Docs update tracker

Updates from: 07/01/2023 03:35:01

Category	Microsoft Docs article	Related commit history on GitHub	Change details
admin	Activity Reports	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md	f1.keywords: Previously updated : 02/18/2020 Last updated : 06/29/2023 audience: Admin Depending on your subscription, here are the available reports in all environmen \|[Project activity](project-activity.md)\|Yes\|Yes\|N/A<sup>1</sup>\|N/A<sup>1</sup>\|N/A<sup>2</sup>\| \|[Visio activity](visio-activity.md)\|Yes\|Yes\|N/A<sup>1</sup>\|N/A<sup>1</sup>\|N/A<sup>2</sup>\| -N/A<sup>1</sup>: The report is in plan to be released in the future. The <a href="https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=" target="_blank">Microsoft 365 Roadmap</a> will be updated before the release. +N/A<sup>1</sup>: The report is planned to be released in the future. The <a href="https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=" target="_blank">Microsoft 365 Roadmap</a> will be updated before the release. N/A<sup>2</sup>: The service is not available in the environment, so there's no plan to release the report. N/A<sup>2</sup>: The service is not available in the environment, so there's no Use the service reports to research how much a specific user is using the service. For example, to find out how much mailbox storage a specific user has consumed, open the Mailbox usage report, and sort the users by name. If you have thousands of users, export the report to Excel so you filter through the list quickly. -You can't generate a report where you enter a user's account and then get a list of which services they are using and how much. +You can't generate a report where you enter a user's account and then get a list of which services they're using and how much. There are circumstances where new users show up as unknown. This is usually due to occasional delays in creating user profiles. Your user list will look like this: If you want to unhide user-level information when you're generating your reports, a global administrator can quickly make that change in the admin center. -Reports provide information about your organization's usage data. By default, reports display information with identifiable names for users, groups, and sites. Starting September 1, 2021, we are hiding user information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws. +Reports provide information about your organization's usage data. By default, reports display information with identifiable names for users, groups, and sites. Starting September 1, 2021, we're hiding user information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws. Global administrators can revert this change for their tenant and show identifiable user information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps: Two methods have been approved for this API: The report will only contain a Privacy Setting property. For more information on Graph API, see [Use the Microsoft Graph API](/graph/use-the-api). Global admins can use the Software Development Kit (SDK) or directly call the API using any program language with network ability. We recommend using [Graph Explorer](/graph/graph-explorer/graph-explorer-overview). -It'll take a few minutes for these changes to take effect on the reports in the reports dashboard. This setting also applies to the Microsoft 365 usage reports in [Microsoft Graph](/graph/api/resources/report) and [Power BI](/microsoft-365/admin/usage-analytics/usage-analytics) and [the usage reports in Microsoft Teams Admin center](/microsoftteams/teams-analytics-and-reports/teams-reporting-reference). Showing identifiable user information is a logged event in the Microsoft Purview compliance portal audit log. +It will take a few minutes for these changes to take effect on the reports in the reports dashboard. This setting also applies to the Microsoft 365 usage reports in [Microsoft Graph](/graph/api/resources/report) and [Power BI](/microsoft-365/admin/usage-analytics/usage-analytics) and [the usage reports in Microsoft Teams Admin center](/microsoftteams/teams-analytics-and-reports/teams-reporting-reference). Showing identifiable user information is a logged event in the Microsoft Purview compliance portal audit log. ## What happens to usage data when a user account is deleted?
business-premium	M365bp Mdb Maintain Environment	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-mdb-maintain-environment.md	audience: Admin Previously updated : 06/29/2023 Last updated : 06/30/2023 ms.localizationpriority: medium - M365-Campaigns The following table summarizes remediation actions that are available in Defende ## See also -[Security incident management](m365bp-security-incident-management.md) +- [Security incident management](m365bp-security-incident-management.md) +- [Reports in Defender for Business](../security/defender-business/mdb-reports.md) +- [Microsoft 365 for business security best practices](secure-your-business-data.md)
compliance	Communication Compliance Teams	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-teams.md	audience: admin Previously updated : 04/17/2023 Last updated : 06/30/2023 ms.localizationpriority: medium search.appverid: MET150 f1.keywords: Communication compliance and Microsoft Teams are tightly integrated and can help ### Getting started -Getting started with communication compliance in Microsoft Teams begins with [planning](communication-compliance-plan.md) and creating pre-defined or custom policies to identify inappropriate user activities in Teams channels or in 1:1 and groups. Keep in mind that you'll need to [configure](communication-compliance-configure.md) some permissions and basic prerequisites as part of the configuration process. +Getting started with communication compliance in Microsoft Teams begins with [planning](communication-compliance-plan.md) and creating predefined or custom policies to identify inappropriate user activities in Teams channels or in 1:1 and groups. Keep in mind that you'll need to [configure](communication-compliance-configure.md) some permissions and basic prerequisites as part of the configuration process. Teams administrators can configure communication compliance policies at the following levels: In the next dialog box, the user selects the Inappropriate - Harassment, viole ![Report a message choices.](../media/communication-compliance-report-message-choices.png) > [!NOTE] -> The other choice in the list (Security risk- Spam, phishing, malicious content), if available, is managed by Microsoft Defender for Office 365. The user might also be presented with just the Inappropriate - Harassment, violence, nudity, and disturbing content option, depending on which policy options are turned on in the Microsoft Teams admin center. +> The other choice in the list (Security risk- Spam, phishing, malicious content), if available, is managed by Microsoft Defender for Office 365. The user might also be presented with just the Inappropriate - Harassment, violence, nudity, and disturbing content** option, depending on which policy options are turned on in the Microsoft Teams admin center. [Learn more about the Microsoft Defender for Office setting](https://go.microsoft.com/fwlink/?linkid=2226727) After submitting the message for review, the user receives a confirmation of the submittal in Microsoft Teams. Other participants in the chat do not see this notification.
compliance	Insider Risk Management Activities	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-activities.md	f1.keywords: Previously updated : 05/09/2023 Last updated : 06/30/2023 audience: itpro - tier1 To dismiss an insider risk alert, complete the following steps: 4. On the Dismiss alerts detail pane, you can review the user and policy details associated with the selected alerts. 5. Select Dismiss alerts to resolve the alerts as benign or select Cancel to close the details pane without dismissing the alerts. +## Assign an alert + +If you're an administrator with the appropriate permissions, you can assign ownership of an alert to yourself or to an insider risk management user with the Insider Risk Management, Insider Risk Management Analyst, or Insider Risk Management Investigator role. After an alert is assigned, you can also reassign it to a user with any of the same roles. You can only assign an alert to one admin at a time. + +After an admin is assigned, you can filter by admin. + +### Assign an alert from the Alerts dashboard + +1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to Insider risk management, and then select the Alerts tab. +2. On the Alerts dashboard, select the alert(s) that you want to assign. +3. In the button bar above the alerts queue, select Assign. +4. In the Assign owner pane on the right side of the screen, search for an admin with the appropriate permissions, and then select the checkbox for that admin. +5. Select Assign. + +### Assign an alert from the Alerts detail page + +1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to Insider risk management, and then select the Alerts tab. +2. Select an alert. +3. In the detail pane for the alert, in the upper-right corner of the page, select Assign. +4. In the Suggested contacts list, select the appropriate admin. + ## Triage alerts -To triage an insider risk alert, complete the following steps: +To triage an insider risk alert: 1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to Insider risk management and select the Alerts tab. 2. On the Alerts dashboard, select the alert you want to triage.
