configure custom indicators
security Ios Troubleshoot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-troubleshoot.md
While enabled by default, there might be some cases that require you to disable
> [!NOTE] > Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**.
-## Issues with multiple VPN profiles
+## Co-existence with multiple VPN profiles
Apple iOS does not support multiple **device-wide** VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
Also, the VPN used is a local VPN and unlike a traditional VPN, network traffic
## Data usage
-Microsoft Defender for Endpoint uses a local/loopback VPN to check web traffic for any malicious websites or connections. Due to this reason, Microsoft Defender for Endpoint data usage can be inaccurately accounted for. The actual data usage by Microsoft Defender for Endpoint is not significant and lesser than what is shown on the Data Usage Settings on the device.
+Microsoft Defender for Endpoint uses a local/loopback VPN to check web traffic for any malicious websites or connections. Due to this reason, Microsoft Defender for Endpoint data usage can be inaccurately accounted for. We have also observed that if the device is on cellular network only, the data usage reported by service provider is very close to the actual consumption whereas in the Settings app, Apple shows about 1.5x to 2x of actual data consumed.
+
+We have similar observations with other VPN services as well and have reported this to Apple.
+
+In addition, it is critical for Microsoft Defender for Endpoint to be up to date with our backend services to provide better protection. However, we are working on optimizing the data usage by Microsoft Defender for Endpoint.
## Report unsafe site
security Linux Install Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-install-manually.md
In order to preview new features and provide early feedback, it is recommended t
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/prod.repo ```
- Or if you wish to explore new features on selected devices, you might want to deploy MDE for Linux to *insiders-fast* channel:
+ Or if you wish to explore new features on selected devices, you might want to deploy Microsoft Defender for Endpoint on Linux to *insiders-fast* channel:
```bash sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/insiders-fast.repo
In order to preview new features and provide early feedback, it is recommended t
sudo zypper addrepo -c -f -n microsoft-[channel] https://packages.microsoft.com/config/[distro]/[version]/[channel].repo ```
- For example, if you are running SLES 12 and wish to deploy MDE for Linux from the *prod* channel:
+ For example, if you are running SLES 12 and wish to deploy Microsoft Defender for Endpoint on Linux from the *prod* channel:
```bash sudo zypper addrepo -c -f -n microsoft-prod https://packages.microsoft.com/config/sles/12/prod.repo
When upgrading your operating system to a new major version, you must first unin
## How to migrate from Insiders-Fast to Production channel
-1. Uninstall the ΓÇ£Insiders-Fast channelΓÇ¥ version of MDE for Linux.
+1. Uninstall the ΓÇ£Insiders-Fast channelΓÇ¥ version of Defender for Endpoint on Linux.
`` sudo yum remove mdatp ``
-1. Disable the MDE for Linux Insiders-Fast repo
+1. Disable the Defender for Endpoint on Linux Insiders-Fast repo
`` sudo yum repolist ``
security Linux Update MDE Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-update-MDE-Linux.md
Type ΓÇ£:wqΓÇ¥ w/o the double quotes.
To view your cron jobs, type `sudo crontab -l` To inspect cron job runs: `sudo grep mdatp /var/log/cron`
security Mac Install With Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-intune.md
This profile contains a license information for Microsoft Defender for Endpoint,
> [!div class="mx-imgBorder"] > ![Custom Configuration Profile creation](images/mdatp-6-systemconfigurationprofiles-1.png)
-1. Choose a name for the profile, e.g., "MDE onboarding for macOS". Click **Next**.
+1. Choose a name for the profile, e.g., "Defender or Endpoint onboarding for macOS". Click **Next**.
> [!div class="mx-imgBorder"] > ![Custom Configuration Profile - name](images/mdatp-6-systemconfigurationprofiles-2.png)
-1. Choose a name for the configuration profile name, e.g., "MDE onboarding for macOS".
+1. Choose a name for the configuration profile name, e.g., "Defender for Endpoint onboarding for macOS".
