Updates from: 07/13/2021 03:09:15
Category Microsoft Docs article Related commit history on GitHub Change details
admin Active Users Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/active-users-ww.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Activity Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
description: "Get a periodic report of how people in your organization are using
# Microsoft 365 Reports in the admin center
-You can easily see how people in your business are using Microsoft 365 services. For example, you can identify who is using a service a lot and reaching quotas, or who may not need an Microsoft 365 license at all.
+You can easily see how people in your business are using Microsoft 365 services. For example, you can identify who is using a service a lot and reaching quotas, or who may not need an Microsoft 365 license at all. Perpetual license model will not be included in the reports.
Reports are available for the last 7 days, 30 days, 90 days, and 180 days. Data won't exist for all reporting periods right away. The reports become available within 48 hours.
However, when you select a particular day (see number 3), up to 28 days from the
[Reports in the Security & Compliance Center](../../compliance/reports-in-security-and-compliance.md) (article)\ [Microsoft 365 usage analytics](../usage-analytics/usage-analytics.md) (article)\
-[Customize the reports in Microsoft 365 usage analytics](../usage-analytics/customize-reports.md) (article)
+[Customize the reports in Microsoft 365 usage analytics](../usage-analytics/customize-reports.md) (article)
admin Browser Usage Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/browser-usage-report.md
The Microsoft 365 **Reports** dashboard shows you an activity overview across th
1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page. 2. From the dashboard homepage, click on the **View more** button on the Microsoft browser usage card.
-## How to notify users to upgrade their browser
-
-![Microsoft browser usage report action flow](../../media/1ef4eb08-18b8-4dda-aa15-1aad013ecd70.png)
-
-Global admins can opt-in to sending messages to users using Microsoft 365 services on Edge Legacy (unsupported) and Internet Explorer (soon to be unsupported). This targeted message notifies users that support for these browsers will end soon, and it links to a support article with information on Microsoft Edge and simple steps to follow to switch browsers.
-
-You can find this feature on the report page. Once the message is created, users are notified at the frequency specified until August 17, 2021. You can turn off this feature at any time to stop sending notifications to users. To begin sending notifications again, turn the feature back on.
-
-For more information, see [Microsoft Edge help & learning](https://support.microsoft.com/microsoft-edge).
- ## Interpret the Microsoft browser usage report ![Microsoft browser usage report](../../media/95557c88-24ee-417d-a828-96ba00b17aaf.png)
admin Microsoft365 Apps Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww.md
You can get a view into your user's Microsoft 365 Apps activity by looking at th
|4. <br/> |The **Platforms** view shows the trend of active users across all apps for each platform – Windows, Mac, Web, and Mobile. <br/> | |5.<br/>|On the **Users** chart, the Y-axis is the number of unique active users for the respective app. On the **Platforms** chart, the Y-axis is the number of unique users for the respective platform. The X-axis on both charts is the date on which an app was used on a given platform.<br/>| 6.<br/>|You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Users** chart, select Outlook, Word, Excel, PowerPoint, OneDrive, or Teams to see only the info related to each one. Changing this selection doesn't change the info in the grid table below it.|
- |7.<br/>|The table shows you a breakdown of data at the per-user level. You can add or remove columns from the table. <br/><br/>**Username** is the email address of the user who performed the activity on Microsoft Apps.<br><br/>**Last activation date (UTC)** is the latest date on which the user activated their Microsoft 365 Apps subscription.<br/><br/>**Last activity date (UTC)** is the latest date an intentional activity was performed by the user. To see activity that occurred on a specific date, select the date directly in the chart.<br/><br/>The other columns identify if the user was active on that platform for that app (within Microsoft 365 Apps) in the period selected. |
+ |7.<br/>|The table shows you a breakdown of data at the per-user level. You can add or remove columns from the table. <br/><br/>**Username** is the email address of the user who performed the activity on Microsoft Apps.<br><br/>**Last activation date (UTC)** is the latest date on which the user activated their Microsoft 365 Apps subscription on a machine or logs on shared computer and starts the app with their account. <br/><br/>**Last activity date (UTC)** is the latest date an intentional activity was performed by the user. To see activity that occurred on a specific date, select the date directly in the chart.<br/><br/>The other columns identify if the user was active on that platform for that app (within Microsoft 365 Apps) in the period selected. |
|8.<br/>|Select the **Choose columns** icon to add or remove columns from the report.| |9.<br/>|You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data for all users and enables you to do simple aggregation, sorting, and filtering for further analysis. If you have less than 100 users, you can sort and filter within the table in the report itself. If you have more than 100 users, in order to filter and sort, you will need to export the data.|
admin Office 365 Groups Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/office-365-groups-ww.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
You can also export the report data into an Excel .csv file by selecting the **E
## Related content
-[Microsoft 365 Reports in the admin center](activity-reports.md) (article)
-[Reports in the Security & Compliance Center](../../compliance/reports-in-security-and-compliance.md) (article)
+[Microsoft 365 Reports in the admin center](activity-reports.md) (article)\
+[Reports in the Security & Compliance Center](../../compliance/reports-in-security-and-compliance.md) (article)\
[Microsoft 365 Reports in the admin center - Active Users](../../admin/activity-reports/active-users-ww.md) (article)
admin Onedrive For Business Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MST160
admin Sharepoint Site Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MST160
admin About Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin About Guest Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-guest-users.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Add New Employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-new-employee.md
- MSStore_Link - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md
- okr_smb - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 description: "Each team member needs a user account before they can sign in and access Microsoft 365 for business. Learn how to add users and assign licenses."
admin Admin Roles Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/admin-roles-page.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Assign Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Change A User Name And Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/change-a-user-name-and-email-address.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Delete A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/delete-a-user.md
- SPO_Content - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 ms.assetid: d5155593-3bac-4d8d-9d8b-f4513a81479e
admin Give Mailbox Permissions To Another User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/give-mailbox-permissions-to-another-user.md
- MSStore_Link - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Intune Admin Roles In The Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
description: "Admin roles map to business functions and give permissions to do specific tasks in the admin center. For example, the Service admin opens support tickets with Microsoft."
A partner can assign these roles:
Before the partner can assign these roles to users, you must add the partner as a delegated admin to your account. This process is initiated by an authorized partner. The partner sends you an email to ask you if you want to give them permission to act as a delegated admin. For instructions, see [Authorize or remove partner relationships](../misc/add-partner.md).
-## Related articles
+## Related content
-[About Microsoft 365 admin roles](about-admin-roles.md)
-
-[Assign admin roles](assign-admin-roles.md)
-
-[Activity reports in the Microsoft 365 admin center](../activity-reports/activity-reports.md)
+[About Microsoft 365 admin roles](about-admin-roles.md) (article)\
+[Assign admin roles](assign-admin-roles.md) (article)\
+[Activity reports in the Microsoft 365 admin center](../activity-reports/activity-reports.md) (article)
admin Let Users Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
- OKR_SMB_Videos - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Remove Former Employee Step 4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-4.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Remove Former Employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Restore User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/restore-user.md
- MSStore_Link - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Set Password To Never Expire https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md
- MSStore_Link - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin About The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/about-the-admin-center.md
- OKR_SMB_Videos - okr_smb - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Sign Up For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
- okr_SMB - AdminSurgePortfolio - commerce_signup
+- AdminTemplateSet
search.appverid: - MET150
admin What Subscription Do I Have https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-subscription-do-i-have.md
- okr_smb - AdminSurgePortfolio - commerce_subscriptions
+- AdminTemplateSet
search.appverid: MET150 description: "Learn to verify which subscriptions your organization has by going to the Your products page." Last updated 01/21/2021
If you're an admin, you can verify which subscriptions your organization has by
## Related content
-[Subscriptions and billing](../../commerce/index.yml) (links)\
+[Subscriptions and billing](../../commerce/index.yml) (link page)\
[View your bill or invoice](../../commerce/billing-and-payments/view-your-bill-or-invoice.md) (article)\ [Paying for your subscription](../../commerce/billing-and-payments/pay-for-your-subscription.md) (article)\ [Change your billing addresses](../../commerce/billing-and-payments/change-your-billing-addresses.md) (article)
admin Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/capabilities.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 description: "Basic Mobility and Security can help you secure and manage mobile devices."
admin Choose Between Basic Mobility And Security And Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 description: "Basic Mobility and Security are part of the Microsoft 365 plans."
admin Create Device Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-device-security-policies.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 description: "Use Basic Mobility and Security to create device policies that protect your organization information."
admin Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/overview.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 description: "Use Basic Mobility and Security to set device security policies and access rules."
admin Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 description: "Set up Basic Mobility and Security to secure and manage your users' mobile devices by performing actions such as remotely wiping a device."
admin Add Or Remove Members From Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/add-or-remove-members-from-groups.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 ms.assetid: e186d224-a324-4afa-8300-0e4fc0c3000a
admin Compare Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
Microsoft 365 groups can be accessed through mobile apps such as Outlook for iOS
Group members can send as or send on behalf of the group email address if this has been [enabled by the administrator](../../solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md).
+Microsoft 365 groups don't support nesting with other Microsoft 365 groups or with distribution or security groups.
+ ## Distribution groups [Distribution groups](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) are used for sending notifications to a group of people. They can receive external email if enabled by the administrator.
Distribution groups can be [upgraded to Microsoft 365 groups](../manage/upgrade-
Distribution groups can be added to a team in Microsoft Teams.
+Microsoft 365 groups can't be members of distribution groups.
+ ## Security groups [Security groups](../email/create-edit-or-delete-a-security-group.md) are used for granting access to Microsoft 365 resources, such as SharePoint. They can make administration easier because you need only administer the group rather than adding users to each resource individually.
Security groups can be [configured for dynamic membership in Azure Active Direct
Security groups can be added to a team.
+Microsoft 365 groups can't be members of security groups.
+ ## Mail-enabled security groups Mail-enabled security groups function the same as regular security groups, except that they cannot be dynamically managed through Azure Active Directory and cannot contain devices.
It's not possible to migrate a shared mailbox to a Microsoft 365 group.
## Related content
-[Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2) (article)\
-[Why you should upgrade your distribution lists to groups in Outlook](https://support.microsoft.com/office/7fb3d880-593b-4909-aafa-950dd50ce188) (article)
+[Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2)
+
+[Upgrade distribution lists to Microsoft 365 Groups in Outlook](/microsoft-365/admin/manage/upgrade-distribution-lists)
+
+[Why you should upgrade your distribution lists to groups in Outlook](https://support.microsoft.com/office/7fb3d880-593b-4909-aafa-950dd50ce188)
admin Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Office 365 Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Restore Deleted Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/restore-deleted-group.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Create Dns Records Using Windows Based Dns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-using-windows-based-dns.md
- Adm_O365 - Adm_NonTOC - Adm_O365_Setup-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin About Shared Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md
- MSStore_Link - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Add Another Email Alias For A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-another-email-alias-for-a-user.md
- MSStore_Link - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Add User Or Contact To Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-user-or-contact-to-distribution-list.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Change Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/change-email-address.md
- MSStore_Link - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Configure A Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md
- MSStore_Link - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Configure Clutter https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-clutter.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Configure Email Forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-email-forwarding.md
- MSStore_Link - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Convert User Mailbox To Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/convert-user-mailbox-to-shared-mailbox.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Create A Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-a-shared-mailbox.md
- MSStore_Link - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Create Edit Or Delete A Security Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-edit-or-delete-a-security-group.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Resolve Issues With Shared Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/resolve-issues-with-shared-mailboxes.md
- MSStore_Link - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Buy A Domain Name https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/buy-a-domain-name.md
- Adm_O365_Setup - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Change Nameservers At Any Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/change-nameservers-at-any-domain-registrar.md
- okr_smb - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Create Dns Records At Any Dns Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md
description: "Connect a domain at any DNS hosting provider to Microsoft 365 by v
- okr_smb - AdminSurgePortfolio
+- AdminTemplateSet
# Add DNS records to connect your domain
admin Dns Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/dns-basics.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Find And Fix Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/find-and-fix-issues.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Information For Dns Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/information-for-dns-records.md
- Adm_O365_Setup - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Remove A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/remove-a-domain.md
- Adm_O365 - Adm_TOC - Adm_O365_Setup-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin What Is A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/what-is-a-domain.md
description: "Learn what a domain is and how you can buy a domain or use the def
- okr_smb - AdminSurgePortfolio
+- AdminTemplateSet
admin Assign Licenses To Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/assign-licenses-to-users.md
- okr_SMB - manage_licenses - commerce_licensing
+- AdminTemplateSet
search.appverid: MET150 description: "Assign licenses depending on whether you want to assign product licenses to specific users or assign users licenses to a specific product." Last updated 04/26/2021
admin Centralized Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-of-add-ins.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Change Address Contact And More https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/change-address-contact-and-more.md
- AdminSurgePortfolio - commcerce_billing
+- AdminTemplateSet
search.appverid: MET150 description: "Make changes to your organization profile, such as organization name, address, phone, technical contact, and email." Last updated 03/30/2021
admin Customize The App Launcher https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/customize-the-app-launcher.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Language Translation For Message Center Posts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/language-translation-for-message-center-posts.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC+ search.appverid: - BCS160 - MET150
admin Manage Addins In The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-addins-in-the-admin-center.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Manage Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Manage Industry News https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-industry-news.md
description: "Provide your users with up-to-date news headlines about your indus
# Manage Industry news
-To provide your users with up-to-date news headlines about your industry and info from your organization, use the News service to enable a customized news feed for your organization. You can also enable a daily Industry Updates email, and manage settings for the Bing homepage and Microsoft Edge new tab page (starting with release of Edge 87).
+To provide your users with up-to-date news headlines about your industry and info from your organization, use the News service to enable a customized news feed for your organization. You can also enable a daily Industry Updates email, and manage settings for the Bing homepage and Microsoft Edge new tab page.
## What your users will see
admin Manage Office Scripts Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-office-scripts-settings.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: MET150 description: "Learn how to manage Office Scripts settings for users in your organization."
admin Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Release Options In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/release-options-in-office-365.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Remove Licenses From Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/remove-licenses-from-users.md
- okr_smb - manage_licenses - commerce_licensing
+- AdminTemplateSet
search.appverid: MET150 description: "The method you use to unassign product licenses depends on whether you unassign licenses from specific users or from a specific product." Last updated 06/07/2021
admin Send Email As Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/send-email-as-distribution-list.md
- MSStore_Link - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Share Calendars With External Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/share-calendars-with-external-users.md
- MSStore_Link - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Update Phone Number And Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/update-phone-number-and-email-address.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Upgrade Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Use Qr Code Download Outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md
- Adm_TOC - AdminSurgePortfolio
+- AdminTemplateSet
description: "Learn how to use a QR code to authenticate and download Outlook mobile."
admin Add Partner https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/add-partner.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Become The Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/become-the-admin.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Cortana Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC+ search.appverid: - BCS160 - MET150
admin Mailbox Not Found Error https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/mailbox-not-found-error.md
localization_priority: Priority - M365-subscription-management+ search.appverid: - MET150
admin Password Policy Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin User Consent https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/user-consent.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
If you turn this setting on, those apps will ask users for permission to access
A user can give access only to apps they own that access their Office 365 information. They can't give an app access to any other user's information. ## Turning user consent on or off
-<a name="__toc379982114"> </a>
Here's how to turn User consent to apps on or off.
Here's how to turn User consent to apps on or off.
2. On the **User consent to apps** page, select the option to turn user consent on or off. ## Related content
-<a name="__toc379982114"> </a>
[Configure the admin consent workflow](/azure/active-directory/manage-apps/configure-admin-consent-workflow) (article)\ [Managing consent to applications and evaluating consent requests](/azure/active-directory/manage-apps/manage-consent-requests) (article)
admin New Subscription Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/new-subscription-names.md
localization_priority: Normal - Adm_O365-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
We've changed some of our Office 365 and Microsoft 365 subscription names. You d
## Related content
-[Subscriptions and billing](../commerce/index.yml) (links)\
+[Subscriptions and billing](../commerce/index.yml) (link page)\
[View your bill or invoice](../commerce/billing-and-payments/view-your-bill-or-invoice.md) (article)\ [Paying for your subscription](../commerce/billing-and-payments/pay-for-your-subscription.md) (article)\ [Change your billing addresses](../commerce/billing-and-payments/change-your-billing-addresses.md) (article)
admin Productivity Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/productivity-score.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Enable Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/enable-modern-authentication.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Multi Factor Authentication Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
Title: "Multi-factor authentication for Microsoft 365"
+ Title: "Multifactor authentication for Microsoft 365"
f1.keywords: - NOCSH
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
description: "Multi-factor authentication (MFA) uses both a password, which should be strong, and an additional verification method."
-# Multi-factor authentication for Microsoft 365
+# Multifactor authentication for Microsoft 365
Passwords are the most common method of authenticating a sign-in to a computer or online service, but they are also the most vulnerable. People can choose easy passwords and use the same passwords for multiple sign-ins to different computers and services.
-To provide an additional level of security for sign-ins, you must use multi-factor authentication (MFA), which uses both a password, which should be strong, and an additional verification method based on:
+To provide an additional level of security for sign-ins, you must use multifactor authentication (MFA), which uses both a password, which should be strong, and an additional verification method based on:
- Something you have with you that is not easily duplicated, such as a smart phone. - Something you uniquely and biologically have, such as your fingerprints, face, or other biometric attribute.
In the Microsoft 365 admin center, you can configure per-user and service MFA se
## Related content
-[Turn on multi-factor authentication](../../business-video/turn-on-mfa.md) (video)\
-[Turn on multi-factor authentication for your phone](../../business-video/set-up-mfa.md) (video)
+[Turn on multifactor authentication](../../business-video/turn-on-mfa.md) (video)\
+[Turn on multifactor authentication for your phone](../../business-video/set-up-mfa.md) (video)
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
- MSStore_Link - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Set Up Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md
Title: "Set up multi-factor authentication for users"
+ Title: "Set up multifactor authentication for users"
f1.keywords: - NOCSH
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
description: "Learn how to set up multi-factor authentication for your organizat
monikerRange: 'o365-worldwide'
-# Set up multi-factor authentication
+# Set up multifactor authentication
-Based on your understanding of [multi-factor authentication (MFA) and its support in Microsoft 365](multi-factor-authentication-microsoft-365.md), it's time to set it up and roll it out to your organization.
+Based on your understanding of [multifactor authentication (MFA) and its support in Microsoft 365](multi-factor-authentication-microsoft-365.md), it's time to set it up and roll it out to your organization.
> [!IMPORTANT] > If you purchased your subscription or trial after October 21, 2019, and you're prompted for MFA when you sign in, [security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) have been automatically enabled for your subscription.