compliance	Insider Risk Management Cases	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-cases.md	f1.keywords: Previously updated : 02/21/2023 Last updated : 06/30/2023 audience: itpro - tier1 Use the Search control to search for a Case ID or to search for specific tex - Time case opened, start date, and end date - Last updated, start date, and end date +## Assign a case + +If you're an administrator with the appropriate permissions, you can assign ownership of a case to yourself or to an insider risk management user with the Insider Risk Management, Insider Risk Management Analyst, or Insider Risk Management Investigator role. After a case is assigned, you can also reassign it to a user with any of the same roles. You can only assign a case to one admin at a time. + +If an admin is assigned to a case, you can filter by admin. + +### Assign a case from the Cases dashboard + +1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to Insider risk management, and then select the Cases tab. +2. On the Cases dashboard, select the case(s) that you want to assign. +3. In the button bar above the cases queue, select Assign. +4. In the Assign owner pane on the right side of the screen, search for an admin with the appropriate permissions, and then select the checkbox for that admin. +5. Select Assign. + +### Assign a case from the Cases detail page + +1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to Insider risk management, and then select the Cases tab. +2. Select a case. +3. In the detail pane for the case, to the left of the Resolve a case button, select Assign. +4. In the Suggested contacts list, select the appropriate admin. + ## Filter cases Depending on the number and type of active insider risk management policies in your organization, reviewing a large queue of cases can be challenging. Using case filters can help analysts and investigators sort cases by several attributes. To filter alerts on the Cases dashboard, select the Filter control. You can filter cases by one or more attributes:
enterprise	Additional Office365 Ip Addresses And Urls	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls.md	Apart from DNS, these instances are all optional for most customers unless you n \|20\|[Azure AD Connect](/azure/active-directory/hybrid/) with 21 ViaNet in China to sync on-premises user accounts to Azure AD.\|\.digicert.com:80 <BR> \.entrust.net:80 <BR> \.chinacloudapi.cn:443 <br> secure.aadcdn.partner.microsoftonline-p.cn:443 <br> \.partner.microsoftonline.cn:443 <p> Also see [Troubleshoot ingress with Azure AD connectivity issues](https://docs.azure.cn/zh-cn/active-directory/hybrid/tshoot-connect-connectivity).\|Outbound server-only traffic\| \|21\|Microsoft Stream (needs the Azure AD user token). <br> Office 365 Worldwide (including GCC)\|\.cloudapp.net <br> \.api.microsoftstream.com <br> \.notification.api.microsoftstream.com <br> amp.azure.net <br> api.microsoftstream.com <br> az416426.vo.msecnd.net <br> s0.assets-yammer.com <br> vortex.data.microsoft.com <br> web.microsoftstream.com <br> TCP port 443\|Inbound server traffic\| \|22\|Use MFA server* for multi-factor authentication requests, both new installations of the server and setting it up with Active Directory Domain Services (AD DS).\|See [Getting started with the Azure AD multi-factor authentication Server](/azure/active-directory/authentication/howto-mfaserver-deploy#plan-your-deployment).\|Outbound server-only traffic\| -\|23\|Microsoft Graph Change Notifications <p> Developers can use [change notifications](/graph/webhooks?context=graph%2fapi%2f1.0&view=graph-rest-1.0&preserve-view=true) to subscribe to events in the Microsoft Graph.\|Public Cloud: 52.159.23.209, 52.159.17.84, 13.78.204.0, 52.148.24.136, 52.148.27.39, 52.147.213.251, 52.147.213.181, 20.127.53.125, 40.76.162.99, 40.76.162.42, 70.37.95.92, 70.37.95.11, 70.37.92.195, 70.37.93.191, 20.9.36.45, 20.9.35.166, 20.9.36.128, 20.96.21.67, 20.69.245.215, 104.46.117.15, 137.135.11.161, 137.135.11.116, 20.253.156.113, 52.159.107.50, 52.159.107.4, 52.159.124.33, 20.98.68.182, 20.98.68.57, 20.98.68.200, 20.171.81.121, 20.25.189.138, 20.171.82.192, 52.142.114.29, 52.142.115.31, 20.223.139.245, 51.124.75.43, 51.124.73.177, 104.40.209.182, 20.199.102.157, 20.199.102.73, 20.216.150.67, 20.91.212.211, 20.91.212.136, 20.91.213.57, 20.44.210.83, 20.44.210.146, 20.212.153.162, 40.80.232.177, 40.80.232.118, 52.231.196.24, 20.48.12.75, 20.48.11.201, 20.89.108.161, 104.215.13.23, 104.215.6.169, 20.89.240.165 <br> <p> Microsoft Cloud for US Government: 52.244.33.45, 52.244.35.174, 52.243.157.104, 52.243.157.105, 52.182.25.254, 52.182.25.110, 52.181.25.67, 52.181.25.66, 52.244.111.156, 52.244.111.170, 52.243.147.249, 52.243.148.19, 52.182.32.51, 52.182.32.143, 52.181.24.199, 52.181.24.220 <p> Microsoft Cloud China operated by 21Vianet: 42.159.72.35, 42.159.72.47, 42.159.180.55, 42.159.180.56, 40.125.138.23, 40.125.136.69, 40.72.155.199, 40.72.155.216 <br> TCP port 443 <p> Note: Developers can specify different ports when creating the subscriptions.\|Inbound server traffic\| +\|23\|Microsoft Graph Change Notifications <p> Developers can use [change notifications](/graph/webhooks?context=graph%2fapi%2f1.0&view=graph-rest-1.0&preserve-view=true) to subscribe to events in the Microsoft Graph.\|Public Cloud: 52.159.23.209, 52.159.17.84, 13.78.204.0, 52.147.213.251, 52.147.213.181, 20.127.53.125, 70.37.95.92, 70.37.95.11, 70.37.92.195, 20.9.36.45, 20.9.35.166, 20.9.36.128, 20.96.21.67, 20.69.245.215, 104.46.117.15, 137.135.11.161, 137.135.11.116, 20.253.156.113, 52.159.107.50, 52.159.107.4, 52.159.124.33, 20.98.68.182, 20.98.68.57, 20.98.68.200, 20.171.81.121, 20.25.189.138, 20.171.82.192, 52.142.114.29, 52.142.115.31, 20.223.139.245, 51.124.75.43, 51.124.73.177, 104.40.209.182, 20.199.102.157, 20.199.102.73, 20.216.150.67, 20.91.212.211, 20.91.212.136, 20.91.213.57, 20.44.210.83, 20.44.210.146, 20.212.153.162, 40.80.232.177, 40.80.232.118, 52.231.196.24, 20.48.12.75, 20.48.11.201, 20.89.108.161, 104.215.13.23, 104.215.6.169, 20.89.240.165 <br> <p> Microsoft Cloud for US Government: 52.244.33.45, 52.244.35.174, 52.243.157.104, 52.243.157.105, 52.182.25.254, 52.182.25.110, 52.181.25.67, 52.181.25.66, 52.244.111.156, 52.244.111.170, 52.243.147.249, 52.243.148.19, 52.182.32.51, 52.182.32.143, 52.181.24.199, 52.181.24.220 <p> Microsoft Cloud China operated by 21Vianet: 42.159.72.35, 42.159.72.47, 42.159.180.55, 42.159.180.56, 40.125.138.23, 40.125.136.69, 40.72.155.199, 40.72.155.216 <br> TCP port 443 <p> Note: Developers can specify different ports when creating the subscriptions.\|Inbound server traffic\| \|24\|Network Connection Status Indicator<p>Used by Windows 10 and 11 to determine if the computer is connected to the internet (does not apply to non-Windows clients). When this URL cannot be reached, Windows assumes it is not connected to the Internet and M365 Apps for Enterprise will not try to verify activation status, causing connections to Exchange and other services to fail.\|www.msftconnecttest.com <br> 13.107.4.52<p>Also see [Manage connection endpoints for Windows 11 Enterprise](/windows/privacy/manage-windows-11-endpoints) and [Manage connection endpoints for Windows 10 Enterprise, version 21H2](/windows/privacy/manage-windows-21h2-endpoints).\|Outbound server-only traffic\| \|25\|Teams Notifications on Mobile Devices<p>Used by Android and Apple mobile devices to receive push notifications to the Teams client for incoming calls and other Teams services. When these ports are blocked, all push notifications to mobile devices fail.\|For specific ports, see [FCM ports and your firewall in the Google Firebase documentation](https://firebase.google.com/docs/cloud-messaging/concept-options#messaging-ports-and-your-firewall) and [If your Apple devices aren't getting Apple push notifications](https://support.apple.com/en-us/HT203609).\|Outbound server-only traffic\|
