-description: "Set up Windows devices running Windows 10 Pro for Microsoft 365 Business Premium users, enabling centralized management and security controls."

-# Set up Windows devices for Microsoft 365 Business Premium users

-## Before you begin

-Before you can set up Windows devices for Microsoft 365 Business Premium users, make sure all the Windows devices are running Windows 10 Pro, version 1703 (Creators Update) or Windows 11 Pro.

-Windows 10 Pro (or Windows 11 Pro) is a prerequisite for deploying Windows 10 Business, which is a set of cloud services and device management capabilities that complement Windows 10 Pro and Windows 11 Pro, and enable the centralized management and security controls of Microsoft 365 Business Premium.

-[Learn more about requirements for Microsoft 365 Business Premium](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium?activetab=pivot:techspecstab).

-## Windows 10 Pro and Windows 11 Pro

-If you have Windows devices running previous versions of Windows, such as Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you to upgrade those devices to Windows 10 Pro or Windows 11 Pro.

-

-For more information on how to upgrade Windows devices, see the following articles:

-

-After you have upgraded, see [Verify the device is connected to Azure AD](#verify-the-device-is-connected-to-azure-ad) to verify you have the upgrade, or to make sure the upgrade worked.

-## Join Windows devices to your organization's Azure AD

-When all your company's Windows devices are running Windows 10 Pro or Windows 11 Pro, you can join these devices to your organization's Azure Active Directory (Azure AD).

-1. On a Windows device, select the Windows logo, and then the Settings icon.

-

-2. In **Settings**, go to **Accounts** > **Access work or school** \> **Connect**.

-

-3. Type your email address, and then choose **Next**.

-4. Follow the prompts to complete the process.

-## Verify the device is connected to Azure AD

-To verify your sync status, on the **Access work or school** page in **Settings**, select the **Connected to** _ \<organization name\> _ area to expose the buttons **Info** and **Disconnect**. Choose **Info** to get your synchronization status.

-

-On the **Sync status** page, choose **Sync** to get the latest mobile device management policies onto the PC.

-

-## Next steps

-To set up your mobile devices, see [Set up mobile devices for Microsoft 365 Business Premium users](set-up-mobile-devices.md),

-To increase protection, see [Best practices for securing Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md).

-

-Microsoft Teams is a collaboration app that helps your staff stay organized and have conversations, from any device. You can use Microsoft Teams to have instant conversations with members of your staff or guests outside your organization. You can also make phone calls, host meetings, and share files.

-2. Create an org-wide team for communication with everyone across your organization.

-3. Create teams for specific projects and apply the right amount of protection based on who should be included.

-4. Create specific teams for communication with external partners to keep them separate from anything sensitive for your business.

-1. **A business-, firm-, or practice-wide team:** This is for everyone to use for day to day communications and work across your business. You can use this team to post announcements or share information of interest for your whole firm or practice.

-2. **Individual teams:** Set up teams for smaller groups to collaborate about their day to day work.

-3. **An external communications team or teams:** Coordinate with your vendors, partners, or clients without allowing them into anything sensitive. Set up different channels for specific groups.

-When you receive your invitation, [Sign up for Microsoft 365 for Campaigns](m365-campaigns-sign-up.md).

-# Sign in to Microsoft 365 Business Premium

-## For business or campaign admins

-If you signed up for Microsoft 365 for Campaigns (or Microsoft 365 Business Premium), you're the Microsoft 365 admin (also referred to as the Global Administrator). Here's how to sign in:

-1. Find the username and password that we sent to the email address that you used when you [signed up for Microsoft 365 for Campaigns](m365-campaigns-sign-up.md).

-4. In the top right of the page, find the **Preview on** control. Select **Preview on** so you can use all the controls described in [Bump up protection for your campaign](m365-campaigns-security-overview.md).

-2. Sign in using the user name and password for the account. Users will have this information in the email they should have received when they were added as users. If they can't find the email, see [I shared an email invite but the user didnΓÇÖt receive the email](../admin/simplified-signup/admin-invite-business-standard.md#i-shared-an-email-invite-but-the-user-didnt-receive-the-email).

-> Give your staff a link to the [Employee quick setup guide](../admin/setup/employee-quick-setup.md). The guide walks them through signing in, getting Office apps, and saving, copying, and sharing files.