Based on your understanding of [multi-factor authentication (MFA) and its suppor
- You must be a Global admin to manage MFA. For more information, see [About admin roles](../add-users/about-admin-roles.md). - If you have legacy per-user MFA turned on, [Turn off legacy per-user MFA](#turn-off-legacy-per-user-mfa). - If you have Office 2013 clients on Windows devices, [turn on Modern Authentication for Office 2013 clients](./enable-modern-authentication.md).-- Advanced: If you have third-party directory services with Active Directory Federation Services (AD FS), set up the Azure MFA Server. See [advanced scenarios with Azure AD Multi-Factor Authentication and third-party VPN solutions](/azure/active-directory/authentication/howto-mfaserver-nps-vpn) for more information.
+- Advanced: If you have third-party directory services with Active Directory Federation Services (AD FS), set up the Azure MFA Server. See [advanced scenarios with Azure AD Multifactor Authentication and third-party VPN solutions](/azure/active-directory/authentication/howto-mfaserver-nps-vpn) for more information.
## Turn Security defaults on or off
For more information about the Azure AD P1 and P2, see [Azure Active Directory p
### Turn on Modern authentication for your organization
-For most subscriptions modern authentication is automatically turned on, but if you purchased your subscription before August 2017, it is likely that you will need to turn on Modern Authentication in order to get features like Multi-Factor Authentication to work in Windows clients like Outlook.
+For most subscriptions modern authentication is automatically turned on, but if you purchased your subscription before August 2017, it is likely that you will need to turn on Modern Authentication in order to get features like Multifactor Authentication to work in Windows clients like Outlook.
1. In the Microsoft 365 admin center, in the left nav choose **Settings** \> **Org settings**.
If you have previously turned on per-user MFA, you must turn it off before enabl
## Related content
-[Turn on multi-factor authentication](../../business-video/turn-on-mfa.md) (video)\
-[Turn on multi-factor authentication for your phone](../../business-video/set-up-mfa.md) (video)
+[Turn on multifactor authentication](../../business-video/turn-on-mfa.md) (video)\
+[Turn on multifactor authentication for your phone](../../business-video/set-up-mfa.md) (video)
admin Services In China https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/services-in-china.md
- Adm_O365 - Adm_NonTOC - SPO_Content-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - GEU150
admin Add Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-domain.md
- MSStore_Link - okr_smb - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Configure Focused Inbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/configure-focused-inbox.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Create Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
description: "Create distribution groups or lists in the Microsoft 365 admin center so you can send emails to a group without typing each recipient's name."
admin Create Signatures And Disclaimers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Customize Sign In Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-sign-in-page.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Customize Your Organization Theme https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-your-organization-theme.md
- AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Install Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/install-applications.md
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
description: "Now that you've set up Microsoft 365, learn how to install individual Office applications on your Mac, PC, or mobile devices."
admin Migrate Email And Contacts Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/migrate-email-and-contacts-admin.md
- okr_smb - seo-marvel-may2020 - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
- OKR_SMB_Videos - seo-marvel-may2020 - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Setup Business Basic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-basic.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Setup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup.md
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Enable Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/enable-usage-analytics.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
admin Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/usage-analytics.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
And if you'd like to know what's new with other Microsoft cloud
- [Office updates](/OfficeUpdates/) - [How to check Windows release health](/windows/deployment/update/check-release-health)
+## July 2021
+
+### Microsoft 365 admin center search
+
+You can now search for incident IDs in the Microsoft 365 admin center. You may learn about current incidents through social media, industry publications or from other admins. You can now go to the admin center to look up more details about the incident and to understand the impact to your organization. Just search for the incident ID in the admin center.
++
+### Support ticket insight for Premier organizations
+
+We've added 2 graphs called **Volume trend** and **Volume trend by product** to give you visual insights about your support volume.
+
+The liner graph under **Volume trend** tab highlights the trend if support cases are increasing or decreasing for your organization month over month. You can hover on the graph to check the number of support cases created in each month.
++
+The **Volume trend by product** graph shows the top 3 products of each month with the highest support cases. We've enabled filtering in the table and you can now filter the results by **Product**, **Severity**, and **Date**.
++
+We've also added 2 new fields, **Severity** and **Closed Date** in the **View Service Request** table to give you more insights about your tickets.
++
+To check out these updates in Microsoft 365 admin center, go to **Support** > **View Service requests** in left navigation pane.
+ ## June 2021 ### Microsoft 365 admin center search
business-video Add Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-domain.md
- AdminSurgePortfolio - adminvideo
+- AdminTemplateSet
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video Change User Name Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-user-name-email.md
- AdminSurgePortfolio - adminvideo
+- AdminTemplateSet
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/get-help-support.md
- AdminSurgePortfolio - adminvideo
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business-video Join Team Guest https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/join-team-guest.md
- AdminSurgePortfolio - adminvideo
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business-video Set Up Mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-mfa.md
Title: "Set up multi-factor sign-in on your phone"
+ Title: "Set up multifactor sign-in on your phone"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn how to set up multi-factor authentication, sometimes also referred to as two-factor authentication, on your phone."
+description: "Learn how to set up multifactor authentication, sometimes also referred to as two-factor authentication, on your phone."
-# Set up multi-factor authentication on your phone
+# Set up multifactor authentication on your phone
-## Watch: Set up multi-factor authentication with a mobile device
+## Watch: Set up multifactor authentication with a mobile device
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MmQR?autoplay=false]
-Multi-factor authentication provides more security for your business. Follow these steps to set it up.
+Multifactor authentication provides more security for your business. Follow these steps to set it up.
## Try it!
business-video Shared Calendar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/shared-calendar.md
- AdminSurgePortfolio - adminvideo
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business-video Stop Email Auto Forward https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/stop-email-auto-forward.md
- AdminSurgePortfolio - adminvideo
+- AdminTemplateSet
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video Turn On Mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/turn-on-mfa.md
Title: "Turn on multi-factor authentication"
+ Title: "Turn on multifactor authentication"
f1.keywords: - NOCSH
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn how to turn on multi-factor authentication, sometimes known as two-factor authentication."
+description: "Learn how to turn on multifactor authentication, sometimes known as two-factor authentication."
-# Turn on multi-factor authentication
+# Turn on multifactor authentication
-## Watch: Turn on multi-factor authentication
+## Watch: Turn on multifactor authentication
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MuO3?autoplay=false]
-Multi-factor authentication means you and your employees must provide more than one way to sign in to Microsoft 365 is one of the easiest ways to secure your business.
+Multifactor authentication means you and your employees must provide more than one way to sign in to Microsoft 365 is one of the easiest ways to secure your business.
## Try it!
business Access Resources https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/access-resources.md
- MSB365 - OKR_SMB_M365 - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business Add Autopilot Devices And Profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/add-autopilot-devices-and-profile.md
- OKR_SMB_M365 - seo-marvel-mar - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business Manage Protected Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/manage-protected-devices.md
- MiniMaven - MSB365 - seo-marvel-mar
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business Manage Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/manage-windows-devices.md
- OKR_SMB_M365 - seo-marvel-mar - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business Microsoft 365 Business Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/microsoft-365-business-overview.md
- OKR_SMB_Videos - seo-marvel-mar - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business Migrate From E3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/migrate-from-e3.md
- MSB365 - OKR_SMB_M365 - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business Set Up Mobile Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/set-up-mobile-devices.md
Open Outlook again, and enter and confirm a PIN. Your Outlook app is now ready f
![Set PIN for Outlook app in Android](../media/edb91afb-f1ed-451a-bc6b-8ccba664e055.png)
-## See also
+## Related content
[Microsoft 365 for business training videos](../business-video/index.yml)
business Set Up Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/set-up-windows-devices.md
- seo-marvel-mar - AdminSurgePortfolio - okr_smb
+- AdminTemplateSet
search.appverid: - BCS160 - MET150
business Upgrade To Windows Pro Creators Update https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/upgrade-to-windows-pro-creators-update.md
- OKR_SMB_Videos - seo-marvel-mar - AdminSurgePortfolio
+- AdminTemplateSet
search.appverid: - MET150 - MOE150
commerce Add Storage Space https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/add-storage-space.md
- okr_SMB - AdminSurgePortfolio - commerce_purchase
+- AdminTemplateSet
search.appverid: MET150 description: "Add file storage in your Microsoft 365 subscription. With extra file storage, you can store more content in SharePoint Online and OneDrive." Last updated 04/02/2021
commerce Change Payment Frequency https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/change-payment-frequency.md
- okr_SMB - AdminSurgePortfolio - commerce_billing
+- c
search.appverid: MET150 description: "Learn how to change how frequently you're billed for your business subscription." Last updated 04/02/2021
commerce Change Your Billing Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses.md
- okr_SMB - AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
search.appverid: MET150 description: "Learn how to update your billing addresses or the email address used to receive billing notifications for Microsoft 365 for business." Last updated 04/07/2021
commerce Manage Billing Profiles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-billing-profiles.md
- AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
search.appverid: MET150 description: "Learn how billing profiles support invoices." Last updated 04/02/2021
commerce Manage Payment Methods https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-payment-methods.md
- okr_SMB - AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
search.appverid: MET150 description: "Buy business products or services from Microsoft by using an existing payment method or adding a new one in the Microsoft 365 admin center." Last updated 04/02/2021
commerce Pay For Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription.md
- fwlink 808700 for SEPA UI glink 906 for older uI - AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
Last updated 05/04/2021
commerce Tax Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/tax-information.md
- okr_SMB - AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
Last updated 03/17/2021
commerce Understand Your Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
- AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
search.appverid: MET150 description: "Learn how to read and understand your bill or invoice for Microsoft business products." keywords: billing accounts, organization info, invoices
commerce Understand Your Invoice2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md
- okr_smb - AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
search.appverid: MET150 description: "Interpret charges, billing, and payment info on your Microsoft 365 for business bill or invoice, and how to change a purchase order number." Last updated 05/04/2021
commerce View Your Bill Or Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
- OKR_SMB_Videos - AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
description: "Find your invoice or billing statement in the Microsoft 365 admin center. You can also save and print a copy of your bill." Last updated 07/31/2020
commerce Buy Or Edit An Add On https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/buy-or-edit-an-add-on.md
- okr_SMB - AdminSurgePortfolio - commerce_purchase
+- AdminTemplateSet
description: "Learn how to buy and manage add-ons for your Microsoft 365 for business subscription." Last updated 04/02/2021
commerce Close Your Account https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/close-your-account.md
- AdminSurgePortfolio - fwlink 2133922 to Delete subscription heading - commerce_subscription
+- AdminTemplateSet
search.appverid: MET150 description: "When you close your account with Microsoft all information related to your account is deleted including licenses, users, and user data." Last updated 04/02/2021
commerce Enter Your Product Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/enter-your-product-key.md
- okr_SMB - AdminSurgePortfolio - commerce_purchase
+- AdminTemplateSet
description: "If you purchased Microsoft 365 Business Standard from a retail store, learn how to redeem the product key and activate your subscription." Last updated 11/13/2020
commerce Buy Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/buy-licenses.md
- AdminSurgePortfolio - manage_licenses - commerce_licensing
+- AdminTemplateSet
search.appverid: MET150 description: "Use these steps to buy more licenses or reduce the number of licenses for your Microsoft 365 for business subscription." Last updated 04/07/2021
commerce Subscriptions And Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/subscriptions-and-licenses.md
- AdminSurgePortfolio - manage_licenses - commerce_licensing
+- AdminTemplateSet
search.appverid: MET150 description: "The applications and services that you receive depend on which Microsoft 365 product you purchased, such as Microsoft 365 Apps for business." Last updated 07/01/2020
commerce Manage Billing Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-billing-accounts.md
- AdminSurgePortfolio - commerce_billing
+- AdminTemplateSet
search.appverid: MET150 description: "Learn about billing accounts and how they're used to manage account settings, invoices, payment methods, and purchases." Last updated 03/17/2021
commerce Cancel Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/cancel-your-subscription.md
- AdminSurgePortfolio - commerce_subscriptions
+- AdminTemplateSet
search.appverid: MET150 description: "If you have fewer than 25 user licenses, you can cancel your Microsoft 365 for business trial or paid subscription in the admin center." Last updated 04/08/2021
commerce Reactivate Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/reactivate-your-subscription.md
- fwlink 874703 - AdminSurgePortfolio - commerce_subscriptions
+- AdminTemplateSet
search.appverid: MET150 description: "Admins can reactivate a subscription when it expires, is disabled, or canceled, or if you canceled in the middle of a subscription term." Last updated 04/07/2021
commerce Renew Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/renew-your-subscription.md
- SaRA - AdminSurgePortfolio - commerce_subscriptions
+- AdminTemplateSet
search.appverid: MET150 description: "Learn how to renew most Microsoft 365 for business subscriptions by turning recurring billing off or on." Last updated 05/04/2021
commerce Upgrade To Different Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md
- SaRA - AdminSurgePortfolio - commerce_subscriptions
+- AdminTemplateSet
search.appverid: MET150 description: "The easiest way to upgrade plans is to use the Upgrade tab in the admin center. However, the Upgrade tab isn't always supported." Last updated 04/21/2021
commerce What If My Subscription Expires https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires.md
- AdminSurgePortfolio - commerce_subscriptions
+- AdminTemplateSet
search.appverid: MET150 description: "Learn what happens to your data when your Microsoft 365 for business subscription expires, is disabled, or if you cancel." Last updated 04/08/2021
commerce Try Or Buy Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/try-or-buy-microsoft-365.md
- AdminSurgePortfolio - commerce_purchase
+- AdminTemplateSet
search.appverid: GEA150 description: "Sign up for a free 30-day trial for Microsoft 365 Business Standard, Microsoft 365 Business Premium, or Microsoft 365 Apps for business." Last updated 08/07/2020
compliance Privacy Management Data Profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management-data-profile.md
+
+ Title: "Find and visualize personal data in Microsoft privacy management (preview)"
+f1.keywords:
+- CSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+- M365-privacy-management
+search.appverid:
+- MOE150
+- MET150
+description: "Learn about the overview and data profile in privacy management and how to gain insights into the personal data in your organization's Microsoft 365 environment."
++
+# Find and visualize personal data in privacy management (preview)
+
+In this article: learn about the features of the **overview** and **data profile** pages and how they can give insights into your data.
+
+## Purpose of the overview and data profile
+
+Microsoft 365 privacy management provides you with capabilities to find and visualize the personal data in your environment. The solution automates discovery of personal data assets in Exchange, SharePoint, OneDrive, and Teams, and provides dashboards that give key insights into the data. Your privacy administrators can act upon these insights to strengthen your organization's approach to privacy and reduce risk.
+
+### Overview page
+
+The Overview page serves as an overall dashboard for the privacy management solution, surfacing dynamic insights about your organizationΓÇÖs ecosystem of personal data. Privacy administrators can monitor data trends and activities, identify and investigate potential risks on personal data, and springboard into key activities such as policy management or subject rights request actions. For more on the overview page, see [Explore the overview page](#explore-the-overview-page).
+
+### Data profile page
+
+The data profile page in privacy management provides a snapshot view of the personal data your organization stores in Microsoft 365. This helps you visualize where personal data lives, what types are the most prevalent in your organization, and how many different types exist across your Microsoft 365 services. You will also be able to explore personal data from this location. To learn more, see [Explore the data profile page](#explore-the-data-profile-page).
+
+## Explore the overview page
+
+The overview page consists of three main sections. Tiles at the top of the page provide essential recent statistics about your data. The key insights section provides investigative opportunities into trends and areas of key interest. For further perspective on your data environment, consult the trendline graphs. To learn more about these areas, consult the sections below.
+
+### Top tiles
+
+#### Policy matches over past 7 days
+
+When policies are set within privacy management, your data will be evaluated for certain conditions that might present privacy risks. Policy matches indicate data discoveries that may need further review or remediation. This card shows the count of any policy matches that have occurred within the last seven days. Matches will be surfaced here whether policies are on or are running in testing mode, so that you can see the results of all your active policies. Clicking this tile will take you to a filtered view of the Policies page of privacy management, showing the policies that have had a match occur within the past seven days.
+
+#### Items with personal data
+
+To see the privacy management solutionΓÇÖs automated discovery capabilities at work, review the Items with personal data tile. This will display how many new items containing personal data have been discovered in your organizationΓÇÖs Microsoft 365 environment over the last seven days. Clicking this tile will load a view of the newest 100 items discovered.
+
+#### Subject rights requests
+
+The top tiles of the overview page include two tiles related to subject rights requests. The first shows the count of requests created over the last seven days. The second tile tallies up requests that are overdue and may need immediate attention. Clicking on these tiles will take users with the appropriate permissions to the subject rights request page of privacy management.
+
+### Key insights
+
+#### Content items with the most personal data
+
+Content in your organizationΓÇÖs Microsoft 365 environment that contains a large amount of personal data may present a higher risk of exposure. You may wish to review these items to ensure they are covered by a privacy management policy. To help raise these items to your attention, the overview page provides a view into your content items that contain the most personal data. Here you can see the number of unique personal data types detected, how many unique content owners have been identified, and how many data subjects have been identified according to the data matching settings for subject rights requests.
+
+Select View summary for a summary view of the items found. You can also choose to Explore these findings to preview individual files. This view shows a maximum of 100 items. Users in the Privacy Management role group can select files to review details and determine relevance, and export the list in .csv format for reference.
+
+#### Policies with the most matches in the last week
+
+This insight showcases which policies have been matched the most frequently over the last seven days, whether in ΓÇ£OnΓÇ¥ mode or ΓÇ£Testing.ΓÇ¥ This helps illustrate both the performance of your policies and the effects of ongoing work as your privacy management users receive training and are empowered to resolve issues with content and refine their privacy behaviors.
+
+Select View summary for a summary of the top 10 policies matched and the content owners of the associated content. You will also see how many user notifications were sent due to these policy matches and the number of user actions taken. Select Investigate to view the policies page in privacy management, filtered to show the policies from the summary view. This investigative view will show statistics for the full lifetime of the policy. Select it to see details such as when matched items were initially detected.
+
+#### Users with the most policy matched in the last week
+
+This insight also addresses matches from policies in either ΓÇ£TestingΓÇ¥ or ΓÇ£OnΓÇ¥ mode. It allows you to view a summary of the users with the most policy matches over the last week and which policies they are matching. This includes totals of the unique content owners, notifications sent to these users, and how many actions were taken from those notifications. Selecting Investigate takes you to the policies page, filtered to show the policies from the summary view. In the investigative view, you will not find user information, but you can select a policy to see policy details related to these matches.