enterprise	Administering Exchange Online Multi Geo	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/administering-exchange-online-multi-geo.md	Title: "Administering Exchange Online mailboxes in a multi-geo environment" Previously updated : 6/20/2023 Last updated : 6/29/2023 description: Learn how to administer Exchange Online multi-geo settings in your Exchange Online PowerShell is required to view and configure multi geo properties in your Microsoft 365 environment. To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). -You need the [Microsoft Azure Active Directory PowerShell Module](https://social.technet.microsoft.com/wiki/contents/articles/28552.microsoft-azure-active-directory-powershell-module-version-release-history.aspx) v1.1.166.0 or later in v1.x to see the PreferredDataLocation property on user objects. User objects that are synchronized via Azure Active Direct Connect into Microsoft Azure Active Directory (Azure AD) have their PreferredDataLocation value directly modified via Azure AD PowerShell. Cloud-only user objects can be modified via Azure AD PowerShell. To connect to Azure AD PowerShell, see [Connect to PowerShell](connect-to-microsoft-365-powershell.md). +You need the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation) to see the PreferredDataLocation property on user objects. User objects that are synchronized via Azure Active Direct Connect into Microsoft Azure Active Directory (Azure AD) have their PreferredDataLocation value directly. Admins can manually modify cloud-only user objects via Microsoft Graph PowerShell as described in this article. To connect to Microsoft Graph PowerShell, see [Sign in to Microsoft Graph PowerShell](/powershell/microsoftgraph/get-started#sign-in). In Exchange Online multi-geo environments, you don't need to do any manual steps to add geo locations to your tenant. After you receive the Message Center post that says multi-geo is ready for Exchange Online, all available geo locations are ready and configured for you to use. Get-OrganizationConfig \| Select DefaultMailboxRegion The Get-Mailbox cmdlet in Exchange Online PowerShell displays the following multi-geo related properties on mailboxes: - Database: The first three letters of the database name correspond to the geo code, which tells you where the mailbox is currently located. For Online Archive Mailboxes the ArchiveDatabase property should be used.- - MailboxRegion: Specifies the geo location code that was set by the admin (synchronized from PreferredDataLocation in Azure AD).- - MailboxRegionLastUpdateTime: Indicates when MailboxRegion was last updated (either automatically or manually). To see these properties for a mailbox, use the following syntax: MailboxRegionLastUpdateTime : 2/6/2023 8:21:01 PM ## Move an existing cloud-only mailbox to a specific geo location -A cloud-only user (a user created directly in Azure AD) is a user that's not synchronized to the tenant via Azure AD Connect. Use the Get-MsolUser and Set-MsolUser cmdlets in the Azure AD Module for Windows PowerShell to view or specify the geo location where a cloud-only user's mailbox is stored. +A cloud-only user (a user created directly in Azure AD) is a user that's not synchronized to the tenant via Azure AD Connect. Use the Get-MgUser and Set-MgUser cmdlets in Microsoft Graph PowerShell to view or specify the geo location where a cloud-only user's mailbox is stored. -To view the PreferredDataLocation value for a user, use this syntax in Azure AD PowerShell: +To view the PreferredDataLocation value for users, run the following command in Microsoft Graph PowerShell: ```powershell -Get-MsolUser -UserPrincipalName <UserPrincipalName> \| Format-List UserPrincipalName,PreferredDataLocation +Get-MgUser -All -Property PreferredDataLocation,ID,UserPrincipalName\| Format-Table PreferredDataLocation,ID,UserPrincipalName -AutoSize ``` -For example, to see the PreferredDataLocation value for the user michelle@contoso.onmicrosoft.com, run the following command: +Use the ID value from the previous command to modify the PreferredDataLocation value for a cloud-only user object: ```powershell -Get-MsolUser -UserPrincipalName michelle@contoso.onmicrosoft.com \| Format-List +Update-MgUser -UserId <ID> -PreferredDataLocation <GeoLocationCode> ``` -To modify the PreferredDataLocation value for a cloud-only user object, use the following syntax in Azure AD PowerShell: +For example, to set the PreferredDataLocation value to the European Union (EUR) geo for the specified ID, run the following command: ```powershell -Set-MsolUser -UserPrincipalName <UserPrincipalName> -PreferredDataLocation <GeoLocationCode> +Update-MgUser -UserId dba12422-ac75-486a-a960-cd7cb3f6963f -PreferredDataLocation EUR ``` -For example, to set the PreferredDataLocation value to the European Union (EUR) geo for the user michelle@contoso.onmicrosoft.com, run the following command: - -```powershell -Set-MsolUser -UserPrincipalName michelle@contoso.onmicrosoft.com -PreferredDataLocation EUR -``` +For detailed syntax and parameter information, see [Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser) and [Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser). > [!NOTE] > To create a new mailbox in a specific geo location, you need to do either of the - Configure the PreferredDataLocation value as described in the previous [Move an existing cloud-only mailbox to a specific geo location](#move-an-existing-cloud-only-mailbox-to-a-specific-geo-location) section before you create the mailbox in Exchange Online. For example, configure the PreferredDataLocation value on a user before you assign a license. - Assign a license at the same time you set the PreferredDataLocation value. -To create a new cloud-only licensed user (not Azure AD Connect synchronized) in a specific geo location, use the following syntax in Azure AD PowerShell: +To create a new cloud-only licensed user (not Azure AD Connect synchronized) in a specific geo location, use the following syntax in Microsoft Graph PowerShell: ```powershell -New-MsolUser -UserPrincipalName <UserPrincipalName> -DisplayName "<Display Name>" [-FirstName <FirstName>] [-LastName <LastName>] [-Password <Password>] [-LicenseAssignment <AccountSkuId>] -PreferredDataLocation <GeoLocationCode> +$PasswordProfile = @{Password = '<Password>'} + +New-MgUser -DisplayName "<Display Name>" -AccountEnabled -MailNickName <Alias> -UserPrincipalName <Alias>@<domain> -PasswordProfile $PasswordProfile [-GivenName <FirstName>] [-SurName <LastName>] -PreferredDataLocation <GeoLocationCode> ``` This example creates a new user account for Elizabeth Brunner with the following values: +- Display name: Elizabeth Brunner +- Alias: ebrunner - User principal name: ebrunner@contoso.onmicrosoft.com +- Password: xWwvJ]6NMw+bWH-d - First name: Elizabeth - Last name: Brunner-- Display name: Elizabeth Brunner-- Password: randomly generated and shown in the results of the command (because we're not using the Password parameter)-- License: `contoso:ENTERPRISEPREMIUM` (E5) - Location: Australia (AUS) ```powershell -New-MsolUser -UserPrincipalName ebrunner@contoso.onmicrosoft.com -DisplayName "Elizabeth Brunner" -FirstName Elizabeth -LastName Brunner -LicenseAssignment contoso:ENTERPRISEPREMIUM -PreferredDataLocation AUS +$PasswordProfile = @{Password = 'xWwvJ]6NMw+bWH-d'} + +New-MgUser -DisplayName "Elizabeth Brunner" -AccountEnabled -MailNickName ebrunner -UserPrincipalName ebrunner@contoso.onmicrosoft.com -PasswordProfile $PasswordProfile -GivenName Elizabeth -SurName Brunner -PreferredDataLocation AUS ``` -For more information about creating new user accounts and finding LicenseAssignment values in Azure AD PowerShell, see [Create user accounts with PowerShell](create-user-accounts-with-microsoft-365-powershell.md) and [View licenses and services with PowerShell](view-licenses-and-services-with-microsoft-365-powershell.md). +For detailed syntax and parameter information, see [New-MgUser](/powershell/module/microsoft.graph.users/new-mguser). > [!NOTE] > If you're enabling a mailbox in Exchange Online PowerShell and need the mailbox to be created directly in the geo location that's specified in PreferredDataLocation, you need to use an Exchange Online cmdlet such as Enable-Mailbox or New-Mailbox directly in the cloud service. If you use the Enable-RemoteMailbox cmdlet in on-premises Exchange PowerShell, the mailbox is created in the central geo location.