1. Select intune/WindowsDefenderATPOnboarding.xml that you extracted from the onboarding package above as configuration profile file. > [!div class="mx-imgBorder"]
This profile is needed for macOS 10.15 (Catalina) or older. It will be ignored o
Download [**fulldisk.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/fulldisk.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
-Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "MDE Full Disk Access" as profile name, and downloaded **fulldisk.mobileconfig** as Configuration profile name.
+Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "Defender for Endpoint Full Disk Access" as profile name, and downloaded **fulldisk.mobileconfig** as Configuration profile name.
### Network Filter
As part of the Endpoint Detection and Response capabilities, Microsoft Defender
Download [**netfilter.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
-Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "MDE Network Filter" as profile name, and downloaded **netfilter.mobileconfig** as Configuration profile name.
+Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "Defender for Endpoint Network Filter" as profile name, and downloaded **netfilter.mobileconfig** as Configuration profile name.
### Notifications
This profile is used to allow Microsoft Defender for Endpoint on macOS and Micro
Download [**notif.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
-Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "MDE Notifications" as profile name, and downloaded **notif.mobileconfig** as Configuration profile name.
+Follow the instructions for [Onboarding blob](#onboarding-blob) from above, using "Defender for Endpoint Notifications" as profile name, and downloaded **notif.mobileconfig** as Configuration profile name.
### View Status
security Microsoft Defender Endpoint Ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios.md
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-**Microsoft Defender for Endpoint on iOS** will offer protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft Defender Security Center. The portal gives security teams a centralized view of threats on
-iOS devices along with other platforms.
+**Microsoft Defender for Endpoint on iOS** offers protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft Defender Security Center. The portal gives security teams a centralized view of threats on iOS devices along with other platforms.
> [!CAUTION] > Running other third-party endpoint protection products alongside Defender for Endpoint on iOS is likely to cause performance problems and unpredictable system errors.
iOS devices along with other platforms.
- Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](/microsoft-365/security/defender-endpoint/minimum-requirements#licensing-requirements). -- Device(s) are [enrolled](/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license.
+- **For enrolled devices**: Device(s) are [enrolled](/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license.
- Intune Company Portal app can be downloaded from the [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358). - Note that Apple does not allow redirecting users to download other apps from the app store and hence this step needs to be done by the user before onboarding to Microsoft Defender for Endpoint app.
+- **For unenrolled devices**: Device(s) are registered with Azure Active Directory. This requires end user to be signed in through [Microsoft Authenticator app](https://apps.apple.com/app/microsoft-authenticator/id983156458).
+ - For more information on how to assign licenses, see [Assign licenses to users](/azure/active-directory/users-groups-roles/licensing-groups-assign). **For Administrators** - Access to the Microsoft Defender Security Center portal.
+- Access to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization.
+ > [!NOTE] > Microsoft Intune is the only supported Unified Endpoint Management (UEM) solution for deploying Microsoft Defender for Endpoint and enforcing Defender for Endpoint related device compliance policies in Intune. -- Access to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization.- **System Requirements** -- iOS devices running iOS 11.0 and above. iPad devices are officially supported from version 1.1.15010101 onward.
+- iOS device running iOS 11.0 and above. iPad devices are officially supported from version 1.1.15010101 onward.
-- Device is enrolled with the [Intune Company Portal app](https://apps.apple.com/us/app/intune-company-portal/id719171358).
+- Device is either enrolled with the [Intune Company Portal app](https://apps.apple.com/us/app/intune-company-portal/id719171358) or registered with Azure Active Directory through [Microsoft Authenticator](https://apps.apple.com/app/microsoft-authenticator/id983156458).
## Installation instructions
-Deployment of Microsoft Defender for Endpoint on iOS is via Microsoft Intune (MDM) and both supervised and unsupervised devices are supported. End-users can also directly install the app from the [Apple app store](https://aka.ms/mdatpiosappstore).
+Deployment of Microsoft Defender for Endpoint on iOS can be done via Microsoft Endpoint Manager (MEM) and both supervised and unsupervised devices are supported. End-users can also directly install the app from the [Apple app store](https://aka.ms/mdatpiosappstore).