-2. [Use the guided process for basic setup](m365bp-setup.md#use-the-guided-process-for-basic-setup)

-2. [See the guided process for basic setup](m365bp-setup.md#use-the-guided-process-for-basic-setup).

-Learn more about [multi-factor authentication](m365bp-multifactor-authentication.md) and [phishing and other attacks](avoid-phishing-and-attacks.md).

-1. [Use the Guided process for basic setup](m365bp-setup.md#use-the-guided-process-for-basic-setup).

-Your subscription includes [preset security policies](../security/office-365-security/preset-security-policies.md) that use recommended settings for anti-spam, anti-malware, and anti-phishing protection. By default, built-in protection is enabled; however, consider applying standard or strict protection for increased security.

-Okay, now let's start the mission to [**set up BYOD devices**](m365bp-devices-overview.md).

-3. Verify**Users may join devices to Azure AD** is enabled

-## 5. Link the Group Policy

-## Get the latest Administrative Templates

-## Next objective:

-Follow the guidance to [Install Office applications](m365bp-install-office-apps.md).

-[Review and edit device policies](m365bp-view-edit-create-mdb-policies.md)

-

-This objective is focused on creating protection for any unmanaged Windows 10 PCs and Macs not enrolled in Microsoft Intune. It is very likely your small business or campaign may have staff who bring their own devices (BYODs), and these devices are not managed. BYODs include personally-owned phones, tablets, and PCs.

-Okay, mission complete! Now, let's work on [securing the email system](m365bp-protect-email-overview.md) against phishing and other attacks.

-This article describes how to set up application protection policies for your company's Windows devices.

-2. On the left nav, choose **Devices** \> **Policies** .

-3. Choose an existing Windows app policy and then **Edit**.

-4. Choose **Edit** next to a setting you want to change and then **Save**.

-2. On the left nav, choose **Devices** \> **Policies** \> **Add**.

-3. On the **Add policy** pane, enter a unique name for this policy.

-4. Under **Policy type**, choose **Application Management for Windows 10**.

-5. Under **Device type**, choose either **Personal** or **Company Owned**.

-6. The **Encrypt work files** is turned on automatically.

-7. Set **Prevent users from copying company data to personal files and force them to save work files to OneDrive for Business** to **On** if you don't want the users to save work files on their PC.

-8. Expand **Recover data on Windows devices**. We recommend that you turn it **On**.

-

-

-9. Expand **Protect additional network and cloud locations** if you want to add additional domains or SharePoint Online locations to make sure that files in all the listed apps are protected. If you need to enter more than one item for either field, use a semicolon (;) between the items.

-

-11. Next decide **Who will get these settings?** If you don't want to use the default **All Users** security group, choose **Change**, choose the security groups who will get these settings \> **Select**.

-12. Finally, choose **Add** to save the policy, and assign it to devices.

-[Secure Windows devices](m365bp-secure-windows-devices.md)

-Okay, you've discovered a security breach, but what do you do? It depends on the nature of it.

-## Settings to secure Windows 10 devices

-description: "Setup overview for campaigns or other businesses. How to set up cybersecurity and prevent cyberattacks."

-For this first mission, set up your initial security defenses right away. Sign in and initiate the [setup wizard](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json) to configure overall security and licenses for your teams.

-Once you've achieved these objectives, you can move on to the [next mission](m365bp-security-overview.md).

-Use this article as a guide.

-## Use the guided process for basic setup

-Microsoft 365 Business Premium includes a guided process for basic setup. The guided process includes these tasks:

-The following video shows the guided setup process for Microsoft 365 Business Standard, which works the same way in Microsoft 365 Business Premium.<br/><br/>

-2. In the search box, fill in your location and company size.

-## Next objectives

-After you have finished your initial setup process, your next objectives are to set up your security and compliance capabilities:

-1. [Set up your security protection](m365bp-security-overview.md).

-2. Train your team:

- - [Set up personal devices used to access business data](m365bp-devices-overview.md)

- - [Use email more securely](m365bp-protect-email-overview.md)

- - [Collaborate and share more securely](m365bp-collaborate-share-securely.md)

-3. [Protect managed devices](m365bp-protect-devices.md).

-description: "Learn how to validate the Microsoft 365 Business Premium app protection settings in your Android or iOS devices."