enterprise	Microsoft 365 U S Government Dod Endpoints	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints.md	Title: Office 365 US Government DOD endpoints Previously updated : 05/30/2023 Last updated : 06/29/2023 audience: ITPro Office 365 requires connectivity to the Internet. The endpoints below should be \|Notes\|Download\| \|\|\| -\|Last updated: 05/30/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\|Download: the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\| +\|Last updated: 06/29/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\|Download: the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\| \| Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
enterprise	Microsoft 365 U S Government Gcc High Endpoints	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints.md	Title: "Office 365 U.S. Government GCC High endpoints" Previously updated : 05/30/2023 Last updated : 06/29/2023 audience: ITPro Office 365 requires connectivity to the Internet. The endpoints below should be \|Notes\|Download\| \|\|\| -\|Last updated: 05/30/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\|Download: the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\| +\|Last updated: 06/29/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\|Download: the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)\| \| Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
enterprise	Urls And Ip Address Ranges 21Vianet	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet.md	Title: "URLs and IP address ranges for Office 365 operated by 21Vianet" Previously updated : 05/30/2023 Last updated : 06/29/2023 audience: ITPro hideEdit: true Office 365 endpoints: [Worldwide (including GCC)](urls-and-ip-address-ranges.md) \| Office 365 operated by 21 Vianet \| [Office 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) \| [Office 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) \| -Last updated: 05/30/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) +Last updated: 06/29/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) Download: all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/China?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list.
enterprise	Urls And Ip Address Ranges	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md	Title: "Office 365 URLs and IP address ranges" Previously updated : 05/30/2023 Last updated : 06/29/2023 audience: Admin Office 365 requires connectivity to the Internet. The endpoints below should be \|Notes\|Download\|Use\| \|\|\|\| -\|Last updated: 05/30/2023 - ![RSS.](../medi#pacfiles)\| +\|Last updated: 06/29/2023 - ![RSS.](../medi#pacfiles)\| \| Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This cadence allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
includes	Office 365 Operated By 21Vianet Endpoints	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-operated-by-21vianet-endpoints.md	<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.--> -<!--China endpoints version 2023053000--> -<!--File generated 2023-05-30 08:00:10.8736--> +<!--China endpoints version 2023062900--> +<!--File generated 2023-06-30 08:00:07.8248--> ## Exchange Online ID \| Category \| ER \| Addresses \| Ports ## Microsoft 365 Common and Office Online ID \| Category \| ER \| Addresses \| Ports \| - \| -- \| - \| - -6 \| Allow<BR>Required \| No \| `webshell.suite.partner.microsoftonline.cn`<BR>`40.73.248.8/32, 40.73.252.10/32` \| TCP: 443, 80 -7 \| Allow<BR>Required \| No \| `.azure-mobile.cn, .chinacloudapi.cn, .chinacloudapp.cn, .chinacloud-mobile.cn, .chinacloudsites.cn, .partner.microsoftonline-m.cn, .partner.microsoftonline-m.net.cn, .partner.microsoftonline-m-i.cn, .partner.microsoftonline-m-i.net.cn, .partner.microsoftonline-p.net.cn, .partner.microsoftonline-p-i.cn, .partner.microsoftonline-p-i.net.cn, .partner.officewebapps.cn, .windowsazure.cn, portal.partner.microsoftonline.cdnsvc.com, r4.partner.outlook.cn`<BR>`23.236.126.0/24, 40.73.240.0/24, 40.73.242.0/24, 42.159.224.122/32, 42.159.233.91/32, 42.159.237.146/32, 42.159.238.120/32, 58.68.168.0/24, 112.25.33.0/24, 123.150.49.0/24, 125.65.247.0/24, 139.217.17.219/32, 139.217.19.156/32, 139.217.21.3/32, 139.217.25.244/32, 171.107.84.0/24, 180.210.232.0/24, 180.210.234.0/24, 209.177.86.0/24, 209.177.90.0/24, 209.177.94.0/24, 222.161.226.0/24, 2406:e500:4900::/48` \| TCP: 443, 80 -8 \| Allow<BR>Required \| No \| `.onmschina.cn, .partner.microsoftonline.net.cn, .partner.microsoftonline-i.cn, .partner.microsoftonline-i.net.cn, .partner.office365.cn`<BR>`101.28.252.0/24, 115.231.150.0/24, 123.235.32.0/24, 171.111.154.0/24, 175.6.10.0/24, 180.210.229.0/24, 211.90.28.0/24` \| TCP:* 443, 80 -9 \| Allow<BR>Required \| No \| `.partner.microsoftonline-p.cn`<BR>`42.159.4.68/32, 42.159.4.200/32, 42.159.7.156/32, 42.159.132.138/32, 42.159.133.17/32, 42.159.135.78/32, 182.50.87.0/24` \| TCP:* 443, 80 -10 \| Allow<BR>Required \| No \| `.partner.microsoftonline.cn`<BR>`42.159.4.68/32, 42.159.4.200/32, 42.159.7.156/32, 42.159.132.138/32, 42.159.133.17/32, 42.159.135.78/32, 103.9.8.0/22` \| TCP:* 443, 80 -11 \| Allow<BR>Required \| No \| `activation.sls.microsoft.com, bjb-odcsm.officeapps.partner.office365.cn, bjb-ols.officeapps.partner.office365.cn, bjb-roaming.officeapps.partner.office365.cn, crl.microsoft.com, odc.officeapps.live.com, office15client.microsoft.com, officecdn.microsoft.com, ols.officeapps.partner.office365.cn, osi-prod-bjb01-odcsm.chinacloudapp.cn, osiprod-scus01-odcsm.cloudapp.net, osi-prod-sha01-odcsm.chinacloudapp.cn, roaming.officeapps.partner.office365.cn, sha-odcsm.officeapps.partner.office365.cn, sha-ols.officeapps.partner.office365.cn, sha-roaming.officeapps.partner.office365.cn`<BR>`40.73.248.0/21, 42.159.4.45/32, 42.159.4.50/32, 42.159.4.225/32, 42.159.7.13/32, 42.159.132.73/32, 42.159.132.74/32, 42.159.132.75/32, 65.52.98.231/32, 65.55.69.140/32, 65.55.227.140/32, 70.37.81.47/32, 168.63.252.62/32` \| TCP: 443, 80 +-- \| - \| -- \| -- \| - +7 \| Allow<BR>Required \| No \| `.azure-mobile.cn, .chinacloudapi.cn, .chinacloudapp.cn, .chinacloud-mobile.cn, .chinacloudsites.cn, .partner.microsoftonline-m.net.cn, .partner.microsoftonline-m-i.net.cn, .partner.microsoftonline-p.net.cn, .partner.officewebapps.cn, .windowsazure.cn, portal.partner.microsoftonline.cdnsvc.com, r4.partner.outlook.cn`<BR>`23.236.126.0/24, 40.73.240.0/24, 40.73.242.0/24, 58.68.168.0/24, 112.25.33.0/24, 123.150.49.0/24, 125.65.247.0/24, 171.107.84.0/24, 180.210.232.0/24, 180.210.234.0/24, 209.177.86.0/24, 209.177.90.0/24, 209.177.94.0/24, 222.161.226.0/24, 2406:e500:4900::/48` \| TCP: 443, 80 +8 \| Allow<BR>Required \| No \| `.onmschina.cn, .partner.microsoftonline.net.cn, .partner.microsoftonline-i.net.cn, .partner.office365.cn`<BR>`101.28.252.0/24, 115.231.150.0/24, 123.235.32.0/24, 171.111.154.0/24, 175.6.10.0/24, 180.210.229.0/24, 211.90.28.0/24` \| TCP: 443, 80 +9 \| Allow<BR>Required \| No \| `.partner.microsoftonline-p.cn`<BR>`182.50.87.0/24` \| TCP:* 443, 80 +10 \| Allow<BR>Required \| No \| `.partner.microsoftonline.cn`<BR>`103.9.8.0/22` \| TCP:* 443, 80 +11 \| Allow<BR>Required \| No \| `activation.sls.microsoft.com, bjb-odcsm.officeapps.partner.office365.cn, bjb-roaming.officeapps.partner.office365.cn, crl.microsoft.com, odc.officeapps.live.com, office15client.microsoft.com, officecdn.microsoft.com, ols.officeapps.partner.office365.cn, roaming.officeapps.partner.office365.cn, sha-odcsm.officeapps.partner.office365.cn, sha-roaming.officeapps.partner.office365.cn`<BR>`40.73.248.0/21` \| TCP: 443, 80 13 \| Default<BR>Required \| No \| `.msauth.cn, .msauthimages.cn, .msftauth.cn, .msftauthimages.cn, login.microsoftonline.com` \| TCP: 443, 80 15 \| Default<BR>Required \| No \| `loki.office365.cn` \| TCP: 443 16 \| Default<BR>Required \| No \| `.cdn.office.net, shellprod.msocdn.com` \| TCP:* 443
