Updates from: 06/04/2021 03:38:25
Category Microsoft Docs article Related commit history on GitHub Change details
admin Remove Former Employee Step 7 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-7.md
If your organization synchronizes user accounts to Microsoft 365 from a local Ac
To learn how to delete and restore user account in Active Directory, see [Delete a User Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753730(v=ws.11)).
-If you're using Azure Active Directory, see the [Remove-MsolUser](https://go.microsoft.com/fwlink/?linkid=842230) PowerShell cmdlet.
+If you're using Azure Active Directory, see the [Remove-MsolUser](/powershell/module/msonline/remove-msoluser) PowerShell cmdlet.
## What you need to know about terminating an employee's email session
admin Restore User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/restore-user.md
Here are a couple of tips:
- Make sure licenses are available to assign to the account. -- If your business uses Active Directory, see [How to troubleshoot deleted user accounts in Office 365](/office365/troubleshoot/active-directory/restore-deleted-user-accounts.md) for instructions on restoring a user account.
+- If your business uses Active Directory, for instrutcions on restoring a user account, see [How to troubleshoot deleted user accounts in Office 365](/office365/troubleshoot/active-directory/restore-deleted-user-accounts).
## Restore one or more user accounts
admin Buy A Domain Name https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/buy-a-domain-name.md
description: "Learn how to buy a domain name in Microsoft 365."
# Buy a domain name > [!NOTE]
-> If your organization uses Office 365 operated by 21Vianet in China, see [How to buy a domain for Office 365 operated by 21Vianet in China](/buy-a-domain-name?view=o365-21vianet#how-to-buy-a-domain-for-office-365-operated-by-21vianet.md).
+> If your organization uses Office 365 operated by 21Vianet in China, see [How to buy a domain for Office 365 operated by 21Vianet in China](#how-to-buy-a-domain-for-office-365-operated-by-21vianet).
*To Add, modify or remove domains you **must** be a **Global Administrator** of a [business or enterprise plan](https://products.office.com/business/office). These changes affect the whole tenant, *Customized administrators* or *regular users* won't be able to make these changes.*
Request the transfer at the registrar that you want to move your domain to. Look
::: moniker range="o365-21vianet"
-## How to buy a domain for Office 365 operated by 21Vianet
-
+## How to buy a domain for Office 365 operated by 21Vianet
If you don't already have your own domain, you can easily buy one online at a domain name registrar, domain reseller, or even at your current Internet provider. You get a domain name when you sign up for Office 365 operated by 21Vianet, for example, contoso.partner.onmschina.cn. But you may want to use a custom domain name, like fourthcoffee.com.
admin Centralized Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-of-add-ins.md
Check with your organization's Exchange admin to find out which configuration is
### Centralized Deployment Compatibility Checker
-Using the Centralized Deployment Compatibility Checker, you can verify whether the users on your tenant are set up to use Centralized Deployment for Word, Excel and PowerPoint. The Compatibility Checker is not required for Outlook support. Download the compatibility checker [here](https://aka.ms/officeaddindeploymentorgcompatibilitychecker).
+Using the Centralized Deployment Compatibility Checker, you can verify whether the users on your tenant are set up to use Centralized Deployment for Word, Excel and PowerPoint. The Compatibility Checker is not required for Outlook support. Download the [compatibility checker](https://aka.ms/officeaddindeploymentorgcompatibilitychecker).
#### Run the compatibility checker
If you or your users encounter problems loading the add-in while using Office ap
|**Platform**|**Debug information**| |:--|:--|
-|Office <br/> | Charles/Fiddler logs <br/> Tenant ID ( [learn how](/onedrive/find-your-office-365-tenant-id.md)) <br/> CorrelationID. View the source of one of the office pages and look for the Correlation ID value and send it to support: <br/>`<input name=" **wdCorrelationId**" type="hidden" value=" **{BC17079E-505F-3000-C177-26A8E27EB623}**">` <br/> `<input name="user_id" type="hidden" value="1003bffd96933623"></form>` <br/> |
+|Office <br/> | Charles/Fiddler logs <br/> Tenant ID ( [learn how](/onedrive/find-your-office-365-tenant-id)) <br/> CorrelationID. View the source of one of the office pages and look for the Correlation ID value and send it to support: <br/>`<input name=" **wdCorrelationId**" type="hidden" value=" **{BC17079E-505F-3000-C177-26A8E27EB623}**">` <br/> `<input name="user_id" type="hidden" value="1003bffd96933623"></form>` <br/> |
|Rich clients (Windows, Mac) <br/> | Charles/Fiddler logs <br/> Build numbers of the client app (preferably as a screenshot from **File/Account**) <br/> | ## Related content
admin Manage Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
For more information on how to determine if your organization can support Centra
To learn more about managing add-ins after deployment, see [Manage add-ins in the admin center](manage-addins-in-the-admin-center.md) > [!NOTE]
-> For Word, Excel and PowerPoint use a [SharePoint App Catalog](https://dev.office.com/docs/add-ins/publish/publish-task-pane-and-content-add-ins-to-an-add-in-catalog) to deploy add-ins to users in an on-premises environment with no connection to Microsoft 365 and/or support for SharePoint add-ins required. For Outlook use Exchange control panel to deploy in an on-premises environment without a connection to Microsoft 365.
+> For Word, Excel and PowerPoint use a [SharePoint App Catalog](/office/dev/add-ins/publish/publish-task-pane-and-content-add-ins-to-an-add-in-catalog) to deploy add-ins to users in an on-premises environment with no connection to Microsoft 365 and/or support for SharePoint add-ins required. For Outlook use Exchange control panel to deploy in an on-premises environment without a connection to Microsoft 365.
## Recommended approach for deploying Office add-ins
admin Manage Microsoft Rewards https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-microsoft-rewards.md
This feature is not available for Government users. Administrators should ensure
## Related content
-[Set up Microsoft Search](/microsoftsearch/setup-microsoft-search.md) (article)
+[Set up Microsoft Search](/microsoftsearch/setup-microsoft-search) (article)
[Top 12 tasks for security teams to support working from home](../../security/top-security-tasks-for-remote-work.md) (article)
-[What's new in Microsoft 365](https://support.microsoft.com/en-us/office/what-s-new-in-microsoft-365-95c8d81d-08ba-42c1-914f-bca4603e1426) (article)
+[What's new in Microsoft 365](https://support.microsoft.com/office/what-s-new-in-microsoft-365-95c8d81d-08ba-42c1-914f-bca4603e1426) (article)
admin Communication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/communication.md
After people have been active in the above products at least once in the last 28
## Why your organizationΓÇÖs Communication score matters
-Microsoft understands that people have different communication needs. To get a quick response to a question, you might choose to send an instant message. If you want to send status updates to your leadership, you may choose an email message. To reach a broader audience, you may choose to post a community message. Microsoft 365 enables this flexibility in communication modes to fit everyone's needs. Research shows that using real-time communication tools creates a more unified organization and builds morale, regardless of location. [See the evidence](https://go.microsoft.com/fwlink/?linkid=2127669).
+Microsoft understands that people have different communication needs. To get a quick response to a question, you might choose to send an instant message. If you want to send status updates to your leadership, you may choose an email message. To reach a broader audience, you may choose to post a community message. Microsoft 365 enables this flexibility in communication modes to fit everyone's needs. Research shows that using real-time communication tools creates a more unified organization and builds morale, regardless of location.
## How we calculate the communication score
admin Content Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/content-collaboration.md
For more information, see [assign licenses to users](../manage/assign-licenses-t
## Why your organization&#39;s content collaboration score matters
-A key aspect of digital transformation is how people collaborate in files. With your content on Microsoft 365, people access, create, modify, and collaborate on content with other people from any location. Research shows that when people collaborate with online files, each person saves an average of 100 minutes per week. [See the evidence](https://vc2prod.blob.core.windows.net/vc-resources/TEIStudies/TEI%20of%20Microsoft%20365%20E5%20-%20Oct%202018.pdf).
+A key aspect of digital transformation is how people collaborate in files. With your content on Microsoft 365, people access, create, modify, and collaborate on content with other people from any location. Research shows that when people collaborate with online files, each person saves an average of 100 minutes per week.
## How we calculate the content collaboration score
admin Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/meetings.md
After people have been active in Teams at least once in the last 28 days, you wi
## Why your organization's meetings score matters
-Meetings, where people explore ideas, plan, solve problems, and make decisions, are a fundamental pillar for organizational productivity. Research indicates that when people use online meeting tools effectively, they tend to save up to 104 minutes per week. See the [evidence](https://vc2prod.blob.core.windows.net/vc-resources/TEIStudies/TEI%20of%20Microsoft%20365%20E5%20-%20Oct%202018.pdf).
+Meetings, where people explore ideas, plan, solve problems, and make decisions, are a fundamental pillar for organizational productivity. Research indicates that when people use online meeting tools effectively, they tend to save up to 104 minutes per week.