+
+#### Items with the most data subject content
+
+This insight regards information from the data matching feature in subject rights requests, and surfaces items discovered within Microsoft 365 that contain the most data subjects within their content. To learn more about that setting, see [Manage subject rights requests](privacy-management-subject-rights-requests.md).
+
+These items can help confirm your data matching configuration and help you mitigate privacy risks related to these items. Select View summary for a summary view. Select Explore for a detailed view of up to 100 of these items. Here you can preview these items and determine relevance, and export the list in .csv format.
+
+### Trendline graphs
+
+For dynamic visualizations of trends found in your organizationΓÇÖs data, consult the trendline graphs. These graphs can be filtered by characteristics relevant to the info provided, such as spans of time, data type, or the locations of data. Use the dropdowns provided to adjust your view. Hovering over lines in the graph will allow you to see stats related to that specific point in time.
+
+Results related to policies will include data from policies in both ΓÇ£TestingΓÇ¥ and ΓÇ£OnΓÇ¥ mode. If no policies of a particular type are active, the related graphs will show no results.
+
+#### Active policy alerts
+
+This area shows a snapshot of active alerts triggered by policy matches. Over time, this view can help you more easily detect abnormalities, such as large spikes in volume. Select View alerts to navigate to the policies page within privacy management, where you can further investigate alerts and create issues for remediation.
+
+#### Personal data found in organization
+
+This graph shows trends in how much personal data has been discovered over time in your Microsoft 365 environment and where it is located. It will begin populating after privacy management has been running for sufficient time and after content with personal data has been found within SharePoint, OneDrive, Teams, and/or Exchange.
+
+#### Data transfers detected in organization
+
+This graph is related to data transfer policies. It provides a view of how data is moving within your organization, either between departments or between regions for multi-geo organizations.
+
+#### Unused personal data
+
+This graph is related to data minimization policies. It gives insights into how your organization is storing content containing personal data and how your policies may improve your handling of this data over time.
+
+#### Overexposed personal data
+
+This graph is related to data overexposure policies. It can help you identify sharing behaviors over time within your organization and locations where content with personal data may be overexposed, for example by being shared publicly, shared with an external user, or shared widely within your organization.
+
+#### Subject rights requests by regulation
+
+This view provides insights into what regulations most prevalently drive your subject rights requests over time. This graphΓÇÖs legend shows various regulations. Hovering over the trend lines will show the totals of subject rights requests open for that regulation during the selected time.
+
+#### Subject rights requests by status
+
+This graph displays how your organization is doing with completing subject rights requests, broken out into requests that are either Active, Closed, or Overdue. Findings here may help indicate where you could benefit from allocating more resources to closing out your requests and meeting targets.
+
+### Additional data views
+
+#### Subject rights requests at a glance
+
+This view provides a high-level view of active subject rights requests, including the time remaining to complete requests by their defined deadlines. It summarizes how many total requests you have, how many are active, and how many are closed. Select View all requests to go to the subject rights request page, where you can view further details and work on the active requests to progress them to completion.
+
+#### Subject rights requests by residency
+
+This map view helps you visualize your volume of subject rights requests by the residency of the data subjects. Hovering over a bubble will identify the region and the total of subject rights requests opened on behalf of residents there.
+
+## Explore the data profile page
+
+### Personal data type instances detected in Microsoft 365
+
+This card helps you visualize how much personal data exists in your Microsoft 365 environment and how that data is distributed across Exchange, OneDrive, SharePoint, and Teams.
+
+The bar graph shows the approximate aggregate count of unique personal data type instances found within your content. Examples of data types may include things like credit card numbers and social security numbers. Therefore, a discovered file that contains three credit card numbers and one social security number would contain two unique personal data types and four instances. The lower person of this card shows the unique personal data types within each Microsoft 365 location. It provides a view into the diversity of personal data types detected in your organizationΓÇÖs content.
+
+### Top personal data types across your organization
+
+This card provides a snapshot of the top personal data types detected in your environment, along with information on how many items contain that personal data type and in what locations.
+
+### Personal data by region
+
+For multi-geo environments, this card regionally aggregates personal data type instances found within your content, based on the regions in which this content is hosted. For single-region organizations, this card will show one dot representing your Microsoft 365 service location. Hovering over dots on the map will show the approximate count of personal data type instances discovered in that region.
+
+### Exploring content
+
+Selecting **Explore** on any data profile card will open the content explorer. At this time, you cannot search for a specific content item, and you will not see Teams data in this view. This means that numbers within the content explorer may not match the numbers shown on the data profile page, since the data profile page does include Teams content. Privacy administrators who want further insights into their privacy data may do so here based on personal data type (sensitive information type) or by location (Exchange, OneDrive, or SharePoint).
compliance Privacy Management Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management-policies.md
+
+ Title: "Create and manage policies in Microsoft privacy management (preview)"
+f1.keywords:
+- CSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+- M365-privacy-management
+search.appverid:
+- MOE150
+- MET150
+description: "Learn how to create and manage policies for handling your organization's personal data in Microsoft 365, respond to alerts, and remediate issues."
++
+# Create and manage policies in privacy management (preview)
+
+In this article: learn how to build and customize **policies** for handling personal data, get **alerts** about policy matches, and remediate **issues**.
+
+## Purpose of policies
+
+Policies allow you to define the types of privacy risks to look out for in your companyΓÇÖs Microsoft 365 data and establish the preferred outcomes for scenarios where matches are found. Your organization can work from the resulting alerts to review any matching data and remediate issues, all from within the privacy management solution.
+
+Privacy management provides templates to give you an easy start on policy building and allows you to fine-tune your approach through extensive customization options. The key scenarios covered by privacy managementΓÇÖs templates include the following:
+
+- **Data overexposure**: Detects overexposed personal data and prompts users to secure it.
+- **Data transfer**: Spots and helps limit transfers of personal data across departments or regional borders.
+- **Data minimization**: Helps users identify and reduce the amount of unused personal data.
+
+To learn more about the capabilities of each template, see below.
+
+## Policy types
+
+### Data overexposure
+
+Privacy management can help you detect and handle situations in which data that youΓÇÖve stored is insufficiently secure. For example, if access to an internal site is open to too wide a group or your permission settings have not been kept up to date, personal data stored on that site may be vulnerable to a breach. You can use privacy managementΓÇÖs data policy template to evaluate your data and alert you to potential issues.
+
+### Data transfer
+
+Transferring data across departments or regional borders can increase the risk of data exposure, for example if itΓÇÖs sent via unencrypted emails or to unauthorized recipients. Such actions can have regulatory impact or may go against established practices for privacy. Using the data transfer template to create privacy management policies can spot and help limit such transfers.
+
+> [!NOTE]
+> During public preview, some tenants running data transfer policies to detect transfers across regions may encounter synchronization issues that impact visibility into policy matches in Exchange and Teams data. We recommend focusing on SharePoint and OneDrive data while previewing this policy type. An update for this issue is expected in fall 2021.
+
+### Data minimization
+
+Over time, companies can collect large amounts of personal data from customers or employees. Sometimes this includes data that was collected in excess of need, or is otherwise being unused and should be reduced to limit privacy risks around that information. The data minimization template can be used to address risks of this type.
+
+## Get started with default templates
+
+Privacy management will help kickstart your data evaluation process by creating three policies with default settings, using the templates for data minimization, data overexposure, and data transfers. These policies will be on by default, but will not automatically trigger notification mails or remediation prompts. After your initial setup, you can proceed to create and customize your own policies.
+
+## Create a privacy management policy
+
+There are two paths into creating privacy management policies. The first option is to choose from the set of pre-defined templates. You can also customize your own policy, using any of those templates as a starting point.
+
+### Create a policy from a template
+
+To get started right away with a policy, select one of the three pre-set policy types. To review details about any of them, you can select View settings to see the specific properties that make up the policy, including data types, data locations, and the conditions that trigger policy matches.
+
+When creating a policy directly from a template, many settings will be chosen for you automatically. This includes turning on the policy by default. If you want to preview the policy in action before fully activating it, find it in your list after creation, edit the policy, and toggle it to test mode. For more information, see [Test your policy](#test-your-policy).
+
+### Create custom policy
+
+To take granular control of a policyΓÇÖs settings, you can create a customized policy using one of the existing templates as a baseline. Privacy management provides a wizard to guide you through these steps.
+
+Customizable properties include:
+
+- **Name and type**: Choose the template to build your policy upon, then name and describe your version.
+- **Data to monitor**: Select the type of personal data your policy will monitor. Choose either from the available classification groups, or choose from the list of individual sensitive info types. To learn more, see Choose data monitoring options below.
+- **Users**: Select whether this policy applies to all users or selected users. If you choose the second option, you can select up to 300 users of your choosing from the provided list.
+- **Locations**: Choose the locations within Microsoft 365 that your policy should cover, such as your organizationΓÇÖs SharePoint or Exchange data.
+- **Conditions**: Select the relevant conditions for your type of policy. For example, you can specify what types of transfers a data transfer policy should look for, or how recently data has been used for a data minimization policy.
+- **Outcomes**: Define outcomes when a policy match is detected. Your options depend on the policy type youΓÇÖre starting with. Possible outcomes include:
+ - **Email notifications**: This setting allows you to trigger digest email notifications, including links to related training. For more information, see Set user email notifications below.
+ - **Teams**: Give users in Teams policy tips and recommendations, along with links to related training. This option is available for data transfer policies.
+- **Alerts**: Decide the frequency of alerts to admins when a policy match is detected. Options include no alerts, alerts for every policy match, or alerts when a specific threshold is reached. If you choose the threshold option, set your desired parameters.
+- **Mode**: Decide whether to run a policy in test mode first or turn it on immediately. For more information, see Test your policy.
+When you have stepped through all settings in the wizard, review your settings, make any final edits if necessary, and save your policy.
+
+#### Choose data monitoring options
+
+When setting up a custom policy, you will be asked to select which types of data your policy should monitor. The options are as follows:
+
+- **Classification groups**: A searchable list of sets of data based on key privacy regulations, such as GDPR or HIPAA. View details of any group to see what types of sensitive information it covers. Select one or more of these sets to use them as-is. The groups currently available are as follows:
+ - Australia Health Records Act (HRIP Act) Enhanced
+ - Australia Privacy Act Enhanced
+ - (EU) General Data Protection Regulation (GDPR) Enhanced
+ - Japan Personally Identifiable Information (PII) Data Enhanced
+ - Japan Protection of Personal Information Enhanced
+ - U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced
+ - U.S. Health Insurance Act (HIPAA) Enhanced
+ - U.S. Patriot Act Enhanced
+ - U.S. Personally Identifiable Information (PII) Data Enhanced
+ - U.S. State Breach Notification Laws Enhanced
+- **Individual sensitive info types**: By choosing specific sensitive information types yourself, like Social Security numbers or driverΓÇÖs license information, you can customize your own group or groups of data of to look out for. This wizard allows you to select from the complete list of sensitive information types within privacy management. Each information type has its own properties. Use the info button beside any of them for details and notes about recommended settings. If you create more than one group, the wizard lets you apply Boolean operators to relate them and define their order of operations.
+
+If you use pre-set classification groups, you cannot also select individual types or create your own groups. For the most flexibility, choose individual sensitive info types. To utilize the most common standards, choose from the classification groups.
+
+#### Test your policy
+
+If you would like to assess a new policy before fully activating it, set your policy to test mode. Test mode enables you to look for matches from the last 30 days, gauge the policyΓÇÖs behavior, and review the types of alerts generated. We recommend running test policies for at least five days to get representative results. You have the option during the test phase to edit and adjust the policyΓÇÖs settings. After you have gained insights from running the test, you can proceed to turn on the policy. While a policy is running in test mode, no user notification mails will be delivered.
+
+#### Set user email notifications
+
+With email notifications, users receive direct notifications about policy matches and important tasks to complete. The recipients will receive email digests that summarize data to be reviewed and possible actions, such as making documents private, keeping them on file, reporting any false-positive matches, and adding notes for future reference. These emails also include links for training recipients on how to handle these cases. Providing these links is required when initially setting up notifications and should point to your own internal documentation on processes and best practices.
+
+Notifications can be enabled for individual policies during custom policy creation or when editing any policy. Use the Outcomes section to define what happens when a policy match is detected, including the option to enable these notifications, and set how often you want these digests to be delivered.
+
+Email notification capability is controlled at a global level within Settings. It is enabled by default. Turning this setting off will stop all emails even if specific notifications have been configured at an individual policy level. For more information, see Configure settings under [Get started with privacy management](privacy-management-setup.md#configure-settings).
+
+## View policy details
+
+After your policy has been created, select it on the main **Policies** page to see its full overview. The policy details page will provide insights into your data, enable you to view content about specific policy matches, and advise you on next steps. If your policy is running in test mode, this page is also where you can turn on your policy when testing is complete.
+
+After your policy is active, you can continue to review its policy details page to see ongoing insights on problem areas, alert severity and trends, and corrective actions taken.
+
+## Resolve policy alerts and issues
+
+Once your policies have been activated, privacy management will keep you apprised of important discoveries by alerting you to policy matches, grading their severity, and enabling you to take action by creating and resolving issues.
+
+Privacy managementΓÇÖs Overview page provides a view into these findings with dynamic updates about key areas of concern, such as the policies with the most matches and your currently active policy alerts. You can also access details about your alerts and issues via the main Policies page.
+
+### Alerts
+
+To evaluate your active alerts and specify which issues require follow-up, access your **Alerts** page. It provides a filterable list of alerts generated by your policies, which you can individually review to determine the circumstances under which they were triggered.
+
+Selecting any alert will open a flyover pane with additional details, such as the policy type, the number of matching items, and the severity as judged by your policy settings. Under the **Content** tab, you can review the files involved in this alert. This information can provide additional insights as to the specific event that triggered the alert, where the files reside, and what types of personal data are involved. Triggers for alerts are determined by each policyΓÇÖs specific conditions. For instance, an alert might be triggered on a data transfer policy if privacy management detects a transfer between the policyΓÇÖs specified departments or regions.
+
+After assessing any alert in the list, you can use the **Create issue** action to prompt further investigation and action. You will be asked to name the issue and add any relevant comments for context. You can also dismiss alerts here if they donΓÇÖt require a follow-up.
+
+### Issues
+
+As described in the Alerts section, issues are created while assessing alerts about policy matches. To follow up and resolve the indicated concerns, visit the Issues page. From here you can review individual issues, investigate the instigating conditions, review the data, and take the necessary steps to close the case.
+
+This page provides a list of all open issues. Issues are listed by name and sorted by severity to help you prioritize cases, including high, medium, and low categories, along with unassigned. Select any issue in the list to review its content and take action to resolve it. You can give unassigned issues a severity rating during review.
+
+#### Issue overview
+
+Issue details pages help guide you through the process of addressing the identified privacy risks and properly handling the indicated files. On the **Overview** tab you can see the current step to take, indicating the status of the issue and the next recommended actions. You can also review essential information about the content involved, the associated policy, details about the alert, and the timeline.
+
+Subsequent tabs provide further details about the associated alerts and content, along with any notes from others on your team who are working on the issue. You can manage the list of active contributors via the **Collaborators** tab.
+
+#### Share the issue
+
+Adding people as collaborators allows you to share the issue with additional members of your enterprise via a secure Microsoft Teams channel, company email, or by sharing a link directly to the issueΓÇÖs page in privacy management. These options are available under the **Share** button. When sharing via Teams, you will be asked to select from the available teams in your organization, select the specific channel, and leave a message about the issue, which will be shared with the specified channel.
+
+#### Review content and remediate
+
+To review the content associated with an issue, choose the **Review content** action if prompted or open the Content tab. Select any file in the list to view it in full. Here you can see details about the file, any activities on record, and its remediation history, if previous steps have been taken to manage this file.
+
+Use the **Remediate** button to make your own data handling decisions for this content. Selecting the button allows you to choose from one or more remediation actions. Options include:
+
+**All policies**
+
+- **Notify**: Notify the content owner about the detected issue.
+- **Apply retention label**: Add a label about data retention for this item.
+- **Apply sensitivity label**: Add a label about the sensitivity of this itemΓÇÖs data.
+- **Mark as not a match**: Identify a search result as a false positive to remove the content item from consideration.
+
+**Data minimization**
+
+- **Recycle/delete**: Use this option for a soft deletion of the data. Content is moved into the deleted items folder or recycling bin (Exchange, SharePoint, OneDrive), or deleted with an option to recover (Teams messages). Deletion can be reversed within a set period of time, depending on the settings of the service.
+
+**Data overexposure and data transfer**
+
+- **Unshare**: Stop sharing a link to this content item.
+
+Each option will prompt you to leave comments and any other necessary supporting information for the content owner before you confirm your choice.
+
+Once all remediation steps have been taken and the issue is ready to close, use the Resolve button and add your final comments before submitting it.
+
+## Delete a policy
+
+If you need to remove an existing privacy management policy, find it in the list on the Policies page, select the action menu (vertical ellipses), and choose the Delete policy action. You will be asked to confirm your choice before the deletion is final and the policy is permanently removed. Deleting a policy will not affect any files previously evaluated by the policy, and issues and alerts generated by the policy will remain.
compliance Privacy Management Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management-setup.md
+
+ Title: "Get started with Microsoft privacy management (preview)"
+f1.keywords:
+- CSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+- M365-privacy-management
+search.appverid:
+- MOE150
+- MET150
+description: "Learn how to set up privacy management for your organization, set roles and permissions, and configure important settings."
++
+# Get started with privacy management (preview)
+
+In this article: learn how to set up **access to privacy management** for your organization, how to **get started** with evaluating your data, and how to handle important **settings**.
+
+## Sign up
+
+Privacy management will be available within the Microsoft 365 compliance center. The public preview of privacy management is available to organizations with E1, E3, and E5 Office 365 and Microsoft 365 enterprise licenses. Upon general availability of privacy management, organizations will need to obtain a new license.
+
+Note that the public preview of privacy management will not be available to US Government Community (GCC) Moderate, GCC High, or Department of Defense (DoD) customers.
+
+To get started with the public preview, obtain the preview subscription from the admin center. If you do not yet have the license when you first select privacy management in the compliance center, you will be directed to the admin center to get started. We recommend that the global admin sign in and set user permissions as outlined below when visiting privacy management for the first time. If you donΓÇÖt hold the required role to obtain the subscription or consent to the terms of using privacy management, youΓÇÖll be prompted to contact your global admin for assistance.