includes	Office 365 U.S. Government Dod Endpoints	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-u.s.-government-dod-endpoints.md	-<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> +<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.--> -<!--USGovDoD endpoints version 2023053000--> -<!--File generated 2023-05-30 08:00:08.5578--> - -## Exchange Online +<!--USGovDoD endpoints version 2023062900--> +<!--File generated 2023-06-30 08:00:05.4152--> + +## Exchange Online ID \| Category \| ER \| Addresses \| Ports -- \| -- \| \| \| - ID \| Category \| ER \| Addresses \| Ports 4 \| Default<BR>Required \| Yes \| `outlook-dod.office365.us, webmail.apps.mil` \| TCP: 143, 25, 587, 993, 995 5 \| Default<BR>Required \| Yes \| `attachments-dod.office365-net.us, autodiscover.<tenant>.mail.onmicrosoft.com, autodiscover.<tenant>.mail.onmicrosoft.us, autodiscover.<tenant>.onmicrosoft.com, autodiscover.<tenant>.onmicrosoft.us, autodiscover-s-dod.office365.us` \| TCP: 443, 80 6 \| Allow<BR>Required \| Yes \| `.protection.apps.mil, .protection.office365.us`<BR>`23.103.191.0/24, 23.103.199.0/25, 23.103.204.0/22, 52.181.167.52/32, 52.181.167.91/32, 52.182.95.219/32, 2001:489a:2202::/62, 2001:489a:2202:8::/62, 2001:489a:2202:2000::/63` \| TCP: 25, 443- -## SharePoint Online and OneDrive for Business + +## SharePoint Online and OneDrive for Business ID \| Category \| ER \| Addresses \| Ports -- \| -- \| \| \| - ID \| Category \| ER \| Addresses \| Ports 10 \| Default<BR>Required \| No \| `.wns.windows.com, g.live.com, oneclient.sfx.ms` \| TCP:* 443, 80 19 \| Allow<BR>Required \| Yes \| `.od.apps.mil, od.apps.mil` \| TCP:* 443, 80 20 \| Default<BR>Required \| No \| `.svc.ms, az741266.vo.msecnd.net, spoprod-a.akamaihd.net, static.sharepointonline.com` \| TCP:* 443, 80- -## Skype for Business Online and Microsoft Teams + +## Skype for Business Online and Microsoft Teams ID \| Category \| ER \| Addresses \| Ports -- \| -- \| \| -- \| -- 7 \| Optimize<BR>Required \| Yes \| `.dod.teams.microsoft.us, .online.dod.skypeforbusiness.us, dod.teams.microsoft.us`<BR>`52.127.64.0/21, 52.180.249.148/32, 52.180.252.118/32, 52.180.252.187/32, 52.180.253.137/32, 52.180.253.154/32, 52.181.165.243/32, 52.181.166.119/32, 52.181.167.43/32, 52.181.167.64/32, 52.181.200.104/32, 104.212.32.0/22, 104.212.60.0/23, 195.134.240.0/22` \| TCP: 443<BR>UDP: 3478, 3479, 3480, 3481 21 \| Default<BR>Required \| No \| `dodteamsapuiwebcontent.blob.core.usgovcloudapi.net, msteamsstatics.blob.core.usgovcloudapi.net, statics.teams.microsoft.com` \| TCP: 443 22 \| Allow<BR>Required \| Yes \| `endpoint1-proddodcecompsvc-dodc.streaming.media.usgovcloudapi.net, endpoint1-proddodeacompsvc-dode.streaming.media.usgovcloudapi.net`<BR>`52.181.167.113/32, 52.182.52.226/32` \| TCP: 443 - -> [!NOTE] -> For Cross-Cloud Anonymous Join to work properly, you must add these endpoints for the cloud of the target meeting to the safe senders list: -> - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) -> - [Office 365 U.S. Government GCC High endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints) - -## Microsoft 365 Common and Office Online + +## Microsoft 365 Common and Office Online ID \| Category \| ER \| Addresses \| Ports -- \| - \| \| - \| - -11 \| Allow<BR>Required \| Yes \| `.dod.online.office365.us`<BR>`52.127.80.0/23, 52.181.164.39/32, 52.182.95.191/32` \| TCP:* 443 +11 \| Allow<BR>Required \| Yes \| `.dod.online.office365.us`<BR>`52.127.80.0/23, 52.181.164.39/32, 52.182.95.191/32, 2001:489a:2208:8000::/49` \| TCP:* 443 12 \| Default<BR>Required \| No \| `.office365.us` \| TCP:* 443, 80 13 \| Allow<BR>Required \| Yes \| `.auth.microsoft.us, .gov.us.microsoftonline.com, dod-graph.microsoft.us, graph.microsoftazure.us, login.microsoftonline.us`<BR>`20.140.232.0/23, 52.126.194.0/23, 2001:489a:3500::/50` \| TCP: 443 14 \| Default<BR>Required \| No \| `.msauth.net, .msauthimages.us, .msftauth.net, .msftauthimages.us, clientconfig.microsoftonline-p.net, graph.windows.net, login.microsoftonline.com, login.microsoftonline-p.com, login.windows.net, loginex.microsoftonline.com, login-us.microsoftonline.com, mscrl.microsoft.com, nexus.microsoftonline-p.com, secure.aadcdn.microsoftonline-p.com` \| TCP: 443
includes	Office 365 U.S. Government Gcc High Endpoints	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-u.s.-government-gcc-high-endpoints.md	-<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> +<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.--> -<!--USGovGCCHigh endpoints version 2023053000--> -<!--File generated 2023-05-30 08:00:09.7122--> - -## Exchange Online +<!--USGovGCCHigh endpoints version 2023062900--> +<!--File generated 2023-06-30 08:00:06.6451--> + +## Exchange Online ID \| Category \| ER \| Addresses \| Ports -- \| -- \| \| -- \| - ID \| Category \| ER \| Addresses \| Ports 4 \| Default<BR>Required \| Yes \| `attachments.office365-net.us, autodiscover.<tenant>.mail.onmicrosoft.com, autodiscover.<tenant>.mail.onmicrosoft.us, autodiscover.<tenant>.onmicrosoft.com, autodiscover.<tenant>.onmicrosoft.us, autodiscover-s.office365.us` \| TCP: 443, 80 5 \| Default<BR>Required \| Yes \| `outlook.office365.us` \| TCP: 143, 25, 587, 993, 995 6 \| Allow<BR>Required \| Yes \| `.manage.office365.us, .protection.office365.us, .scc.office365.us, manage.office365.us, scc.office365.us`<BR>`13.72.179.197/32, 13.72.183.70/32, 23.103.191.0/24, 23.103.199.128/25, 23.103.208.0/22, 52.227.170.14/32, 52.227.170.120/32, 52.227.178.94/32, 52.227.180.138/32, 52.227.182.149/32, 52.238.74.212/32, 52.244.65.13/32, 2001:489a:2202:4::/62, 2001:489a:2202:c::/62, 2001:489a:2202:2000::/63` \| TCP:* 25, 443- -## SharePoint Online and OneDrive for Business + +## SharePoint Online and OneDrive for Business ID \| Category \| ER \| Addresses \| Ports -- \| -- \| \| - \| - 9 \| Optimize<BR>Required \| Yes \| `.sharepoint.us`<BR>`20.34.8.0/22, 104.212.50.0/23, 2001:489a:2204:2::/63, 2001:489a:2204:800::/54` \| TCP:* 443, 80 10 \| Default<BR>Required \| No \| `.wns.windows.com, admin.onedrive.us, g.live.com, oneclient.sfx.ms` \| TCP:* 443, 80 20 \| Default<BR>Required \| No \| `.svc.ms, az741266.vo.msecnd.net, spoprod-a.akamaihd.net, static.sharepointonline.com` \| TCP:* 443, 80- -## Skype for Business Online and Microsoft Teams + +## Skype for Business Online and Microsoft Teams ID \| Category \| ER \| Addresses \| Ports -- \| -- \| \| \| - 7 \| Optimize<BR>Required \| Yes \| `52.127.88.0/21, 104.212.44.0/22, 195.134.228.0/22` \| UDP: 3478, 3479, 3480, 3481 21 \| Default<BR>Required \| No \| `msteamsstatics.blob.core.usgovcloudapi.net, statics.teams.microsoft.com, teamsapuiwebcontent.blob.core.usgovcloudapi.net` \| TCP: 443 31 \| Allow<BR>Required \| Yes \| `.gov.skypeforbusiness.us, .gov.teams.microsoft.us, gov.teams.microsoft.us`<BR>`52.127.88.0/21, 104.212.44.0/22, 195.134.228.0/22` \| TCP: 443, 80 - -> [!NOTE] -> For Cross-Cloud Anonymous Join to work properly, you must add these endpoints for the cloud of the target meeting to the safe senders list: -> - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) -> - [Office 365 U.S. Government DoD endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints) - -## Microsoft 365 Common and Office Online + +## Microsoft 365 Common and Office Online ID \| Category \| ER \| Addresses \| Ports -- \| - \| \| -- \| - -11 \| Allow<BR>Required \| Yes \| `.gov.online.office365.us`<BR>`52.127.37.0/24, 52.127.82.0/23` \| TCP:* 443 +11 \| Allow<BR>Required \| Yes \| `.gov.online.office365.us`<BR>`52.127.37.0/24, 52.127.82.0/23, 2001:489a:2208::/49` \| TCP:* 443 12 \| Default<BR>Required \| Yes \| `.cdn.office365.us` \| TCP:* 443 13 \| Allow<BR>Required \| Yes \| `.auth.microsoft.us, .gov.us.microsoftonline.com, graph.microsoft.us, graph.microsoftazure.us, login.microsoftonline.us`<BR>`20.140.232.0/23, 52.126.194.0/23, 2001:489a:3500::/50` \| TCP: 443 14 \| Default<BR>Required \| No \| `.msauth.net, .msauthimages.us, .msftauth.net, .msftauthimages.us, clientconfig.microsoftonline-p.net, graph.windows.net, login.microsoftonline.com, login.microsoftonline-p.com, login.windows.net, loginex.microsoftonline.com, login-us.microsoftonline.com, mscrl.microsoft.com, nexus.microsoftonline-p.com, secure.aadcdn.microsoftonline-p.com` \| TCP: 443