## How we calculate the meetings score
admin Productivity Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/productivity-score.md
We provide metrics, insights, and recommendations in two areas:
- **People experiences:** Quantifies how the organization works using Microsoft 365 categories like content collaboration, mobility, communication, meetings, and teamwork.
- For each of the mentioned categories, we look at public research to identify some best practices and associated benefits in the form of organizational effectiveness. For example, [Forrester](https://vc2prod.blob.core.windows.net/vc-resources/TEIStudies/TEI%20of%20Microsoft%20365%20E5%20-%20Oct%202018.pdf) research has shown that when people collaborate and share content in the cloud (instead of emailing attachments), they can save up to 100 minutes a week. Furthermore, we quantify the use of these best practices in your organization to help you see where you are on your digital transformation journey.
+ For each of the mentioned categories, we look at public research to identify some best practices and associated benefits in the form of organizational effectiveness. For example, Forrester research has shown that when people collaborate and share content in the cloud (instead of emailing attachments), they can save up to 100 minutes a week. Furthermore, we quantify the use of these best practices in your organization to help you see where you are on your digital transformation journey.
- **Technology experiences:** Your organization depends on reliable and well performing technology as well as the efficient use of Microsoft 365. [Endpoint analytics](https://aka.ms/endpointanalytics) helps you understand how your organization can be impacted by performance and health issues with your hardware and software. Microsoft 365 apps health helps you understand whether the devices in your organization are running Microsoft 365 apps on recommended channels.
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
And if you'd like to know what's new with other Microsoft cloud
- [Office updates](/OfficeUpdates/) - [How to check Windows release health](/windows/deployment/update/check-release-health)
+## June 2021
+
+### Microsoft 365 admin center search
+
+We've added a couple of new categories to Search functionality.
+
+- You can now search for Microsoft 365 admin roles in global search and quickly view and manage role assignments from any page. For example, search for **Intune administrator**.
+
+- You can now find simplified setup experiences through global search. This can help you and your team quickly get started with how to use new features. For example, search for **set password to never expire**.
+
+To learn more about search in the admin center, see [Search in the Microsoft 365 admin center](manage/search-in-the-mac.md).
+ ## May 2021 ### Admin mobile app
bookings Add Staff https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/add-staff.md
The Staff page in Bookings is where you create your staffing list and manage sta
Although Bookings is a feature of Microsoft 365, not all of your staff members are required to have a Microsoft 365 account. All staff members must have a valid email address so they can receive bookings and schedule changes.
-## Watch: Add your staff in Microsoft Bookings
+## Watch: Add your staff to Bookings
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWuVka]
Although Bookings is a feature of Microsoft 365, not all of your staff members a
> [!NOTE] > Only the first 31 staff members that you add to your staff page will appear when you assign staff members to a service.
-## Next steps
+## Make a Bookings user a super user without adding them as Staff in Bookings
-After you add staff members, you can [schedule business closures and time off](schedule-closures-time-off-vacation.md) and [set your scheduling policies](set-scheduling-policies.md).
+You may want to add a person to your staff list in Bookings without making them available to customers or clients. Once you make them a super user, they'll become an administrator of the booking mailbox. Being an administrator of a booking mailbox is defined as having full access and send-as permissions to the booking mailbox.
-## Related content
+> [!NOTE]
+> These steps only work if the user being added isn't already assigned a **viewer** role in Bookings.
-[Microsoft Bookings](bookings-overview.md)
+1. [Connect to Microsoft 365 with PowerShell](/office365/enterprise/powershell/connect-to-office-365-powershell#connect-with-the-microsoft-azure-active-directory-module-for-windows-powershell).
-[Schedule business closures, time off, and vacation time](schedule-closures-time-off-vacation.md)
+2. Using PowerShell, assign full access with the following commands:
-[Set your scheduling policies](set-scheduling-policies.md)
+ ```powershell
+ Add-MailboxPermission -Identity <bookingmailbox@emailaddress> -User <adminusers@emailaddress> -AccessRights FullAccess -Deny:$false
+ ```
+
+3. And then run this command to assign send-as permissions.
+
+ ```powershell
+ Add-RecipientPermission -Identity <bookingmailbox@emailaddress> -Trustee <adminusers@emailaddress> -AccessRights SendAs -Confirm:$false
+ ```
+
+Here's an example PowerShell command to add Allie Bellew to the Contoso daycare booking mailbox.
+
+1. First run this command:
+
+ ```powershell
+ Add-MailboxPermission -Identity "daycare@contoso.com" -User "Allie Bellew" -AccessRights FullAccess -InheritanceType All
+ ```
+
+2. Then run this command:
+
+ ```powershell
+ Add-RecipientPermission -Identity <bookingmailbox@emailaddress> -Trustee <adminusers@emailaddress> -AccessRights SendAs -Confirm:$false
+ ```
+
+**Allie Bellew** now has administrator access, but doesn't appear as bookable staff in Bookings.
commerce Subscriptions And Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/subscriptions-and-licenses.md
You don't need to assign licenses to resource mailboxes, room mailboxes, and sha
- [Create a shared mailbox](../../admin/email/create-a-shared-mailbox.md) - [Remove a license from a shared mailbox](../../admin/email/remove-license-from-shared-mailbox.md) - [Shared Mailboxes in Exchange Online](/exchange/collaboration-exo/shared-mailboxes) for all other Microsoft 365 plans.-- [Create and Manage Room Mailboxes](/exchange/recipients-in-exchange-online/manage-room-mailboxes)-- [Manage Equipment Mailboxes](/exchange/recipients-in-exchange-online/manage-equipment-mailboxes) ## Who can assign licenses?
compliance Create Custom Sensitive Information Types With Exact Data Match Based Classification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification.md
If you do not want to expose your clear text sensitive data file, you can hash i
> If you used the Exact Data Match schema and sensitive information type wizard to create your schema and pattern files, you ***must*** download the schema for this procedure. > [!NOTE]
-> If your organization has set up [Customer Key for Microsoft 365 at the tenant level (public preview)](customer-key-tenant-level.md#overview-of-customer-key-for-microsoft-365-at-the-tenant-level-public-preview), Exact data match will make use of its encryption functionality automatically. This is available only to E5 licensed tenants in the Commercial cloud.
+> If your organization has set up [Customer Key for Microsoft 365 at the tenant level](customer-key-overview.md), Exact data match will make use of its encryption functionality automatically. This is available only to E5 licensed tenants in the Commercial cloud.
#### Prerequisites
These locations are support EDM sensitive information types:
- Microsoft Cloud App Security DLP policies - Server-side auto-labeling policies
-EDM sensitive information types for following scenarios are currently in development, but not yet available:
--- Auto-classification of sensitivity labels and retention labels- #### To create a DLP policy with EDM 1. Go to the Security & Compliance Center using the appropriate [link for your subscription](#portal-links-for-your-subscription).
compliance Dlp Sensitivity Label As Condition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-sensitivity-label-as-condition.md
You can use sensitivity labels as conditions on these items and in these scenari
\** Attachments sent in Teams over 1:1 chat or channels are automatically uploaded to OneDrive for Business and SharePoint. So if SharePoint Online or OneDrive for Business are included as locations in your DLP policy, then labeled attachments sent in Teams will be automatically included in the scope of this condition. Teams as a location does not need to be selected in the DLP policy.
+> [!NOTE]
+> DLP's ability to detect sensitivity labels in SharePoint and OneDrive for business is limited. For more information, see [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md#limitations).
+ ### Supported scenarios - DLP Admin will be able to see a list of all sensitivity labels in the tenant when they choose to include one or more sensitivity labels as a condition.
compliance Microsoft 365 Compliance Center Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/microsoft-365-compliance-center-permissions.md
+
+ Title: "Permissions in the Microsoft 365 compliance center"
+f1.keywords:
+- NOCSH
++++
+audience: ITPro
+
+localization_priority: Normal
+description: Learn about managing permissions in the Microsoft 365 compliance center.
+++
+# Permissions in the Microsoft 365 compliance center
+
+The Microsoft 365 compliance center has been recently updated and now supports directly managing permissions for users who perform compliance tasks in Microsoft 365. This update means you'll no longer have to use the Office 365 Security & Compliance Center to manage permissions for compliance solutions. Using the new **Permissions** page in the Microsoft 365 compliance center, you can manage permissions to users for compliance tasks in features like device management, data loss prevention, eDiscovery, insider risk management, retention, and many others. Users can perform only the compliance tasks that you explicitly grant them access to.
+
+To view the **Permissions** tab in the Microsoft 365 compliance center, users need to be a global administrator or need to be assigned the *Role Management* role (a role is assigned only to the *Organization Management* role group). The *Role Management* role allows users to view, create, and modify role groups.
