+If your subscription is operated by 21Vianet, then you will not see Viva Engage.

+|[Microsoft Teams user activity](microsoft-teams-user-activity-preview.md)|Yes|Yes|Yes|Yes|N/A¹|

+|[Microsoft Teams device usage](microsoft-teams-device-usage-preview.md)|Yes|Yes|Yes|Yes|N/A¹|

+|[Microsoft Teams team activity](microsoft-teams-usage-activity.md)|Yes|Yes|Yes|Yes|N/A¹|

+|[Viva Engage activity](viva-engage-activity-report-ww.md)|Yes|Yes|N/A²|N/A²|N/A²|

+|[Viva Engage device usage](viva-engage-device-usage-report-ww.md)|Yes|Yes|N/A²|N/A²|N/A²|

+|[Viva Engage groups activity report](viva-engage-groups-activity-report-ww.md)|Yes|Yes|N/A²|N/A²|N/A²|

+|Last activity date (UTC) |The latest date a message was received by the group. - This is the latest date an activity happened in an email conversation, Viva Engage, or the Site. |

+|Messages in Viva Engage (posted) |The number of messages posted in the Viva Engage group over the reporting period. |

+|Messages in Viva Engage (read) |The number of conversations read in the Viva Engage group over the reporting period. |

+|Messages in Viva Engage (liked) |The number of messages liked in the Viva Engage group over the reporting period. |

+ Title: "Microsoft 365 admin center Viva Engage activity reports"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Tier2

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- Adm_NonTOC

+search.appverid:

+- BCS160

+- MST160

+- MET150

+- MOE150

+description: "Get the Viva Engage Activity report and know more about the number of users using Viva Engage to post, like, or read a message."

+# Microsoft 365 Reports in the admin center - Viva Engage activity report

+As Microsoft 365 admin, the Reports dashboard shows you data on the usage of the products within your organization. Check out [activity reports in the admin center](activity-reports.md). With the **Viva Engage Activity report**, you can understand the level of engagement of your organization with Viva Engage by looking at the number of unique users using Viva Engage to post, like or read a message and the amount of activity generated across the organization.

+

+## How do I get to the Viva Engage activity report?

+1. In the admin center, go to the **Reports**, and then select **Usage**.

+2. From the dashboard homepage, click on the **View more** button on the Viva Engage card.

+

+## Interpret the Viva Engage activity report

+You can view the activities in the Viva Engage report by choosing the **Activity** tab.

+

+Select **Choose columns** to add or remove columns from the report.

+

+You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis.

+The **Viva Engage activity** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated).

+

+|Item|Description|

+|:--|:--|

+|**Metric**|**Definition**|

+|Username <br/> |The email address of the user. You can display the actual email address or make this field anonymous. This grid shows users who logged into Viva Engage using the Microsoft 365 account or who logged into the network using single sign-on. <br/> |

+|Display name <br/> |The full name of the user. You can display the actual email address or make this field anonymous. <br/> |

+|User state <br/> |One of three values: Activated, Deleted, or Suspended. These reports show data for active, suspended, and deleted users. They do not reflect pending users, because pending users cannot post, read, or like a message. <br/> |

+|State change date (UTC) <br/> |The date on which the user's state was changed in Viva Engage. <br/> |

+|Last activity date (UTC) <br/> | The last date that the user posted, read, or liked a message. <br/> |

+|Posted <br/> |The number of messages the user posted during the time period you specified. <br/>|

+|Read <br/> |The number of conversations that the user read during the time period you specified. <br/> |

+|Liked <br/> |The number of messages that the user liked during the time period you specified. <br/>|

+|Product assigned <br/> |The products that are assigned to this user.|

+|||

+ Title: "Microsoft 365 admin center Viva Engage device usage reports"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Tier2

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- Adm_NonTOC

+search.appverid:

+- BCS160

+- MST160

+- MET150

+- MOE150

+description: "Get the Viva Engage device usage report to learn more about which devices your users are using Viva Engage on, number of daily users by device type, and details per user."

+# Microsoft 365 Reports in the admin center - Viva Engage device usage report

+The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out the [Reports overview topic](activity-reports.md).

+The Viva Engage device usage reports give you information about which devices your users are using Viva Engage on. You can view the number of daily users by device type, and number of users by device type. You can view both over a selected time period. You can also view details per user.

+

+## How do I get to the Viva Engage device usage report?

+1. In the admin center, go to the **Reports**, and then select **Usage**.

+2. From the dashboard homepage, select **View more** on the Viva Engage card.

+

+## Interpret the Viva Engage device usage report

+Select the **Device usage** tab to view the usage in the OneDrive report.

+Select **Choose columns** to add or remove columns from the report.

+You also can export the report data into an Excel .csv file by selecting the Export link. This link exports data of all users and enables you to do simple sorting and filtering for further analysis.

+The **Viva Engage device usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated).

+

+|Metric|Definition|

+|:--|:--|

+|Username |The email address of the user. You can display the actual email address or make this field anonymous. This grid shows users who logged in to Viva Engage using the Microsoft 365 account or who logged in to the network using single sign-on. |

+|Display name |The full name of the user. You can display the actual email address or make this field anonymous. |

+|User state |One of three values: Active, Deleted, or Suspended. These reports show data for active, suspended, and deleted users. They don't reflect pending users, because pending users can't post, read, or like a message. |

+|State change date (UTC) |The date on which the user's state was changed in Viva Engage. |

+|Last activity date (UTC) |The last date (UTC) that the user participated in a Viva Engage activity. |

+|Web |Indicates if the user has used Viva Engage on the web. |

+|Windows phone | Indicates if the user has used Viva Engage on a Windows phone. |

+|Android phone |Indicates if the user has used Viva Engage on an Android phone. |

+|iPhone | Indicates if the user has used Viva Engage on an iPhone. |

+|iPad |Indicates if the user has used Viva Engage on an iPad. |

+|other |Indicates if the user has used Viva Engage on another client, which wasn't listed previously. This includes Viva Engage Embed, SharePoint Web Part, Viva Engage, and select Outlook emails. |

+ Title: "Microsoft 365 admin center Viva Engage groups activity reports"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Tier2

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- Adm_NonTOC

+search.appverid:

+- BCS160

+- MST160

+- MET150

+- MOE150

+description: "Get the Viva Engage groups activity report to learn more about the number of Viva Engage groups being created and used in your organization and their activity."

+# Microsoft 365 Reports in the admin center - Viva Engage groups activity report

+The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the Viva Engage groups activity report, you can gain insights into the activity of Viva Engage groups in your organization and see how many Viva Engage groups are being created and used.

+

+## How do I get to the Viva Engage groups activity report?

+1. In the admin center, go to the **Reports**, then select **Usage**.

+2. From the dashboard homepage, click on the **View more** button on the Viva Engage card.

+

+## Interpret the Viva Engage groups activity report

+You can view the groups activities in the Viva Engage report by choosing the **Groups activity** tab.

+

+Select **Choose columns** to add or remove columns from the report.

+

+You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis.

+The **Viva Engage groups activity** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated).

