-You can easily see how people in your business are using Microsoft 365 services. For example, you can identify who is using a service a lot and reaching quotas, or who may not need a Microsoft 365 license at all. Perpetual license model will not be included in the reports.

-The Microsoft 365 Reports dashboard shows you an activity overview across the products in your organization. It enables you to drill into individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the Microsoft browser usage report, you can gain insights on Internet Explorer, Microsoft Edge Legacy, and new Microsoft Edge usage. Usage reporting is based on Microsoft 365 online services accessed by using a Microsoft browser on any device that uses a Microsoft 365 account.

-## How to notify users to upgrade their browser

-Global admins can opt in to sending messages to users, who are accessing Microsoft 365 services from Internet Explorer (as a reminder, the Internet Explorer desktop application will be retired on June 15, 2022). This targeted message notifies users that support for these browsers will end soon and links to a support article with information on Microsoft Edge and simple steps to follow to switch browsers.

-You can find this feature on the Microsoft browser usage report page if your organization has Internet Explorer usage shown on the report (global admin permissions needed). Once the message is created, users will get notified at the frequency specified until June 15, 2022. You can turn this feature on or off at any time.

-This is a time-limited feature that is currently only available for global admins in the US and allows user notifications in Excel online.

-## Interpret the Microsoft browser usage report

-|1. |The **Microsoft browser usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. |

-|2. |The data in each report usually covers up to the last seven days. |

-|3. |The **Daily active users** chart shows you the daily user count for Microsoft Edge, Microsoft Edge Legacy and Internet Explorer when used to access to Microsoft 365 services. |

-|4. |The **Active Users** chart shows you the total number of users using Microsoft Edge, Microsoft Edge Legacy and Internet Explorer when used to access to Microsoft 365 services over the selected time period. |

-|5. |The table shows you a breakdown of data at the per-user level. You can add or remove columns from the table. <br/><br/>**Username** is the email address of the user who connected to Microsoft 365 services using Microsoft browsers.<br><br/>**Used Microsoft Edge** shows a tick mark if the user used Microsoft Edge to connect to Microsoft 365 services.<br/><br/>**Used Microsoft Edge Legacy** shows a tick mark if the user used Microsoft Edge Legacy to connect to Microsoft 365 services.<br/><br/>**Used Internet Explorer** shows a tick mark if the user used Internet Explorer to connect to Microsoft 365 services. |

-|6. |Select the **Choose columns** icon to add or remove columns from the report.|

-|7. |You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data for all users and enables you to do simple aggregation, sorting, and filtering for further analysis. If you have fewer than 100 users, you can sort and filter within the table in the report itself. If you have more than 100 users, in order to filter and sort, you will need to export the data.|

-You can assign users to a role in 2 different ways:

- ## Watch: Delete a user

-Watch a short video about resetting user passwords.<br><br>

-<a name="bkmk_forgot"> </a>

-<a name="bkmk_forgot"> </a>

-## Try it!

-First you will need to delete existing DNS records from Google, then we can add new DNS records from Microsoft 365.

-## Try it!

-## Try it!

-## Try it!

-### Install the Microsoft 365 Migration App

-### Select and scan your drives

-### Start the migration

-3. When migration successfully completes, each drive will show a **Migration status** of **Completed**.

-## Try it!

-## Raise the level of protection against malware in mail

-2. On the **Anti-malware** page, double-click on **Default (Default)**. A flyout appears.

-3. Select **Edit protection settings** at the bottom of the flyout.

-4. under **Protection settings**, select the checkbox next to **Enable the common attachments filter**. The file types that are blocked are listed directly below this control. Make sure that you add these file types:

-6. Select **Save.**

-## Protect against ransomware

-To protect against ransomware, create one or more mail flow rules to block file extensions that are commonly used for ransomware. (You added these rules in the [raise the level of protection against malware in mail](#raise-the-level-of-protection-against-malware-in-mail) step.) You can also warn users who receive these attachments in email.

-## Protect your email from phishing attacks

-## Protect against phishing attacks with Safe Links

-You can increase your malware protection by blocking attachments with file types that are commonly used for malware. To bump up malware protection in email, view a [short training video](increase-threat-protection.md#raise-the-level-of-protection-against-malware-in-mail), or complete the following steps:

-To create a mail transport rule, view a [short training video](increase-threat-protection.md#protect-against-ransomware), or complete the following steps:

-To get to Safe Links, view a [short training video](increase-threat-protection.md#protect-against-phishing-attacks-with-safe-links), or complete the following steps:

- **[Check the Domains FAQ](domains-faq.yml)** if you don't find what you're looking for.

-## Try it!

-## Try it!

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/9fe86884-8a83-42cc-bca9-61a12e6dad31?autoplay=false]

-## Try it!

-We've updated our Microsoft 365 admin center video training. Go to the [Admin training video library](admin-video-library.yml) page to learn how to set up and manage Microsoft 365 for your business.

-Event-based retention is typically used as part of a records-management process. This means that:

-

-

-

-2. Users (typically records managers) apply those retention labels to content and (for documents in SharePoint and OneDrive) enter an asset ID for each item. In this example, the asset ID is a product name or code used by the organization. Then, each product's records are assigned a retention label, and each record has a property that contains an asset ID. The diagram represents **all the content** for all product records in an organization, and each item bears the asset ID of the product whose record it is.

-It's important to understand that if you don't specify an asset ID or keywords for an event, **all content** with a retention label of that event type will have its retention period triggered by the event. This means that in the previous diagram, all content would start being retained. This might not be what you intend.