includes	Office 365 Worldwide Endpoints	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-worldwide-endpoints.md	-<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> +<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.--> -<!--Worldwide endpoints version 2023053000--> -<!--File generated 2023-05-30 08:00:07.1339--> - -## Exchange Online +<!--Worldwide endpoints version 2023062900--> +<!--File generated 2023-06-30 08:00:03.8532--> + +## Exchange Online ID \| Category \| ER \| Addresses \| Ports -- \| - \| \| - \| -- ID \| Category \| ER \| Addresses \| Ports 8 \| Default<BR>Required \| No \| `.outlook.com, autodiscover.<tenant>.onmicrosoft.com` \| TCP:* 443, 80 9 \| Allow<BR>Required \| Yes \| `.protection.outlook.com`<BR>`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` \| TCP:* 443 10 \| Allow<BR>Required \| Yes \| `.mail.protection.outlook.com`<BR>`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` \| TCP:* 25 - - -## SharePoint Online and OneDrive for Business + +## SharePoint Online and OneDrive for Business ID \| Category \| ER \| Addresses \| Ports -- \| -- \| \| -- \| - ID \| Category \| ER \| Addresses \| Ports 36 \| Default<BR>Required \| No \| `g.live.com, oneclient.sfx.ms` \| TCP: 443, 80 37 \| Default<BR>Required \| No \| `.sharepointonline.com, spoprod-a.akamaihd.net` \| TCP:* 443, 80 39 \| Default<BR>Required \| No \| `.svc.ms` \| TCP:* 443, 80- -## Skype for Business Online and Microsoft Teams + +## Skype for Business Online and Microsoft Teams ID \| Category \| ER \| Addresses \| Ports \| - \| \| - \| - ID \| Category \| ER \| Addresses \| Ports 16 \| Default<BR>Required \| No \| `.keydelivery.mediaservices.windows.net, .streaming.mediaservices.windows.net, mlccdn.blob.core.windows.net` \| TCP: 443 17 \| Default<BR>Required \| No \| `aka.ms` \| TCP: 443 18 \| Default<BR>Optional<BR>Notes: Federation with Skype and public IM connectivity: Contact picture retrieval \| No \| `.users.storage.live.com` \| TCP:* 443 -19 \| Default<BR>Optional<BR>Notes: Applies only to those who deploy the Conference Room Systems \| No \| `.adl.windows.com` \| TCP:* 443, 80 +19 \| Default<BR>Optional<BR>Notes: Applies only to those who deploy the Conference Room Systems \| No \| `adl.windows.com` \| TCP: 443, 80 22 \| Allow<BR>Optional<BR>Notes: Teams: Messaging interop with Skype for Business \| Yes \| `.skypeforbusiness.com`<BR>`13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15, 52.238.119.141/32, 52.244.160.207/32, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2603:1063::/39, 2620:1ec:6::/48, 2620:1ec:40::/42` \| TCP:* 443 27 \| Default<BR>Required \| No \| `.mstea.ms, .secure.skypeassets.com, mlccdnprod.azureedge.net` \| TCP: 443 127 \| Default<BR>Required \| No \| `.skype.com` \| TCP:* 443, 80 167 \| Default<BR>Required \| No \| `.ecdn.microsoft.com` \| TCP:* 443 180 \| Default<BR>Required \| No \| `compass-ssl.microsoft.com` \| TCP: 443 - -> [!NOTE] -> For Cross-Cloud Anonymous Join to work properly, you must add these endpoints for the cloud of the target meeting to the safe senders list: -> - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) -> - [Office 365 U.S. Government DoD endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints) -- -## Microsoft 365 Common and Office Online + +## Microsoft 365 Common and Office Online ID \| Category \| ER \| Addresses \| Ports \| -- \| \| -- \| - ID \| Category \| ER \| Addresses \| Ports 125 \| Default<BR>Required \| No \| `.entrust.net, .geotrust.com, .omniroot.com, .public-trust.com, .symcb.com, .symcd.com, .verisign.com, .verisign.net, apps.identrust.com, cacerts.digicert.com, cert.int-x3.letsencrypt.org, crl.globalsign.com, crl.globalsign.net, crl.identrust.com, crl3.digicert.com, crl4.digicert.com, isrg.trustid.ocsp.identrust.com, mscrl.microsoft.com, ocsp.digicert.com, ocsp.globalsign.com, ocsp.msocsp.com, ocsp2.globalsign.com, ocspx.digicert.com, secure.globalsign.com, www.digicert.com, www.microsoft.com` \| TCP: 443, 80 126 \| Default<BR>Optional<BR>Notes: Connection to the speech service is required for Office Dictation features. If connectivity is not allowed, Dictation will be disabled. \| No \| `officespeech.platform.bing.com` \| TCP: 443 147 \| Default<BR>Required \| No \| `.office.com, www.microsoft365.com` \| TCP:* 443, 80 -152 \| Default<BR>Optional<BR>Notes: These endpoints enable the Office Scripts functionality in Office clients available through the Automate tab. This feature can also be disabled through the Office 365 Admin portal. \| No \| `.microsoftusercontent.com` \| TCP:* 443 +152 \| Default<BR>Optional<BR>Notes: These endpoints enables the Office Scripts functionality in Office clients available through the Automate tab. This feature can also be disabled through the Office 365 Admin portal. \| No \| `.microsoftusercontent.com` \| TCP:* 443 153 \| Default<BR>Required \| No \| `.azure-apim.net, .flow.microsoft.com, .powerapps.com, .powerautomate.com` \| TCP: 443 156 \| Default<BR>Required \| No \| `.activity.windows.com, activity.windows.com` \| TCP:* 443 -157 \| Default<BR>Required \| No \| `ocsp.int-x3.letsencrypt.org` \| TCP: 80 158 \| Default<BR>Required \| No \| `.cortana.ai` \| TCP:* 443 159 \| Default<BR>Required \| No \| `admin.microsoft.com` \| TCP: 443, 80 160 \| Default<BR>Required \| No \| `cdn.odc.officeapps.live.com, cdn.uci.officeapps.live.com` \| TCP: 443, 80 -184 \| Default<BR>Required \| No \| `.cloud.microsoft` \| TCP:* 443, 80 +184 \| Default<BR>Required \| No \| `.cloud.microsoft, .static.microsoft` \| TCP: 443, 80
security	Mdb Next Generation Protection	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-next-generation-protection.md	ms.localizationpriority: medium Previously updated : 06/20/2023 Last updated : 06/30/2023 f1.keywords: NOCSH You can choose from several options for managing your next-generation protection 1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in. -2. In the navigation pane, choose Device configuration. Policies are organized by operating system and policy type. +2. In the navigation pane, go to Configuration management > Device configuration. Policies are organized by operating system and policy type. -3. Select an operating system tab (such as Windows clients). +3. Select an operating system tab (such as Windows). -4. Expand Next-generation protection to view your list of policies. +4. Expand Next-generation protection to view your list of policies. At a minimum, a default policy using recommended settings is listed. This default policy is assigned to all onboarded devices running operating system you selected in the previous step (such as Windows). You can: -5. Select a policy to view more details about the policy, and make any needed changes. + - Keep your default policy as currently configured. + - Edit your default policy to make any needed adjustments. + - Create a new policy. + +5. Use one of the procedures in the following table: + + \| Task \| Procedure \| + \|\|\| + \| Edit your default policy \| 1. In the Next-generation protection section, select your default policy, and then choose Edit.<br/><br/>2. On the General information step, review the information. If necessary, edit the description, and then select Next.<br/><br/>3. On the Device groups step, either use an existing group, or set up a new group. Then choose Next.<br/><br/>4. On the Configuration settings step, review and if necessary, edit your security settings, and then choose Next. For more information about the settings, see [Next-generation protection settings and options](#next-generation-protection-settings-and-options) (in this article).<br/><br/>5. On the Review your policy step, review your current settings. Select Edit to make any needed changes. Then select Update policy. \| + \| Create a new policy \| 1. In the Next-generation protection section, select Add.<br/><br/>2. On the General information step, specify a name and description for your policy. You can also keep or change the a policy order (see [Understand policy order in Microsoft Defender for Business](mdb-policy-order.md)). Then select Next.<br/><br/>3. On the Device groups step, you can either use an existing group, or create up a new group (see [Device groups in Microsoft Defender for Business](mdb-create-edit-device-groups.md)). Then choose Next.<br/><br/>4. On the Configuration settings step, review and edit your security settings, and then choose Next. For more information about the settings, see [Next-generation protection settings and options](#next-generation-protection-settings-and-options) (in this article).<br/><br/>5. On the Review your policy step, review your current settings. Select Edit to make any needed changes. Then select Create policy. \| - To make changes or to learn more about policy settings, see the following articles: - - - [View or edit device policies](mdb-view-edit-policies.md) - - [Understand next-generation configuration settings](mdb-next-generation-protection.md) ## [Intune admin center](#tab/Intune) The following table lists settings and options for next-generation protection in \| Real-time protection \| \| \| Turn on real-time protection \| Enabled by default, real-time protection locates and stops malware from running on devices. We recommend keeping real-time protection turned on. When real-time protection is turned on, it configures the following settings: <br/>- Behavior monitoring is turned on ([AllowBehaviorMonitoring](/windows/client-management/mdm/policy-csp-defender#defender-allowbehaviormonitoring)).