+

+|Item|Description|

+|:--|:--|

+|**Metric**|**Definition**|

+|Group name |The name of the group. |

+|Group admin |The name of the group administrator, or owner. |

+|Deleted |The number of deleted Viva Engage groups. If the group is deleted, but had activity in the reporting period it will show up in the grid with this flag set to true. |

+|Type |The type of group, public or private. |

+|Connected to Office 365 |Indicates whether the Viva Engage group is also a Microsoft 365 group. |

+|Last activity date (UTC) | The latest date a message was read, posted or liked by the group. |

+|Members | The number of members in the group. |

+|Posted |The number of messages posted in the Viva Engage group over the reporting period. |

+|Read |The number of conversations read in the Viva Engage group over the reporting period. |

+|Liked |The number of messages liked in the Viva Engage group over the reporting period. |

+|Network name |The full name of the network that the group belongs to. |

+|Fabric admin | Assign the Fabric admin role to users who need to do the following: <br> - Manage all admin features for Microsoft Fabric and Power BI <br> - Report on usage and performance <br> - Review and manage auditing |

+|Power Platform admin | Assign the Power Platform admin role to users who need to do the following: <br> - Manage all admin features for Power Apps, Power Automate, Power BI, Microsoft Fabric, and Microsoft Purview Data Loss Prevention <br> - Create and manage service requests <br> - Monitor service health |

+[Exchange Online admin role](about-exchange-online-admin-role.md) (article)

+- Viva Engage - [Work with external groups in Viva Engage networks not aligned to native mode](/viva/engage/work-with-external-users/create-and-manage-external-groups).

+Check out [Microsoft 365 small business video help](https://go.microsoft.com/fwlink/?linkid=2197659) on YouTube.

+This article is for people who set password expiration policy for a business, school, or nonprofit. You can let people use the [self-service password reset tool](https://go.microsoft.com/fwlink/p/?LinkId=522677) so you don't have to reset passwords for them. Less work for you!

+To complete these steps, you must be a [global admin or password administrator](about-admin-roles.md).

+- It uses Azure. You'll automatically get this feature in Azure for **free** when you do these steps. It won't cost you anything to turn on self-service password reset.

+- **If you're using an on-premises Active Directory**, you can set this up but **it requires a paid subscription to Azure AD Premium**.

+## Watch: Let users reset their own passwords

+Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2198214).

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3AY8S]

+## Steps: Let people reset their own passwords

+1. In the Microsoft 365 admin center, in the left navigation pane, select **Settings** > **Org settings**, and then <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & privacy**</a>.

+1. Select **Self-service password reset**, and then choose **Go to the Azure portal to turn on self-service password reset**.

+1. In the left navigation pane, select **Users**, and then **Users - all users**

+1. Select **Password reset**.

+1. Select **All** to enable self-service password reset for all your users, or choose **Selected** to specify **Groups** you want, and then select **Save**.

+1. On the **Password reset | Properties** page, select **Authentication methods** and select the **Number of methods required to reset** and desired **Methods available to users**, and then select **Save**.

+1. When your users sign in, they will be prompted to enter additional contact information that will help them reset their password in the future.

+This article explains how to reset passwords for yourself and for your users when you have a **Microsoft 365 for business subscription**. If you don't have a Microsoft 365 for business subscription try this article: [I forgot the username or password for the account I use with Microsoft 365.](https://support.microsoft.com/office/eba0b4a2-c0ae-472c-99f6-bc63ee2425a8?wt.mc_id=SCL_reset-passwords_AdmHlp).

+When a user requests a new password, you'll receive a password reset request in email. Follow these steps to reset the password.

+1. In the Microsoft 365 admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a> page.

+4. Enter your email address to get the new password, and then send to the user's alternate email address or give it to them in person.

+If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml).

+This article is for people who set password expiration policy for a business, school, or nonprofit. You must be a [global admin or password administrator](about-admin-roles.md) to perform these steps.

+You can use the Microsoft cloud service [Microsoft Graph Powershell](/powershell/microsoftgraph/overview) to set passwords not to expire for specific users, remove the never-expire configuration or see which users' passwords are set to never expire.

+|**Admin centers**|Open separate admin centers for Exchange, Skype for Business, SharePoint, Viva Engage, and Azure AD. Each admin center includes all available settings for that service. <p> For example, in the Exchange admin center, set up and manage email, calendars, distribution groups, and more. In the SharePoint admin center, create and manage site collections, site settings, and OneDrive for Business. In the Skype for Business admin center, set up instant messaging notifications, dial-in conferencing, and online presence. <p> Learn more about the [Exchange admin center](/exchange/exchange-admin-center) and [SharePoint Admin Center](/sharepoint/sharepoint-online). <p> **Note:** The admin centers available to you depend on your plan and region.|

+Check out [Microsoft 365 small business video help](https://go.microsoft.com/fwlink/?linkid=2197659) on YouTube.

+Are you an admin whoΓÇÖs usually on the go? Even if you arenΓÇÖt, there may be times when you need to manage Microsoft 365 from your phone or tablet. Check out the free [Microsoft 365 Admin app](https://go.microsoft.com/fwlink/?LinkID=627216), the perfect companion to the web-based Microsoft 365 admin center.

+- Download the app from the [Apple App Store](https://apps.apple.com/app/apple-store/id761397963?pt=80423&ct=docsaboutadminapp&mt=8).

+- Download the app from the [Google Play Store](https://play.google.com/store/apps/details?id=com.ms.office365admin&referrer=utm_source%3Ddocsaboutadminapp%26utm_campaign%25docsaboutadminapp).

+You can also get a link from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.

+## Before you begin

+You must be an administrator in a Microsoft 365 organization to use the admin mobile app.

+## Steps: Install and use the admin mobile app

+Admin mobile app capabilities

+The admin app has a lot of capabilities that allows you to manage Microsoft 365 from your mobile or tablet device when you canΓÇÖt get to a computer. Here's a list of some of the tasks you can do from the app:

+- **Manage users and devices** Add or edit a user, reset a userΓÇÖs password, assign a role, block user, delete user, manage alias, assign licenses, wipe device data and more.

+- **Manage groups** Add a group, add or remove users from groups.

+- **License management and billing** View a list of purchased and assigned licenses, assign licenses to users, purchase or remove licenses and view and download invoices.

+- **Support** Create a new service request and keep track of all the updates related to the service requests while you are on the go.

+- **Message Center** Stay on top of all the upcoming changes, planned maintenance, or other important announcements related to Microsoft 365

+- **Service Health** Monitor the health of all the services by viewing the current status of the service and details about service disruption and outages.

+- **Notifications** Stay on top of all the important information and updates related to message center posts, service health and billing through push notifications. You can even customize what you want to be notified of.

+If you're an admin and you're responsible for more than one Microsoft 365 organization, you can sign in to multiple organizations and quickly switch between them. The app supports dark theme and is available in 39 languages.

+

+> [!IMPORTANT]

+> If you're having issues using the Admin mobile app on iOS or Android, email us at [feedback365@microsoft.com](mailto:feedback365@microsoft.com) to let us know.

+### Does the admin app support multi-tenant billing features?

+The admin mobile app is missing a few multi-tenant features where the authorized admin can see the products and licenses of the tenant in question along with the products and licenses of associated tenants in a single view.

+Adoption Score includes data from Exchange, SharePoint, OneDrive, Teams, Word, Excel, PowerPoint, OneNote, Outlook, Viva Engage, and Skype.

+- Viva Engage

+ - Posting on communities in Viva Engage

+ This key metric is shown as a percentage of all people who are using two or more of Exchange, Teams, or Viva Engage.