For more information, see [Deploy Microsoft Defender for Endpoint on iOS](ios-install.md). ## Resources
security Troubleshoot Asr Rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-asr-rules.md
Here's a screenshot from the Microsoft 365 security center (under **Reports** >
One of the most powerful features of Microsoft Defender for Endpoint is advanced hunting. If you're unfamiliar with advanced hunting, refer [proactively hunt for threats with advanced hunting](advanced-hunting-overview.md).
-Advanced hunting is a query-based (Kusto Query Language) threat-hunting tool that lets you explore up to 30 days of the captured (raw) data, that MDE Endpoint Detection and Response (EDR) collects from all your machines. Through advanced hunting, you can proactively inspect events to locate interesting indicators and entities. The flexible access to data helps unconstrained hunting for both known and potential threats.
+Advanced hunting is a query-based (Kusto Query Language) threat-hunting tool that lets you explore up to 30 days of the captured (raw) data, that Defender for Endpoint collects from your devices. Through advanced hunting, you can proactively inspect events to locate interesting indicators and entities. The flexible access to data helps unconstrained hunting for both known and potential threats.
Through advanced hunting, it's possible to extract ASR rules information, create reports, and get in-depth information on the context of a given ASR rule audit or block event.
security Tvm Supported Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-supported-os.md
Windows Server 2008 R2 | Yes | Yes | Yes | Yes | Yes
Windows Server 2012 R2 | Yes | Yes | Yes | Yes | Yes Windows Server 2016 | Yes | Yes | Yes | Yes | Yes Windows Server 2019 | Yes | Yes | Yes | Yes | Yes
-macOS 10.14 "Mojave" and above | Yes | Yes | Yes (preview) | Yes (preview) | Yes (preview)
-Red Hat Enterprise Linux 7.2 or higher **(preview)** (\* See "Important" notice below) | Yes | Yes | Yes | Yes | Yes
-CentOS 7.2 or higher **(preview)** | Yes | Yes | Yes | Yes | Yes
-Ubuntu 16.04 LTS or higher LTS **(preview)** | Yes | Yes | Yes | Yes | Yes
-Oracle Linux 7.2 or higher **(preview)** | Yes | Yes | Yes | Yes | Yes
+macOS 10.14 "Mojave" and above | Yes | Yes | Yes | Yes | Yes
+Red Hat Enterprise Linux 7.2 or higher (\* See "Important" notice below) | Yes | Yes | Yes | Yes | Yes
+CentOS 7.2 or higher | Yes | Yes | Yes | Yes | Yes
+Ubuntu 16.04 LTS or higher LTS | Yes | Yes | Yes | Yes | Yes
+Oracle Linux 7.2 or higher | Yes | Yes | Yes | Yes | Yes
+SUSE Linux Enterprise Server 12 or higher | Yes | Yes | Yes | Yes | Yes
>[!IMPORTANT] > \* Red Hat Enterprise Linux:
security First Incident Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-prepare.md
Microsoft 365 Defender can help address several aspects of incident prevention:
[Zero Trust](/security/zero-trust/) is an integrated security philosophy and end-to-end strategy that considers the complex nature of any modern environment, including the mobile workforce and the users, devices, applications and data, wherever they may be located. By providing a single pane of glass to manage all detections in a consistent way, Microsoft 365 Defender can make it easier for your security operations team to implement the [guiding principles](/security/zero-trust/#guiding-principles-of-zero-trust) of Zero Trust.
-Components of Microsoft 365 Defender can display violations of rules that have been implemented to establish Conditional Access policies for Zero Trust by integrating data from Microsoft Defender for Endpoint (MDE) or other mobile security vendors as an information source for device compliance policies and implementation of device-based Conditional Access policies.
+Components of Microsoft 365 Defender can display violations of rules that have been implemented to establish Conditional Access policies for Zero Trust by integrating data from Microsoft Defender for Endpoint or other mobile security vendors as an information source for device compliance policies and implementation of device-based Conditional Access policies.