<br/> - All downloaded files and attachments are scanned ([AllowIOAVProtection](/windows/client-management/mdm/policy-csp-defender#defender-allowioavprotection)).<br/> - Scripts that are used in Microsoft browsers are scanned ([AllowScriptScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowscriptscanning)). \| \| Block at first sight \| Enabled by default, block at first sight blocks malware within seconds of detection, increases the time (in seconds) allowed to submit sample files for analysis, and sets your detection level to High. We recommend keeping block at first sight turned on.<br/><br/>When block at first sight is turned on, it configures the following settings for Microsoft Defender Antivirus: <br/>- Blocking and scanning of suspicious files is set to the High blocking level ([CloudBlockLevel](/windows/client-management/mdm/policy-csp-defender#defender-cloudblocklevel)).<br/> - The number of seconds for a file to be blocked and checked is set to 50 seconds ([CloudExtendedTimeout](/windows/client-management/mdm/policy-csp-defender#defender-cloudextendedtimeout)). <br/>Important If block at first sight is turned off, it affects `CloudBlockLevel` and `CloudExtendedTimeout` for Microsoft Defender Antivirus. \| -\| Turn on network protection \| When turned on, network protection helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet. It also prevents users from turning network protection off.<br/><br/>Network protection can be set to the following modes: <br/>- Block mode is the default setting. It prevents users from visiting sites that are considered unsafe. We recommend keeping network protection set to Block mode.<br/> - Audit mode allows users to visit sites that might be unsafe and tracks network activity to/from such sites.<br/> - Disabled mode neither blocks users from visiting sites that might be unsafe nor tracks network activity to/from such sites. \| +\| Turn on network protection \| Enabled in Block mode by default, network protection helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet. It also prevents users from turning network protection off.<br/><br/>Network protection can be set to the following modes: <br/>- Block mode is the default setting. It prevents users from visiting sites that are considered unsafe. We recommend keeping network protection set to Block mode.<br/> - Audit mode allows users to visit sites that might be unsafe and tracks network activity to/from such sites.<br/> - Disabled mode neither blocks users from visiting sites that might be unsafe nor tracks network activity to/from such sites. \| \| Remediation \| \| -\| Action to take on potentially unwanted apps (PUA) \| PUA can include advertising software; bundling software that offers to install other, unsigned software; and evasion software that attempts to evade security features. Although PUA isn't necessarily a virus, malware, or other type of threat, it can affect device performance. PUA protection blocks items that are detected as PUA. You can set PUA protection to the following modes: <br/>- Enabled is the default setting. It blocks items detected as PUA on devices. We recommend keeping PUA protection enabled.<br/> - Audit mode takes no action on items detected as PUA.<br/> - Disabled doesn't detect or take action on items that might be PUA. \| +\| Action to take on potentially unwanted apps (PUA) \| Enabled by default, PUA protection blocks items that are detected as PUA. PUA can include advertising software; bundling software that offers to install other, unsigned software; and evasion software that attempts to evade security features. Although PUA isn't necessarily a virus, malware, or other type of threat, it can affect device performance. You can set PUA protection to the following modes: <br/>- Enabled is the default setting. It blocks items detected as PUA on devices. We recommend keeping PUA protection enabled.<br/> - Audit mode takes no action on items detected as PUA.<br/> - Disabled doesn't detect or take action on items that might be PUA. \| \| Scan \| \| -\| Scheduled scan type \| Consider running a weekly antivirus scan on your devices. You can choose from the following scan type options: <br/>- Quickscan checks locations, such as registry keys and startup folders, where malware could be registered to start along with a device. We recommend using the quickscan option. <br/> - Fullscan checks all files and folders on a device.<br/> - Disabled means no scheduled scans will take place. Users can still run scans on their own devices. (In general, we don't recommend disabling scheduled scans.) <br/> [Learn more about scan types](../defender-endpoint/schedule-antivirus-scans.md). \| +\| Scheduled scan type \| Enabled in Quickscan mode by default, you can specify a day and time to run weekly antivirus scans. The following scan type options are available: <br/>- Quickscan checks locations, such as registry keys and startup folders, where malware could be registered to start along with a device. We recommend using the quickscan option. <br/> - Fullscan checks all files and folders on a device.<br/> - Disabled means no scheduled scans will take place. Users can still run scans on their own devices. (In general, we don't recommend disabling scheduled scans.) <br/> [Learn more about scan types](../defender-endpoint/schedule-antivirus-scans.md). \| \| Day of week to run a scheduled scan \| Select a day for your regular, weekly antivirus scans to run. \| \| Time of day to run a scheduled scan \| Select a time to run your regularly scheduled antivirus scans to run. \| \| Use low performance \| This setting is turned off by default. We recommend keeping this setting turned off. However, you can turn on this setting to limit the device memory and resources that are used during scheduled scans. Important If you turn on Use low performance, it configures the following settings for Microsoft Defender Antivirus: <br/>- Archive files aren't scanned ([AllowArchiveScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowarchivescanning)).<br/> - Scans are assigned a low CPU priority ([EnableLowCPUPriority](/windows/client-management/mdm/policy-csp-defender#defender-enablelowcpupriority)).<br/> - If a full antivirus scan is missed, no catch-up scan will run ([DisableCatchupFullScan](/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupfullscan)).<br/> - If a quick antivirus scan is missed, no catch-up scan will run ([DisableCatchupQuickScan](/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupquickscan)).<br/> - Reduces the average CPU load factor during an antivirus scan from 50 percent to 20 percent ([AvgCPULoadFactor](/windows/client-management/mdm/policy-csp-defender#defender-avgcpuloadfactor)). \| \| User experience \| \| \| Allow users to access the Windows Security app \| Turn on this setting to enable users to open the Windows Security app on their devices. Users won't be able to override settings that you configure in Defender for Business, but they'll be able to run a quick scan or view any detected threats. \| -\| Antivirus exclusions \| Exclusions are processes, files, or folders that are skipped by Microsoft Defender Antivirus scans. In general, you shouldn't need to define exclusions. Microsoft Defender Antivirus includes many automatic exclusions that are based on known operating system behavior and typical management files. [Learn more about exclusions](../defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md). \| -\| Process exclusions \| Process exclusions prevent files that are opened by specific processes from being scanned by Microsoft Defender Antivirus. [Learn more about process exclusions](../defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). \| -\| File extension exclusions \| File extension exclusions prevent files with specific extensions from being scanned by Microsoft Defender Antivirus. [Learn more about file extension exclusions](../defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md). \| -\| File and folder exclusions \| File and folder exclusions prevent files that are in specific folders from