-## Android

-

-After you [set app protection settings for Android or iOS devices](../business-premium/m365bp-app-protection-settings-for-android-and-ios.md) to protect the apps, you can follow these steps to validate that the settings you chose work.

-

-

-

-

-

-

-

-

-

-

-

-## iOS

-

-### Check that the App protection settings are working on user devices

-description: "Learn how to verify that Microsoft 365 for business app protection settings took effect on your users' Windows 10 devices."

-# Validate device protection settings for Windows 10 PCs

-## Verify that Windows 10 device policies are set

-After you [set up device policies](../business-premium/m365bp-protection-settings-for-windows-10-devices.md), it may take up to a few hours for the policy to take effect on users' devices. You can confirm that the policies took effect by looking at various Windows Settings screens on the users' devices. Because the users won't be able to modify the Windows Update and Microsoft Defender Antivirus settings on their Windows 10 devices, many options will be grayed out.

-description: "Setup overview for Microsoft 365 Business Premium for campaigns or other businesses"

-# Set up Microsoft 365 for Campaigns

-## Overview

-Welcome to your first mission. The following are enhanced security measures that are particularly useful for campaigns, but you may want to use these with any organization as part of your mission to achieve greater security.

-For this first mission, you're going to set up your initial security defenses to protect and defend your organization's systems and networks. Sign in and initiate the [setup wizard](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json) to configure overall security and licenses for your teams.

-Your objectives are to:

-Once you've achieved these objectives, you can move on to the [next mission](m365bp-security-overview.md).

-## Contact support

- **If you need to contact support:**

-

-As a Microsoft 365 admin, you have access to our customer support team, **[Contact support for business products - Admin Help](../business-video/get-help-support.md)**

-> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If youΓÇÖre an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account, and you can add new subscriptions to it, but only as long as the bank account is in good standing.

-# Collect cloud attachments in Microsoft Purview eDiscovery (Premium) (preview)

-## Collecting the version shared in a cloud attachment

-Classifiers are available to use as a condition for [Office autolabeling with sensitivity labels](apply-sensitivity-label-automatically.md), [auto-apply retention label policy based on a condition](apply-retention-labels-automatically.md#configuring-conditions-for-auto-apply-retention-labels) and in [communication compliance](communication-compliance.md).

-> Please note the offensive language, harassment, profanity, discrimination, and threat classifiers only work with searchable text and are not an exhaustive or complete list of terms or language across these areas. Further, language and cultural standards continually change, and in light of these realities, Microsoft reserves the right to update these classifiers in its discretion. While classifiers may assist your organization in detecting these areas, classifiers are not intended to provide your organization's sole means of detecting or addressing the use of such language. Your organization, not Microsoft or its subsidiaries, remains responsible for all decisions related to monitoring, scanning, blocking, removal, and retention of any content identified by a pre-trained classifier, including compliance with local privacy and other applicable laws. Microsoft encourages consulting with legal counsel before deployment and use.

-When the pre-trained classifiers don't meet your needs, you can create and train your own classifiers. There's significantly more work involved with creating your own, but they'll be much better tailored to your organizations needs.

-Contoso IT administrators and compliance specialists attended online webinars about compliance solutions in Microsoft 365 and decided that communication compliance policies will help them meet the updated corporate policy requirements for reducing workplace harassment. Working together, they've developed a plan to create and enable a communication compliance policy that will monitor for inappropriate text for chats sent in Microsoft Teams, private messages and community conversations in Yammer, and in email messages sent in Exchange Online. Their plan includes identifying:

-The first step is to confirm that Contoso's Microsoft 365 licensing includes support for the communication compliance solution. To access and use communication compliance, Contoso IT administrators need to verify that Contoso has one of the following:

-Contoso decides to use the *Communication Compliance* role group assign all the communication compliance administrators, analysts, investigators, and viewers to the group. This makes it easier for Contoso to get started quickly and best fits their compliance management requirements.