+ - **People posting in communities:** The colored portion and the fraction represent the percentage of users enabled for Viva Engage that are posting in communities. This fraction is constructed from:

+ - **Numerator:** People posting in Viva Engage communities in the last 28 days.

+ - **Denominator:** People enabled for Viva Engage in the last 28 days.

+### Questions and Answers in Viva Engage

+1. **Header:** Highlights the posts marked as questions on Viva Engage that have received an answer marked as &quot;Best answer&quot; as a percentage of all posts marked as questions on Viva Engage in the last 28 days.

+2. **Body:** Provides information on the value of using questions and answers in Viva Engage to share knowledge.

+A fundamental pillar of organizational productivity is how well people are able to work flexibly from wherever they are. With Microsoft 365, people can stay connected with Outlook, Microsoft Teams, and Viva Engage. People can also seamlessly collaborate on content by using Word, Excel, PowerPoint, and OneNote from any location, and platforms.

+Microsoft 365 lets people work flexibly across apps, including Microsoft Outlook, Word, Excel, PowerPoint, OneNote, Microsoft Teams, Viva Engage, and Skype for Business. People can also work from anywhere by using a seamless experience across desktop, web, and mobile platforms. The primary insight looks at the products that are enabled for people in your organization ΓÇô and how many of these people are active on at least two platforms.

+ - Numerator: The number of people in your org using any application within Microsoft Outlook, Word, Excel, PowerPoint, OneNote and Microsoft Teams, Viva Engage, and Skype on more than one platform from desktop, web, and mobile in the last 28 days.

+ - Denominator: The number of people licensed for Microsoft 365 Apps, Exchange, Viva Engage, Microsoft Teams, or Skype for at least 1 of the last 28 days.

+The mobility score for your organization measures at an organization (aggregate) level whether people are using Microsoft 365 Apps - Outlook, Teams, Word, Excel, PowerPoint, OneNote, Viva Engage, and Skype - across the different platforms - desktop, web, and mobile.

+> Microsoft 365 connected Viva Engage groups must be created in Viva Engage, but can be managed in the Microsoft 365 admin center like other Microsoft 365 groups. To learn more, see [Viva Engage and Microsoft 365 groups](/viva/engage/manage-viva-engage-groups/viva-engage-and-office-365-groups).

+Each Microsoft 365 group comes equipped with a dedicated mailbox that stores the emails received on the group. The group mailbox is also used by applications like SharePoint Online, Viva Engage, Teams etc. The group mailbox is equipped with initial storage quota of 50 GB. If the group mailbox quota is reached, people sending emails to the group receive a non-delivery report. Hence, itΓÇÖs a good practice to remove the older content from group mailboxes, to ensure the group mailbox doesnΓÇÖt reach its quota.

+> Viva Engage Enterprise networks that are in Native Mode or the [EU Geo](/viva/engage/manage-security-and-compliance/manage-data-compliance) do not support network guests.

+> Microsoft 365 Connected Viva Engage groups do not currently support guest access, but you can create non-connected, external groups in your Viva Engage network. See [Create and manage external groups in Viva Engage](/viva/engage/work-with-external-users/create-and-manage-external-groups) for instructions.

+- Viva Engage (if the group was created from Viva Engage)

+Any user can create a group unless you [limit group creation to a specific set of people](../../solutions/manage-creation-of-groups.md). If you limit group creation, users who cannot create groups will not be able to create SharePoint sites, Planners, teams, Outlook group calendars, Stream groups, Viva Engage groups, Shared libraries in OneDrive, or shared Power BI workspaces. These services require the people creating them to be able to create a group. Users can still participate in group activities, such as creating tasks in Planner or using Teams chat, provided they are a member of the group.

+- Viva Engage group and group content (If the Microsoft 365 group was created from Viva Engage)

+Check out the guidance in [Verify your Microsoft 365 domain to prove ownership, nonprofit or education status, or to activate Viva Engage](../setup/domains-faq.yml) to make sure you've completed all the required steps. It's a little different for each situation.

+| 1/10/2020 | [Microsoft 365 Reports in the admin center - Viva Engage activity report](/Office365/Admin/activity-reports/viva-engage-activity-report) | modified |

+| 1/10/2020 | [Microsoft 365 Reports in the admin center - Viva Engage device usage report](/Office365/Admin/activity-reports/viva-engage-device-usage-report) | modified |

+| 1/10/2020 | [Microsoft 365 Reports in the admin center - Viva Engage groups activity report](/Office365/Admin/activity-reports/viva-engage-groups-activity-report) | modified |

+**Forums:** Forums are intended to provide community participants with an online destination where they can post technical support questions and discuss topics related to the Office 365 services. Here are the forums that are available: Deploy Office 365, Directory integration services, Domains in Office 365, Downloads, Email and calendar, IM, meetings and conferencing, Manage Office 365, Manage projects, Mobile access, Office 365 for Mac, Office apps, Sites and document sharing, Trust Center documents, Upgrade to Office 365, Viva Engage

+|Name <br/> | The name entered here is what users will see on the following pages: <br/> Sign-in page: If your users have set up other Microsoft accounts with their business or school email address, they may see the organization name on the sign-in page. This helps them distinguish between their work or school account and their other accounts, so they can identify which one to use when they sign in. <br/> Organization profile link and page: The link to your organization's profile displays the organization name. <br/> Viva Engage navigation: In Viva Engage, the left navigation uses the organization name as the name of the home Viva Engage network. <br/> OneDrive sync client: The organization name is shown in File Explorer on Windows and Finder on Mac, the file paths, the OneDrive activity center, the tooltip of the OneDrive cloud icon, and the OneDrive settings window. Currently, updating the organization name does not update it for configured clients. <br/> MS Teams: Organization Switcher in Teams displays the organization Name <br/> |

+|**Viva Engage**|Yes|Yes|Yes|Yes|

+As the admin, you can enable external calendar sharing for all users in your organization. Once sharing is enabled, users can use Outlook Web App to share their calendars with anyone inside or outside the organization. People inside the organization can view the shared calendar along with their own calendar. People outside the organization will be sent a URL that they can use to view the calendar. Users decide when to share, how much to share, and when to keep their calendars private.

+1. In the admin center, go to **Settings** -> **Org Settings**.

+|Remove all assigned licenses <br/> |Another option is to remove any Microsoft 365 licenses assigned to the user. This prevents them from using applications and services like the Microsoft 365, Microsoft 365 apps, Viva Engage, and SharePoint Online. They can still sign in but canΓÇÖt use these services. <br/> |Use when you feel this user no longer needs access to specific features in Microsoft 365. <br/> <br> **Important:** When you remove a license, the user's mailbox will be deleted in 30 days.

+|Newsfeed and Viva Engage (enterprise social networks)|Newsfeed (the social hub where you'll see updates from the people, documents, sites, and tags you're following) is available. Viva Engage is unavailable.|

+3. Choose **Add theme**.

+|Viva Engage <br/> |Any user who has read, posted, or liked a message on Viva Engage. <br/> ||

+|Microsoft 365 Groups <br/> |Any group member that has mailbox activity (if a message has been sent to the group) <br/> |This definition will be enhanced with group site file activity and Viva Engage group activity (file activity on group site and message posted to Viva Engage group associated with the group.) This data is currently not available in the Microsoft 365 Usage Analytics template app <br/> |

+The following example shows how to create a new visual to track new Viva Engage users on monthly basis.