-To create and configure your retention label, see the instructions for [Create retention labels](file-plan-manager.md#create-retention-labels) for records management, or [How to create retention labels for data lifecycle management](create-retention-labels-data-lifecycle-management.md). But specific to event-based retention, on the **Define retention settings** page when you create the retention label, after **Start the retention period based on**, select one of the default event types from the dropdown list, or create your own by selecting **Create new event type**:

-

-Event-based retention is typically used for content that's declared a record, so this is a good time to check whether you also need to select the option that marks content as a [record](records-management.md#records).

-> After you choose an event type and save the retention label, the event type cannot be changed.

-Back on the **Define retention settings** page, for **Start the retention period based on**, use the dropdown list to select the event type that you created.

-Up to one million events are supported per tenant.

-If an asset ID is not entered, all content with labels of that event type get the same retention date applied to them.

-After retention labels are assigned to content, you can use content search to find all content that's classified with a specific retention label or that contains a specific asset ID:

-|<d:Name></d:Name>|Provide a unique name for the event,|Cannot contain trailing spaces or the following characters: % * \ & < \> \| # ? , : ;|

-# Differences between document understanding and form processing models

-| Supported file types| Train on PDF, JPG, PNG format, total 50 MB and 500 pages.| Train on 5-10 PDF, Office, or email files, including negative examples.<br>Office files are truncated at 64K characters. OCR-scanned files are limited to 20 pages. Document understanding models support the following file types doc, docx, eml, heic, heif, htm, html, jpeg, jpg, markdown, md, msg, pdf, png, ppt, pptx, rtf, tif, tiff, txt, xls and xlsx.|

-Based on user feedback, we've integrated Windows 365 Business into Microsoft 365 Lighthouse. This will help you manage and monitor all of your customers' Cloud PCs from a single location.

-### Capability to notify users to act on non-compliant devices

-As part of the device compliance baseline step, we've added the capability to notify users in a customer tenant to act on non-compliant devices. With this change, once you apply the device compliance deployment step for any customer tenant, the device compliance policy created in that tenant will automatically send a notification to users when their device becomes non-compliant reminding them to take appropriate action to bring the device back into compliance.

-# Deployment phases

-<br/><br/>

- - m365solution-scenario

- - m365solution-scenario

-<br/><br/>

- - m365solution-scenario

->

- - m365solution-scenario

-# Manage Microsoft Defender for Endpoint, post migration

-After you have moved from your previous endpoint protection and antivirus solution to Microsoft Defender for Endpoint, your next step is to manage your features and capabilities. We recommend using [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), which includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction), to manage your organization's devices and security settings. However, you can use other tools/methods, such as [Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy).

-<br/><br/>

- - m365solution-scenario

-# Make the switch to Microsoft Defender for Endpoint

-## Migration guides

-<br/><br/>

-description: "Read more in this article about Onboarding Windows multi-session devices in Azure Virtual Desktop"

-# Onboard Windows multi-session devices in Azure Virtual Desktop

-Watch this [short video](https://www.youtube.com/watch?v=ceYvRuPp5D8) to learn how you can optimize the Kusto Query Language.

->[!IMPORTANT]

-| where AdditionalFields.TlsClient10 == "Enabled" or AdditionalFields.TlsServer10 == "Enabled"

-Watch this [short video](https://www.youtube.com/watch?v=8qZx7Pp5XgM) to learn how you can use Kusto Query Language to join tables.

-| `join` | Merge the rows of two tables to form a new table by matching values of the specified column(s) from each table. |

- - m365solution-overview

- - m365solution-overview

- - m365solution-overview

- - m365solution-overview

- - m365solution-scenario

-| **Alerts** | Lists alerts associated with the investigation. Alerts can come from threat protection features on a user's device, in Office apps, Microsoft Defender for Cloud Apps, and other Microsoft 365 Defender features.|

- - [EOP Anti-phishing policies](set-up-anti-phishing-policies.md#spoof-settings) named **Standard Preset Security Policy** and **Strict Preset Security Policy** (spoof settings).

-4. **Built-in protection** preset security policy and default security policies

-### Turn off the built-in reporting experience

-We don't recommend the built-in reporting experience in Outlook because it can't use the [user submission policy](./user-submission.md). We recommend using the Report Message add-in or the Report Phishing add-in instead.

-You need to be assigned permissions before you can run this cmdlet. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](/powershell/exchange/find-exchange-cmdlet-permissions).

-Run the following PowerShell command to disable the built-in reporting experience in Outlook on the web:

-```powershell

-Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -ReportJunkEmailEnabled $false

-```

-

- - zero-hour auto purge (ZAP) for malware is turned off (**Protection settings** section \> **Enable zero-hour auto purge for malware** is not selected).

- - the common attachment filter option is turned off (**Protection settings** section \> **Enable the common attachments filter** is not selected).

-If you have Microsoft Defender for Office 365, you should also configure the following settings so that our advanced filtering does not impact the users reporting messages:

-1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat policies** \> **User reported message settings** in the **Others** section. To go directly to the **User submissions** page, use <https://security.microsoft.com/userSubmissionsReportMessage>.

- - **Microsoft Outlook Report Message button** \> **On** : Select this option if you use the Report Message add-in, the Report Phishing add-in or the built-in reporting in Outlook on the web, and then configure the following settings:

- - **Microsoft Outlook Report Message button** \> **Off** : Select this option if you use third-party reporting tools instead of the Report Message add-in, the Report Phishing add-in, or the built-in reporting in Outlook on the web, and then configure the following settings:

-The only requirement is that the original message is included as a .EML or .MSG attachment (not compressed) in the message that's sent to the custom mailbox (don't just forward the original message to the custom mailbox).