+
+![Permissions page in Microsoft 365 compliance center](../media/m365-compliance-center-permissions.png)
+
+Permissions in the Microsoft 365 compliance center are based on the role-based access control (RBAC) permissions model. RBAC is the same permissions model that's used by most Microsoft 365 services, so if you're familiar with the permission structure in these services, granting permissions in the Microsoft 365 compliance center will be familiar. It's important to remember that the permissions managed in the Microsoft 365 compliance center don't cover the management of all the permissions needed in each individual service. You'll still need to manage certain service-specific permissions in the admin center for the specific service. For example, if you need to assign permissions for archiving, auditing, and retention policies, you'll need to manage these permissions in the Exchange admin center.
+
+## Relationship of members, roles, and role groups
+
+A role grants permissions to do a set of tasks; for example, the Case Management role lets users work with eDiscovery cases.
+
+A role group is a set of roles that enable users do their jobs across compliance solutions the Microsoft 365 compliance center. For example, by adding users to the *Insider Risk Management* role group, designated administrators, analysts, investigators, and auditors are configured for the necessary insider risk management permissions in a single group. The Microsoft 365 compliance center includes default role groups for tasks and functions for each compliance solution that you'll need to assign people to. Generally, we recommend simply adding individual users as members to the default compliance role groups as needed.
+
+![Diagram showing relationship of role groups to roles and members](../media/2a16d200-968c-4755-98ec-f1862d58cb8b.png)
+
+## Permissions needed to use features in the Microsoft 365 compliance center
+
+To view all of the default role groups that are available in the Microsoft 365 compliance center and the roles that are assigned to the role groups by default, see the [Permissions in the Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center).
+
+Managing permissions in the Microsoft 365 compliance center only gives users access to the compliance features that are available within the Microsoft 365 compliance center. If you want to grant permissions to other features that aren't in the Microsoft 365 compliance center, such as Exchange mail flow rules (also known as transport rules), you'll need to use the Exchange admin center.
+
+## Azure roles in the Microsoft 365 compliance center
+
+The roles that appear in the **Azure AD** > **Roles** section of the Microsoft 365 compliance center **Permissions** page are Azure Active Directory roles. These roles are designed to align with job functions in your organization's IT group, making it easy to give a person all the permissions necessary to get their job done. You can view the users currently assigned to each role by selecting an Admin role and viewing the role panel details. To manage members of an Azure AD role, select Manage members in Azure AD. This choice redirects you to the Azure management portal.
+
+|Role|Description|
+|:|:-|
+|**Global administrator**|Access to all administrative features in all Microsoft 365 services. Only global administrators can assign other administrator roles. For more information, see [Global Administrator / Company Administrator](/azure/active-directory/roles/permissions-reference#global-administrator--company-administrator).|
+|**Compliance data administrator**|Keep track of your organization's data across Microsoft 365, make sure it's protected, and get insights into any issues to help mitigate risks. For more information, see [Compliance Data Administrator](/azure/active-directory/roles/permissions-reference#compliance-data-administrator).|
+|**Compliance administrator**|Help your organization stay compliant with any regulatory requirements, manage eDiscovery cases, and maintain data governance policies across Microsoft 365 locations, identities, and apps. For more information, see [Compliance Administrator](/azure/active-directory/roles/permissions-reference#compliance-administrator).|
+|**Security operator**|View, investigate, and respond to active threats to your Microsoft 365 users, devices, and content. For more information, see [Security Operator](/azure/active-directory/roles/permissions-reference#security-operator).|
+|**Security reader**|View and investigate active threats to your Microsoft 365 users, devices, and content, but (unlike the Security operator) they do not have permissions to respond by taking action. For more information, see [Security Reader](/azure/active-directory/roles/permissions-reference#security-reader).|
+|**Security administrator**|Control your organization's overall security by managing security policies, reviewing security analytics and reports across Microsoft 365 products, and staying up-to-speed on the threat landscape. For more information, see [Security Administrator](/azure/active-directory/roles/permissions-reference#security-administrator).|
+|**Global reader**|The read-only version of the **Global administrator** role. View all settings and administrative information across Microsoft 365. For more information, see [Global Reader](/azure/active-directory/roles/permissions-reference#global-reader).|
+|**Attack simulation administrator**|Create and manage all aspects of attack simulation creation, launch/scheduling of a simulation, and the review of simulation results. For more information, see [Attack Simulation Administrator](/azure/active-directory/roles/permissions-reference#attack-simulation-administrator).|
+|**Attack payload author**|Create attack payloads but not actually launch or schedule them. For more information, see [Attack Payload Author](/azure/active-directory/roles/permissions-reference#attack-payload-author).|
+|
+
+## Add users to a compliance role group
+
+Complete the following steps to add users to a compliance role group:
+
+1. Sign into the permissions area of the [Microsoft 365 compliance center](https://compliance.microsoft.com/permissions) using credentials for an admin account in your Microsoft 365 organization.
+2. In the Microsoft 365 compliance center, go to **Permissions**. Select the link to view and manage compliance roles in Microsoft 365.
+3. Expand the **Compliance center** section and select **Roles**.
+4. On the **Compliance center roles** page, select a compliance role group you want to add users to, then select **Edit role group** on the details pane.
+5. Select **Choose members** from the left navigation pane, then select **Edit**.
+6. Select **Add** and then select the checkbox for all users you want to add to the role group.
+7. Select **Add**, then select **Done**.
+8. Select **Save** to add the users to the role group. Select **Close** to complete the steps.
+
+## Remove users from a compliance role group
+
+Complete the following steps to remove users from a compliance role group:
+
+1. Sign into the permissions area of the [Microsoft 365 compliance center](https://compliance.microsoft.com/permissions) using credentials for an admin account in your Microsoft 365 organization.
+2. In the Microsoft 365 compliance center, go to **Permissions**. Select the link to view and manage compliance roles in Microsoft 365.
+3. Expand the Compliance center section and select **Roles**.
+4. On the **Compliance center roles** page, select a compliance role group you want to remove users from, then select **Edit role group** on the details pane.
+5. Select **Choose members** from the left navigation pane, then select **Edit**.
+6. Select **Remove** and then select the checkbox for all users you want to remove from the role group.
+7. Select **Remove**, then select **Done**.
+8. Select **Save** to remove the users from the role group. Select **Close** to complete the steps.
compliance Microsoft 365 Compliance Center Redirection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/microsoft-365-compliance-center-redirection.md
+
+ Title: "Redirect users from the Office 365 Security and Compliance center to the Microsoft 365 compliance center"
+f1.keywords:
+- NOCSH
++++
+audience: ITPro
+
+localization_priority: Normal
+description: Learn about automatically redirecting Office 365 Security and Compliance center users to the Microsoft 365 compliance center..
+++
+# Redirect users from the Office 365 Security and Compliance center to the Microsoft 365 compliance center
+
+This article explains how automatic redirection works for users accessing compliance solutions from the Office 365 Security and Compliance Center (protection.office.com) to the Microsoft 365 compliance center (compliance.microsoft.com).
+
+## What to expect
+
+Automatic redirection is enabled by default for all users accessing the following compliance-related solutions in Office 365 Security and Compliance (protection.office.com):
+
+- Data loss prevention (DLP)
+- Classification
+- Information governance
+- Records management
+- Communication compliance (formerly 'Supervision')
+
+Users are automatically routed to the same compliance solutions in the Microsoft 365 compliance center (compliance.microsoft.com).
+
+>[!NOTE]
+>For other compliance solutions included in the Office 365 Security and Compliance Center, users will continue to manage these solutions in either the Microsoft 365 compliance center or the Office 365 Security and Compliance Center. The automatic redirection for these compliance solutions will be available soon.*
+
+This feature and associated controls does not enable the automatic redirection of Security features for Microsoft Defender for Office 365. To enable the redirection for security features, see [Redirecting accounts from Microsoft Defender for Office 365 to the Microsoft 365 security center](/microsoft-365/security/defender/microsoft-365-security-mdo-redirection) for details.
+
+## Can I go back to using the former portal?
+
+If something isn't working for you or if there's anything you're unable to complete through the Microsoft 365 compliance center portal, you can temporarily disable the automatic redirection for all users.
+
+>[!IMPORTANT]
+>The Microsoft 365 compliance center is the replacement management portal for compliance solutions currently managed in the Office 365 Security and Compliance center. All Microsoft 365 compliance solutions will be managed solely in the Microsoft 365 compliance center. Disabling redirection to the Microsoft 365 compliance center should be a short-term solution.*
+
+To switch back to the Office 365 Security and Compliance center (protection.microsoft.com) for all users, complete the following steps:
+
+1. Sign in to the [Microsoft 365 compliance center](https://compliance.microsoft.com) as a global administrator or using any account with compliance administrator permissions in Azure Active directory.
+2. Navigate to **Settings** > **Compliance center redirection**.
+3. Toggle the Automatic redirection setting to **Off**.