+1. Go to the **Product Usage** report using the left nav and select the **Viva Engage** tab.

+11. In the **Filter Type** area that appears, select the **Viva Engage** check box.

+ 

+13. Expand Title and change the **Title Text** value to **First-Time Viva Engage Users by Month**.

+|Tenant Client Usage <br/> |Contains data about the number of users actively using specific client/devices to connect to Exchange Online, Skype for Business and Viva Engage. <br/> |Contains monthly aggregated data for a rolling 12-month period including the current partial month. <br/> |

+|Tenant Microsoft 365 Groups Usage <br/> |Contains data about Microsoft 365 Groups usage including Mailbox, SharePoint, and Viva Engage. <br/> |Contains end-of-month state data for a rolling 12-month period including the current partial month. <br/> |

+|IDType <br/> |ID type is set to 1 if the user is a Viva Engage user who connects by using their Viva Engage ID or 0 if they connect to Viva Engage by using their Microsoft 365 ID. <br/> Value is 1 to represent that this user connects to Viva Engage with their Viva Engage ID and not their Microsoft 365 ID <br/> |

+|HasLicenseYAM <br/> |Set to true if user is assigned a license and enabled to use Viva Engage on the last day of the month. <br/> |

+|YAM_State <br/> |States of the user in the Viva Engage system, can be active, deleted, or suspended. <br/> |

+|YAM_ActivationDate <br/> |Date the user entered the state of being active in Viva Engage. <br/> |

+|YAM_DeletionDate <br/> |Date the user entered the state of being deleted in Viva Engage. <br/> |

+|YAM_SuspensionDate <br/> |Date the user entered the state of being suspended in Viva Engage. <br/> |

+|IDType <br/> |ID type is set to 1 if the user is a Viva Engage user who connects by using their Viva Engage ID or 0 if they connect to Viva Engage by using their Microsoft 365 ID. <br/> Value is 1 to represent that this user connects to Viva Engage with their Viva Engage ID and not their Microsoft 365 ID <br/> |

+|YAM_MessagePost <br/> |Number of Viva Engage messages this user posted. <br/> |

+|YAM_MessageLiked <br/> |Number of Viva Engage messages this user liked. <br/> |

+|YAM_MessageRead <br/> |Number of Viva Engage messages this user read. <br/> |

+This table provides month-over-month summary data about the clients that the users are using to connect to Exchange Online, Skype for Business and Viva Engage. This table doesn't yet have client use data for SharePoint Online and OneDrive for Business.

+|YAM_TotalGroups <br/> |Number of Viva Engage groups. <br/> |

+|YAM_ActiveGroups <br/> |Number of active Viva Engage groups. <br/> |

+|YAM_LikedActiveGroups <br/> |Number of Viva Engage groups which have like activities. <br/> |

+|YAM_PostedActiveGroups <br/> |Number of Viva Engage groups which have post activities. <br/> |

+|YAM_ReadActiveGroups <br/> |Number of Viva Engage groups which have read activities. <br/> |

+|YAM_TotalActivities <br/> |Number of Viva Engage activities. <br/> |

+|YAM_LikedActivities <br/> |Number of Viva Engage like activities. <br/> |

+|YAM_PostedActivties <br/> |Number of Viva Engage post activities. <br/> |

+|YAM_ReadActivites <br/> |Number of Viva Engage read activities. <br/> |

+- **Communication** &ndash; You can see at a glance whether people in your organization prefer to stay in touch by using Teams, Viva Engage, email, or Skype calls. You can observe if there are shifts in patterns in the use of communication tools among your employees.

+- **Mobility** &ndash; Track which clients and devices people use to connect to email, Teams, Skype, or Viva Engage.

+This report contains a separate report for each Microsoft 365 service, including Exchange, Microsoft 365 groups, OneDrive, SharePoint, Skype, Teams, and Viva Engage. Each report contains total enabled vs. total active user reports, counts of entities such as mailboxes, sites, groups, and accounts, as well as activity type reports where appropriate. All values of the month shown on the top section of the report refer to the latest complete month.

+The current version of the template app includes usage from Outlook groups, Viva Engage groups, and SharePoint groups. It does not include groups related to Microsoft Teams or Planner.

+> Auto-claim policies are currently only available for Microsoft Teams and Minecraft Education. More products will be available to use in the future.

+### Save Viva Engage information

+Admins can export all messages, notes, files, topics, users, and groups to a .zip file. For more information, see [Manage data in the Viva Engage admin center](/viva/engage/eac-as-manage-data).

+- ContentEnagagementFY23

+> [!NOTE]

+> Support for cloud attachments that are shared in Viva Engage is in preview.

+You might need to use this option if you're required to capture and retain all copies of files in your tenant that are sent over communications by users. You use this option in conjunction with retention policies for the communication services themselves; Exchange, Teams, and Viva Engage.

+Cloud attachments, sometimes also known as modern attachments, are a sharing mechanism that uses embedded links to files that are stored in the cloud. They support centralized storage for shared content with collaborative benefits, such as version control. Cloud attachments are not attached copies of a file or a URL text link to a file. However, support for URL text links are also now gradually rolling out. You might find it helpful to refer to the visual checklists for supported cloud attachments in [Outlook](/microsoft-365/troubleshoot/retention/cannot-retain-cloud-attachments#cloud-attachments-in-outlook), [Teams](/microsoft-365/troubleshoot/retention/cannot-retain-cloud-attachments#cloud-attachments-in-teams), and [Viva Engage](/microsoft-365/troubleshoot/retention/cannot-retain-cloud-attachments#cloud-attachments-in-viva-engage).

+The cloud attachments supported for this option are files such as documents, videos, and images that are stored in SharePoint and OneDrive. For Teams, cloud attachments shared in chat messages, and standard and private channels are supported. For Viva Engage, cloud attachments shared with users in storylines, community posts, and Inbox messages are supported.

+Cloud attachments shared over meeting invites and apps other than Teams, Outlook, or Viva Engage aren't supported. The cloud attachments must be shared by users; cloud attachments sent via bots aren't supported.

+You will need to create separate retention policies if you want to retain or delete the original files, email messages, or messages from Teams and Viva Engage.

+> If you want retained cloud attachments to expire at the same time as the messages that contained them, configure the retention label to have the same retain and then delete actions and timings as your retention policies for Exchange, Teams, and Viva Engage.

+- Viva Engage must be in [native mode](/viva-engage/configure-your-viva-engage-network/overview-native-mode) to support cloud attachments.

+- If cloud attachments and links in a Teams or Viva Engage message are changed after the message is sent by editing the message, those changed cloud attachments and links aren't supported for retention.

+- Attachments and links shared outside Teams, Outlook, and Viva Engage aren't supported, and the attachments and links must be content stored in SharePoint or OneDrive.

+- Sharing an existing Viva Engage message with an attachment isn't supported.

+ - Not supported beyond 5,000 characters in the initial email body or in Teams and Viva Engage messages

+ - <a name="file-extensions"></a> [PDF documents](sensitivity-labels-office-apps.md#pdf-support) and Office files for Word (.docx), PowerPoint (.pptx), and Excel (.xlsx) are supported.

+ - PDF attachments and Office attachments are scanned for the conditions you specify in your auto-labeling policy. When there's a match, the email is labeled but not the attachment.

+ - For PDF files, if the label applies encryption, these files are encrypted by using [Message encryption](ome.md) when your tenant is [enabled for PDF attachments](ome-faq.yml#are-pdf-file-attachments-supported-).