-| **Communication Compliance** | Use this role group to manage communication compliance for your organization in a single group. By adding all user accounts for designated administrators, analysts, investigators, and viewers, you can configure communication compliance permissions in a single group. This role group contains all the communication compliance permission roles. This configuration is the easiest way to quickly get started with communication compliance and is a good fit for organizations that do not need separate permissions defined for separate groups of users. |

-| **Communication Compliance Admin** | Use this role group to initially configure communication compliance and later to segregate communication compliance administrators into a defined group. Users assigned to this role group can create, read, update, and delete communication compliance policies, global settings, and role group assignments. Users assigned to this role group cannot view message alerts. |

-| **Communication Compliance Analyst** | Use this group to assign permissions to users that will act as communication compliance analysts. Users assigned to this role group can view policies where they are assigned as Reviewers, view message metadata (not message content), escalate to additional reviewers, or send notifications to users. Analysts cannot resolve pending alerts. |

-Communication compliance requires audit logs to show alerts and track remediation actions taken by reviewers. The audit logs are a summary of all activities associated with a defined organizational policy or anytime there is a change to a communication compliance policy.

-Contoso compliance specialists want to add all users to the communication policy that will monitor for inappropriate text. They could decide to add each user account to the policy separately, but they've decided it is much easier and saves time to use an **All Users** distribution group for the users for this policy.

-Mailboxes hosted on Exchange Online as part of your Microsoft 365 or Office 365 subscription are all eligible for message scanning. Exchange email messages and attachments matching communication compliance policy conditions may approximately 24 hours to process. Supported attachment types for communication compliance are the same as the [file types supported for Exchange mail flow rule content inspections](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments#supported-file-types-for-mail-flow-rule-content-inspection).

-Select dedicated stakeholders to monitor and review the alerts and cases on a regular cadence in the [Microsoft Purview compliance portal](https://compliance.microsoft.com/). Make sure you understand how you will assign users and stakeholders to different communication compliance role groups in your organization.

-| **Communication Compliance** | Use this role group to manage communication compliance for your organization in a single group. By adding all user accounts for designated administrators, analysts, investigators, and viewers, you can configure communication compliance permissions in a single group. This role group contains all the communication compliance permission roles. This configuration is the easiest way to quickly get started with communication compliance and is a good fit for organizations that do not need separate permissions defined for separate groups of users. Users that create policies as a communication compliance administrator must have their mailbox hosted on Exchange Online. |

-| **Communication Compliance Admin** | Use this role group to initially configure communication compliance and later to segregate communication compliance administrators into a defined group. Users assigned to this role group can create, read, update, and delete communication compliance policies, global settings, and role group assignments. Users assigned to this role group cannot view message alerts. Users that create policies as a communication compliance administrator must have their mailbox hosted on Exchange Online. |

-| **Communication Compliance Analyst** | Use this group to assign permissions to users that will act as communication compliance analysts. Users assigned to this role group can view policies where they are assigned as Reviewers, view message metadata (not message content), escalate to additional reviewers, or send notifications to users. Analysts cannot resolve pending alerts. |

-Protecting the privacy of users that have policy matches is important and can help promote objectivity in data investigation and analysis reviews for communication compliance alerts. This setting applies only to user names displayed the communication compliance solution. It does not affect how names are displayed in other compliance solutions or admin center.

-User reported messages from Teams chats are the only messages processed by the User-reported message policy and only the assigned reviewers for the policy can be modified. All other policy properties aren't editable. When the policy is created, the initial reviewers assigned to the policy are all members of the *Communication Compliance Admins* role group (if populated with at least one user) or all members of your organization's *Global Admin* role group . The policy creator is a randomly selected user from the *Communication Compliance Admins* role group (if populated with at least one user) or a randomly selected user from your organization's *Global Admin* role group.

-Configure custom keyword dictionaries (or lexicons) to provide simple management of keywords specific to your organization or industry. Keyword dictionaries support up to 100 KB of terms (post-compression) in the dictionary and support any language. The tenant limit is also 100 KB after compression. If needed, you can apply multiple custom keyword dictionaries to a single policy or have a single keyword dictionary per policy. These dictionaries are assigned in a communication compliance policy and can be sourced from a file (such as a .csv or .txt list), or from a list you can [Import in the Compliance center](create-a-keyword-dictionary.md). Use custom dictionaries when you need to support terms or languages specific to your organization and policies.

-[Built-in trainable and global classifiers](/microsoft-365/compliance/classifier-learn-about) scan sent or received messages across all communication channels in your organization for different types of compliance issues. Classifiers use a combination of artificial intelligence and keywords to identify language in messages likely to violate anti-harassment policies. Built-in classifiers currently support message keyword identification in several languages:

-Communication compliance built-in trainable and global classifiers scan communications for terms, images, and sentiment for the following types of language and content:

-The *Adult*, *Racy*, and *Gory* image classifiers scan files in .jpeg, .png, .gif, and .bmp formats. The size for image files must be less than 4 megabytes (MB) and the dimensions of the images must be greater than 50x50 pixels and greater than 50 kilobytes (KB) for the image to qualify for evaluation. Image identification is supported for Exchange Online email messages and Microsoft Teams channels and chats.