+4. Select **Disable** and share feedback when prompted.
+
+Once disabled, users will no longer be routed to compliance.microsoft.com and they will be directed to the Office 365 Security and Compliance center (protection.microsoft.com). This setting can be enabled again at any time by Global or Compliance admins.
+
+## Related information
+
+- [Microsoft 365 compliance center overview](/microsoft-365/compliance/microsoft-365-compliance-center)
managed-desktop Change History Managed Desktop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/change-history-managed-desktop.md
ms.localizationpriority: normal
This article lists new and updated articles in the [Microsoft Managed Desktop documentation](index.yml). "Updated" articles have had material additions or corrections--minor fixes such as correction of typos, style, or formatting issues are not listed. You can always view the history of specific commits (including details of any changes) by visiting the [repo on GitHub](https://github.com/MicrosoftDocs/microsoft-365-docs/tree/public/microsoft-365/managed-desktop).
+## May 2021
+New or changed article | Description
+ |
+[Set up Microsoft Managed Desktop devices](get-started/set-up-devices.md) | Updated article
+[Device inventory report](working-with-managed-desktop/device-inventory-report.md) | Updated article
+[Network configuration for Microsoft Managed Desktop](get-ready/network.md) | Updated article
+[Diagnostic logs](service-description/diagnostic-logs.md) | New article
+[Microsoft Managed Desktop technologies](intro/technologies.md) | Updated article
+[Prerequisites for guest accounts](get-ready/guest-accounts.md) | Updated article
+[Work with reports](working-with-managed-desktop/reports.md) | Updated article
+
+## April 2021
+New or changed article | Description
+ |
+[Device profiles](service-description/profiles.md) | New article
+[Steps for Partners to register devices](get-started/register-devices-partner.md) | Updated article
+[Register new devices yourself](get-started/register-devices-self.md) | Updated article
+[Register existing devices yourself](get-started/register-reused-devices-self.md) | Updated article
+[Address device name dependency](get-ready/address-device-names.md) | New article
+[Device names](service-description/device-names.md) | New article
+[Remove devices](working-with-managed-desktop/remove-devices.md) | New article
+[Prerequisites for Microsoft Managed Desktop](get-ready/prerequisites.md) | Updated article
+[Apps in Microsoft Managed Desktop](get-ready/apps.md) | Updated article
+[Validate new devices](get-started/validate-device.md) | New article
+[Set up Microsoft Managed Desktop devices](get-started/set-up-devices.md) | Updated article
+[Microsoft Managed Desktop product lifecycle](service-description/device-lifecycle.md) | Updated article
+[Microsoft Managed Desktop devices](service-description/device-list.md) |Updated article
+ ## March 2021 New or changed article | Description |
managed-desktop Access Admin Portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/access-admin-portal.md
Your gateway to the Microsoft Managed Desktop service is [Microsoft Endpoint Man
> [!NOTE] > In [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) the following browsers are supported: > - Microsoft Edge (latest version)
-> - Microsoft Internet Explorer 11
> - Safari (latest version, Mac only) > - Chrome (latest version) > - Firefox (latest version)
security Add Or Remove Machine Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags.md
audience: ITPro
+MS.technology: mde
+ # Add or Remove Machine Tags API
security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/alerts.md
audience: ITPro
+MS.technology: mde
+ # Alert resource type
security Api Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-explorer.md
audience: ITPro
ms.technology: mde+ # API Explorer
security Api Hello World https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-hello-world.md
audience: ITPro
+MS.technology: mde
+ # Microsoft Defender for Endpoint API - Hello World
security Api Microsoft Flow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-microsoft-flow.md
audience: ITPro
+MS.technology: mde
+ # Microsoft Power Automate (formerly Microsoft Flow), and Azure Functions
security Api Power Bi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-power-bi.md
audience: ITPro
+MS.technology: mde
+ # Create custom reports using Power BI
security Api Release Notes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-release-notes.md
audience: ITPro
+MS.technology: mde
+ # Microsoft Defender for Endpoint API release notes
security Api Terms Of Use https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-terms-of-use.md
audience: ITPro
+MS.technology: mde
+ # Microsoft Defender for Endpoint API license and terms of use
security Apis Intro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/apis-intro.md
audience: ITPro
+MS.technology: mde
+ # Access the Microsoft Defender for Endpoint APIs
security Collect Investigation Package https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/collect-investigation-package.md
audience: ITPro
+MS.technology: mde
+ # Collect investigation package API
security Common Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/common-errors.md
audience: ITPro
+MS.technology: mde
+ # Common REST API error codes
security Create Alert By Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/create-alert-by-reference.md
audience: ITPro
+MS.technology: mde
+ # Create alert API
security Delete Ti Indicator By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/delete-ti-indicator-by-id.md
audience: ITPro
+MS.technology: mde
+ # Delete Indicator API
security Exposed Apis Create App Nativeapp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp.md
audience: ITPro
+MS.technology: mde
+ # Use Microsoft Defender for Endpoint APIs
security Exposed Apis Create App Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners.md
audience: ITPro
+MS.technology: mde
+ # Partner access through Microsoft Defender for Endpoint APIs
security Exposed Apis Create App Webapp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp.md
audience: ITPro
+MS.technology: mde
+ # Create an app to access Microsoft Defender for Endpoint without a user
security Exposed Apis List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-list.md
audience: ITPro
+MS.technology: mde
+ # Supported Microsoft Defender for Endpoint APIs
security Exposed Apis Odata Samples https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples.md
audience: ITPro
+MS.technology: mde
+ # OData queries with Microsoft Defender for Endpoint
security Fetch Alerts Mssp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/fetch-alerts-mssp.md
audience: ITPro
ms.technology: mde+ # Fetch alerts from MSSP customer tenant
security Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/files.md
audience: ITPro
+MS.technology: mde
+ # File resource type
security Find Machines By Ip https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-machines-by-ip.md
audience: ITPro
+MS.technology: mde
+ # Find devices by internal IP API
security Find Machines By Tag https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-machines-by-tag.md
audience: ITPro
+MS.technology: mde
+ # Find devices by tag API
security Get Alert Info By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-info-by-id.md
audience: ITPro
+MS.technology: mde
+ # Get alert information by ID API
security Get Alert Related Domain Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-domain-info.md
audience: ITPro
+MS.technology: mde
+ # Get alert related domain information API
security Get Alert Related Files Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-files-info.md
audience: ITPro
+MS.technology: mde
+ # Get alert related files information API
security Get Alert Related Ip Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-ip-info.md
audience: ITPro
+MS.technology: mde
+ # Get alert related IPs information API
security Get Alert Related Machine Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-machine-info.md
audience: ITPro
+MS.technology: mde
+ # Get alert related machine information API
security Get Alert Related User Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-user-info.md
audience: ITPro
+MS.technology: mde
+ # Get alert related user information API
security Get Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alerts.md
audience: ITPro
+MS.technology: mde
+ # List alerts API
security Get All Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-all-recommendations.md
audience: ITPro
+MS.technology: mde
+ # List all recommendations
security Get All Vulnerabilities By Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-all-vulnerabilities-by-machines.md
audience: ITPro
+MS.technology: mde
+ # List vulnerabilities by machine and software
security Get All Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-all-vulnerabilities.md
audience: ITPro
+MS.technology: mde
+ # List vulnerabilities
security Get Device Secure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-device-secure-score.md
audience: ITPro
+MS.technology: mde
+ # Get device secure score
security Get Discovered Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities.md
audience: ITPro
+MS.technology: mde
+ # Get discovered vulnerabilities
security Get Domain Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-related-alerts.md
audience: ITPro
+MS.technology: mde
+ # Get domain-related alerts API
security Get Domain Related Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-related-machines.md
audience: ITPro
+MS.technology: mde
+ # Get domain related machines API
security Get Domain Statistics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-statistics.md
audience: ITPro
+MS.technology: mde
+ # Get domain statistics API
security Get Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-exposure-score.md
audience: ITPro
+MS.technology: mde
+ # Get exposure score
security Get File Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-information.md
audience: ITPro
+MS.technology: mde
+ # Get file information API
security Get File Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-related-alerts.md
audience: ITPro
+MS.technology: mde
+ # Get file-related alerts API
security Get File Related Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-related-machines.md
audience: ITPro
+MS.technology: mde
+ # Get file-related machines API
security Get File Statistics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-statistics.md
audience: ITPro
+MS.technology: mde
+ # Get file statistics API
security Get Installed Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-installed-software.md
audience: ITPro
+MS.technology: mde
+ # Get installed software
security Get Investigation Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-investigation-collection.md
audience: ITPro
+MS.technology: mde
+ # List Investigations API
security Get Investigation Object https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-investigation-object.md
audience: ITPro
+MS.technology: mde
+ # Get Investigation API
security Get Ip Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ip-related-alerts.md
audience: ITPro
+MS.technology: mde
+ # Get IP related alerts API
security Get Ip Statistics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ip-statistics.md
audience: ITPro
+MS.technology: mde