+description: Learn how to set up a custom connector to import third-party data from data sources such as Salesforce Chatter, Yahoo Messenger, or Viva Engage.

+- Microsoft Viva Engage

+- Viva Engage

+## Viva Engage activities

+The following table lists the user and admin activities in Viva Engage that are logged in the audit log. To return Viva Engage-related activities from the audit log, you have to select **Show results for all activities** in the **Activities** list. Use the date range boxes and the **Users** list to narrow the search results.

+> Some Viva Engage audit activities are only available in Audit (Premium). That means users must be assigned the appropriate license before these activities are logged in the audit log. For more information about activities only available in Audit (Premium), see [Audit (Premium) in Microsoft 365](audit-premium.md#audit-premium-events). For Audit (Premium) licensing requirements, see [Auditing solutions in Microsoft 365](audit-solutions-overview.md#licensing-requirements). <br/><br/>In the following table, Audit (Premium) activities are highlighted with an asterisk (*).

+|Changed network configuration|NetworkConfigurationUpdated|Network or verified admin changes the Viva Engage network's configuration. This includes setting the interval for exporting data and enabling chat.|

+|Changed security configuration|NetworkSecurityConfigurationUpdated|Verified admin updates the Viva Engage network's security configuration. This includes setting password expiration policies and restrictions on IP addresses. Only verified admins can perform this operation.|

+|Deleted group|GroupDeletion|A group is deleted from Viva Engage.|

+|Exported data|DataExport|Verified admin exports Viva Engage network data. Only verified admins can perform this operation.|

+|Suspended network user|NetworkUserSuspended|Network or verified admin suspends (deactivates) a user from Viva Engage.|

+|Viva Engage|Viva Engage|

+- [Viva Engage](audit-log-activities.md#viva-engage-activities)

+| Wire transfer is a method of electronic funds transfer from one person or entity to another. The model captures all the wire transfer receipts and acknowledgments. | Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt files. | English |

+| Threat, Harassment, and Profanity | 6 words | Dutch, French, German, Italian, Japanese, Portuguese, Spanish |

+| Threat, Harassment, and Profanity | 12 words | Arabic, Chinese Simplified, Chinese Traditional, Korean |

+description: "A case study for Contoso and how they quickly configure a communication compliance policy to detect potentially inappropriate text in Microsoft Teams, Exchange Online, and Viva Engage communications."

+# Case study - Contoso configures a communication compliance policy to identify potentially inappropriate text for Microsoft Teams, Exchange, and Viva Engage communications

+[Microsoft Purview Communication Compliance](/microsoft-365/compliance/communication-compliance) helps minimize communication risks by helping you detect, capture, and act on messages with potentially inappropriate text in your organization. Potentially inappropriate text may include profanity, threats, harassment, and adult content. Pre-defined and custom [policies](/microsoft-365/compliance/communication-compliance-policies) allow you to review internal and external communications for policy matches, so they can be examined by designated reviewers. Reviewers can [investigate alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate#investigate-alerts) for email, Microsoft Teams, Viva Engage, or third-party communications throughout your organization and take appropriate [remediation actions](/microsoft-365/compliance/communication-compliance-investigate-remediate#remediate-alerts) to make sure they're compliant with your organization's message standards.

+The Contoso Corporation is a fictional organization that needs to quickly configure a policy to detect potentially inappropriate text. They have been using Microsoft 365 primarily for email, Microsoft Teams, and Viva Engage support for their users, but have new requirements to enforce company policy around workplace harassment. Contoso IT administrators and compliance specialists have a basic understanding of the fundamentals of working with Microsoft 365 and are looking for end-to-end guidance for how to quickly get started with communication compliance.

+Contoso IT administrators and compliance specialists attended online webinars about compliance solutions in Microsoft Purview and decided that communication compliance policies will help them meet the updated corporate policy requirements for reducing workplace harassment. Working together, they've developed a plan to create and enable a communication compliance policy that will detect potentially inappropriate messages. This configuration includes detecting text for chats sent in Microsoft Teams, private messages and community conversations in Viva Engage, and in email messages sent in Exchange Online.

+### Configuring Viva Engage tenant for Native Mode

+Communication compliance requires that the Viva Engage tenant for an organization is in Native Mode to detect potentially inappropriate text in private messages and public community conversations.

+Contoso IT administrators make sure they review the information in the [Overview of Viva Engage Native Mode in Microsoft 365 article](/viva/engage/configure-your-viva-engage-network/overview-native-mode) and follow the steps for running the migration tool in the [Configure your Viva Engage network for Native Mode for Microsoft 365](/viva/engage/configure-your-viva-engage-network/native-mode) article.

+## Viva Engage

+Private messages and public conversations and associated attachments in Microsoft Viva Engage communities can also be analyzed. When users are added to a communication compliance policy that includes Viva Engage as a defined channel, communications across all Viva Engage communities that a user is a member of are included in the analysis. Viva Engage chats and attachments matching communication compliance policy conditions may take up to 24 hours to process.

+Viva Engage must be configured in [Native Mode](/viva/engage/configure-your-viva-engage-network/overview-native-mode) for communication compliance policies to detect Viva Engage communications and attachments. In Native Mode, all Viva Engage users are in Azure Active Directory, all groups are Office 365 Groups, and all files are stored in SharePoint Online.

+Use communication compliance policies to identify user communications for analysis by internal or external reviewers. For more information about how communication compliance policies can help you detect communications in your organization, see [communication compliance policies](/microsoft-365/compliance/communication-compliance-policies). If you'd like to review how Contoso quickly configured a communication compliance policy to detect potentially inappropriate content in Microsoft Teams, Exchange Online, and Viva Engage communications, check out this [case study](/microsoft-365/compliance/communication-compliance-case-study).

+## Step 4 (optional): Verify your Viva Engage tenant is in Native Mode

+In Native Mode, all Viva Engage users are in Azure Active Directory (Azure AD), all groups are Office 365 Groups, and all files are stored in SharePoint Online. Your Viva Engage tenant must be in Native Mode for communication compliance policies to check and identify risky conversations in private messages and community conversations in Viva Engage.

+For more information about configuring Viva Engage in Native Mode, see:

+- [Overview of Viva Engage Native Mode in Microsoft 365](/viva/engage/configure-your-viva-engage-network/overview-native-mode)

+- [Configure your Viva Engage network for Native Mode for Microsoft 365](/viva/engage/configure-your-viva-engage-network/native-mode)

+ - Choose the communication channels to check, including Exchange, Microsoft Teams, or Viva Engage. You'll also choose to check third-party sources if you've configured a connector in Microsoft 365.

+1. Open an email client, Microsoft Teams, or Viva Engage while signed in as a scoped user defined in the policy you want to test.

+2. Send an email, Microsoft Teams chat, or Viva Engage message that meets the criteria you've defined in the communication compliance policy. This test can be a keyword, attachment size, domain, etc. Make sure you determine if your configured conditional settings in the policy are too restrictive or too lenient.

+ > Email messages can take approximately 24 hours to fully process in a policy. Communications in Microsoft Teams, Viva Engage, and third-party platforms can take approximately 48 hours to fully process in a policy.