being scanned by Microsoft Defender Antivirus. [Learn more about file and folder exclusions](../defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md). \| +\| Antivirus exclusions \| Exclusions are processes, files, or folders that are skipped by Microsoft Defender Antivirus scans. In general, you shouldn't need to define exclusions. Microsoft Defender Antivirus includes many automatic exclusions that are based on known operating system behavior and typical management files. Every exclusion reduces your level of protection, so it's important to consider carefully what exclusions to define. Before you add any exclusions, see [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](../defender-endpoint/defender-endpoint-antivirus-exclusions.md). \| +\| Process exclusions \| Process exclusions prevent files that are opened by specific processes from being scanned by Microsoft Defender Antivirus. When you add a process to the process exclusion list, Microsoft Defender Antivirus won't scan files that are opened by that process, no matter where the files are located. The process itself is scanned unless it is added to the file exclusion list. See [Configure exclusions for files opened by processes](../defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). \| +\| File extension exclusions \| File extension exclusions prevent files with specific extensions from being scanned by Microsoft Defender Antivirus. See [Configure and validate exclusions based on file extension and folder location](../defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md). \| +\| File and folder exclusions \| File and folder exclusions prevent files that are in specific folders from being scanned by Microsoft Defender Antivirus. See [Contextual file and folder exclusions](../defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md). \| ## Other preconfigured settings in Defender for Business
security	Get Started Xdr	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-started-xdr.md	To edit or update your notification contacts after the initial setup, go to **Se Apart from onboarding service delivery, our expertise on the Microsoft 365 Defender product suite enables Defender Experts for XDR to run an initial readiness assessment to help you get the most out of your Microsoft security products. -The initial readiness engagement is based on your [Microsoft Secure Score](../defender/microsoft-secure-score.md) and Defender Experts' policy recommendations. Our experts help prioritize and customize our recommendations to fit your environment. They request your engagement to get those configurations implemented. +The initial readiness engagement is based on your [Microsoft Secure Score](../defender/microsoft-secure-score.md) and Defender Experts' policy recommendations. Our experts collaborate with you to prioritize and tailor recommendations that align with your environment. They seek your immediate involvement to implement these configurations and comprehend the necessary actions for initiating operations. -Once youΓÇÖve completed the readiness checks, our experts will start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses. +Once the readiness checks are completed, our experts will start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses. ### Next step
security	Mdo Support Teams About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-support-teams-about.md	appliesto: With the increased use of collaboration tools like Microsoft Teams, the possibility of malicious attacks using URLs and messages has increased as well. Microsoft Defender for Office 365 already provides protection against malicious URLs in Teams through [Safe Links](safe-links-about.md), and now Microsoft is extending this protection with a new set of capabilities designed to disrupt the attack chain. -- Reporting suspicious messages and files to admins and Microsoft (optional): Users will have the ability to report potential malicious messages to their admins. The admins can review these messages and report them to Microsoft. For more information, see [User reported settings in Teams](submissions-teams.md). +- Reporting suspicious messages and files to admins and Microsoft (optional): Users have the ability to report potential malicious messages to their admins. The admins can review these messages and report them to Microsoft. For more information, see [User reported settings in Teams](submissions-teams.md). -- Zero-Hour Auto Purge (ZAP): ZAP is an existing email protection feature that proactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered. For read or unread messages that are found to contain malware after delivery, ZAP quarantines the message that contains the malware attachment. Note that for this preview, ZAP will be quarantining based on malicious or phishing messages, and not spam. For more information, see [Zero-hour auto purge in Microsoft Defender for Office 365](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-in-microsoft-teams). +- Zero-Hour Auto Purge (ZAP): ZAP is an existing email protection feature that proactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered. For read or unread messages that are found to contain malware after delivery, ZAP quarantines the message that contains the malware attachment. Currently, ZAP for Teams takes action on malware or high confidence phishing messages, not spam. For more information, see [Zero-hour auto purge in Microsoft Defender for Office 365](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-in-microsoft-teams). -- Quarantine: Admins will be able to review quarantined messages that are identified as malicious by ZAP. Admins will also be able to release the message if the message is determined as safe. For more information, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams). +- Quarantine: Admins are able to review quarantined messages that are identified as malicious by ZAP. Admins can also release messages that are determined to be safe. For more information, see [Manage quarantined Teams messages](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams). -The Teams Message Entity Panel is one single place to store all of Teams message metadata that will allow for immediate SecOps review. Any threat coming from chats, group or meeting chats, and other channels can be found in one place as soon as it is assessed. For more information, see [Teams Message Entity Panel for Microsoft Teams](teams-message-entity-panel.md). +- The Teams Message Entity Panel is one single place to store all of Teams message metadata that allows for immediate SecOps review. Any threat coming from chats, group or meeting chats, and other channels can be found in one place as soon as it's assessed. For more information, see [Teams Message Entity Panel for Microsoft Teams](teams-message-entity-panel.md). -- Attack Simulation and Training: In order to ensure your users are resilient to phishing attacks in Microsoft Teams, admins can configure phishing simulations in Teams similar to how they do so in email. For more information, see [Microsoft Teams in Attack simulation training](attack-simulation-training-teams.md). +- Attack simulation training: In order to ensure your users are resilient to phishing attacks in Microsoft Teams, admins can configure phishing simulations in Teams similar to how they do so in email. For more information, see [Microsoft Teams in Attack simulation training](attack-simulation-training-teams.md). ## Enable Microsoft Defender for Teams
security	Zero Hour Auto Purge	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/zero-hour-auto-purge.md	ZAP doesn't quarantine messages that are in the process of [Dynamic Delivery](sa > [!NOTE] > ZAP for Microsoft Teams is currently in Preview, and is available only to customers with Microsoft Defender for Office 365 E5 and Defender for Office P2 subscriptions. > +> When you [join the Preview](mdo-support-teams-about.md#enable-microsoft-defender-for-teams), ZAP for Microsoft Teams is turned on. +> > Currently, ZAP is available only for messages that are identified as malware or high confidence phishing. When a chat message is identified as potentially phishing or malicious in Microsoft Teams, ZAP blocks the message and quarantines it. This message is blocked for both the recipient and the sender. This protection feature applies only to messages in a chat or in a meeting within the organization.