+ # Get IP statistics API
security Get Machine By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-by-id.md
audience: ITPro
+MS.technology: mde
+ # Get machine by ID API
security Get Machine Group Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-group-exposure-score.md
audience: ITPro
+MS.technology: mde
+ # List exposure score by device group
security Get Machine Log On Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-log-on-users.md
audience: ITPro
+MS.technology: mde
+ # Get machine logon users API
security Get Machine Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-related-alerts.md
audience: ITPro
+MS.technology: mde
+ # Get machine related alerts API
security Get Machineaction Object https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machineaction-object.md
audience: ITPro
+MS.technology: mde
+ # Get machineAction API
security Get Machineactions Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machineactions-collection.md
audience: ITPro
+MS.technology: mde
+ # List MachineActions API
security Get Machines By Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines-by-software.md
audience: ITPro
+MS.technology: mde
+ # List devices by software
security Get Machines By Vulnerability https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines-by-vulnerability.md
audience: ITPro
+MS.technology: mde
+ # List devices by vulnerability
security Get Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines.md
localization_priority: Normal
audience: ITPro -
+MS.technology: mde
+ # List machines API
security Get Missing Kbs Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-machine.md
audience: ITPro
+MS.technology: mde
+ # Get missing KBs by device ID
security Get Missing Kbs Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-software.md
audience: ITPro
+MS.technology: mde
+ # Get missing KBs by software ID
security Get Package Sas Uri https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-package-sas-uri.md
audience: ITPro
+MS.technology: mde
+ # Get package SAS URI API
security Get Recommendation By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-recommendation-by-id.md
audience: ITPro
+MS.technology: mde
+ # Get recommendation by ID
security Get Recommendation Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-recommendation-machines.md
audience: ITPro
+MS.technology: mde
+ # List devices by recommendation
security Get Recommendation Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-recommendation-software.md
audience: ITPro
+MS.technology: mde
+ # Get recommendation by software
security Get Recommendation Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-recommendation-vulnerabilities.md
audience: ITPro
+MS.technology: mde
+ # List vulnerabilities by recommendation
security Get Remediation All Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-all-activities.md
audience: ITPro
+MS.technology: mde
+ # List all remediation activities
security Get Remediation Exposed Devices Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-exposed-devices-activities.md
audience: ITPro
+MS.technology: mde
+ # List exposed devices of one remediation activity
security Get Remediation Methods Properties https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-methods-properties.md
audience: ITPro
+MS.technology: mde
+ # Remediation activity methods and properties
security Get Remediation One Activity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-one-activity.md
audience: ITPro
+MS.technology: mde
+ # Get one remediation activity by Id
security Get Security Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-security-recommendations.md
audience: ITPro
+MS.technology: mde
+ # Get security recommendations
security Get Software By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-software-by-id.md
audience: ITPro
+MS.technology: mde
+ # Get software by Id
security Get Software Ver Distribution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-software-ver-distribution.md
audience: ITPro
+MS.technology: mde
+ # List software version distribution
security Get Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-software.md
audience: ITPro
+MS.technology: mde
+ # List software inventory API
security Get Ti Indicators Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ti-indicators-collection.md
audience: ITPro
+MS.technology: mde
+ # List Indicators API
security Get User Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-user-related-alerts.md
audience: ITPro
+MS.technology: mde
+ # Get user-related alerts API
security Get User Related Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-user-related-machines.md
audience: ITPro
+MS.technology: mde
+ # Get user-related machines API
security Get Vuln By Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-vuln-by-software.md
audience: ITPro
+MS.technology: mde
+ # List vulnerabilities by software
security Get Vulnerability By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-vulnerability-by-id.md
audience: ITPro
+MS.technology: mde
+ # Get vulnerability by ID
security Initiate Autoir Investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/initiate-autoir-investigation.md
audience: ITPro
+MS.technology: mde
+ # Start Investigation API
security Investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigation.md
- m365-security-compliance - m365initiative-defender-endpoint
+MS.technology: mde
+ # Investigation resource type
security Isolate Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/isolate-machine.md
audience: ITPro
+MS.technology: mde
+ # Isolate machine API
security Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine.md
audience: ITPro
+MS.technology: mde
+ # Machine resource type
security Manage Updates Baselines Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md
ms.technology: mde Previously updated : 05/13/2021 Last updated : 06/03/2021 # Manage Microsoft Defender Antivirus updates and apply baselines
We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images). <details>
+<summary>1.1.2106.01</summary>
+
+&ensp;Package version: **1.1.2106.01**
+&ensp;Platform version: **4.18.2104.14**
+&ensp;Engine version: **1.1.18100.6**
+&ensp;Signature version: **1.339.1923.0**
+
+### Fixes
+- None
+
+### Additional information
+- None
+<br/>
+</details><details>
<summary>1.1.2105.01</summary> &ensp;Package version: **1.1.2105.01**
security Management Apis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/management-apis.md
audience: ITPro
+MS.technology: mde
+ # Overview of management and APIs
security Offboard Machine Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/offboard-machine-api.md
audience: ITPro
+MS.technology: mde
+ # Offboard machine API
security Post Ti Indicator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/post-ti-indicator.md
audience: ITPro
+MS.technology: mde
+ # Submit or Update Indicator API
security Pull Alerts Using Rest Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api.md
audience: ITPro
ms.technology: mde+ # Pull Microsoft Defender for Endpoint detections using SIEM REST API
security Raw Data Export Event Hub https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export-event-hub.md
audience: ITPro
ms.technology: mde+ # Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Azure Event Hubs
security Raw Data Export Storage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export-storage.md
audience: ITPro
ms.technology: mde+ # Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Storage account
security Raw Data Export https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export.md
audience: ITPro
ms.technology: mde+ # Raw Data Streaming API
security Recommendation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/recommendation.md
audience: ITPro
+MS.technology: mde
+ # Recommendation resource type
security Restrict Code Execution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/restrict-code-execution.md
audience: ITPro
+MS.technology: mde
+ # Restrict app execution API
security Run Advanced Query Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-api.md
audience: ITPro
+MS.technology: mde
+ # Advanced hunting API
security Run Advanced Query Sample Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-sample-powershell.md
audience: ITPro
+MS.technology: mde
+ # Advanced Hunting using PowerShell
security Run Advanced Query Sample Python https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-sample-python.md
audience: ITPro
+MS.technology: mde
+ # Advanced Hunting using Python
security Run Av Scan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-av-scan.md
audience: ITPro
+MS.technology: mde
+ # Run antivirus scan API
security Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/score.md
audience: ITPro
+MS.technology: mde
+ # Score resource type
security Set Device Value https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/set-device-value.md
audience: ITPro
+MS.technology: mde
+ # Set device value API
security Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/software.md
audience: ITPro
+MS.technology: mde
+ # Software resource type
security Stop And Quarantine File https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/stop-and-quarantine-file.md
audience: ITPro
+MS.technology: mde
+ # Stop and quarantine file API
security Ti Indicator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ti-indicator.md
audience: ITPro
+MS.technology: mde
+ # Indicator resource type
security Tvm Supported Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-supported-os.md
macOS 10.14 "Mojave" and above | Yes | Yes | Yes (preview) | Yes (preview) | Yes
Red Hat Enterprise Linux 7.2 or higher **(preview)** (\* See "Important" notice below) | Yes | Yes | Yes | Yes | Yes CentOS 7.2 or higher **(preview)** | Yes | Yes | Yes | Yes | Yes Ubuntu 16.04 LTS or higher LTS **(preview)** | Yes | Yes | Yes | Yes | Yes
+Oracle Linux 7.2 or higher | Yes | Yes | Yes | Yes | Yes
>[!IMPORTANT] > \* Red Hat Enterprise Linux:
security Unisolate Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unisolate-machine.md
audience: ITPro
+MS.technology: mde
+ # Release device from isolation API
security Unrestrict Code Execution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unrestrict-code-execution.md
audience: ITPro
+MS.technology: mde
+ # Remove app restriction API
security Update Alert https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/update-alert.md
audience: ITPro
+MS.technology: mde
+ # Update alert
security User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/user.md
audience: ITPro
+MS.technology: mde
+ # User resource type
security Vulnerability https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/vulnerability.md
audience: ITPro
+MS.technology: mde
+ # Vulnerability resource type
security Advanced Spam Filtering Asf Options https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/advanced-spam-filtering-asf-options.md
In all Microsoft 365 organizations, the Advanced Spam Filter (ASF) settings in a
> Enabling one or more of the ASF settings is an aggressive approach to spam filtering. You can't report messages that are filtered by ASF as false positives. You can identify messages that were filtered by ASF by: > > - Periodic end-user spam quarantine notifications.
->
> - The presence of filtered messages in quarantine.
->
> - The specific `X-CustomSpam:` X-header fields that are added to messages as described in this article.