+
+Confirming that you would like to start using privacy management signals that you agree to the terms and the personal data evaluation process. You can review the provided links in full before proceeding.
+
+## Set user permissions and assign roles
+
+Privacy management uses a role-based access control (RBAC) permission model. Only users who are assigned a role may access privacy management, and the actions allowed by each user are restricted by role type.
+
+Permissions and role assignments for privacy management can be handled within the Microsoft 365 compliance center, as follows. Note that roles specific to privacy management will not appear in Azure Active Directory.
+
+### In the Microsoft 365 compliance center
+
+- Select Permissions in the left navigation.
+- Expand Compliance Center and select Roles. The full list of role groups will appear.
+- Scroll to find the privacy management groups, or search by keyword, for example ΓÇ£privacy.ΓÇ¥
+- Select the relevant role group to see a description, the assigned roles, and a list of members.
+- Use the Edit link beside these sections to add or change users or edit the settings.
+
+### Learn about role groups and roles
+
+This section outlines the role groups and roles relevant to privacy management. Members should be assigned to role groups by the top-level admin depending on what tasks they need to accomplish and what level of file access is appropriate. Each role group includes one or more roles. These roles may pertain to specific privacy management tasks or may correspond to key functions that are enabled or restricted for that groupΓÇÖs members.
+
+Role groups can be customized if needed. To avoid accidental loss of access, we recommend creating a copy of the existing role group you wish to customize, giving the copy an identifiable name, making and verifying your changes to the new group, and assigning people to it as appropriate.
+
+**Privacy Management**: This group contains all the privacy management permission roles in a single group. This is the easiest way to quickly get started with privacy management and manage access control for other groups that will use privacy management. It is also a good fit for organizations that do not need separate permissions defined for separate groups of users.
+
+**Privacy Management Administrators**: Members of this role group focus on configuration and administration tasks, and have broad access to privacy management functions, including creating, reading, updating, and deleting privacy management policies, subject rights requests, privacy management permissions, and privacy management settings.
+
+**Privacy Management Analysts**: Members of this role group act as privacy management case analysts. They can investigate policy matches, view file metadata, and take remediation actions. This group cannot access full files through the Content Explorer.
+
+**Privacy Management Investigators**: Members of this group act as privacy management data investigators. They can investigate policy matches, view the associated file content, and take remediation actions. This group can access files through the Content Explorer.
+
+**Privacy Management Viewer**: Members of this group can view analytical information in privacy management, like the overview, data profile, and subject request reports.
+
+**Subject Rights Request Administrators**: Members of this group have full access to administer and create subject rights requests.
+
+**Privacy Management Contributors**: Members of this group have contributor access to subject rights requests.
+
+To see the specific roles included in each role group, see the following table.
+
+| **Role group** | **Roles included** |
+|:-- |:--|
+| Privacy Management | Case Management |
+| | Data Classification Content Viewer |
+| | Data Classification List Viewer |
+| | Privacy Management Admin |
+| | Privacy Management Analysis |
+| | Privacy Management Investigation |
+| | Privacy Management Permanent Contribution |
+| | Privacy Management Temporary Contribution |
+| | Privacy Management Viewer |
+| | Subject Rights Request Admin |
+| | View-Only Case |
+| Privacy Management Admin | Case Management |
+| | Privacy Management Admin |
+| | View-Only Case |
+| Privacy Management Analysts | Case Management |
+| | Data Classification List Viewer |
+| | Privacy Management Analysis |
+| | View-Only Case |
+| Privacy Management Investigators | Case Management |
+| | Data Classification Content Viewer |
+| | Data Classification List Viewer |
+| | Privacy Management Investigation |
+| | View-Only Case |
+| Privacy Management Viewer | Privacy Management Viewer |
+| Subject Rights Request Administrator | Subject Rights Request Admin |
+|Privacy Management Contributors | Privacy Management Temporary Contribution |
+| | Privacy Management Permanent Contribution |
+
+## Configure settings
+
+The Settings page is accessible via the gear wheel in the upper right corner of privacy managementΓÇÖs main pages. It allows privacy management administrators to configure essential properties across privacy management. Options include the following.
+
+### Anonymization
+
+This feature enables you to show anonymized versions of usernames within privacy management features to users in certain roles. This will replace identifiable display names like ΓÇ£Grace TaylorΓÇ¥ with a generic label like ΓÇ£AnonyIS8-988ΓÇ¥ in order to help mask your usersΓÇÖ identities while reviewing sensitive data. This option does not apply to the subject rights request module.
+
+### User notification emails
+
+When we detect a match for your data handling policies, privacy management can send an email to the affected users with corrective actions to take and a link to privacy training. In Settings, you can enable or disable the email notification capability of privacy management as a whole. You can activate individual notifications, set email frequency, and specify a training URL when you create or edit a policy. If notification capability is turned off in Settings, any policy-level configuration for specific notification mails will be disabled. To learn more about policies, see [Create and manage policies](privacy-management-policies.md).
+
+### Teams collaboration
+
+Integrate Microsoft Teams capabilities with privacy management to enhance collaboration with stakeholders. Every time a subject rights request is created, an associated team will be created. Users can be added to a team from the requestΓÇÖs Collaborators tab. To learn more about subject rights requests, see [Manage subject rights requests](privacy-management-subject-rights-requests.md).
+
+### Power Automate flows
+
+Use Power Automate flows to automatically manage privacy-related processes and tasks. You can create flows in the Settings section using built-in privacy management templates, or use the Power Automate console to create custom flows. To learn more about Power Automate, see the [Power Automate](/power-automate/) documentation.
+
+### Data matching
+
+Use this section to upload data schemas that describe attributes of your data subjects, which will help identify the correct data subject when searching for personal data within your Microsoft 365 environment. Schemas and rule packages are created and uploaded in XML format. Under Personal data upload, you can also submit personal data that matches a provided schema. You can create and upload your own file or choose to upload personal data from Azure. To learn more about subject rights requests, see [Manage subject rights requests](privacy-management-subject-rights-requests.md).
+
+### Data retention periods
+
+For subject rights requests, choose how long you want to retain the final data collected and report after a request is closed. You can select between 30 or 90 days. To learn more about subject rights requests, see [Manage subject rights requests](privacy-management-subject-rights-requests.md).
+
+### Data review tags
+
+Manage the tags youΓÇÖll use to mark files retrieved in a subject rights request. In this section, you can edit the names and descriptions for custom tags. You can also edit tag descriptions for the built-in tags provided by the system. Names for system tags cannot be changed. To learn more about subject rights requests, see [Manage subject rights requests](privacy-management-subject-rights-requests.md).
+
+## Get initial data insights
+
+After signing into privacy management, youΓÇÖll arrive at the **Overview** page. This page provides dynamic insights about the personal data stored in your Microsoft 365 environment in order to help you quickly spot issues, identify risk indicators, and take action to fix issues. Your Overview should populate with initial insights within the first 24 hours of signing up. As you continue to use privacy management, the overview page will refresh to continue to provide current information.
+
+For further insights into your data over time, your **Data profile** page will provide more visualizations and analytics and give you a high-level view of your organizationΓÇÖs data by geographic location and by Microsoft 365 service.
+
+To learn more about these pages, see [Find and visualize your data](privacy-management-data-profile.md).
compliance Privacy Management Subject Rights Requests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management-subject-rights-requests.md
+
+ Title: "Manage subject rights requests in Microsoft privacy management (preview)"
+f1.keywords:
+- CSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+- M365-privacy-management
+search.appverid:
+- MOE150
+- MET150
+description: "The subject rights request solution in Microsoft privacy management helps you find personal data and collaborate on reviewing content and creating reports."
++
+# Manage subject rights requests in privacy management (preview)
+
+In this article: learn about how to use the subject rights request solution to **find personal data** in your environment, **collaborate on reviews**, create **reports**, and **automate** key tasks.
+
+## Purpose of subject rights requests
+
+Privacy management provides powerful subject rights requests capabilities to help you handle requests from people seeking to manage their personal data within your organization. These requests are sometimes also referred to as data subject requests (DSRs), data subject access requests (DSARs), or consumer rights requests. Privacy management empowers personnel responsible for fulfilling subject rights requests to easily identify data subjects and find their personal information among your organizationΓÇÖs data in Exchange, SharePoint, OneDrive, and Teams.
+
+Privacy management is uniquely capable in helping you prioritize items to review within the data you collect for these requests. The solution is aware of Microsoft Information Protection sensitivity labels, which indicate content that is potentially confidential and may necessitate special review, and flags items with these labels. For more information about sensitivity labels, see [Learn about sensitivity labels](sensitivity-labels.md). In addition, privacy management can detect and flag items containing the data of multiple people, where you may need to redact content prior to supplying it to the data subject.
+
+Once data has been collected and evaluated, you can select the most relevant items to include in your reports and exports, and securely collaborate with other team members to move the requests toward completion.
+
+## Get started with subject rights requests
+
+Privacy management provides a central hub for your privacy administrators to handle subject rights requests that your organization has received.
+
+To begin handling a new request case or to work on a request in progress, visit the main **Subject rights requests** page. It provides a visual overview of the cases that your team has created within privacy management, their status (active, closed, or overdue), and the request types, and a filterable list of all requests. This page is also where you can go to open a new request.
+
+To view details about open cases, select any request in the list and choose **Go to request details**. For more information, see [Review and take action on requests](#review-and-take-action-on-requests).
+
+To open a new request, see [Create a request](#create-a-request).
+
+## Create a request
+
+Subject rights management administrators can use privacy managementΓÇÖs wizard to create requests. This wizard will guide you through the process of finding personal data about a data subject and fulfilling their request.
+
+The four main steps include the following.
+
+### Identify the data subject
+
+Provide the name of the subject who made the request and specify their relationship to your company.
+
+### Select the request type
+
+Choose a request type based on what the data subject wants you to do with their data. If their request relates to a specific data privacy regulation, you can also select it from a provided list to add more context. Setting a deadline (required) will make it easy to sort for approaching or overdue requests and resolve them in a timely manner. Request types include:
+
+- **Access**: Provides a summary of the data subjectΓÇÖs personal information held by your organization in Microsoft 365.
+- **Export**: Provides a summary and an export of the data subjectΓÇÖs personal information, as collected and annotated during review.
+- **Tagged list for follow up**: Generates a summary of files that may require additional action outside of privacy management. One example scenario may be if you need to facilitate deletion of the data subject's personal information per their request.
+
+### Confirm the request name
+
+This step allows you to confirm the name of this request and add an optional description for reference.
+
+### Review and finish
+
+A summary of what youΓÇÖve entered during the previous steps. Any field can be edited before you select **Create request**.
+
+At this level, some properties can be edited after the request has been created, including the deadline, request name, and description, but key properties like the identity of the subject cannot be changed. To edit an existing request, find it in your list of requests on the Subject rights requests page and use the **Edit request details** action.
+
+## Review and take action on requests
+
+Once a request has been opened, privacy management will begin searching your Microsoft 365 data to find data about your subject. To see the initial results, select that request in the list and choose **Go to request details**. Here you can learn more about the requestΓÇÖs properties, the search findings, and the requestΓÇÖs status. This page will also become your hub to work and collaborate on managing the files found, creating reports and exports, and completing the request.
+
+Tiles on this page include:
+
+- **Details**: The core details about the request, including its deadline and request date, its description, and the related privacy regulation.
+- **Progress**: A timeline indicating completed steps and any tasks yet to be finished.
+- **Data estimate summary**: An overview of the data evaluated in your search. To learn more about this information, see View and edit search queries.
+- **Priority items to review**: If applicable, this will show information about important items that privacy management has detected for you, including confidential information already bearing a Microsoft sensitivity label, or items with data about multiple individuals that may require redaction. Priority items can be found under Data collected by filtering by the ΓÇ£Priority TypesΓÇ¥ column.
+
+### Monitor progress and complete requests
+
+Subject rights requests go through multiple stages on the way to completion. Some stages automatically progress as privacy management does its data evaluation, and others advance when subject rights requests administrators and contributors complete essential steps like reviewing, selecting, and redacting files.
+
+Since requests may need to be worked on over time or by multiple contributors, privacy management gives continual updates on a requestΓÇÖs status and guidance on the next steps to take. These updates can be viewed on the subject rights requestΓÇÖs overview page. The progress stages include the following.
+
+#### Data estimate
+
+The data estimate is the initial stage of data evaluation. After a request is created, privacy management identifies how many items in your organizationΓÇÖs data include potential matches to your data subject and makes note of where these items are in Microsoft 365. Once the data estimate is done, you can preview the results and review the details of your original search query. If you wish to edit your search query, see the instructions under [View and edit search queries](#view-and-edit-search-queries). If your initial results look satisfactory, you can proceed to **retrieve data**.
+
+- Up to 10,000 individual items can be retrieved from any search. Files associated with a matching item (for example, file attachments on an email) may count toward your total. If your search exceeds the file count threshold, try revising your search to refine its scope. See the [View and edit search queries](#view-and-edit-search-queries) section for more information. You will not be able to edit your search query once you initiate the retrieve data stage.
+
+#### Retrieve data
+
+This stage indicates that privacy management is in the process of retrieving your data. Once it is complete, it will automatically advance to **review data**.
+
+#### Review data
+
+At this stage, your contributors should review the findings under the Data collected tab. Essential steps include:
+
+- Choose whether to include the identified items in your summaries and/or exports. If a reported match is not required in the export or report, select the option to "Exclude." If the content appears to be a false positive, you can choose "Not a match" to both exclude the file from your final reports and flag the item as something that should not have been picked up by the request. To set an item's status, use the action menu (vertical ellipses) beside its name and select your desired choice. If prompted, add a note for internal reference to explain your decision. Notes are required when excluding files.
+- Use the **Apply tags** option to help you identify items that need attention. The available tags include options provided by the system, for instance tagging an item for follow-up, and may include custom tags as defined under Settings.
+- Use **Annotate** to create inline mark-ups or redactions on a selected file. For example, if you need to include a file for an individual that also contains the personal information of others, you can use **Area redaction** (under the Drawing button in the command bar) to black out all information that does not pertain to the person who made the request. When your edits are complete, select Include to add the redacted file to the request. Note that annotation creates a copy of the file, so that nothing in the original file is altered and will remain in its original location. The copy is stored in your Azure blob and will remain for the duration of your stated data retention period. For more information, see [Data retention](#data-retention) below.
+- To review notes on an item, select it and go to the File Notes tab. You can also use the Add file note option to create a new comment. To review or add notes at an overall case level, go to the main Notes tab above and use **Add case note**. These notes will be visible to users working on the request, but will not be included in the final report or otherwise shared with the data subject.
+
+When all items have been reviewed and their statuses set, select **Complete review** to open a flyover pane where you can review a summary of the data and add any relevant notes. These notes are for internal record keeping and arenΓÇÖt shared with the data subject. Select Complete review again to move on to the next stage. Summaries of your decisions will be provided later under the Reports tab.
+
+#### Generate reports
+
+This stage indicates that your reports are being generated. When complete, these can be found under the **Reports** tab. Your finished files here can be exported for delivery to the data subject who made the request.
+
+#### Close the request
+
+When you have performed the necessary actions to resolve your subject rights request, choose **Close the request**. This creates the final report, which will be encrypted and made available in the **Reports** tab. This might take a while depending on the number of files in the request.
+
+### View and edit search queries
+
+To see detailed information about the data search behind a subject rights request, select **View search query details** from the data estimate summary card. This opens a pane summarizing the query and showing further details about what was found.
+
+You will have the option here to **Preview search results** to see what type of content will be returned for this query. If you determine that you would like to change the properties of this search, and you have not begun the Retrieve Data phase, you can use the **Edit search query** option. This wizard offers the ability to change or add properties for data subject identification, your search filters and conditions, and the locations in which to look for data (including Exchange, SharePoint, OneDrive, and/or Teams). Use these options to reach your desired level of specificity. You can review the final version of your new query before hitting **Save**.
+
+When you finish editing your search query, a new search will run to replace your previous search results. This resets your status in the Progress section to the first step, **Data estimate**. The new search may take up to 60 minutes to complete. Once itΓÇÖs done, youΓÇÖll see updated results on the requestΓÇÖs details page.
+
+### Data retention
+
+Reports generated through this tool and the associated data, such as annotated files saved in Azure, are stored for a specified length of time. This duration is defined at a global level through **Settings** in the **Data retention periods** section, which allow you to choose between 30 and 90 days. To learn more, see [Get started with privacy management](privacy-management-setup.md).
+
+## Collaborate on requests with Teams
+
+Privacy management supports collaboration through Microsoft Teams to allow your group to work together on subject rights requests. When you create a new request, a Teams channel is automatically created and associated to your request by default. Here you can discuss the request and safely share input and contributions as it moves toward completion. To join the conversation, open your request and use the **Chat with collaborators** option. This will open Microsoft Teams and place you within the General channel for your subject rights request's Team site.
+
+To review the list of active collaborators that can view and contribute to your Team site, within your subject rights request open the **Collaborators** tab. To add additional users to collaborate on this request, select the option to Add a collaborator.
+
+To change the default behavior of generating Teams sites when creating a subject rights request, select the **Settings** gear in the upper right corner of the subject rights request page and select **Teams collaboration** to modify the setting.
+
+You can also use the **Share** option in the upper right within a subject rights request to loop people in via Teams or email, or to copy the link to the page in privacy management. Sharing via Teams will allow you to select an existing Teams site available to your account, and select a specific channel within that site where it will post the link to this case along with any message you supply.
+
+## Automate subject rights request tasks
+
+Microsoft Power Automate is a workflow service that automates actions across applications and services. When you enable Power Automate flows for privacy management, you can automate important tasks for cases and users. To learn more about Power Automate, visit their [documentation site](/power-automate/getting-started).
+
+Customers with Microsoft 365 subscriptions that include privacy management do not need another Power Automate licenses to use the recommended privacy management Power Automate templates. These templates can be customized to support your organization and cover core privacy management scenarios. If you choose to use premium Power Automate features in these templates, create a custom template using the Microsoft 365 compliance connector, or use Power Automate templates for other compliance areas in Microsoft 365, you may need more Power Automate licenses.
+
+The following Power Automate templates are included in privacy management:
+
+- **Create record for privacy management case in ServiceNow**: This template is for organizations that want to use their ServiceNow solution to track subject rights request cases. You will be asked to enter your ServiceNow instance details. Once connected to your instance, subject rights requests administrators will be able to create a record for the case in ServiceNow and can customize what the template will populate into selected fields if needed. For more information on the connector, see the [ServiceNow Connector reference page](/connectors/service-now/).