Device risk directly influences what resources will be accessible by the user of that device. The denial of access to resources based on certain criteria is the main theme of Zero Trust and Microsoft 365 Defender provides information needed to determine the trust level criteria. For example, Microsoft 365 Defender can provide the software version level of a device through the Threat and Vulnerability Management page while Conditional Access policies restrict devices that have outdated or vulnerable versions.
security Overview Security Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/overview-security-center.md
If you need information about what's changed from the Office 365 Security & Comp
- [Defender for Endpoint in Microsoft 365 Defender](microsoft-365-security-center-mde.md) > [!NOTE]
-> The Microsoft 365 security portal uses and enforces existing roles-based access, and will move each security model into the unified portal. Each converged workload (such as MDO or MDE) has its own roles-based access. The roles already in the products will be converged into the Microsoft 365 security portal, automatically. However, roles and permissions for MCAS will still handled over in MCAS.
+> The Microsoft 365 security portal uses and enforces existing roles-based access, and will move each security model into the unified portal. Each converged workload has its own roles-based access. The roles already in the products will be converged into the Microsoft 365 security portal, automatically. However, roles and permissions for MCAS will still handled over in MCAS.
## What to expect
Microsoft 365 Defender emphasizes *unity, clarity, and common goals* as it merge
- Feature parity with other workloads > [!NOTE]
-> Microsoft 365 Defender will be accessible without any need for customers to take migration steps or purchase a new license. For example, this new portal will be accessible to administrators with an E3 subscription, just as it is to those with Microsoft Defender for Office 365 Plan 1 and Plan 2; however, Exchange Online Protection, or MDO Plan 1 customers will see only the security features their subscription license supports. The goal of the new center is to centralize security.
+> Microsoft 365 Defender will be accessible without any need for customers to take migration steps or purchase a new license. For example, this new portal will be accessible to administrators with an E3 subscription, just as it is to those with Microsoft Defender for Office 365 Plan 1 and Plan 2; however, Exchange Online Protection, or Defender for Office 365 Plan 1 customers will see only the security features their subscription license supports. The goal of the new center is to centralize security.
## Unified investigations
Track and respond to emerging threats with the following Microsoft 365 Defender
Microsoft 365 security center includes a learning hub that bubbles up official guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation at docs.microsoft.com.
-Inside the learning hub, Email & Collaboration (Microsoft Defender for Office 365 or MDO) guidance is side-by-side with Endpoint (Microsoft Defender for Endpoint or MDE), and Microsoft 365 Defender learning resources.
+Inside the learning hub, Email & Collaboration (Microsoft Defender for Office 365) guidance is side-by-side with Endpoint (Microsoft Defender for Endpoint) and Microsoft 365 Defender learning resources.
The learning hub opens with Learning paths organized around topics such as ΓÇ£How to Investigate Using Microsoft 365 Defender?ΓÇ¥ and ΓÇ£Microsoft Defender for Office 365 Best PracticesΓÇ¥. This section is currently curated by the security Product Group inside Microsoft. Each Learning path reflects a projected time it takes to get through the concepts. For example 'Steps to take when a Microsoft Defender for Office 365 user account is compromised' is projected to take 8 minutes, and is valuable learning on the fly.
security About Defender For Office 365 Trial https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/about-defender-for-office-365-trial.md
A trial allows organizations to easily set up and configure the Defender for Off
By default, these policies are scoped to all users in the organization, but admins can customize the policies during or after setup so they apply only to specific users.
-During setup, MDO response functionality (found in MDO P2 or equivalent) is also set up for the entire organization. No policy scoping is required.
+During setup, Defender for Office 365 response functionality (found in Defender for Office 365 P2 or equivalent) is also set up for the entire organization. No policy scoping is required.
## Licensing
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
For other ways to submit email messages, URLs, and attachments to Microsoft, see
- To submit messages and files to Microsoft, you need to be a member of one of the following role groups: - **Organization Management** or **Security Reader** in the [Microsoft 365 Defender portal](permissions-microsoft-365-security-center.md).
- - **Organization Management** in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups).