+- **Escalate for investigation**: Using the **Escalate for investigation** control, you can create a new [eDiscovery (Premium) case](/microsoft-365/compliance/overview-ediscovery-20) for single or multiple messages. You'll provide a name and notes for the new case, and user who sent the message matching the policy is automatically assigned as the case custodian. You don't need any additional permissions to manage the case. Creating a case doesn't resolve or create a new tag for the message. You can select a total of 100 messages when creating an eDiscovery (Premium) case during the remediation process. Messages in all communication channels included in communication compliance are supported. For example, you could select 50 Microsoft Teams chats, 25 Exchange Online email messages, and 25 Viva Engage messages when you open a new eDiscovery (Premium) case for a user.

+Before you start using communication compliance, you must determine who needs their communications reviewed. In the policy, user email addresses identify individuals or groups of people to apply the policy to. Some examples of these groups are Microsoft 365 Groups, Exchange-based distribution lists, Viva Engage communities, and Microsoft Teams channels. You also can exclude specific users or groups from checking with a specific exclusion group or a list of groups. For more information about groups types supported in communication compliance policies, see [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure#step-3-optional-set-up-groups-for-communication-compliance).

+To configure communication compliance for your Microsoft 365 organization, see [Configure communication compliance](/microsoft-365/compliance/communication-compliance-configure) or check out the [case study for Contoso](/microsoft-365/compliance/communication-compliance-case-study) and how they quickly configured a communication compliance policy to detect potentially inappropriate content in Microsoft Teams, Exchange Online, and Viva Engage communications.

+| **Inappropriate text** | Detect inappropriate text | - Locations: Exchange Online, Microsoft Teams, Viva Engage <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Threat, Discrimination, and Targeted harassment classifiers |

+| **Inappropriate images** | Detect inappropriate images | - Locations: Exchange Online, Microsoft Teams, Viva Engage <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Adult and Racy image classifiers |

+| **Sensitive information** | Detect sensitive info types | - Locations: Exchange Online, Microsoft Teams, Viva Engage <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 10% <br> - Conditions: Sensitive information, out-of-the-box content patterns, and types, custom dictionary option, attachments larger than 1 MB |

+| **Regulatory compliance** | Detect financial regulatory compliance | - Locations: Exchange Online, Microsoft Teams, Viva Engage <br> - Direction: Inbound, Outbound <br> - Review Percentage: 10% <br> - Conditions: Customer complaints, Gifts & entertainment, Money laundering, Regulatory collusion, Stock manipulation, and Unauthorized disclosure classifiers|

+| **Conflict of interest** | Detect conflict of interest | - Locations: Exchange Online, Microsoft Teams, Viva Engage <br> - Direction: Internal <br> - Review Percentage: 100% <br> - Conditions: None |

+| Viva Engage body content | 24 hours |

+ - **Viva Engage**: Sensitive information types detected in Viva Engage inboxes, posts, chats, and replies.

+- **Location**: Channel that the message was sent on. This can be Exchange Online, Teams, Viva Engage, or any third-party channel supported by communication compliance.

+Microsoft Purview Communication Compliance is an insider risk solution that helps you detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within your organization. Communication compliance evaluates text and image-based messages in Microsoft and third-party apps (Teams, Viva Engage, Outlook, WhatsApp, etc.) for potential business policy violations including inappropriate sharing of sensitive information, threatening or harassing language as well as potential regulatory violations (such as stock and capital manipulations).

+|Users choose which communication channels to detect for patterns in|Users can choose which channels, such as Microsoft Teams, Exchange, Viva Engage, or third-party sources, to identify and detect content patterns.|

+- [Case study: Contoso quickly configures an inappropriate content policy for Microsoft Teams, Exchange, and Viva Engage communications](/microsoft-365/compliance/communication-compliance-case-study)

+Microsoft Purview Communication Compliance is an insider risk solution that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Pre-defined and custom policies allow you to check internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate email, Microsoft Teams, Viva Engage, or third-party communications in your organization and take appropriate actions to make sure they're compliant with your organization's message standards.

+- **Viva Engage**: Private messages and public community conversations in [Viva Engage](/viva/engage/viva-engage-landing-page) are supported in communication compliance policies. Viva Engage is an optional channel and must be in [native mode](/viva/engage/configure-your-viva-engage-network/overview-native-mode) to support checking of messages and attachments.

+- Check out the [case study for Contoso](/microsoft-365/compliance/communication-compliance-case-study) and see how they quickly configured a communication compliance policy to detect potentially inappropriate content in Microsoft Teams, Exchange Online, and Viva Engage communications.

+You can quickly put retention policies in place for multiple services in your Microsoft 365 environment that include Teams and Viva Engage messages, Exchange mail, SharePoint sites, and OneDrive accounts. There are no limits to the number of users, mailboxes or sites that a retention policy can automatically include. But if you need to get more selective, you can do so by configuring either an adaptive scope that's query-based to dynamically target specific instances, or a static scope that specifies specific instances to always include or always exclude.

+A pre-defined *Detect inappropriate text* policy template allows you to check internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate email, Microsoft Teams, Viva Engage, or third-party communications in your organization and take appropriate remediation actions to make sure they're compliant with your organization's standards.

+ - For the policy locations **Teams private channel messages**, **Viva Engage user messages** and **Viva Engage community messages**:

+- **Viva Engage community messages**

+- **Viva Engage user messages**

+If you select the Teams or Viva Engage locations when you create a retention policy, the other locations are automatically excluded. This means that the instructions to follow depend on whether you need to include the Teams or Viva Engage locations.

+> When you use adaptive policies instead of static policies, you can configure a single retention policy to include both Teams and Viva Engage locations. This isn't the case for static policies where Teams and Viva Engage locations require their own retention policy.

+Select the tab for instructions to create a retention policy for Teams, Viva Engage, or the other supported services (Exchange, SharePoint, OneDrive, Microsoft 365 Groups, Skype for Business):

+# [Retention policy for Viva Engage](#tab/viva-engage-retention)

+> Retention policies for Viva Engage currently do not inform users when messages are deleted as a result of a retention policy.

+> To use this feature, your Viva Engage network must be [Native Mode](/viva-engage/configure-your-viva-engage-network/overview-native-mode), not Hybrid Mode.

+ - If you chose **Adaptive**: On the **Choose adaptive policy scopes and locations** page, select **Add scopes** and select one or more adaptive scopes that have been created. Then, select one or more locations. The locations that you can select depend on the [scope types](purview-adaptive-scopes.md#configure-adaptive-scopes) added. For example, if you only added a scope type of **User**, you'll be able to select **Viva Engage user messages** but not **Viva Engage community messages**.

+ - If you chose **Static**: On the **Choose locations to apply the policy** page, toggle on one or both of the locations for Viva Engage: **Viva Engage community message** and **Viva Engage user messages**.

+ For Viva Engage user messages:

+For technical details about how retention works for Viva Engage, including what elements of messages are supported for retention and timing information with example walkthroughs, see [Learn about retention for Viva Engage](retention-policies-viva-engage.md).

+#### Known configuration issues for Viva Engage retention policies

+- When you select **Edit** for the Viva Engage user messages location, you might see guests and non-mailbox users. Retention policies aren't designed for these users, so don't select them.

+#### Additional retention policies needed to support Viva Engage

+Viva Engage is more than just community messages and private messages. To retain and delete email messages for your Viva Engage network, configure an additional retention policy that includes any Microsoft 365 groups that are used for Viva Engage, by using the **Microsoft 365 Group mailboxes & sites** location.