-The following sections describe the ASF settings and options that are available in anti-spam policies in the Security & Compliance Center, and in Exchange Online PowerShell or standalone EOP PowerShell ([New-HostedContentFilterPolicy](/powershell/module/exchange/new-hostedcontentfilterpolicy) and [Set-HostedContentFilterPolicy](/powershell/module/exchange/set-hostedcontentfilterpolicy)). For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
+The following sections describe the ASF settings and options that are available in anti-spam policies in the Microsoft 365 security center, and in Exchange Online PowerShell or standalone EOP PowerShell ([New-HostedContentFilterPolicy](/powershell/module/exchange/new-hostedcontentfilterpolicy) and [Set-HostedContentFilterPolicy](/powershell/module/exchange/set-hostedcontentfilterpolicy)). For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
## Enable, disable, or test ASF settings For each ASF setting, the following options are available in anti-spam policies: - **On**: ASF adds the corresponding X-header field to the message, and either marks the message as **Spam** (SCL 5 or 6 for [Increase spam score settings](#increase-spam-score-settings)) or **High confidence spam** (SCL 9 for [Mark as spam settings](#mark-as-spam-settings)).- - **Off**: The ASF setting is disabled. This is the default value, and we recommend that you don't change it.--- **Test**: ASF adds the corresponding X-header field to the message. What happens to the message is determined by the **Test mode options** (*TestModeAction*) value:-
+- **Test**: ASF adds the corresponding X-header field to the message. What happens to the message is determined by the **Test mode** (*TestModeAction*) value:
- **None**: Message delivery is unaffected by the ASF detection. The message is still subject to other types of filtering and rules in EOP.- - **Add default X-header text (*AddXHeader*)**: The X-header value `X-CustomSpam: This message was filtered by the custom spam filter option` is added to the message. You can use this value in Inbox rules or mail flow rules (also known as transport rules) to affect the delivery of the message.-
- - **Send Bcc message (*BccMessage*)**: The specified email addresses (the *TestModeBccToRecipients* parameter value in PowerShell) are added to the Bcc field of the message, and the message is delivered to the additional Bcc recipients. In the Security & Compliance Center, you separate multiple email addresses by semicolons (;). In PowerShell, you separate multiple email addresses by commas.
+ - **Send Bcc message (*BccMessage*)**: The specified email addresses (the *TestModeBccToRecipients* parameter value in PowerShell) are added to the Bcc field of the message, and the message is delivered to the additional Bcc recipients. In the security center, you separate multiple email addresses by semicolons (;). In PowerShell, you separate multiple email addresses by commas.
**Notes**: - Test mode is not available for the following ASF settings:- - **Conditional Sender ID filtering: hard fail** (*MarkAsSpamFromAddressAuthFail*) - **NDR backscatter**(*MarkAsSpamNdrBackscatter*) - **SPF record: hard fail** (*MarkAsSpamSpfRecordHardFail*)- - The same test mode action is applied to *all* ASF settings that are set to **Test**. You can't configure different test mode actions for different ASF settings. ## Increase spam score settings
The following ASF settings set the spam confidence level (SCL) of detected messa
|Anti-spam policy setting|Description|X-header added| ||||
-|**Image links to remote sites** <p> *IncreaseScoreWithImageLinks*|Messages that contain `<Img>` HTML tag links to remote sites (for example, using http) are marked as spam.|`X-CustomSpam: Image links to remote sites`|
-|**URL redirect to other port** <p> *IncreaseScoreWithRedirectToOtherPort*|Message that contain hyperlinks that redirect to TCP ports other than 80 (HTTP), 8080 (alternate HTTP), or 443 (HTTPS) are marked as spam.|`X-CustomSpam: URL redirect to other port`|
+|**Image links to remote websites** <p> *IncreaseScoreWithImageLinks*|Messages that contain `<Img>` HTML tag links to remote sites (for example, using http) are marked as spam.|`X-CustomSpam: Image links to remote sites`|
|**Numeric IP address in URL** <p> *IncreaseScoreWithNumericIps*|Messages that contain numeric-based URLs (typically, IP addresses) are marked as spam.|`X-CustomSpam: Numeric IP in URL`|
-|**URL to .biz or .info websites** <p> *IncreaseScoreWithBizOrInfoUrls*|Messages that contain `.biz` or `.info` links in the body of the message are marked as spam.|`X-CustomSpam: URL to .biz or .info websites`|
+|**URL redirect to other port** <p> *IncreaseScoreWithRedirectToOtherPort*|Message that contain hyperlinks that redirect to TCP ports other than 80 (HTTP), 8080 (alternate HTTP), or 443 (HTTPS) are marked as spam.|`X-CustomSpam: URL redirect to other port`|
+|**Links to .biz or .info websites** <p> *IncreaseScoreWithBizOrInfoUrls*|Messages that contain `.biz` or `.info` links in the body of the message are marked as spam.|`X-CustomSpam: URL to .biz or .info websites`|
| ## Mark as spam settings
The following ASF settings set the SCL of detected messages to 9, which correspo
|Anti-spam policy setting|Description|X-header added| |||| |**Empty messages** <p> *MarkAsSpamEmptyMessages*|Messages with no subject, no content in the message body, and no attachments are marked as high confidence spam.|`X-CustomSpam: Empty Message`|
+|**Embedded tags in HTML** <p> *MarkAsSpamEmbedTagsInHtml*|Message that contain `<embed>` HTML tags are marked as high confidence spam. <p> This tag allows the embedding of different kinds of documents in an HTML document (for example, sounds, videos, or pictures).|`X-CustomSpam: Embed tag in html`|
|**JavaScript or VBScript in HTML** <p> *MarkAsSpamJavaScriptInHtml*|Messages that use JavaScript or Visual Basic Script Edition in HTML are marked as high confidence spam. <p> These scripting languages are used in email messages to cause specific actions to automatically occur.|`X-CustomSpam: Javascript or VBscript tags in HTML`|
-|**Frame or IFrame tags in HTML** <p> *MarkAsSpamFramesInHtml*|Messages that contain `<frame>` or `<iframe>` HTML tags are marked as high confidence spam. <p> These tags are used in email messages to format the page for displaying text or graphics.|`X-CustomSpam: IFRAME or FRAME in HTML`|
-|**Object tags in HTML** <p> *MarkAsSpamObjectTagsInHtml*|Messages that contain `<object>` HTML tags are marked as high confidence spam. <p> This tag allows plug-ins or applications to run in an HTML window.|`X-CustomSpam: Object tag in html`|
-|**Embed tags in HTML** <p> *MarkAsSpamEmbedTagsInHtml*|Message that contain `<embed>` HTML tags are marked as high confidence spam. <p> This tag allows the embedding of different kinds of documents in an HTML document (for example, sounds, videos, or pictures).|`X-CustomSpam: Embed tag in html`|
|**Form tags in HTML** <p> *MarkAsSpamFormTagsInHtml*|Messages that contain `<form>` HTML tags are marked as high confidence spam. <p> This tag is used to create website forms. Email advertisements often include this tag to solicit information from the recipient.|`X-CustomSpam: Form tag in html`|
+|**Frame or iframe tags in HTML** <p> *MarkAsSpamFramesInHtml*|Messages that contain `<frame>` or `<iframe>` HTML tags are marked as high confidence spam. <p> These tags are used in email messages to format the page for displaying text or graphics.|`X-CustomSpam: IFRAME or FRAME in HTML`|
|**Web bugs in HTML** <p> *MarkAsSpamWebBugsInHtml*|A *web bug* (also known as a *web beacon*) is a graphic element (often as small as one pixel by one pixel) that's used in email messages to determine whether the message was read by the recipient. <p> Messages that contain web bugs are marked as high confidence spam. <p> Legitimate newsletters might use web bugs, although many consider this an invasion of privacy. |`X-CustomSpam: Web bug`|
-|**Apply sensitive word list** <p> *MarkAsSpamSensitiveWordList*|Microsoft maintains a dynamic but non-editable list of words that are associated with potentially offensive messages. <p> Messages that contain words from the sensitive word list in the subject or message body are marked as high confidence spam.|`X-CustomSpam: Sensitive word in subject/body`|
+|**Object tags in HTML** <p> *MarkAsSpamObjectTagsInHtml*|Messages that contain `<object>` HTML tags are marked as high confidence spam. <p> This tag allows plug-ins or applications to run in an HTML window.|`X-CustomSpam: Object tag in html`|
+|**Sensitive words** <p> *MarkAsSpamSensitiveWordList*|Microsoft maintains a dynamic but non-editable list of words that are associated with potentially offensive messages. <p> Messages that contain words from the sensitive word list in the subject or message body are marked as high confidence spam.|`X-CustomSpam: Sensitive word in subject/body`|
|**SPF record: hard fail** <p> *MarkAsSpamSpfRecordHardFail*|Messages sent from an IP address that isn't specified in the SPF Sender Policy Framework (SPF) record in DNS for the source email domain are marked as high confidence spam. <p> Test mode is not available for this setting.|`X-CustomSpam: SPF Record Fail`|
-|**Conditional Sender ID filtering: hard fail** <p> *MarkAsSpamFromAddressAuthFail*|Messages that hard fail a conditional Sender ID check are marked as spam. <p> This setting combines an SPF check with a Sender ID check to help protect against message headers that contain forged senders. <p> Test mode is not available for this setting.|`X-CustomSpam: SPF From Record Fail`|