-
+
Note that membership in this role group is required to [View user submissions to the custom mailbox](#view-user-submissions-to-microsoft) as described later in this article. - For more information about how users can submit messages and files to Microsoft, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
security Anti Spam And Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection.md
The following table contains links to topics that explain settings that are comm
|[Anti-spam message headers](anti-spam-message-headers.md)|Describes the anti-spam fields placed in Internet headers, which can help provide administrators with information about the message and about how it was processed.| |[Order and precedence of email protection](how-policies-and-protections-are-combined.md)|| |[Zero-hour auto purge (ZAP) - protection against spam and malware](zero-hour-auto-purge.md)||
-|[Safety tips in email messages](safety-tips-in-office-365.md)||
|[Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md)|| |[Use the delist portal to remove yourself from the Microsoft 365 blocked senders list](use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis.md)|| |
security Configure Your Spam Filter Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-your-spam-filter-policies.md
Creating a custom anti-spam policy in the Microsoft 365 Defender portal creates
|Action|Spam|High<br>confidence<br>spam|Phishing|High<br>confidence<br>phishing|Bulk| ||::|::|::|::|::|
- |**Move message to Junk Email folder**: The message is delivered to the mailbox and moved to the Junk Email folder.<sup>1</sup>|![Check mark](../../media/checkmark.png)<sup>\*</sup>|![Check mark](../../media/checkmark.png)<sup>\*</sup>|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)<sup>\*</sup>|
+ |**Move message to Junk Email folder**: The message is delivered to the mailbox and moved to the Junk Email folder.<sup>1</sup>|![Check mark](../../media/checkmark.png)<sup>\*</sup>|![Check mark](../../media/checkmark.png)<sup>\*</sup>|![Check mark](../../media/checkmark.png)||![Check mark](../../media/checkmark.png)<sup>\*</sup>|
|**Add X-header**: Adds an X-header to the message header and delivers the message to the mailbox. <p> You enter the X-header field name (not the value) later in the **Add this X-header text** box. <p> For **Spam** and **High confidence spam** verdicts, the message is moved to the Junk Email folder.<sup>1,2</sup>|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)||![Check mark](../../media/checkmark.png)<sup>\*</sup>| |**Prepend subject line with text**: Adds text to the beginning of the message's subject line. The message is delivered to the mailbox and moved to the Junk email folder.<sup>1,2</sup> <p> You enter the text later in the **Prefix subject line with this text** box.|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)||![Check mark](../../media/checkmark.png)| |**Redirect message to email address**: Sends the message to other recipients instead of the intended recipients. <p> You specify the recipients later in the **Redirect to this email address** box.|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|
Creating a custom anti-spam policy in the Microsoft 365 Defender portal creates
- **Redirect to this email address**: This box is required and available only if you selected the **Redirect message to email address** as the action for a spam filtering verdict. Enter the email address where you want to deliver the message. You can enter multiple values separated by semicolons (;).
- - **Enable safety Tips**: By default, Safety Tips are enabled, but you can disable them by clearing the checkbox. For more information about Safety Tips, see [Safety tips in email messages](safety-tips-in-office-365.md).
+ - **Enable safety Tips**: By default, Safety Tips are enabled, but you can disable them by clearing the checkbox.
- **Enable zero-hour auto purge (ZAP)**: ZAP detects and takes action on messages that have already been delivered to Exchange Online mailboxes. For more information, see [Zero-hour auto purge - protection against spam and malware](zero-hour-auto-purge.md).
security Mdo Email Entity Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-email-entity-page.md
Title: "The Microsoft Defender for Office 365 (MDO) email entity page"
+ Title: "The Microsoft Defender for Office 365 email entity page"
f1.keywords: - NOCSH
description: Microsoft Defender for Office 365 E5 and P1 and P2 customers can no
- [Use email entity page tabs](#use-email-entity-page-tabs) - [New to the email entity page](#new-to-the-email-entity-page)
-Admins of Microsoft Defender for Office 365 (or MDO) E5, and MDO P1 and P2 have a 360-degree view of email using the **Email entity page**. This go-to email page was created to enhance information delivered on the [Threat Explorer 'email details' fly-out](threat-explorer-views.md).