+This location will also include files that are uploaded to Viva Engage communities. These files are stored in the group-connected SharePoint site for the Viva Engage community.

+It's possible that a retention policy that's applied to SharePoint sites could delete a file that's referenced in a Viva Engage message before those messages get deleted. In this scenario, the file still displays in the Viva Engage message, but when users select the file, they get a "File not found" error. This behavior isn't specific to retention policies and could also happen if a user manually deletes a file from SharePoint.

+ - If you chose **Static**: On the **Choose locations** page, toggle on or off any of the locations except the locations for Teams and Viva Engage. For each location, you can leave it at the default to [apply the policy to the entire location](retention-settings.md#a-policy-that-applies-to-entire-locations), or [specify includes and excludes](retention-settings.md#a-policy-with-specific-inclusions-or-exclusions).

+ - For the policy locations **Teams private channel messages**, **Viva Engage user messages** and **Viva Engage community messages**:

+- Other Microsoft 365 workloads such as Viva Engage and Planner that aren't currently supported by Customer Key.

+The **Match**, **Not a match** and **Contextual Summary** experiences are available in:

+The **Contextual Summary** experience is available in:

+- Microsoft Purview Information Protection (MIP) Auto-labeling simulation matched items - for SharePoint sites, OneDrive sites

+|Exact data match SIT|No*|No|No|

+|Named entities| No*| No| No|

+|Credential scan| No*| No| No|

+\* These classifiers are supported in MIP Auto-labeling simulation matched items - for SharePoint sites and OneDrive sites

+

+> The match/not a match feedback and contextual summary experience support items in:

+> The contextual summary experience supports items in:

+> SharePoint sites and OneDrive sites - for MIP simulation matched items

+## Known limitations

+|2| Create retention policies and if needed, retention labels for exceptions. <br /><br /> The most commonly used retention policies are for Exchange, SharePoint, Teams, Microsoft 365 Groups, and Viva Engage. You can configure exceptions for documents and emails. | [Create retention policies](create-retention-policies.md) <p> [Create and apply retention labels for your exceptions](create-retention-labels-information-governance.md)|

+**Retention policies** are the cornerstone for data lifecycle management. Use these policies for Microsoft 365 workloads that include Exchange, SharePoint, OneDrive, Teams, and Viva Engage. Configure whether content for these services needs to be retained indefinitely, or for a specific period if users edit or delete it. Or you can configure the policy to automatically permanently delete the content after a specified period if it's not already deleted. You can also combine these two actions for retain and then delete, which is a very typical configuration. For example, retain email for three years and then delete it.

+|Attachment is password protected|condition: *DocumentIsPasswordProtected* <br/><br/> exception: *ExceptIfDocumentIsPasswordProtected*|none|Messages where an attachment is password protected (and therefore can't be scanned). Password detection works for Office documents, compressed files (.zip, .7z), and .pdf files.|

+To associate other mailboxes, sites, Teams, or Viva Engage groups to a specific custodian:

+ - **Viva Engage**: Use to assign the Viva Engage groups the custodian is currently a member of. Select the groups to assign to the custodian and then select **Add**. After you add a team, the system automatically identifies and locates the SharePoint site and group mailbox associated to that group and assigns them to the custodian.

+ > You can use the **Exchange** and **SharePoint** location pickers to associate any mailbox or site in your organization to a custodian. , This includes associating the mailbox and site for a Microsoft Team or Viva Engage group that a custodian is not a member of. To do this, you have to add both the mailbox and site associated with each team or Viva Engage group.

+2. You can view the total number of mailboxes, sites, Teams, and Viva Engage groups assigned to each custodian by expanding each custodian in the table. When you've finalized the assigned data locations for each custodian, these associations will be maintained and used during the collection, processing, and review stages in the eDiscovery (Premium) workflow.

+- **Teams conversations**. All Teams (and Viva Engage) conversations in the review set are displayed.

+> During the public preview of [the new case format](ediscovery-new-case-format.md) in eDiscovery (Premium), the **For Review** filter query did not return Teams or Viva Engage conversations for review sets (in cases that use the large case format) created before November 4, 2021. This issue has been resolved. That means if you reapply the **For Review** query to a review set in a case that uses the large case format, more items that match the filter query may be displayed because all Teams or Viva Engage conversations are included.

+This role lets users run the Content Search tool in the compliance portal to search mailboxes and public folders, SharePoint Online sites, OneDrive for Business sites, Skype for Business conversations, Microsoft 365 groups, and Microsoft Teams, and Viva Engage groups. This role allows a user to get an estimate of the search results and create export reports, but other roles are needed to initiate content search actions such as previewing, exporting, or deleting search results.

+

+ A. **Teams and Viva Engage conversations**: Select this option to add conversation threads to the collection that include the chat items returned by the search query in the collection. This means that the chat conversation that contains items that match the search criteria is reconstructed. This lets you review chat items in the context of the back and forth conversation. Collect up to 12 hours of related conversations when a message matches a search. For more information, see [Conversation threading in eDiscovery (Premium)](ediscovery-conversation-review-sets.md).

+ To export Teams messages as individual messages when committing to review set, unselect **Teams and Viva Engage conversations**. This commits your review set with individual Teams messages. Once the collection is committed, you can export the documents and messages in the review set. The exported results contain the individual messages for Teams and Viva Engage instead of conversation threads.

+ > [!NOTE]

+ > The **Teams and Viva Engage conversations** setting is selected by default. If selected, review sets contain Teams conversation threads related to the matched search.

+## Searching Viva Engage Groups

+You can use the **ItemClass** email property or the **Type** search condition to search specifically for conversation items in Viva Engage Groups.

+ For example, you can use the following search query to return Viva Engage messages and Viva Engage praise items:

+ 

+ - Alternatively, you can use the **Type** email condition and select **Viva Engage messages** to return Viva Engage items. For example, the following search query will return all Viva Engage conversation items that contain the keyword "confidential".

+ 

+- Viva Engage Groups

+ 1. **Exchange mailboxes**: Set the toggle to **On** and then select **Choose users, groups, or teams** to specify the mailboxes to search. Use the search box to find user mailboxes and distribution groups. You can also search the mailbox associated with a Microsoft Team (for channel messages), Microsoft 365 Group, and Viva Engage Group. For more information about the application data stored in mailboxes, see [Content stored in mailboxes for eDiscovery](ediscovery-what-is-stored-in-a-mailbox.md).

+ 2. **SharePoint sites**: Set the toggle to **On** and then select **Choose sites** to specify SharePoint sites and OneDrive sites to search. Enter the URL for each site that you want to search. You can also add the URL for the SharePoint site for a Microsoft Team, Microsoft 365 Group, or Viva Engage Group.

+description: "Learn about the conversation reconstruction feature in Microsoft Purview eDiscovery (Premium) (called conversation threading) to reconstruct, review, and export chat conversations in Microsoft Teams and Viva Engage groups."

+Instant messaging is a convenient way to ask questions, share ideas, or quickly communicate across large audiences. As instant messaging platforms, like Microsoft Teams and Viva Engage groups, become core to enterprise collaboration, organizations must evaluate how their eDiscovery workflow addresses these new forms of communication and collaboration.

+ - Data in the custodian's Exchange mailbox, OneDrive account, and any Microsoft Teams or Viva Engage groups that the custodian is a member of can be "marked" as custodial data in the case.