+- **Create a calendar reminder**: This template is for setting due date reminders in your Outlook calendar for subject rights requests. The tool will populate certain details for you from the properties of the request, such as the name of the request and its due date. You can add descriptive details, specify recipients, and adjust other advanced settings.
+
+### Create a new Power Automate flow from a template
+
+To begin, open the subject rights request you want to work with, select **Automate**, and then select **Manage Power Automate flows**. This opens the Flows flyout pane. Use the New option and choose the template you want to use from the available options. From here, follow the prompts to complete setup.
+
+After you save an instance of the template, you must execute it from the subject rights requestΓÇÖs detail page so that the flow instance has the right context and ID. Open the request, return to the **Automate** menu, select the template, and select **Run flow**. You can see your past activities by selecting **See flow run activity**.
+
+### Share a Power Automate flow
+
+By sharing a Power Automate flow, you can add another owner and allow them to edit, update, and delete the flow. All owners can also access the run history and add or remove other owners. To share a flow, open the subject rights request you want to work with, select **Automate**, and then select **Manage Power Automate flows**. From this pane you can select an existing flow, then use the Share option to add a user or a group.
+
+This pane also gives you the option to manage the embedded connections to services being used in the Power Automate flow. Changing these settings may affect your ability to execute the flow.
+
+### Edit or delete Power Automate flow
+
+To adjust details of a Power Automate flow, open the subject rights request, select **Automate**, and select **Manage Power Automate flows**. From this pane, you can select an existing flow to view details. Use Edit in any section to change the properties, then save.
+
+To remove the flow entirely, use the **Delete** option. It will remove the flow for all owners and uninstall it for all users. Previous flow instances will continue to run to avoid data loss. You can confirm your choice before the deletion is final.
+
+## Data matching
+
+With data matching, organizations can enable the privacy management solution to identify data subjects based on exact supplied data values. This can help increase the accuracy of locating data subject content both for your internal personnel and for external users you interact with. It also simplifies the need to supply fields manually during subject rights request creation, and provides context within subject rights requests and for the Overview tile that showcases your items with the most data subject content. To learn more about that view, see [Find and visualize your data](privacy-management-data-profile.md#items-with-the-most-data-subject-content).
+
+To use the data matching feature, you will need to be a member of the Privacy Management role group. Select the settings gear icon from the upper right of the main subject rights requests page and select **Data matching**. From here, you will need to define the personal data schema and provide a personal data upload as shown below. Note that you can add items, and you can delete items you add via the UI. However, you cannot modify an item in place from the UI at this time.
+
+### Prepare for data import
+
+Before defining the schema or uploading data, you will need to identify the source of your data subject information. The required file format is .csv, which can be read by an application such as Microsoft Excel. Structure this export so that your column headers appear in the first row. These headers should include the names of the attributes for your personal data schema. Check the format of the data in each field. If any of the data contains commas, surround these values with double quotes to ensure it will not be parsed into separate fields.
+
+### Define the personal data schema
+
+The personal data schema will describe the attributes for your data subjects. Upload this schema on the first tab of the data matching settings area. The required files include a **personal data schema** XML file and a **rule package** XML file.
+
+#### Personal data schema XML
+
+The personal data schema file is an XML file that will define what column names are expected.
+
+- Name this schema file *pdm.xml*.
+- Define each column name using the Field Name tag as seen in the example below.
+- Use searchable = ΓÇ£trueΓÇ¥ for fields you want to be searchable, up to a maximum of five fields. At least one of your field names must be searchable. Sample syntax: `\<Field name="" searchable=""/>`.
+- The personal data schema has a DataStore tag section. Four mandatory fields must be mapped to your field names: primaryKeyField, upnField, firstNameField, lastNameField.
+
+As an example, the following XML file defines a sample schema, with five fields specified as searchable: PatientID, MRN, SSN, Phone, and DOB. The primaryKeyField is mapped to PatientID, upnField is mapped to MRN, firstNameField is mapped to FirstName, and lastNameField is mapped to LastName.
+
+You can copy, modify, and use our example.
+
+ ```xml
+<PdmSchema xmlns="http://schemas.microsoft.com/office/2020/pdm">
+ <DataStore name="Patientrecords" description="Schema for patient records" version="1" primaryKeyField="PatientID" upnField="MRN" firstNameField="FirstName" lastNameField="LastName">
+ <Field name="PatientID" searchable="true"/>
+ <Field name="MRN" searchable="true" />
+ <Field name="FirstName" />
+ <Field name="LastName" />
+ <Field name="SSN" searchable="true" />
+ <Field name="Phone" searchable="true" />
+ <Field name="DOB" searchable="true" />
+ <Field name="Gender" />
+ <Field name="Address" />
+ </DataStore>
+</PdmSchema>
+ ```
+
+#### Rule package XML
+
+When you set up your rule package, make sure to correctly reference your personal data schema file created above: pdm.xml. In the following sample rule package XML, the following fields need to be customized to create your data match sensitive type:
+
+- **RulePack id** & **PrivacyMatch id**: Use New-GUID to generate a GUID.
+- **Datastore**: This field specifies the personal data match lookup data store to be used. Provide the defined DataStore name of a configured personal data schema.
+- **idMatch**: This field points to the primary element for the personal data match.
+ - **Matches**: Specifies the field to be used in exact lookup. Provide a searchable field name from the personal data schema.
+ - **Classification**: This field specifies the sensitive type match that triggers personal data match lookup. You can provide the Name or GUID of an existing built-in or custom sensitive information type. In order to avoid causing performance issues, if you use a custom sensitive information type as the Classification element in personal data match, do not use a custom sensitive information type that will match a large percentage of content (such as "any number" or "any five-letter word"). We recommend adding supporting keywords or including formatting in the definition of the custom classification sensitive information type.
+- **Match**: This field points to additional evidence found in proximity of idMatch.
+ - **Matches**: Provide any field name in the personal data schema for DataStore.
+- **Resource**: This section specifies the name and description for sensitive type in multiple locales.
+ - **idRef**: Provide GUID for ExactMatch ID.
+ - **Name & descriptions**: customize as required.
+
+In our rule package XML example below, we are referencing the pdm.xml example file from the previous step that creates the personal data schema XML:
+
+- **Datastore**: The dataStore name references the schema file we created earlier: dataStore = "PatientRecords".
+- **idMatch**: The idMatch value references a searchable field that is listed in the pdm.xml file we created earlier: idMatch matches = "SSN".
+ - **Classification**: The classification value references an existing or custom sensitive information type: classification = "U.S. Social Security Number (SSN)". (In this case, we use the existing sensitive information type of U.S. Social Security Number.)
+
+Create a rule package in XML format (with Unicode encoding), like in the following example code. You can copy, modify, and use this example.
+
+ ```xml
+<RulePackage xmlns="http://schemas.microsoft.com/office/2020/pdm">
+ <RulePack id="fd098e03-1796-41a5-8ab6-198c93c62b21">
+ <Version build="0" major="2" minor="0" revision="0" />
+ <Publisher id="eb553734-8306-44b4-9ad5-c388ad970528" />
+ <Details defaultLangCode="en-us">
+ <LocalizedDetails langcode="en-us">
+ <PublisherName>IP DLP</PublisherName>
+ <Name>Health Care PDM Rulepack</Name>
+ <Description>This rule package contains the Personal Data Match sensitive type for health care sensitive types.</Description>
+ </LocalizedDetails>
+ </Details>
+ </RulePack>
+ <Rules>
+ <PrivacyMatch id = "E1CC861E-3FE9-4A58-82DF-4BD259EAB381" patternsProximity = "300" dataStore ="PatientRecords" recommendedConfidence = "65" >
+ <Pattern confidenceLevel="65">
+ <idMatch matches = "SSN" classification = "U.S. Social Security Number (SSN)" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <idMatch matches = "SSN" classification = "U.S. Social Security Number (SSN)" />
+ <Any minMatches ="3" maxMatches ="6">
+ <match matches="PatientID" />
+ <match matches="MRN"/>
+ <match matches="FirstName"/>
+ <match matches="LastName"/>
+ <match matches="Phone"/>
+ <match matches="DOB"/>
+ </Any>
+ </Pattern>
+ </PrivacyMatch>
+ <LocalizedStrings>
+ <Resource idRef="E1CC861E-3FE9-4A58-82DF-4BD259EAB381">
+ <Name default="true" langcode="en-us">Patient SSN Exact Match.</Name>
+ <Description default="true" langcode="en-us">PDM Sensitive type for detecting Patient SSN.</Description>
+ </Resource>
+ </LocalizedStrings>
+ </Rules>
+</RulePackage>
+ ```
+
+### Upload personal data
+After defining the personal data schema, you can perform the **personal data upload** on the second tab of the data matching settings page. When you select **Add**, choose the personal schema that you defined in the first step, then upload the file containing the personal data.
+
+You can upload this personal data by choosing a local file, or by supplying an SAS URL to an existing Microsoft Azure Storage location containing your personal data file.
+If you prepared a file as the first step in this process that conforms to the schema created, you can use that file for the upload.
compliance Privacy Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management.md
+
+ Title: "Microsoft Privacy management (preview)"
+f1.keywords:
+- CSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+- M365-privacy-management
+search.appverid:
+- MOE150
+- MET150
+description: "Microsoft privacy management offers solutions for evaluating personal data your organization stores in Microsoft 365, and helps you identify and remediate privacy risks."
++
+# Microsoft privacy management (preview)
+
+## What is privacy management
+
+As your companyΓÇÖs cloud data grows in size and complexity, so does your need to understand and safeguard the personal data held in your environment. Privacy management in Microsoft 365 empowers your employees to make smart data handling decisions and address critical privacy risks by providing efficient ways to find and manage personal data, automate privacy operations, and fulfill subject rights requests. These solutions will enable you to build a privacy resilient workplace and handle issues at scale.
+
+> [!NOTE]
+> These services are currently in preview and subject to the terms and conditions in the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products).
+
+## Privacy management solutions
+
+In today's data landscape, organizations must invest in managing and protecting the personal data they store. Privacy regulations around the world have established standards to follow and the rights of individuals to control their own personal information, and best practices for businesses are continually evolving to keep information about their employees and customers safe.
+
+Microsoft 365 privacy management provides solutions that enable you to:
+
+- **Find and visualize personal data**: Protecting data starts with having a thorough understanding of what your organization is storing, where it lives across the services you use, and the conditions under which it's managed in the long term.
+- **Manage privacy risks**: Use privacy management to evaluate your data for key risk scenarios, and use built-in tools to set alerts and remediate issues like unintended oversharing, exposure, or unnecessary storage of personal information.
+- **Efficiently fulfill personal data requests**: When individuals request to manage the personal data that you store about them, use the privacy management solution to collect data, review the findings, and produce reports.
+
+Privacy management gives you tools to help you navigate these situations, automate key tasks, and easily manage your data handling workflows.
+
+### Understand your data
+
+With privacy management, you can gain insights into your organization's entire Microsoft 365 privacy landscape. The solution will evaluate your data for personal information, give you a clear view into what you store, and offer opportunities to investigate areas of key interest.
+
+These insights are presented across your **Overview** dashboard, which provides dynamic updates about your data and important trends, and the **data profile**, which allows you to explore ongoing analytics. The findings and alerts here can inform your next actions for managing data.
+
+To learn more, see [Find and visualize your personal data](privacy-management-data-profile.md).
+
+### Manage risk scenarios
+
+Complex data environments can present potentially risky scenarios for personal data. Privacy management provides easy ways to detect risks in the following areas and establish ongoing processes for handling these scenarios.
+
+- **Overexposed personal data**: Companies may collect various types of information that can be used to identify individual customers or employees. Access rights to this data must be properly managed to protect privacy and prevent inappropriate use.
+- **Data transfers**: Transferring personal data between departments in your organization or across country or regional borders may increase the risk of exposure of data, or of stepping out of accordance with privacy regulations and laws.
+- **Data minimization**: Companies may collect excess information or keep it longer than necessary, resulting in storage of unused personal data. This data should be minimized to help prevent privacy risks.
+
+Privacy management provides built-in templates for setting up data-handling policies in these areas. These policies can evaluate your Microsoft 365 data on an ongoing basis, alert you to potential issues, and help you remediate these issues. As a result, your employees can better follow best privacy practices and stay aware of recommended actions to take. The templates can either be used as provided or customized to meet your companyΓÇÖs specific needs.
+
+To learn more, see [Create and manage policies](privacy-management-policies.md).
+
+### Manage subject rights requests
+
+In accordance with certain privacy regulations, for example General Data Protection Regulation (GDPR) in the EU, individuals may make requests to review or manage the personal data about themselves that companies have collected. For companies that store large amounts of information, finding the relevant data may seem like a formidable task.
+
+Privacy management in Microsoft 365 can help you handle these inquiries through the subject rights request solution. It provides automation and workflow capabilities for helping you search for subject data that youΓÇÖve stored in Microsoft 365, review the findings, select the appropriate files, and produce reports. Along the way, you can securely collaborate with other experts in your organization to bring the request to completion.
+
+Note that this subject rights request solution provides capabilities beyond the original data subject requests (DSR) solution in the compliance center, and there is no connection or sharing of workflows between the two. The legacy DSR page will be retired at a later date.
+
+To learn more, see [Manage subject rights requests](privacy-management-subject-rights-requests.md).
+
+## How we evaluate your data
+
+To show personal information in your Microsoft 365 environment and provide capabilities for managing that data and remediating issues, privacy management evaluates data within the following scope.
+
+### What privacy management evaluates
+
+- Sensitive information, which we call personal data and is the data supported by Microsoft data classification, for example, name, address, or Social Security number
+- Personal data of people connected to your organization, such as customers and employees
+- Data handling activities of employees who work with personal data, such as file owners and business operations staff
+
+For more information about how Microsoft 365 defines sensitive information, see [Learn about sensitive information types](sensitive-information-type-learn-about.md).
+
+### Where privacy management identifies personal data
+
+The privacy management solution for Microsoft 365 evaluates data and files stored by your organization in Microsoft 365ΓÇÖs cloud service to help you identify and manage privacy risks in that space. This includes:
+
+- Microsoft Exchange
+- Microsoft SharePoint
+- Microsoft OneDrive
+- Microsoft Teams
+
+Since privacy management focuses on data specific to your organization, any personal accounts your employees or customers may have on these services will not be in scope.
+
+### Additional resources
+
+For more information about how Microsoft approaches privacy and safeguards your data, see the following resources:
+
+- [Microsoft Privacy Principles](https://www.microsoft.com/en-us/trust-center/privacy)
+- [Privacy overview](/compliance/assurance/assurance-privacy)
+
+## Next steps
+
+To continue, see [Get started with privacy management](privacy-management-setup.md).
compliance Sensitivity Labels Sharepoint Onedrive Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files.md
Use the OneDrive sync app version 19.002.0121.0008 or later on Windows, and vers
- For performance reasons, when you upload or save a document to SharePoint and the file's label doesn't apply encryption, the **Sensitivity** column in the document library can take a while to display the label name. Factor in this delay if you use scripts or automation that depend on the label name in this column.
+- If a document is labeled while it's [checked out in SharePoint](https://support.microsoft.com/office/check-out-check-in-or-discard-changes-to-files-in-a-library-7e2c12a9-a874-4393-9511-1378a700f6de), the **Sensitivity** column in the document library won't display the label name until the document is checked in and next opened in SharePoint.
+
+- If a labeled and encrypted document is downloaded from SharePoint or OneDrive by an app or service that uses a service principal name, and then uploaded again with a label that applies different encryption settings, the upload will fail. An example scenario is Microsoft Cloud App Security changes a sensitivity label on a file from **Confidential** to **Highly Confidential**, or from **Confidential** to **General**.
+
+ The upload doesn't fail if the app or service first runs the [Unlock-SPOSensitivityLabelEncryptedFile](/powershell/module/sharepoint-online/unlock-sposensitivitylabelencryptedFile) cmdlet, as explained in the [Remove encryption for a labeled document](#remove-encryption-for-a-labeled-document) section. Or, before the upload, the original file is deleted, or the file name is changed.
+ - Users might experience delays in being able to open encrypted documents in the following Save As scenario: Using a desktop version of Office, a user chooses Save As for a document that has a sensitivity label that applies encryption. The user selects SharePoint or OneDrive for the location, and then immediately tries to open that document in Office for the web. If the service is still processing the encryption, the user sees a message that the document must be opened in their desktop app. If they try again in a couple of minutes, the document successfully opens in Office for the web. - For encrypted documents, printing is not supported.
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Whether it be adding new solutions to the [Microsoft 365 compliance center](micr
> > And visit the [Microsoft 365 Roadmap](https://www.microsoft.com/microsoft-365/roadmap) to learn about Microsoft 365 features that were launched, are rolling out, are in development, have been cancelled, or previously released.
+## June 2021
+
+### Customer Key
+
+- [Service encryption with Customer Key](customer-key-overview.md) (Customer Key tenant level DEPs now encrypt sensitivity label configuration for Microsoft Information Protection.)
+
+### eDiscovery
+
+- [Query and filter content in a review set](review-set-search.md) (new query and filtering capability in a new UX format to filter and search for content in a review set)
+- [Tag documents in a review set in Advanced eDiscovery](tagging-documents.md) (new tag functionality and UX to make tagging documents in a review set faster and easier; includes new capability of tagging documents by using a query and using filters to quickly find or exclude review set items based on how an item is tagged)
+- [Set up compliance boundaries for eDiscovery investigations](set-up-compliance-boundaries.md) (Microsoft has removed the requirement to contact MS Support to request that a compliance attribute is synced to OneDrive accounts; now a Mailbox search permissions filter is used to enforce the compliance boundaries for OneDrive)
+
+### Sensitivity labels
+
+- The sensitivity label policy wizard now supports [Outlook-specific options for default label and mandatory labeling](sensitivity-labels-office-apps.md#outlook-specific-options-for-default-label-and-mandatory-labeling) as an easier configuration than the (still supported) PowerShell advanced settings.
+- Support for [dynamic markings with variables](sensitivity-labels-office-apps.md#dynamic-markings-with-variables ) is now rolling out for Word, Excel, and PowerPoint on the web
+- For [auto-labeling policies](apply-sensitivity-label-automatically.md) for Exchange, if the label is configured for encryption, that encryption isn't applied. Additionally for Exchange auto-labeling policies, you can now configure exceptions and the following new conditions: subject, recipient address, or sender address matches patterns; recipient address contains words; sender domain is, recipient is a member of; sender is.