-|**NDR backscatter** <p> *MarkAsSpamNdrBackscatter*|*Backscatter* is useless non-delivery reports (also known as NDRs or bounce messages) caused by forged senders in email messages. For more information, see [Backscatter messages and EOP](backscatter-messages-and-eop.md). <p> You don't need to configure this setting in the following environments, because legitimate NDRs are delivered, and backscatter is marked as spam: <ul><li>Microsoft 365 organizations with Exchange Online mailboxes.</li><li>On-premises email organizations where you route *outbound* email through EOP.</li></ul> <p> In standalone EOP environments that protect inbound email to on-premises mailboxes, turning this setting on or off has the following result: <ul><li> **On**: Legitimate NDRs are delivered, and backscatter is marked as spam.</li><li>**Off**: Legitimate NDRs and backscatter go through normal spam filtering. Most legitimate NDRs will be delivered to the original message sender. Some, but not all, backscatter are marked as high confidence spam. By definition, backscatter can only be delivered to the spoofed sender, not to the original sender.</li></ul> <p> Test mode is not available for this setting.|`X-CustomSpam: Backscatter NDR`|
+|**Sender ID filtering hard fail** <p> *MarkAsSpamFromAddressAuthFail*|Messages that hard fail a conditional Sender ID check are marked as spam. <p> This setting combines an SPF check with a Sender ID check to help protect against message headers that contain forged senders. <p> Test mode is not available for this setting.|`X-CustomSpam: SPF From Record Fail`|
+|**Backscatter** <p> *MarkAsSpamNdrBackscatter*|*Backscatter* is useless non-delivery reports (also known as NDRs or bounce messages) caused by forged senders in email messages. For more information, see [Backscatter messages and EOP](backscatter-messages-and-eop.md). <p> You don't need to configure this setting in the following environments, because legitimate NDRs are delivered, and backscatter is marked as spam: <ul><li>Microsoft 365 organizations with Exchange Online mailboxes.</li><li>On-premises email organizations where you route *outbound* email through EOP.</li></ul> <p> In standalone EOP environments that protect inbound email to on-premises mailboxes, turning this setting on or off has the following result: <ul><li> **On**: Legitimate NDRs are delivered, and backscatter is marked as spam.</li><li>**Off**: Legitimate NDRs and backscatter go through normal spam filtering. Most legitimate NDRs will be delivered to the original message sender. Some, but not all, backscatter are marked as high confidence spam. By definition, backscatter can only be delivered to the spoofed sender, not to the original sender.</li></ul> <p> Test mode is not available for this setting.|`X-CustomSpam: Backscatter NDR`|
|
security Anti Spoofing Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spoofing-protection.md
The following anti-spoofing technologies are available in EOP:
- **Allow or block spoofed senders in the Tenant Allow/Block List**: When you override the verdict in the spoof intelligence insight, the spoofed sender becomes a manual allow or block entry that only appears on the **Spoof** tab in the Tenant Allow/Block List. You can also manually create allow or block entries for spoof senders before they're detected by spoof intelligence. For more information, see [Manage the Tenant Allow/Block List in EOP](tenant-allow-block-list.md). -- **Anti-phishing policies**: In EOP, anti-phishing policies contain the following anti-spoofing settings:
+- **Anti-phishing policies**: In EOP and Microsoft Defender for Office 365, anti-phishing policies contain the following anti-spoofing settings:
- Turn spoof intelligence on or off. - Turn unauthenticated sender identification in Outlook on or off. - Specify the action for blocked spoofed senders. For more information, see [Spoof settings in anti-phishing policies](set-up-anti-phishing-policies.md#spoof-settings).
- **Note**: Anti-phishing policies in Microsoft Defender for Office 365 contain addition protections, including **impersonation** protection. For more information, see [Exclusive settings in anti-phishing policies in Microsoft Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365).
+ **Note**: Anti-phishing policies in Defender for Office 365 contain addition protections, including **impersonation** protection. For more information, see [Exclusive settings in anti-phishing policies in Microsoft Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365).
- **Spoof detections report**: For more information, see [Spoof Detections report](view-email-security-reports.md#spoof-detections-report).
security Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/campaigns.md
ms.prod: m365-security
**Applies to** - [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
-Campaign Views is a feature in Microsoft Defender for Office 365 Plan 2 (for example Microsoft 365 E5 or organizations with an Defender for Office 365 Plan 2 add-on). Campaign Views in the Security & Compliance Center identifies and categorizes phishing attacks in the service. Campaign Views can help you to:
+Campaign Views is a feature in Microsoft Defender for Office 365 Plan 2 (for example, Microsoft 365 E5 or organizations with an Defender for Office 365 Plan 2 add-on). Campaign Views in the Microsoft 365 security center identifies and categorizes phishing attacks in the service. Campaign Views can help you to:
- Efficiently investigate and respond to phishing attacks. - Better understand the scope of the attack.
Microsoft leverages the vast amounts of anti-phishing, anti-spam, and anti-malwa
A campaign might be short-lived, or could span several days, weeks, or months with active and inactive periods. A campaign might be launched against your specific organization, or your organization might be part of a larger campaign across multiple companies.
-## Campaign Views in the Security & Compliance Center
+## Campaign Views in the security center
-Campaign Views is available in the [Security & Compliance Center](https://protection.office.com) at **Threat management** \> **Campaigns**, or directly at <https://protection.office.com/campaigns>.
+Campaign Views is available in the [Microsoft 365 security center](https://security.microsoft.com) at **Email & collaboration** \> **Campaigns**, or directly at <https://security.microsoft.com/campaigns>.
-![Campaigns overview in the Security & Compliance Center](../../media/campaigns-overview.png)
+![Campaigns overview in the Microsoft 365 security center](../../media/campaigns-overview.png)
You can also get to Campaign Views from: -- **Threat management** \> **Explorer** \> **View** \> **Campaigns**-- **Threat management** \> **Explorer** \> **View** \> **All email** \> **Campaign** tab-- **Threat management** \> **Explorer** \> **View** \> **Phish** \> **Campaign** tab-- **Threat management** \> **Explorer** \> **View** \> **Malware** \> **Campaign** tab
+- **Email & collaboration** \> **Explorer** \> **View** \> **Campaigns**
+- **Email & collaboration** \> **Explorer** \> **View** \> **All email** \> **Campaign** tab
+- **Email & collaboration** \> **Explorer** \> **View** \> **Phish** \> **Campaign** tab
+- **Email & collaboration** \> **Explorer** \> **View** \> **Malware** \> **Campaign** tab
-To access Campaign Views, you need to be a member of the **Organization Management**, **Security Administrator**, or **Security Reader** role groups in the Security & Compliance Center. For more information, see [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md).
+To access Campaign Views, you need to be a member of the **Organization Management**, **Security Administrator**, or **Security Reader** role groups in the security center. For more information, see [Permissions in the Microsoft 365 compliance center and Microsoft 365 security center](permissions-microsoft-365-security-center.md).
## Campaigns overview
On the default **Campaign** tab, the **Campaign type** area shows a bar graph th
> [!TIP] > If you don't see any campaign data, try changing the date range or [filters](#filters-and-settings).
-The rest of the overview page shows the following information on the **Campaign** tab:
+The table below the graph on the overview page shows the following information on the **Campaign** tab:
- **Name**
The **Campaign origin** tab shows the message sources on a map of the world.
### Filters and settings
-At the top of the Campaign Views page, there are several filter and query settings to help you find and isolate specific campaigns.
+At the top of the **Campaign** page, there are several filter and query settings to help you find and isolate specific campaigns.
![Campaign filters](../../media/campaign-filters-and-settings.png)
The filterable campaign properties that are available in the **Campaign type** b
- **Attachment filename** - **Malware family** - **Tags**: Users or groups that have had the specified user tag applied (including priority accounts). For more information about user tags, see [User tags](user-tags.md).
- - **System overrides**
- **Delivery action** - **Additional action** - **Directionality**
The filterable campaign properties that are available in the **Campaign type** b
- **Sender IP** - **Attachment SHA256**: To find the SHA256 hash value of a file in Windows, run the following command in a Command Prompt: `certutil.exe -hashfile "<Path>\<Filename>" SHA256`. - **Cluster ID**
+ - **Alert ID**
- **Alert Policy ID**
+ - **Campaign ID**
- **ZAP URL signal** - **URLs**:
For more advanced filtering, including filtering by multiple properties, you can
When you're finished, click the **Query** button.