-The built-in trainable and global classifiers don't provide an exhaustive list of terms or images across these areas. Further, language and cultural standards continually change, and in light of these realities, Microsoft reserves the right to update classifiers at its discretion. While classifiers may assist your organization in monitoring these areas, classifiers aren't intended to provide your organization's sole means of monitoring or addressing such language or imagery. Your organization, not Microsoft, remains responsible for all decisions related to monitoring, scanning, and blocking language and images in these areas, including compliance with local privacy and other applicable laws. Microsoft encourages consulting with legal counsel before deployment and use.

-| **Content matches any of these classifiers** | Apply to the policy when any classifiers are included or excluded in a message. Some classifiers are pre-defined in your tenant, and custom classifiers must be configured separately before they're available for this condition. Only one classifier can be defined as a condition in a policy. For more information about configuring classifiers, see [Learn about trainable classifiers (preview)](classifier-learn-about.md). |

-Use the *Export* option to create a .csv file containing the report details for any detailed report. The *Export* report option supports file size downloads up to 3MB.

-Similarly, if you now create retention labels in file plan, they are also available from **Data lifecycle management** if the labels aren't configured to mark content as a record.

-3. After you have created the label and you see the options to publish the label, auto-apply the label, or just save the label: Select **Just save the label for now**, and then select **Done**.

-You can delete retention labels that aren't currently included in any [published](create-apply-retention-labels.md) or [auto-apply](apply-retention-labels-automatically.md) retention label policies, that aren't configured for event-based retention, or mark items as regulatory records.

-For retention labels that you can delete, if they have been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items.

-Now you've created retention labels, they are ready to be added to items by publishing the labels, or automatically applying them:

-description: "Learn how to adjust scheduling preferences for Scheduler for Microsoft 365."

-Scheduling Preferences

-======================

-Scheduler takes into account several Outlook preferences to schedule a meeting for an organizer. Any changes to their preference settings via Outlook clients will automatically be reflected in how Scheduler handles the subsequent requests sent to Cortana. For instance, if an organizer changes their time zone preference on the Settings page in Outlook Web, all subsequent requests by the organizer will default to the new time zone value.

-Supported Settings

-Time zone

-The time zone used when determining an appropriate time to schedule meetings. See [Add, remove, or change time zones](https://support.microsoft.com/en-us/office/add-remove-or-change-time-zones-5ab3e10e-5a6c-46af-ab48-156fedf70c04) documentation.

-Work hours and days

-For most meeting types, Scheduler will schedule a time according to the organizer's work week and meeting hours preferences. See [Change your work hours and days in Outlook](https://support.microsoft.com/en-us/office/change-your-work-hours-and-days-in-outlook-a27f261d-0681-415f-8ac1-388ab21e833f) documentation.

-Online meetings

-You can turn on a Calendar option so that all the meetings you schedule from Outlook and Scheduler will be held online with conference details. Scheduler currently supports Teams and Skype as meeting providers. See [Make all meetings Teams meetings](https://support.microsoft.com/en-us/office/schedule-a-teams-meeting-from-outlook-883cc15c-580f-441a-92ea-0992c00a9b0f#bkmk_makeallteamsmtngs) documentation.

-Default meeting duration

-If the organizer does not specify the desired meeting duration in the request, Scheduler will use the preferred meeting duration for the request. This setting is only available in the Windows Outlook client.

-1. Click on **File** > **Options**

-2. Select **Calendar** in the **Navigation Pane**.

-3. The default duration setting is located under **Calendar** **Options**.

-

-Avoid back-to-back meetings

-Outlook now has a setting that automatically starts meetings late or ends meetings early to avoid back-to-back meetings. If set, Scheduler will also shorten the meeting duration according to the preference setting. See [Change default meeting length](https://techcommunity.microsoft.com/t5/hybrid-work/change-default-meeting-length-in-outlook-avoid-back-to-back/m-p/1247361) in Outlook documentation.

-##Additional Note

-