+Admins of Microsoft Defender for Office 365 E5, and Defender for Office P1 and P2 have a 360-degree view of email using the **Email entity page**. This go-to email page was created to enhance information delivered on the [Threat Explorer 'email details' fly-out](threat-explorer-views.md).
## Reach the email entity page
-The email entity page is available in the Microsoft 365 defender portal (<https://security.microsoft.com>) at **Email & collaboration** \> **Explorer**. Or, to go directly to the **Explorer** page, use <https://security.microsoft.com/threatexplorer>.
+The email entity page is available in the Microsoft 365 Defender portal (<https://security.microsoft.com>) at **Email & collaboration** \> **Explorer**. Or, to go directly to the **Explorer** page, use <https://security.microsoft.com/threatexplorer>.
In **Explorer**, select the subject of an email you're investigating. A gold bar will display at the top of the email fly-out for that mail. This invitation to the new page, reads 'Try out our new email entity page with enriched data...'. Select to view the new page.
security Office 365 Evaluation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-evaluation.md
With evaluation mode,ΓÇ»[Safe Attachments](safe-attachments.md),ΓÇ»[Safe Links](
As part of the setup, evaluation mode also configuresΓÇ»[Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors). It improves filtering accuracy by preserving IP address and sender information, which are otherwise lost when mail passes through an email security gateway (ESG) in front of Defender for Office 365. Enhanced Filtering for Connectors also improves the filtering accuracy for your existing Exchange Online Protection (EOP) anti-spam and anti-phishing policies.
-Enhanced Filtering for Connectors improves filtering accuracy but may alter deliverability for certain messages if you have an ESG in front of Defender for Office 365, and currently do not bypass EOP filtering. The impact is limited to EOP policies; MDO policies set up as part of the evaluation are created in non-enforcement mode. To minimize potential production impact, you can bypass all EOP filtering by creating a mail flow rule (also known as a transport rule) to set the spam confidence level (SCL) of messages to -1. See [Use mail flow rules to set the spam confidence level (SCL) in messages in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl) for details.
+Enhanced Filtering for Connectors improves filtering accuracy but may alter deliverability for certain messages if you have an ESG in front of Defender for Office 365, and currently do not bypass EOP filtering. The impact is limited to EOP policies; Defender for Office 365 policies set up as part of the evaluation are created in non-enforcement mode. To minimize potential production impact, you can bypass all EOP filtering by creating a mail flow rule (also known as a transport rule) to set the spam confidence level (SCL) of messages to -1. See [Use mail flow rules to set the spam confidence level (SCL) in messages in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl) for details.
When the evaluation mode is set up, you will have a report updated daily with up to 90 days of data quantifying the messages that would have been blocked if the policies were implemented (for example, delete, send to junk, quarantine). Reports are generated for all Defender for Office 365 and EOP detections. They are aggregated per detection technology (for example, impersonation) and can be filtered by time range. Additionally, message reports can be created on-demand to create custom pivots or to deep dive messages using Explorer.
security Protection Stack Microsoft Defender For Office365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365.md
Edge blocks are designed to be automatic. In the case of false positive, senders
Features in sender intelligence are critical for catching spam, bulk, impersonation, and unauthorized spoof messages, and also factor into phish detection. Most of these features are individually configurable. 1. **Account compromise detection** triggers and alerts are raised when an account has anomalous behavior, consistent with compromise. In some cases, the user account is blocked and prevented from sending any further email messages until the issue is resolved by an organization's security operations team.
The last stage takes place after mail or file delivery, acting on mail that is i
The final diagram (as with all parts of the diagram composing it) *is subject to change as the product grows and develops*. Bookmark this page and use the **feedback** option you'll find at the bottom if you need to ask after updates. For your records, this is the the stack with all the phases in order: ## More information
security Safety Tips In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safety-tips-in-office-365.md
- Title: Safety tips in email messages
- - NOCSH
--- Previously updated : --
-localization_priority: Normal
- - MET150
- - BCS160
-
- - M365-security-compliance
-description: Learn about how EOP and Office 365 protect you with spam, phishing, and malware prevention by adding a safety tip to the top of emails.