-After you create a basic or advanced filter, you can save it by using **Save query** or **Save query as**. Later, when you return to Campaign Views, you can load a saved filter by clicking **Saved query settings**.
+After you create a basic or advanced filter, you can save it by using **Save query** or **Save query as**. Later, when you return to the **Campaigns** page, you can load a saved filter by clicking **Saved query settings**.
To export the graph or the list of campaigns, click **Export** and select **Export chart data** or **Export campaign list**.
When you click on the name of a campaign, the campaign details appear in a flyou
At the top of the campaign details view, the following campaign information is available: -- **ID**: The unique campaign identifier.--- **Started** and **Ended**: The start date and end date of the campaign. Note that these dates might extend further than your filter dates that you selected on the overview page.--- **Impact**: This section contains the following data for the date range filter you selected (or that you select in the timeline):
- - The total number of recipients.
- - The number of messages that were "Inboxed" (that is, delivered to the Inbox, not to the Junk Email folder).
- - How many users clicked on the URL payload in the phishing message.
- - Howe many users visited the URL.
--- **Targeted**: The percentage as calculated by: (the number of campaign recipients in your organization) / (the total number of recipients in the campaign across all organizations in the service). Note that this value is calculated over the entire lifetime of the campaign, and doesn't change based on date filters.--- An interactive timeline of campaign activity: The timeline shows activity over the entire lifetime of the campaign. By default, the shaded area includes the date range filter that you selected in the overview. You can click and drag to select a specific start point and end point, <u>which will change the data that's displayed in **Impact** area, and on the rest of the page as described in the next sections</u>.-
-In the title bar, you can click the **Download campaign write-up** button ![Download campaign write-up icon](../../media/download-campaign-write-up-button.png) to download the campaign details to a Word document (by default, named CampaignReport.docx). Note that the download contains details over the entire lifetime of the campaign (not just the filter dates you selected).
+- **Campaign ID**: The unique campaign identifier.
+- **Activity**: The duration and activity of the campaign.
+- The following data for the date range filter you selected (or that you select in the timeline):
+- **Impact**
+- **Messages**: The total number of recipients.
+- **Inboxed**: The number of messages that were delivered to the Inbox, not to the Junk Email folder.
+- **Clicked link**: How many users clicked on the URL payload in the phishing message.
+- **Visited link**: How many users visited the URL.
+- **Targeted(%)**: The percentage as calculated by: (the number of campaign recipients in your organization) / (the total number of recipients in the campaign across all organizations in the service). Note that this value is calculated over the entire lifetime of the campaign, and doesn't change based on date filters.
+- Start date/time and end data/time filters for the campaign flow as described in the next section.
+- An interactive timeline of campaign activity: The timeline shows activity over the entire lifetime of the campaign. You can hover over the data points in the graph to see the amount of detected messages.
![Campaign information](../../media/campaign-details-campaign-info.png) ### Campaign flow
-In the middle of the campaign details view, important details about the campaign are presented in the **Flow** section in a horizontal flow diagram (known as a _Sankey_ diagram). These details will help you to understand the elements of the campaign and the potential impact in your organization.
+In the middle of the campaign details view, important details about the campaign are presented in a horizontal flow diagram (known as a _Sankey_ diagram). These details will help you to understand the elements of the campaign and the potential impact in your organization.
> [!TIP]
-> The information that's displayed in the **Flow** diagram is controlled by the shaded date range in the timeline as described in the previous section.
+> The information that's displayed in the flow diagram is controlled by the date range filter in the timeline as described in the previous section.
![Campaign details that don't contain user URL clicks](../../media/campaign-details-no-recipient-actions.png)
The diagram contains the following information:
- **Sender domains** - **Filter verdicts**: Verdict values are related to the available phishing and spam filtering verdicts as described in [Anti-spam message headers](anti-spam-message-headers.md). The available values are described in the following table:
+ <br>
+ **** |Value|Spam filter verdict|Description|
The diagram contains the following information:
<sup>\*\*</sup> Review your anti-spam policies, because these messages should be quarantined, not delivered. -- **Delivery locations**: You'll likely want to investigate messages that were delivered to recipients (either to the Inbox or the Junk Email folder), even if users didn't click on the payload URL in the message. You can also remove the quarantined messages from quarantine. For more information, see [Quarantined email messages in EOP](quarantine-email-messages.md).
+- **Message destinations**: You'll likely want to investigate messages that were delivered to recipients (either to the Inbox or the Junk Email folder), even if users didn't click on the payload URL in the message. You can also remove the quarantined messages from quarantine. For more information, see [Quarantined email messages in EOP](quarantine-email-messages.md).
- **Deleted folder** - **Dropped** - **External**: The recipient is located in your on-premises email organization in hybrid environments.
If a user clicked on the payload URL in the phishing message, the actions are di
The tabs in the campaign details view allow you to further investigate the campaign. > [!TIP]
-> The information that's displayed on the tabs is controlled by the shaded date range in the timeline as described in [Campaign information](#campaign-information) section.
+> The information that's displayed on the tabs is controlled by the date range filter in the timeline as described in [Campaign information](#campaign-information) section.
- **URL clicks**: If users didn't click on the payload URL in the message, this section will be blank. If a user was able to click on the URL, the following values will be populated: - **User**<sup>\*</sup>
The tabs in the campaign details view allow you to further investigate the campa
### Buttons
-The buttons in the campaign details view allow you to use the power of Threat Explorer to further investigate the campaign.
+The buttons at the bottom the campaign details view allow you to investigate and record details about the campaign:
+
+- **Explore messages**: Use the power of Threat Explorer to further investigate the campaign:
+ - **All messages**: Opens a new Threat Explorer search tab using the **Campaign ID** value as the search filter.
+ - **Inboxed messages**: Opens a new Threat Explorer search tab using the **Campaign ID** and **Delivery location: Inbox** as the search filter.
+ - **Internal messages**: Opens a new Threat Explorer search tab using the **Campaign ID** and **Directionality: Intra-org** as the search filter.
-- **Explore campaign**: Opens a new Threat Explorer search tab using the **Campaign ID** value as the search filter.-- **Explore Inboxed messages**: Opens a new Threat Explorer search tab using the **Campaign ID** and **Delivery location: Inbox** as the search filter.
+- **Download threat report**: Download the campaign details to a Word document (by default, named CampaignReport.docx). Note that the download contains details over the entire lifetime of the campaign (not just the filter dates you selected).
security Use Dmarc To Validate Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-dmarc-to-validate-email.md
Examples:
_dmarc.contoso.com 3600 IN TXT "v=DMARC1; p=reject" ```
-Once you have formed your record, you need to update the record at your domain registrar. For instructions on adding the DMARC TXT record to your DNS records for Microsoft 365, see [Create DNS records for Microsoft 365 when you manage your DNS records](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md).
+Once you have formed your record, you need to update the record at your domain registrar.
## DMARC Mail (Public Preview feature) > [!CAUTION]
contoso.com 3600 IN MX 10 contoso-com.mail.protection.outlook.com
All, or most, email will first be routed to mail.contoso.com since it's the primary MX, and then mail will get routed to EOP. In some cases, you might not even list EOP as an MX record at all and simply hook up connectors to route your email. EOP does not have to be the first entry for DMARC validation to be done. It just ensures the validation, as we cannot be certain that all on-premise/non-O365 servers will do DMARC checks. DMARC is eligible to be enforced for a customer's domain (not server) when you set up the DMARC TXT record, but it is up to the receiving server to actually do the enforcement. If you set up EOP as the receiving server, then EOP does the DMARC enforcement.
-![A troubleshooting graphic for DMARC, courtesy of Daniel Mande](../../media/Tp_DMARCTroublehoot.png)
## For more information
security User Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-tags.md
This article explains how to configure user tags in the Security & Compliance Ce
To see how user tags are part of the strategy to help protect high-impact user accounts, see [Security recommendations for priority accounts in Microsoft 365](security-recommendations-for-priority-accounts.md). > [!NOTE]
-> If you use the unified Microsoft 365 security center, you can set tags here: https://security.microsoft.com/userTags.
+> If you use the unified Microsoft 365 security center, you can set tags here: https://security.microsoft.com/securitysettings/userTags.
## What do you need to know before you begin?
To see how user tags are part of the strategy to help protect high-impact user a
1. In the Security & Compliance Center, go to **Threat management** \> **User tags**.
-2. On the **User tags** page that opens, select the user tag that you want to remove, click **Delete tag**, and then select **Yes, remove** in the warning that appears.
+2. On the **User tags** page that opens, select the user tag that you want to remove, click **Delete tag**, and then select **Yes, remove** in the warning that appears.