+- When you use sensitivity labels with teams, groups, and sites, you can use Set-SPOTenant with the BlockSendLabelMismatchEmail parameter to prevent the automatically generated email when the audit event **Detected document sensitivity mismatch** is logged. For more information, see [Auditing sensitivity label activities](sensitivity-labels-teams-groups-sites.md#auditing-sensitivity-label-activities ).
+- The [authentication context setting](sensitivity-labels-teams-groups-sites.md#more-information-about-the-dependencies-for-the-authentication-context-option) is now fully rolled out in preview for sensitivity labels. Additionally, this configuration is now supported by Microsoft Teams.
+- Files that are labeled and encrypted by a service principle name (such as Microsoft Cloud App Security) and then uploaded to SharePoint and OneDrive can now be opened in Office for the web when you've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md).
+- [Co-authoring and AutoSave](sensitivity-labels-coauthoring.md) is no longer restricted to test tenants and now supported in production when you use version 2105: June 18 for Windows, and version 16.50+ for macOS. Note that this feature is still not supported by iOS and Android, and remains in preview.
+ ## May 2021 ### Data Loss Prevention
The following Microsoft 365 compliance solutions now support the detection of [c
- Sensitivity labels are now supported for US Government tenants (GCC and GCC-H). - New [automatic labeling](sensitivity-labels-office-apps.md) support for macOS.-
-## December 2020
-
-### Spotlight: New content for insider risk solutions
-
-The Microsoft 365 compliance content team is hard at work creating ΓÇÿcontent solutionΓÇÖ docs to promote how compliance capabilities can be used together to help meet your compliance goals.
-
-First up is content that ties together our insider risk solutions: communication compliance, insider risk management, information barriers, and privileged access management. HereΓÇÖs a peek at what youΓÇÖll find:
--- [New landing page for insider risk solutions](insider-risk-solution-overview.md). Includes details about risks that the solutions can help mitigate, licensing requirements, deployment sequence, architecture illustrations, training resources, and more.-- New overview articles for each insider risk solution. Guidance and links to articles that help you learn about, plan, deploy, and manage each solution:
- - [Communication compliance](communication-compliance-solution-overview.md)
- - [Insider risk management](insider-risk-management-solution-overview.md)
- - [Information barriers](information-barriers-solution-overview.md)
- - [Privileged access management](privileged-access-management-solution-overview.md)
-
-More content solution docs coming soon!
-
-### Advanced eDiscovery
-
-Improved workflow and functionality for [adding custodians](add-custodians-to-case.md) and [non-custodial data sources](non-custodial-data-sources.md) to an Advanced eDiscovery case.
-
-### Data connectors
-
-[Four new Veritas connectors released](archiving-third-party-data.md#third-party-data-connectors): Redtail Speak, Salesforce Chatter, ServiceNow, and Yieldbroker.
-
-### Encryption
-
-Introducing [Customer Key for Microsoft 365 at the tenant level](customer-key-tenant-level.md). Using keys you provide, you can create a data encryption policy (DEP) and assign it to the tenant. The DEP encrypts data across the tenant for these workloads:
--- Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)-- Teams media messages (images, code snippets, videos, wiki images)-- Teams call and meeting recordings stored in Teams storage-- Teams chat notifications-- Teams chat suggestions by Cortana-- Teams status messages-- User and signal information for Exchange Online-
-### Records management
-
-The [Records Management admin role group](get-started-with-records-management.md#permissions-required-for-records-management) now grants permissions for all records management features, including disposition review.
-
-### Sensitivity labels
--- [Automatically label data in Azure Purview (preview)](/azure/purview/create-sensitivity-label). You can now create and automatically apply sensitivity labels to assets in Azure Purview, such as files in Azure Blob storage and database columns in SQL Server.-- [Require users to apply a label to items](sensitivity-labels-office-apps.md#require-users-to-apply-a-label-to-their-email-and-documents). Also known as ΓÇÿmandatory labelingΓÇÖ, this new option requires users to choose and apply a sensitivity label under the specific scenarios.
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
You must ensure the following objects and attributes are set in the target organ
- The Target MailUser must have these attributes from the source mailbox or assigned with the new User object: - ExchangeGUID (direct flow from source to target) ΓÇô The mailbox GUID must match. The move process will not proceed if this is not present on target object. - ArchiveGUID (direct flow from source to target) ΓÇô The archive GUID must match. The move process will not proceed if this is not present on the target object. (This is only required if the source mailbox is Archive enabled).
- - LegacyExchangeDN (flow as proxyAddress, ΓÇ£x500:<LegacyExchangeDN>ΓÇ¥) ΓÇô The LegacyExchangeDN must be present on target MailUser as x500: proxyAddress. The move processes will not proceed if this is not present on the target object.
+ - LegacyExchangeDN (flow as proxyAddress, ΓÇ£x500:<LegacyExchangeDN>ΓÇ¥) ΓÇô The LegacyExchangeDN must be present on target MailUser as x500: proxyAddress. In addition, you also need to copy all x500 addresses from the source mailbox to the target mail user. The move processes will not proceed if these are not present on the target object.
- UserPrincipalName ΓÇô UPN will align to the userΓÇÖs NEW identity or target company (for example, user@northwindtraders.onmicrosoft.com). - Primary SMTPAddress ΓÇô Primary SMTP address will align to the userΓÇÖs NEW company (for example, user@northwind.com). - TargetAddress/ExternalEmailAddress ΓÇô MailUser will reference the userΓÇÖs current mailbox hosted in source tenant (for example user@contoso.onmicrosoft.com). When assigning this value, verify that you have/are also assigning PrimarySMTPAddress or this value will set the PrimarySMTPAddress which will cause move failures.
enterprise Microsoft 365 Connectivity Optics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-connectivity-optics.md
+
+ Title: "Microsoft 365 Connectivity Optics"
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Ent_O365
+- Strat_O365_Enterprise
+f1.keywords:
+- CSH
+
+ - Adm_O365
+ - seo-marvel-apr2020
+search.appverid:
+- MET150
+- BCS160
+ms.assetid: f5ee6c33-bcd7-4b0b-b0f8-dc1d9fb8d132
+description: This article contains information about Microsoft 365 Connectivity Optics.
++
+# Microsoft 365 Connectivity Optics
+
+This article is in progress.
+
includes Microsoft 365 Client Support Certificate Based Authentication Include https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-client-support-certificate-based-authentication-include.md
|TEAMS|Γ£ö|Γ£ö|Γ£ö|Γ£ö|N/A| |TO-DO|Γ£ö|Γ£ö|Γ£ö|N/A|Γ£ö| |VISIO|N/A|Γ£ö|N/A|Γ£ö|N/A|
-|WHITEBOARD|Γ£ö|Planned|N/A|N/A|Γ£ö|
+|WHITEBOARD|Γ£ö|Γ£ö|N/A|N/A|Γ£ö|
|WORD|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |WORKPLACE ANALYTICS|N/A|N/A|N/A|N/A|N/A| |YAMMER|Γ£ö|Γ£ö|Planned|Planned|N/A|
lighthouse M365 Lighthouse Configure Portal Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-configure-portal-security.md
+
+ Title: "Configure Microsoft 365 Lighthouse portal security"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to configure portal security."
++
+# Configure Microsoft 365 Lighthouse portal security
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Protecting access to customer data when a Managed Service Provider (MSP) has delegated access permissions to its tenants is a cybersecurity priority. Microsoft 365 Lighthouse comes with both required and optional capabilities to help you configure Microsoft 365 Lighthouse portal security.
+
+## Set up multifactor authentication (MFA)
+
+As mentioned in the blog post [Your Pa$$word doesn't matter](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984):
+
+> "Your password doesn't matter, but MFA does. Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA."
+
+When users access Microsoft 365 Lighthouse for the first time, they'll be prompted to set up MFA if their Microsoft 365 account doesn't already have it configured. Users won't be able to access Microsoft 365 Lighthouse until the required MFA setup step is completed. To learn more about authentication methods, see [Set up your Microsoft 365 sign-in for multifactor authentication](https://support.microsoft.com/office/ace1d096-61e5-449b-a875-58eb3d74de14).
+
+## Set up roles to manage customer tenants
+
+Access to customer tenant data and settings in Microsoft 365 Lighthouse is restricted to the Admin Agent and Helpdesk Agent roles from the Cloud Solutions Provider (CSP) program.
+
+You can check which users in the partner tenant have the Admin Agent and Helpdesk Agent roles by reviewing the security group memberships on the [Azure AD ΓÇô All Groups](https://portal.azure.com/#blade/Microsoft_AAD_IAM/GroupsManagementMenuBlade/AllGroups) page. To learn how to assign CSP program roles and other permissions to users, see [Assign roles and permissions to users](/partner-center/permissions-overview). As an MSP, if you don't already have delegated access privileges to customer tenants, learn how to get them in the article [Obtain permissions to manage a customer's service or subscription](/partner-center/customers-revoke-admin-privileges).
+
+The following table lists the different Microsoft 365 Lighthouse pages and the permissions required to view and act on customer tenant data and settings for the Admin Agent and Helpdesk Agent roles.<br><br>
+
+| Microsoft 365 Lighthouse page | Admin Agent permissions | Helpdesk Agent permissions |
+|--|--|--|
+| Home | <ul><li>View all</li></ul> | <ul><li>View all</li></ul> |
+| Tenants | <ul><li>View all</li><li>Update customer contacts and website</li><li>View and apply deployment plans</li></ul> | <ul><li>View all</li><li>Update customer contacts and website</li><li>View deployment plans</li></ul> |
+| Users | <ul><li>View all</li><li>Reset password</li><li>Block sign-in</li><li>Enable MFA</li></ul> | <ul><li>View all</li><li>Reset password</li><li>Block sign-in</li></ul> |
+| Devices | <ul><li>View all</li></ul> | <ul><li>View all</li></ul> |
+| Threats | <ul><li>View all</li><li>Run quick scan</li><li>Run full scan</li><li>Reboot device</li><li>Update antivirus</li></ul> | <ul><li>View all</li></ul> |
+| Baselines | <ul><li>View all</li></ul> | <ul><li>View all</li></ul> |
+| Service health | <ul><li>View all*</li></ul> | <ul><li>View all*</li></ul> |
+
+> [!NOTE]
+> Currently, to take the actions marked with * in the table, users will also need to have the Azure AD role in the partner tenant with the following property set: **microsoft.office365.serviceHealth/allEntities/allTasks**. For a list of Azure AD roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).
+
+Given the broad permissions associated with the Admin Agent role, we suggest adhering to the principle of [least privileged access](/azure/active-directory/develop/secure-least-privileged-access) when designating a partner tenant user as an Admin Agent versus Helpdesk Agent. One way to do this is to assign the Helpdesk Agent role to the required partner tenant users. This lets them view customer data and settings but not make broad changes. Then, when needed, use the just-in-time access approval capabilities of Azure AD Privileged Identity Management (PIM) to give users a time-scoped Admin Agent role.
+
+## Set up Azure AD Privileged Identity Management (PIM)
+
+MSPs can minimize the number of people who have access to secure information or resources by using Azure AD Privileged Identity Management (PIM). PIM reduces the chance of a malicious person gaining access to resources or authorized users inadvertently impacting a sensitive resource. MSPs can also grant users just-in-time privileged access to resources and monitor what the designated users are doing with their privileged access.
+
+> [!NOTE]
+> Using Azure AD PIM requires an Azure AD Premium P2 license in the partner tenant.
+
+The following steps elevate partner tenant users to time-scoped Admin Agent roles by using Azure AD PIM:
+
+1. Create a role-assignable group as described in the article [Create a group for assigning roles in Azure Active Directory](/azure/active-directory/roles/groups-create-eligible).
+
+2. Go to [Azure AD ΓÇô All Groups](https://portal.azure.com/#blade/Microsoft_AAD_IAM/GroupsManagementMenuBlade/AllGroups) and add the new group as a member of the Admin Agents group.
+
+3. Set up privileged access to the new group as described in the article [Assign eligible owners and members for privileged access groups](/azure/active-directory/privileged-identity-management/groups-assign-member-owner).
+
+To learn more, see [What is Privileged Identity Management?](/azure/active-directory/privileged-identity-management/pim-configure)
+
+## Other roles and permissions
+
+The following table lists partner tenant roles and their associated permissions.<br><br>
+
+| Partner tenant roles | Permissions within partner tenant |
+|--|--|
+| Global Administrator of partner tenant | <ul><li>Sign up for Microsoft 365 Lighthouse in the Microsoft 365 admin center.</li><li>Accept partner contract amendments during the first-run experience.</li><li>View customer tenants on the Tenants page.\*</li><li>Activate and inactivate a tenant.\*</li><li>Update customer contacts and website.\*</li><li>Create, update, and delete tags.\*</li><li>Assign and remove tags from a customer tenant.\*</li></ul> |
+| Administrator of partner tenant with at least one<br> Azure AD role assigned with the following property set:<br> **microsoft.office365.supportTickets/allEntities/allTasks**<br> (For a list of Azure AD roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).) | <ul><li>Create Microsoft 365 Lighthouse service requests.</li></ul> |
+
+> [!NOTE]
+> Currently, to take the actions marked with * in the table, the Global Administrator must assume the Admin Agent role.
+
+## Related content
+
+[Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md) (article)\
+[Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Deploy Baselines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-deploy-baselines.md
+
+ Title: "Deploy Microsoft 365 Lighthouse baselines"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to deploy Microsoft 365 Lighthouse baselines."
++
+# Deploy Microsoft 365 Lighthouse baselines
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Microsoft 365 Lighthouse baselines let you deploy standard managed tenant configurations to secure tenant users, devices, and data. There are six default baseline configurations that come standard with Microsoft 365 Lighthouse:
+
+- Require MFA for admins
+- Require MFA for end users
+- Block Legacy Authentication
+- Set up Device Enrollment in Microsoft Endpoint Manager ΓÇô Azure AD Join
+- Configure Defender Anti-virus policy for Windows devices
+- Configure Compliance Policy for Windows devices
+
+## Before you begin
+
+Make sure you and your customer tenants meet the requirements listed in [Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md).
+
+## Learn more about the default baseline
+
+Select **Baselines** from the left navigation pane to open the Baselines page. You'll see that the default baseline has already been added to the Default tenant group (all tenants). To view the default baseline configurations, select **View baseline** to open the Default baseline page. The configurations are listed as deployment steps. Select any of the deployment steps to view deployment details and user impact.
++
+## Deploy a baseline configuration
+
+1. In the left navigation page, select **Tenants** to view a list of your onboarded tenants.
+
+2. Select the tenant you want to deploy the baseline configuration to.
+
+3. Select the **Deployment plan** tab to see all the deployment steps from the baseline that have been added to the tenant's deployment plan.
+
+4. Select a deployment step to open the deployment step page.
+
+5. Select **Apply** to apply the selected deployment step to the tenant. If the deployment step indicates "This action requires a manual step", make sure to complete the manual step so the deployment step is applied correctly.
+
+## Related content
+
+[Overview of using baselines to deploy standard tenant configurations](m365-lighthouse-deploying-standard-tenant-configurations-overview.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Deploying Standard Tenant Configurations Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-deploying-standard-tenant-configurations-overview.md
+
+ Title: "Overview of using baselines to deploy standard tenant configurations"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn about using baselines to deploy standard tenant configurations."
++
+# Overview of using baselines to deploy standard tenant configurations
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Microsoft 365 Lighthouse baselines provide a repeatable and scalable way for you to assess and manage Microsoft 365 security settings across multiple tenants. Baselines also help monitor core security policies and tenant compliance standards with configurations that secure users, devices, and data.
+
+Designed to help partners enable customer adoption of security at their own pace, Microsoft 365 Lighthouse provides a standard set of baseline parameters and pre-defined configurations for Microsoft 365 services. These security configurations help measure your tenants' Microsoft 365 security and compliance progress.
+
+You can view the default baseline and its deployment steps from within Microsoft 365 Lighthouse. To apply baselines to a tenant, select **Tenants** in the left navigation pane, and then select a tenant. Next, go to the **Deployment plans** tab and implement the desired baseline.
+
+## Standard baseline security templates
+
+Microsoft 365 Lighthouse standard baseline configurations for security workloads are designed to help all managed tenants reach an acceptable state of security coverage and compliance.
+
+The baseline configurations in the following table come standard with the Microsoft 365 Lighthouse default baseline.<br><br>
+
+| Baseline configuration | Description |
+|--|--|
+| Require MFA for admins | A report-only Conditional Access policy requiring multifactor authentication for admins. It's required for all cloud applications. |
+| Require MFA for end users | A report-only Conditional Access policy that requires multifactor authentication for users. It's required for all cloud applications. |
+| Block legacy authorization | A report-only Conditional Access policy to block legacy client authorizations. |
+| Enroll devices in Microsoft Endpoint Manager – Azure AD Join | Device enrollment to allow your tenant devices to enroll in Microsoft Endpoint Manager. This is done by setting up Auto Enrollment between Azure Active Directory and Microsoft Endpoint Manager. |
+| Antivirus (AV) policy configuration | A Device Configuration profile for Windows devices with pre-configured Microsoft Defender Antivirus settings. |
+| Window 10 Compliance policy set up | A Windows device policy with pre-configured settings to meet basic compliance requirements. |
++
+## Related content
+
+[Deploy Microsoft 365 Lighthouse baselines](m365-lighthouse-deploy-baselines.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Device Compliance Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-compliance-page-overview.md
+
+ Title: "Microsoft 365 Lighthouse Device compliance page overview"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn about the Device compliance page."
++
+# Microsoft 365 Lighthouse Device compliance page overview
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Microsoft 365 Lighthouse lets you view insights and information related to Intune device compliance for all your tenants by selecting **Devices** in the left navigation pane to open the Device compliance page. From this page, you can get an overview of compliance status across tenants, view a list of devices for each tenant, and get status reports on compliance policies and settings.
+
+## Overview tab
+
+On the Overview tab, you can view device compliance status across your tenants, see monthly device compliance trends, and track whether devices have compliance policies assigned to them. You can also view information on tenant device compliance actions and requirements based on Conditional Access policies.
++
+## Devices tab
+
+On the Devices tab, you can view a list of all tenant devices and filter the list based on the following compliance statuses: Compliant, Non-compliant, In Grace period, and Not evaluated. For more information about the different compliance statuses, see [Monitor Intune Device compliance policies](/mem/intune/protect/compliance-policy-monitor).