---
-# Safety tips in email messages
--
-**Applies to**
-- [Exchange Online Protection](exchange-online-protection-overview.md)-- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)-- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)-
-Exchange Online Protection (EOP) and Microsoft 365 protect you with spam, phishing, and malware prevention. Today, some of these attacks are so well crafted that they look legitimate. Sending messages to the Junk Email folder isn't always enough. Now, when you check your email in Outlook or Outlook on the web or any email client, EOP automatically checks the sender and adds a safety tip to the top of the email.
-
-Safety tips in Outlook do not depend on what version of Outlook you're using because the safety tip is cracked open and inserted directly into the message body. This means that the safety tip will show up in whatever email client you're using. It's done at the email filter level and not rendered at the mail client level, so not only does it show up in any version of Outlook, it also shows up in any email client.
-
-The safety tip -- a color-coded message -- will warn you about potentially harmful messages. Most messages in your inbox won't have a safety tip. You'll only see them when EOP and Microsoft 365 have information you need to help prevent spam, phishing, and malware attacks. If safety tips do show up on in your inbox, you can use the following examples to learn more about each type of safety tip.
--- Suspicious mail (red safety tip).-
- ![Screenshot that shows a red safety tip.](../../media/5078a0be-e556-44a1-b169-09d780d26898.png)
-
- A red safety tip in an email means that the message you received contains something suspicious, such as a phishing scam. We recommend that you delete this kind of email message from your inbox without opening it.
--- Safe mail (green safety tip).-
- ![Screenshot that shows a green safety tip.](../../media/acbc11d0-f626-4848-9fbf-66eeeda3f803.png)
-
- In addition to unsafe messages, we'll also tell you about valid messages from senders we trust with a green safety tip. A green safety tip in an email means that we checked the sender of the message and verified that it's safe. Microsoft maintains this list of trusted senders which includes financial organizations and others that are frequently spoofed or impersonated.
-
-## Working with safety tips
-
-Admins can turn safety tips on or off in anti-spam policies. For more information, see [Configure anti-spam policies in Office 365](configure-your-spam-filter-policies.md).
-
-If you disagree with how EOP categorized a message (that is, the message is not spam or it should have been marked as spam), you can submit the messages to Microsoft for analysis to help make your experience better. For instructions, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md). You can also click on the Feedback link in the safety tip to submit comments directly to Microsoft to help us improve.
security Threat Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer.md
With this report, you can:
## Improvements to Threat Hunting Experience
-### Introduction of Alert ID for MDO alerts within Explorer/Real-time detections (Preview)
+
+### Introduction of Alert ID for Defender for Office 365 alerts within Explorer/Real-time detections
Today, if you navigate from an alert to Threat Explorer, it opens a filtered view within the Explorer, with the view filtered by Alert policy ID (policy ID being a unique identifier for an Alert policy). We are making this integration more relevant by introducing the alert ID (see an example of alert ID below) in Threat Explorer and Real-time detections so that you see messages which are relevant to the specific alert, as well as a count of emails. You will also be able to see if a message was part of an alert, as well as navigate from that message to the specific alert.
Alert ID is available within the URL when you are viewing an individual alert; a
> [!div class="mx-imgBorder"] > ![Alert ID in details flyout](../../media/AlertID-DetailsFlyout.png)
-### Extending the Explorer (and Real-time detections) data retention and search limit for trial tenants from 7 to 30 days (Preview)
+### Extending the Explorer (and Real-time detections) data retention and search limit for trial tenants from 7 to 30 days
As part of this change, you will be able to search for, and filter email data across 30 days (an increase from the previous 7 days) in Threat Explorer/Real-time detections for both Defender for Office P1 and P2 trial tenants. This does not impact any production tenants for both P1 and P2/E5 customers, which already has the 30 day data retention and search capabilities.
-### Updated limits for Export of records for Threat Explorer (Preview)
+### Updated limits for Export of records for Threat Explorer
As part of this update, the number of rows for Email records that can be exported from Threat Explorer is increased from 9990 to 200,000 records. The set of columns that can be exported currently will remain the same, but the number of rows will increase from the current limit.