+
+Select any device to view more information on why the device is in its current compliance state. If you need to take action on the device, there's an option to view the device in Microsoft Endpoint Manager.
++
+## Policies tab
+
+On the Policies tab, you can view compliance policies across your tenants and compare two or three policies of the same platform type by using the Compare feature on the toolbar. You can also select any policy to view more information.
++
+## Settings tab
+
+The settings tab provides an aggregated report of non-compliant settings across tenant devices. Select any of the report rows to view more information, including which tenants the non-compliant devices belong to.
++
+## Related content
+
+[Microsoft 365 Lighthouse Users page overview](m365-lighthouse-users-page-overview.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Get Help And Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-get-help-and-support.md
+
+ Title: "Get help and support for Microsoft 365 Lighthouse"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to get help and support."
++
+# Get help and support for Microsoft 365 Lighthouse
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Several options are available if you need help. Start by checking the current health of customer tenant
+
+1. In the left navigation pane of Microsoft 365 Lighthouse, select **Service health**.
+2. View detailed information about current and past issues.
+
+To check the current health of the Microsoft 365 Lighthouse tenant
+
+1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>.
+2. In the left navigation pane, select **Health** > **Service health**.
+3. In the list of services, find **Microsoft 365 suite**, and then expand it to show all the services in the suite.
+4. Find **Microsoft 365 Lighthouse** and check the health.
+
+If you're experiencing an issue that isn't listed in either of the Service health dashboards, follow the instructions in this article to view self-help options or to create a service request.
+
+> [!NOTE]
+> Support is limited to English while Microsoft 365 Lighthouse is in Preview.
+
+## Before you begin
+
+- To create and manage service requests, you must have at least one Azure Active Directory (Azure AD) role assigned to you with the following property set: **microsoft.office365.supportTickets/allEntities/allTasks**. For a list of Azure AD roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). For information on how to assign roles, see [Assign Azure AD roles to users](/azure/active-directory/roles/manage-roles-portal).
+
+- If you need to create a service request, gather as many details as possible about your issue, such as diagnostic logs, tenant ID, and user IDs (if specific users are affected).
+
+## Access help and support
+
+1. In Microsoft 365 Lighthouse, select the **?** icon at the top of the portal to open the **Help** pane, and then do one of the following:
+
+ - If you're on the page of the portal where the issue occurred, select **Show diagnostics**.
+
+ This will create a JSON file with information to help Support agents troubleshoot your issue. Save the file so you can attach it to your service request.
+
+ > [!NOTE]
+ > The JSON file will contain personally identifiable information.
+
+ - If your issue isn't isolated to the current page of the portal, go to the next step.
+
+2. In the **Help** pane, select the **Help + support** button. This opens the **How can we help?** pane.
+
+ > [!NOTE]
+ > If the **How can we help?** pane doesn't open, you'll need to reach out to someone in your partner tenant who has Global Administrator permissions and ask them to help.
+
+3. In the **How can we help?** pane, enter a description of your issue, and then press **Enter**. We recommend including the full product name *Microsoft 365 lighthouse* in your description to ensure the search results include relevant help articles.
+
+4. Check out the list of recommended articles to see if any of them help resolve your issue.
+
+ If you enter a description of your issue and it doesn't return a list of help articles, rephrase your description and try another search.
+
+5. If the recommended articles don't help, select **Contact Support**.
+
+6. Fill out the information in the form, attach any screenshots and the JSON file that you saved in step&nbsp;1 if applicable, and then select **Contact me**. The expected wait time is indicated in the pane.
+
+## Related content
+
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-overview.md
+
+ Title: "Overview of Microsoft 365 Lighthouse"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs), learn how Microsoft 365 Lighthouse can help you secure and manage customer tenants in one location."
++
+# Overview of Microsoft 365 Lighthouse
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) secure and manage devices, data, and users at scale for small- and medium-sized business (SMB) customers who are using Microsoft 365 Business Premium.
+
+Microsoft 365 Lighthouse simplifies onboarding of Microsoft 365 Business Premium tenants by recommending security configuration baselines tailored to SMB customers and providing multi-tenant views across all customer environments. With Microsoft 365 Lighthouse, MSPs can scale the management of their customers, focus on what's most important, quickly find and investigate risks, and take action to get their customers to a healthy and secure state.
+
+No additional costs are associated with using Microsoft 365 Lighthouse to manage Microsoft 365 services and connected devices. Microsoft 365 Lighthouse is currently in Preview and available to MSPs enrolled in the Cloud Solution Provider (CSP) program and serving SMB customers with a Microsoft 365 Business Premium subscription.
+
+Note that CSP indirect providers aren't currently supported by Microsoft 365 Lighthouse.
+
+> [!IMPORTANT]
+> To use Microsoft 365 Lighthouse, MSPs and their customer tenants must meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md).
+
+For more information about the CSP program, see the [Cloud Solution Provider program overview](/partner-center/csp-overview).
+
+> [!NOTE]
+> A similar offering, Azure Lighthouse, helps service providers deliver managed services for Azure services by using comprehensive and robust management tooling built into the Azure platform. To learn more, see the [What is Azure Lighthouse?](/azure/lighthouse/overview)
+
+## Microsoft 365 Lighthouse benefits
+
+Microsoft 365 Lighthouse helps MSPs secure and manage Microsoft 365 services and connected endpoints at scale by:
+
+- Providing tenant deployment journeys so technicians can follow a consistent set of steps to secure and configure customer tenants.
+- Using a default SMB security baseline that prescribes best practices targeted to small- and medium-sized business tenants.
+- Providing multi-tenant insights on device compliance for a clear view of how devices are being evaluated across all organizations, tools to compare policies, and the top settings that aren't being met.
+- Simplifying common tasks like resetting a password.
+- Configuring multifactor authentication and self-service password reset, including tools to help drive adoption by users.
+- Understanding and protecting against risky sign-ins.
+- Managing threats on Windows 10 devices by providing details on threats detected by Microsoft Defender and actions to take to resolve issues and keep devices up to date.
+- Providing insights into Microsoft 365 service incidents and advisories that impact the customer tenants they manage.
+
+> [!NOTE]
+> For more information on how to sign up, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+## Related content
+
+[Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md) (article)\
+[Microsoft 365 Lighthouse tenant list overview](m365-lighthouse-tenant-list-overview.md) (article)\
+[Microsoft 365 Lighthouse Device compliance page overview](m365-lighthouse-device-compliance-page-overview.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md
+
+ Title: "Requirements for Microsoft 365 Lighthouse"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs), get a list of requirements to use Microsoft 365 Lighthouse."
++
+# Requirements for Microsoft 365 Lighthouse
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the requirements listed in this article. If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) secure and manage devices, data, and users at scale for small- and medium-sized business (SMB) customers.
+
+MSPs must be enrolled in the Cloud Solution Provider (CSP) program as an Indirect Reseller or Direct Bill partner to use Microsoft 365 Lighthouse.
+
+In addition, each MSP customer tenant must qualify for Microsoft 365 Lighthouse by meeting the following requirements:
+
+- Delegated Admin PrivilegesΓÇ»(DAP) for the MSP
+- At least one Microsoft 365 Business Premium license
+- Fewer than 500 licensed users 
+
+## Requirements for enabling device management  
+
+To view customer tenant devices on the device management pages, a MSP must:   
+
+- Enroll all customer devices in Microsoft Endpoint Manager (MEM). For more information, see [Enroll devices in Microsoft Intune](/mem/intune/enrollment/).
+- Assign compliance policies to all customer devices. For more information, see [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy).
+
+## Requirements for enabling user management
+
+For customer data to show up in reports on user management pages, including Risky users, Multifactor authentication, and Password reset, customer tenants must have licenses for Azure Active Directory Premium P1 or later. Azure AD Premium P1 is included with Microsoft 365 Business Premium.
+
+## Requirements for enabling threat management
+
+To view customer tenant devices and threats on the threat management pages, you must enroll all customer tenant devices in Microsoft Endpoint Manager (MEM) and protect them by running Microsoft Defender Antivirus. 
+
+For more information, see [Enroll devices in Microsoft Intune](/mem/intune/enrollment/).
+
+Microsoft Defender Antivirus is part of the Windows operating system and is enabled by default on devices running Windows 10.
+
+> [!NOTE]
+> If you're using a non-Microsoft antivirus solution and not Microsoft Defender Antivirus, Microsoft Defender Antivirus is disabled automatically. When you uninstall the non-Microsoft antivirus solution, Microsoft Defender Antivirus is activated automatically to protect your Windows devices from threats.   
+
+## Related content  
+
+[Configure Microsoft 365 Lighthouse portal security](m365-lighthouse-configure-portal-security.md) (article)\
+[Microsoft 365 Lighthouse Device compliance page overview](m365-lighthouse-device-compliance-page-overview.md) (article)\
+[Microsoft 365 Lighthouse Users page overview](m365-lighthouse-users-page-overview.md) (article)\
+[Microsoft 365 Lighthouse Threat management page overview](m365-lighthouse-threat-management-page-overview.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml)ΓÇ»(article)
+
lighthouse M365 Lighthouse Sign Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sign-up.md
+
+ Title: "Sign up for Microsoft 365 Lighthouse"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs), learn how to sign up for Microsoft 365 Lighthouse."
++
+# Sign up for Microsoft 365 Lighthouse
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, follow the instructions in this article to sign up.
+
+## Before you begin
+
+- Make sure you and your customer tenants meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md).
+
+- You must be a Global Administrator in the partner tenant you're signing into.
+
+## Steps to sign up for Microsoft 365 Lighthouse
+
+1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>.
+
+1. Go to **Billing** > **Purchase Services** > **Other Services**.
+
+ If Microsoft 365 Lighthouse isn't in the services list, select **See all other services products**.
+
+ If you encounter the Purchase services error page, select **View products** at the bottom of the page.
+
+1. Under **Microsoft 365 Lighthouse for Partners Public Preview**, select **Details**.
+
+1. Select **Buy**.
+
+ > [!NOTE]
+ > Microsoft 365 Lighthouse requires one license for the tenant. No additional per-user licenses are required.
+
+ To verify that Microsoft 365 Lighthouse was successfully added to your tenant, look for Microsoft 365 Lighthouse under **Billing > Your Products** in the Microsoft 365 admin center.
+
+1. If you aren't redirected to the Microsoft 365 Lighthouse portal, go to `https://lighthouse.microsoft.com/`.
+
+1. Select **Agree & Continue** to complete the partner agreement amendment.
+
+ > [!NOTE]
+ > After you complete sign-up, it can take up to 48 hours for customer data to appear in Microsoft 365 Lighthouse.
+
+## Next steps
+
+[Configure Microsoft 365 Lighthouse portal security]()
+
+## Related content
+
+[Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Tenant List Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-tenant-list-overview.md
+
+ Title: "Microsoft 365 Lighthouse tenant list overview"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn about the tenant list."
++
+# Microsoft 365 Lighthouse tenant list overview
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+The Microsoft 365 Lighthouse tenant list provides insights into the different tenants you have a contract with, including tenant onboarding status relative to Microsoft 365 Lighthouse. The tenant list also lets you tag tenants to provide different filters throughout Microsoft 365 Lighthouse, and drill down to learn more about a given tenant and the status of their deployment plan.
+
+After your tenants meet the [Microsoft 365 Lighthouse onboarding requirements](m365-lighthouse-requirements.md), their status will show as **Active** in the tenant list.
+
+To access the tenant list in Microsoft 365 Lighthouse, select **Tenants** in the left navigation pane to open the Tenants page.
+
+## Tenant status
+
+The following table shows the different status messages and their meaning.<br><br>
+
+| Status message | Description |
+|--|--|
+| Active | Onboarding and data flow has started. |
+| In process | Tenant discovered, but not fully onboarded. |
+| Ineligible, DAP | Delegated Admin Privileges (DAP) setup is required. |
+| Ineligible, user count | Tenant has more users than allowed. |
+| Ineligible, license | Tenant does not have required license. |
+| Inactive | Tenant is no longer active. |
+
+Once you inactivate a tenant, you can't take action on the tenant while Microsoft 365 Lighthouse completes the inactivation process. It may take up to 48 hours for inactivation to complete.
+
+If you decide to reactivate a tenant, it may take up to 48 hours for data to reappear.
+
+## Tenant tags
+
+You can tag your customer tenants with a custom label within Microsoft 365 Lighthouse. These tags can be used to organize your tenants and can also help you easily filter the existing views and insights available to relevant sets of customer tenants. You can also manage your tags and which tenants they're assigned to from the Tenants page.
+
+## Related content
+
+[Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Threat Management Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-threat-management-page-overview.md
+
+ Title: "Microsoft 365 Lighthouse Threat management page overview"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn about the Threat management page."
++
+# Microsoft 365 Lighthouse Threat management page overview
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+**Applies to:**
+
+- Windows 10
+
+Microsoft Defender Antivirus protects tenants, users, and devices from software threats including viruses, malware, and spyware. It's robust, ongoing protection that's built into Windows 10 and included with Microsoft 365 Business Premium.
+
+To access the Threat management page in Microsoft 365 Lighthouse, select **Threat Management** in the left navigation pane to view your tenants' security posture against threats. You'll see tenants, users, and devices that require your attention and recommendations that will help you reduce risk.
+
+## Overview tab
+
+On the Overview tab of the Threat management page, you can monitor the antivirus state across all your tenants to identify the areas that need attention.
++
+## Threats tab
+
+On the Threats tab of the Threat management page, you can see the Active, Mitigated, Resolved, and Allowed threats across all your tenants. You can also remediate multiple threats at the same time across all your tenants by filtering and drilling down into each threat to learn which devices, users, or tenants are affected.
+
+
+You can filter threats by:
+
+- Threat status
+- Threat severity
+- Threat type
+- Date range
+
+The following table lists the different threat statuses and their definition:<br><br>
+
+| Threat status | Definition |
+|--|--|
+| Active | Threat is active on the device. |
+| No status | Threat status is unavailable. Run a full scan on the device to have Microsoft Defender Antivirus redetect the threat. |
+| Action failed | The device is not at risk. An action has failed but a potential threat has been stopped and isn't active on the device. Run a full scan on the device. |
+| Manual steps required | The threat has been stopped but it requires a manual step to be completed, such as a full scan or a reboot of the device. |
+| Full scan required | A full scan of the device is required. |
+| Reboot required | A reboot of the device is required. |
+| Remediated with non-critical failures | The threat has been remediated and no further actions are needed. |
+| Quarantined | The threat has been quarantined. No further actions are needed. |
+| Removed | The threat has been successfully removed from the device. No further actions are needed. |
+| Cleaned | Microsoft Defender Antivirus has recovered and disinfected files. No further actions are needed. |
+| Allowed | The threat is allowed by an administrator to remain on the device. |
+
+## Antivirus protection tab
+
+The Antivirus protection tab on the Threats management page shows the devices across all your tenants and their Microsoft Defender Antivirus protection state. You can assess the status and take action for one or more devices that may be vulnerable. You can also select a device to view more information, such as Device Overview, Current Threats, and Device Action statuses.
++
+## Related content
+
+[Deploy Microsoft 365 Lighthouse baselines](m365-lighthouse-deploy-baselines.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse M365 Lighthouse Users Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-users-page-overview.md
+
+ Title: "Microsoft 365 Lighthouse Users page overview"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn about the Users page."
++
+# Microsoft 365 Lighthouse Users page overview
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+
+Microsoft 365 Lighthouse lets you manage users across tenant accounts by selecting **Users** in the left navigation pane to open the Users page. From this page, you can search for users and assess and act on the security state of your user accounts. You can also view insights into risky users and the status of multifactor authentication and self-service password reset.
+
+## Search users tab
+
+From the Search users tab, you can quickly search across tenants for specific users and perform basic user management actions such as resetting an account password.
++
+## Risky users tab
+
+The Risky Users tab shows user accounts across your tenants that have been flagged for risky behavior. Select any of the users to view more information on a detected risk or to mitigate a risk by resetting a user's password or blocking sign-in.
++
+## Multifactor Authentication tab
+
+The Multifactor Authentication tab provides detailed information on the status of multifactor authentication (MFA) enablement across your tenants. Select any tenant in the list to see more details for that tenant, including which Conditional Access policies requiring MFA are already configured and which users have not yet registered for MFA.
++
+## Password reset tab
+
+The Password reset tab shows detailed information on the status of self-service password reset enablement across your tenants.
++
+## Related content
+
+[Microsoft 365 Lighthouse device compliance page overview](m365-lighthouse-device-compliance-page-overview.md) (article)\
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
managed-desktop Enterprise State Roaming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/enterprise-state-roaming.md
To enable Enterprise State Roaming, follow the steps in [Enable Enterprise State Roaming in Azure Active Directory](/azure/active-directory/devices/enterprise-state-roaming-enable).
+>[!NOTE]
+>If you enable Enterprise State Roaming, your preferred language list will overwrite the language selected during device setup. Although users can fix this easily, it could cause an inconsistent localization experience initially. Determine if Enterprise State Roaming is right for your users before setting up devices.
+ ## Steps to get started with Microsoft Managed Desktop 1. [Add and verify admin contacts in the Admin portal](add-admin-contacts.md)
security Edr In Block Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/edr-in-block-mode.md
The following image shows an instance of unwanted software that was detected and
||| |Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](basic-permissions.md). | |Operating system |One of the following versions: <br/>- Windows 10 (all releases) <br/>- Windows Server, version 1803 or newer <br/>- Windows Server 2019 <br/>- Windows Server 2016 (only when Microsoft Defender Antivirus is in active mode) |
-|Windows E5 enrollment |Windows E5 is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- Microsoft 365 E3 together with the Identity & Threat Protection offering <br/><br/>See [Components](/microsoft-365/enterprise/microsoft-365-overview#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). |
+|Windows E5 enrollment |Windows E5 is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- Microsoft 365 E3 together with the Microsoft 365 E5 Security Add-on <br/><br/>See [Components](/microsoft-365/enterprise/microsoft-365-overview#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). |
|Microsoft Defender Antivirus |Microsoft Defender Antivirus must be installed and running in either active mode or passive mode. (You can use Microsoft Defender Antivirus alongside a non-Microsoft antivirus solution.) [Confirm Microsoft Defender Antivirus is in active or passive mode](#how-do-i-confirm-microsoft-defender-antivirus-is-in-active-or-passive-mode). | |Cloud-delivered protection |Make sure Microsoft Defender Antivirus is configured such that [cloud-delivered protection is enabled](enable-cloud-protection-microsoft-defender-antivirus.md). | |Microsoft Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus) cmdlet as an administrator. In the **AMProductVersion** line, you should see **4.18.2001.10** or above. |
security Investigate Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigate-machines.md
When you investigate a specific device, you'll see:
![Image of device view](images/specific-device.png)
+> [!NOTE]
+> Due to product constrains, the device profile does not consider all cyber evidence when determining the 'Last Seen' timeframe (as seen on the device page as well).
+> For example, the 'Last seen' value in the Device page may show an older time frame even though more recent alerts or data is available in the machine's timeline.
+ ## Device details The device details section provides information such as the domain, OS, and health state of the device. If there's an investigation package available on the device, you'll see a link that allows you to download the package.
The **Azure Advanced Threat Protection** card will display a high-level overview
The **Logged on users** card shows how many users have logged on in the past 30 days, along with the most and least frequent users. Selecting the "See all users" link opens the details pane, which displays information such as user type, log on type, and when the user was first and last seen. For more information, see [Investigate user entities](investigate-user.md). ![Image of user details pane](images/logged-on-users.png)
+> [!NOTE]
+> The 'Most frequent' user value is calculated only based on evidence of users who successfully logged on interactively.
+> However, the "All users" side-pane calculates all sorts of user logons so it is expected to see more frequent users in the side-pane, given that those users may not be interactive.
### Security assessments
security Linux Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-exclusions.md
Examples:
Folder exclusion configured successfully ``` +
+- Add an exclusion for a second folder:
+
+ ```bash
+ mdatp exclusion folder add --path /var/log/
+ mdatp exclusion folder add --path /other/folder
+ ```
+ ```Output
+ Folder exclusion configured successfully
+ ```
++ - Add an exclusion for a folder with a wildcard in it: ```bash
Examples:
Process exclusion configured successfully ``` +
+- Add an exclusion for a second process:
+
+ ```bash
+ mdatp exclusion process add --name cat
+ mdatp exclusion process add --name dog
+ ```
+ ```Output
+ Process exclusion configured successfully
+ ```
+ ## Validate exclusions lists with the EICAR test file You can validate that your exclusion lists are working by using `curl` to download a test file.
security Manage Updates Baselines Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md
ms.technology: mde Previously updated : 07/06/2021 Last updated : 07/12/2021 # Manage Microsoft Defender Antivirus updates and apply baselines
We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images). <details>
+<summary>1.1.2107.02</summary>
+
+&ensp;Package version: **1.1.2107.02**
+&ensp;Platform version: **4.18.2105.5**
+&ensp;Engine version: **1.1.18300.4**
+&ensp;Signature version: **1.343.658.0**
+
+### Fixes
+- None
+
+### Additional information
+- None
+<br/>
+</details><details>
<summary>1.1.2106.01</summary> &ensp;Package version: **1.1.2106.01**
security Troubleshoot Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-onboarding.md
The steps below provide guidance for the following scenario:
- Device is turned off or restarted before the end user performs a first logon - In this scenario, the SENSE service will not start automatically even though onboarding package was deployed
-<div class="alert"><b>NOTE:</b> User Logon after OOBE is no longer required for SENSE service to start on the following or more recent Windows versions: Windows 10, version 1809 or Windows Server 2019 with [April 22 2021 update rollup](https://support.microsoft.com/kb/5001384) </br> Windows 10, version 1909 with [April 2021 update rollup](https://support.microsoft.com/kb/5001396) </br> Windows 10, version 2004/20H2 with [April 28 2021 update rollup](https://support.microsoft.com/kb/5001391) </div>
-<br></br>
+> [!NOTE]
+> User Logon after OOBE is no longer required for SENSE service to start on the following or more recent Windows versions:
+> Windows 10, version 1809 or Windows Server 2019 with [April 22 2021 update rollup](https://support.microsoft.com/kb/5001384).
+> Windows 10, version 1909 with [April 2021 update rollup](https://support.microsoft.com/kb/5001396).
+> Windows 10, version 2004/20H2 with [April 28 2021 update rollup](https://support.microsoft.com/kb/5001391).
++ > [!NOTE] > The following steps are only relevant when using Microsoft Endpoint Configuration Manager. For more details about onboarding using Microsoft Endpoint Configuration Manager, see [Microsoft Defender for Endpoint](/mem/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection).
security Tvm Supported Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-supported-os.md
Ubuntu 16.04 LTS or higher LTS | Yes | Yes | Yes | Yes | Yes
Oracle Linux 7.2 or higher | Yes | Yes | Yes | Yes | Yes SUSE Linux Enterprise Server 12 or higher | Yes | Yes | Yes | Yes | Yes
+>[!NOTE]
+> Some features are not available for down-level Operating System, check the Microsoft 365 Defender Portal for more details on supported OS.
+ >[!IMPORTANT] > \* Red Hat Enterprise Linux: > “The vulnerability data provided and shown as part of your Microsoft Defender for Endpoint services is made available to you in its raw form, “AS IS”, from Red Hat, Inc., and might not be up to date. The data that is accessible in the Red Hat Security Data API is licensed under the Creative Commons Attribution 4.0 International License. You bear the risk in using this data. Microsoft and its third-party suppliers disclaim any and all liability for consequential and other indirect damages and implied warranties, including implied warranties of non-infringement, merchantability and fitness for a particular purpose. © 2020 Red Hat. All rights reserved. © 2020 Microsoft. All rights reserved.”
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
The SecOps mailbox entries that you configured are displayed on the **SecOps mai
- Single IP: For example, 192.168.1.1. - IP range: For example, 192.168.0.1-192.168.0.254. - CIDR IP: For example, 192.168.0.1/25.
- - **Simulation URLs to allow**: Expand this setting and optionally enter specific URLs that are part of your phishing simulation campaign that should not be blocked or detonated by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. You can add up to 10 entries.
+ - **Simulation URLs to allow**: Expand this setting and optionally enter specific URLs that are part of your phishing simulation campaign that should not be blocked or detonated by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. You can add up to 10 entries. For the URL syntax format, see [URL syntax for the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list#url-syntax-for-the-tenant-allowblock-list).
To remove an existing value, click remove ![Remove icon](../../media/m365-cc-sc-remove-selection-icon.png) next to the value.
security Email Analysis Investigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-analysis-investigations.md
+
+ Title: Email analysis in investigations for Microsoft Defender for Office 365
+f1.keywords:
+- NOCSH
+++
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+- MET150
+- MOE150
+
+- M365-security-compliance
+- m365initiative-defender-office365
+keywords: automated incident response, investigation, remediation, threat protection
+description: See how email analysis in investigations work in Microsoft Defender for Office 365.
+
+- air
+- seo-marvel-mar2020
+ms.technology: mdo
++
+# Email analysis in investigations for Microsoft Defender for Office 365
++
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+During the automated investigation of alerts, Microsoft Defender for Office 365 analyzes the original email for threats and identifies other emails that are related to the original email and potentially part of an attack. This analysis is important because email attacks rarely consist of a single email.
+
+The automated investigationΓÇÖs email analysis identifies email clusters using attributes from the original email to query for emails sent and received by your organization. This is similar to a security operations analyst would hunt for the related emails in Explorer or Advanced Hunting. Several queries are used to identify matching emails because attackers typically morph the email parameters to avoid security detection. The clustering analysis performs these checks to determine how to handle emails involved in the investigation:
+
+- The email analysis creates queries (clusters) of emails using attributes from the original email ΓÇô sender values (IP address, sending domain) and contents (subject, cluster ID) in order to find emails that are related.
+- If analysis of the original emailΓÇÖs URLs and files identifies that some are malicious (that is, malware or phish), then it will also create queries or clusters of emails containing the malicious URL or file.
+- Email clustering analysis counts the threats associated with the matching emails in the cluster to determine whether the emails are malicious, suspicious, or have no clear threats. If the cluster of emails matching the query has a sufficient amount of spam, normal phish, high confidence phish or malware threats, the email cluster gets that threat type applied to it.
+- The email clustering analysis also checks the latest delivery location of the original email and emails in the email clusters to help identify if the emails potentially still need removal or have already been remediated or prevented. This analysis is important because attackers morph malicious content plus security policies and protection may vary between mailboxes. This capability leads to situations where malicious content may still sit in mailboxes, even though one or more malicious emails has been detected and removed by Zero-hour Auto Protection (ZAP).
+- Email clusters that are considered malicious due to malware, high confidence phish, malicious files, or malicious URLs threats will get a pending action to soft delete the emails when there are still in the cloud mailbox (inbox or junk folder). If malicious emails or email clusters are only "Not In Mailbox" (blocked, quarantined, failed, soft deleted, etc.) or "On-premises/External" with none in the cloud mailbox, then no pending action will be set up to remove them.
+- If any of the email clusters are determined to be malicious, then the threat identified by the cluster will get applied back to the original email involved in the investigation. This behavior is similar to a security operations analyst using email hunting results to determine the verdict of an original email based on matching emails. This result ensures that regardless of whether an original emailΓÇÖs URLs, files, or source email indicators are detected or not, the system can identify malicious emails that are potentially evading detection through personalization, morphing, evasion, or other attacker techniques.
+- In the user compromise investigation, additional email clusters are created to identify potential email issues created by the mailbox. This process includes a clean email cluster (good emails from user, potential data exfiltration, and potential command/control emails), suspicious email clusters (emails containing spam or normal phish) and malicious email clusters (emails containing malware or high confidence phish). These email clusters provide security operations analysts data to determine what other problems may need to be addressed from a compromise,and visibility on which emails may have triggered the original alerts (for example, phish/spam that triggered user sending restrictions)
+
+Email clustering analysis via similarity and malicious entity queries ensures that email problems are fully identified and cleaned up, even if only one email from an attack gets identified. You can use links from the email cluster details side panel views to open the queries in Explorer or Advanced Hunting to perform deeper analysis and change the queries if needed. This capability enables manual refinement and remediation if you find the email clusterΓÇÖs queries too narrow or too broad (including unrelated emails).
+
+Here are additional enhancements to email analysis in investigations.
+
+## AIR investigation ignores advanced delivery items (SecOps mailbox and PhishEDU messages)
+
+During the email clustering analysis, all clustering queries will ignore security mailboxes set up as Security Operations mailboxes in the Advanced Delivery policy. Similarly, the email clustering queries will ignore phish simulation (education) messages that are configured in the Advanced Delivery policy. Neither the SecOps nor the PhishEdu exclusion values are shown in the query to keep the clustering attributes simpler and easier to read. This exclusion ensures that threat intelligence and operational mailboxes (SecOps mailboxes) and the phish simulations (PhishEdu) are ignored during threat analysis and do not get removed during any remediation.
+
+>[!Note]
+>When opening an email cluster to view it in Explorer from the email cluster details, the PhishEdu and SecOps mailbox filters will be applied in Explorer but will not be shown. If you change the Explorer filters, dates, or refresh the query within the page ΓÇô then the PhishEdu/SecOps filter exclusions will get removed and emails that match these will be shown once again. If you refresh the Explorer page using the browser refresh function, the original query filters will get re-loaded, including the PhishEdu/SecOps filters ΓÇô but removing any subsequent changes you had made.
+>
+
+## AIR updates pending email action status
+
+The investigation email analysis calculates email threats and locations at the time of the investigation to create the investigation evidence and actions. This data can get stale and outdated when actions outside of the investigation affect the emails involved in the investigation. For example, security operations manual hunting and remediation may clean up emails included in an investigation. Likewise, deletion actions approved in parallel investigations or Zero-hour Auto Protection (ZAP) automatic quarantine actions may have removed emails. In addition, delayed detections of threats after email delivery may change the number of threats included in the investigationΓÇÖs email queries/clusters.
+
+To ensure investigation actions are up to date, any investigation that has pending actions will periodically re-run the email analysis queries to update the email locations and threats.
+
+- When the email cluster data changes, it will update the threat and latest delivery location counts.
+- If emails or email cluster with pending actions no longer are in the mailbox, then the pending action will be canceled, and the malicious email/cluster considered remediated.
+- Once all the investigationΓÇÖs threats have been remediated or canceled as noted above, then the investigation will transition to a remediated state and the original alert resolved.
+
+## The display of incident evidence for email and email clusters
+
+Email-based evidence in the Evidence and Response tab for an incident now displays the following information.
++
+From the numbered callouts in the figure:
+
+1. You can perform remediation actions, in addition to the **Action Center**.
+2. You can take remediation action for email clusters with a **Malicious** verdict (but not **Suspicious**).
+3. For the email spam verdict, phishing is split into high confidence and normal phish.
+
+ For a Malicious verdict, the threat categories are malware, high confidence phish, malicious URL, and malicious file.
+
+ For a Suspicious verdict, the threat categories are spam and normal phish.
+
+4. The email count by is based the latest delivery location and includes counters for email in mailboxes, not in mailboxes, and on-premises.
+5. Includes the date and time of the query, which might get updated for latest data.
+
+For email or email clusters in the **Entities** tab of an incident, **Prevented** means that there was no malicious emails in the mailbox for this item (mail or cluster). Here is an example.
++
+In this example, the email is malicious but not in a mailbox.
+
+## Next steps
+
+- [View pending or completed remediation actions](air-review-approve-pending-completed-actions.md)
security High Risk Delivery Pool For Outbound Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages.md
In cases where we can authenticate the sender, we use Sender Rewriting Scheme (S
For DKIM to work, make sure you enable DKIM for sending domain. For example, fabrikam.com is part of contoso.com and is defined in the accepted domains of the organization. If the message sender is sender@fabrikam.com, DKIM needs to be enabled for fabrikam.com. you can read on how to enable at [Use DKIM to validate outbound email sent from your custom domain](use-dkim-to-validate-outbound-email.md). To add a custom domains follow the steps in [Add a domain to Microsoft 365](../../admin/setup/add-domain.md).+
+If the MX record for your domain points to a third party service or an on-premises email server, you should use [Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors). Enhanced Filtering ensures SPF validation is correct for inbound mail and will avoid sending email through the relay pool.
+
security How Policies And Protections Are Combined https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined.md
There are two major factors that determine which policy is applied to a message:
- **The priority of the policy**: For each type of policy (anti-spam, anti-malware, anti-phishing, etc.), there's a default policy that applies to everyone, but you can create custom policies that apply to specific users. Each custom policy has a priority value that determines the order that the policies are applied in. The default policy is always applied last.
- If a user is defined in multiple policies of the same type, only the policy with the highest priority is applied to them. Any remaining policies of that type are not evaluated for the user (including the default policy).
+ > [!IMPORTANT]
+ > If a user is defined in multiple policies of the same type, only the policy with the highest priority is applied to them. Any remaining policies of that type are not evaluated for the user (including the default policy).
For example, consider the following anti-phishing policies in Microsoft Defender for Office 365 **that apply to the same users**, and a message that's identified as both user impersonation and spoofing:
security Preset Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/preset-security-policies.md
When multiple policies are applied to a user, the following order is applied fro
3. Custom security policies 4. Default security policies
-In other words, the settings of the **Strict protection** policy override the settings of the **Standard protection** policy, which overrides the settings from a custom policy, which overrides the settings from the default policy.
+In other words, the settings of the **Strict protection** policy override the settings of the **Standard protection** policy, which overrides the settings from a custom policy, which overrides the settings from the default policy.
+
+For example, if a security setting exists in **Standard protection** and an admin has enabled the **Standard protection** for a user, then the **Standard protection** setting will be applied instead of what is configured for that setting in a custom policy or in the default policy (for the same user). Note that you might have some portion of your organization to whom you want to apply only the **Standard** or **Strict protection** policy while applying a custom policy to other users in your organization to meet specific needs.
## Assign preset security policies to users
security Tenant Allow Block List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list.md
ms.prod: m365-security
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you might disagree with the EOP filtering verdict. For example, a good message might be marked as bad (a false positive), or a bad message might be allowed through (a false negative).
-The Tenant Allow/Block List in the Microsoft 365 Defender portal gives you a way to manually override the Microsoft 365 filtering verdicts. The Tenant Allow/Block List is used during mail flow and at the time of user clicks. You can specify the following types of overrides:
+The Tenant Allow/Block List in the Microsoft 365 Defender portal gives you a way to manually override the Microsoft 365 filtering verdicts. The Tenant Allow/Block List is used during mail flow for incoming messages (does not apply to intra-org messages) and at the time of user clicks. You can specify the following types of overrides:
- URLs to block. - Files to block.
solutions Microsoft 365 Guest Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-guest-settings.md
Because OneDrive is a hierarchy of sites within SharePoint, the organization-lev
| Setting | Default | Description | |:--|:--|:--| |Limit external sharing by domain|Off|This setting allows you to specify a list of allowed or blocked domains for sharing. When allowed domains are specified, then sharing invitations can only be sent to those domains. When denied domains are specified, then sharing invitations cannot be sent to those domains. <p> This setting affects all SharePoint and OneDrive sites in the organization.|
-|Allow only users in specific security groups to share externally|Off|If you want to limit who can share with guests in SharePoint and OneDrive, you can do so by limiting sharing to people in specified security groups. These settings do not affect sharing via Microsoft 365 Groups or Teams. Guests invited via a group or team would also have access to the associated site, though document and folder sharing could only be done by people in the specified security groups. <p> For each specified group, you can choose of those users can share with Anyone links.|
+|Allow only users in specific security groups to share externally|Off|If you want to limit who can share with guests in SharePoint and OneDrive, you can do so by limiting sharing to people in specified security groups. These settings do not affect sharing via Microsoft 365 Groups or Teams. Guests invited via a group or team would also have access to the associated site, though document and folder sharing could only be done by people in the specified security groups. <p> For each specified group, you can choose which of those users can share with Anyone links.|
|Guests must sign in using the same account to which sharing invitations are sent|Off|Prevents guests from redeeming site sharing invitations using a different email address than the invitation was sent to. <p> [SharePoint and OneDrive integration with Azure AD B2B (Preview)](/sharepoint/sharepoint-azureb2b-integration-preview) does not use this setting because all guests are added to the directory based on the email address that the invitation was sent to. Alternate email addresses cannot be used to access the site.| |Allow guests to share items they don't own|On|When **On**, guests can share items that they don't own with other users or guests; when **Off** they cannot. Guests can always share items for which they have full control.| |People who use a verification code must reauthenticate after this many days|Off|This setting allows you to require that users authenticating with a one-time passcode need to reauthenticate after a certain number of days.|