+ - Include Microsoft Teams and Viva Engage conversations

+ - Include Microsoft Teams and Viva Engage conversations

+You can use a Microsoft Purview eDiscovery (Standard) case to create holds to preserve content that might be relevant to the case. You can place a hold on the Exchange mailboxes and OneDrive for Business accounts of people you're investigating in the case. You can also place a hold on the mailboxes and sites that are associated with Microsoft Teams, Microsoft 365 groups, and Viva Engage Groups. When you place content locations on hold, content is preserved until you remove the content location from the hold or until you delete the hold.

+ 1. **Exchange mailboxes**: Set the toggle to **On** and then select **Choose users, groups, or teams** to specify the mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, Microsoft 365 group, and Viva Engage Group. For more information about the application data that is preserved when a mailbox is placed on hold, see [Content stored in mailboxes for eDiscovery](ediscovery-what-is-stored-in-a-mailbox.md).

+ 2. **SharePoint sites**: Set the toggle to **On** and then select **Choose sites** to specify SharePoint sites and OneDrive accounts to place on hold. Type the URL for each site that you want to place on hold. You can also add the URL for the SharePoint site for a Microsoft Team, Microsoft 365 group or a Viva Engage Group.

+ - **DelayReleaseHoldApplied:** This property applies to cloud-based content (generated by non-Outlook apps such as Microsoft Teams, Microsoft Forms, and Microsoft Viva Engage) that's stored in a user's mailbox. Cloud data generated by a Microsoft app is typically stored in a hidden folder in a user's mailbox.

+|Maximum number of mailboxes in a single eDiscovery hold. This limit includes the combined total of user mailboxes, and the mailboxes associated with Microsoft 365 groups, Microsoft Teams, and Viva Engage Groups. |1,000 |

+|Maximum number of sites in a single eDiscovery hold. This limit includes the combined total of OneDrive for Business sites, SharePoint sites, and the sites associated with Microsoft 365 groups, Microsoft Teams, and Viva Engage Groups. <br/|100|

+|Conversation Type|ConversationType|ConversationType|The type of chat conversation. Values are: <br>**Teams 1:1 and group chats and all Viva Engage conversations:** Group<br>**Teams channels and private channels:** Channel|

+|File class|FileClass|File_class|For content from SharePoint and OneDrive: *Document*. <br>For content from Exchange: *Email* or *Attachment*. <br>For content from Teams or Viva Engage: *Conversations*.|

+|Team Name|TeamName|TeamName|**Teams:** Name of team<br>**Viva Engage:** Community name|

+|Thread ID|ThreadId|Thread_ID|The Thread ID from email messages, Teams conversations, and Viva Engage conversations. For email messages, all reply messages and attachments share the same Thread ID. For Teams 1:1 and group chats, all transcript files and their associated items within the same conversation share the same Thread ID. For more information, see [View documents in a review set](ediscovery-view-documents-in-review-set.md#grouping).|

+|Title|Title|Doc_title|Title from the document metadata. Title from the document metadata. For Teams and Viva Engage content, this is the value from the ConversationName property.|

+ - *Include associated conversation items*: This option includes associated items that are in the same Teams or Viva Engage conversation. Conversation items are items that share the same [*ConversationId* metadata property](/microsoft-365/compliance/ediscovery-document-metadata-fields) value. All messages, posts, and corresponding transcript file of a conversation share the same *ConversationId*.

+

+- **DelayReleaseHoldApplied:** This property applies to cloud-based content (generated by non-Outlook apps such as Microsoft Teams, Microsoft Forms, and Microsoft Viva Engage) that's stored in a user's mailbox. Cloud data generated by a Microsoft app is typically stored in a hidden folder in a user's mailbox.

+<p>Searching for content in for Exchange Online, SharePoint Online, OneDrive for Business, Skype for Business, Microsoft Teams, Viva Engage Groups, Microsoft 365 Groups, and other content stored in Office 365 applications</p></li></ul>

+5. To add or remove other mailboxes, sites, Teams, or Viva Engage groups to a specific custodian, select **Edit** next to the service to add a data location.

+ - **Viva Engage**: Use to assign the Viva Engage groups the custodian is currently a member of. Select the groups to assign to the custodian and then select **Add**. After you add a team, the system automatically identifies and locates the SharePoint site and group mailbox associated to that group and assigns them to the custodian.

+ > You can use the **Exchange** and **SharePoint** location pickers to associate any mailbox or site in your organization, including teams or Viva Engage groups that a custodian is not a member of, to a custodian. To do this, you have to add both the mailbox and site associated with each team or Viva Engage group.

+ For each case, the collection settings will default to collect cloud Attachments and contextual Teams and Viva Engage content. These settings help to collect the full picture of digital communications within an investigation. For Teams and Viva Engage contextual conversations, the new case format will convert time-based snapshots of 1:1, 1: N and Channel conversations into HTML transcripts to help provide context of conversations and reduce the total number of items produced by chat-based content.

+ > You can use the **SharePoint** and **Exchange** sections to add sites and mailboxes associated with a Team or Viva Engage group as non-custodial data sources. You have to separately add the mailbox and site associated with a Team or Viva Engage group.<br/><br/> Also, adding a root site URL (such as `https://contoso-my.sharepoint.com/personal/` or `https://contoso-my.sharepoint.com/`) as a SharePoint data source isn't supported. You have to add specific sites.

+Native search and collection capabilities for data in Teams, Viva Engage, SharePoint Online, OneDrive for Business, and Exchange Online further enhances data discovery. For example, eDiscovery (Premium):

+|Maximum number of mailboxes in a single case hold. This limit includes the combined total of user mailboxes, and the mailboxes associated with Microsoft 365 Groups, Microsoft Teams, and Viva Engage Groups. <br/> |1,000 |

+|Maximum number of sites in a single case hold. This limit includes the combined total of OneDrive for Business sites, SharePoint sites, and the sites associated with Microsoft 365 Groups, Microsoft Teams, and Viva Engage Groups. | 100 |

+ 1. **Exchange mailboxes**: Set the toggle to **On** and then select **Choose users, groups, or teams** to specify the mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also search the mailbox associated with a Microsoft Team (for channel messages), Office 365 Group, and Viva Engage Group. For more information about the application data stored in mailboxes, see [Content stored in mailboxes for eDiscovery](ediscovery-what-is-stored-in-a-mailbox.md).

+ 2. **SharePoint sites**: Set the toggle to **On** and then select **Choose sites** to specify SharePoint sites and OneDrive accounts to place on hold. Type the URL for each site that you want to place on hold. You can also add the URL for the SharePoint site for a Microsoft Team, Office 365 Group, or Viva Engage Group.

+- You can add inactive mailboxes, Microsoft Teams, Viva Engage Groups, Office 365 Groups, and distribution groups to the list of mailboxes to search. Dynamic distribution groups aren't supported. If you add Microsoft Teams, Viva Engage Groups, or Office 365 Groups, the group or team mailbox is searched; the mailboxes of the group members aren't searched.

+- To add sites to the search, turn on the toggle and then select **Choose sites**. Type the URL for each site that you want to search. You can also add the URL for the SharePoint site for a Microsoft Team, a Viva Engage Group, or an Office 365 Group.

+ |Maximum number of mailboxes in a single case hold. This limit includes the combined total of user mailboxes, and the mailboxes associated with Microsoft 365 Groups, Microsoft Teams, and Viva Engage Groups. <br/> |1,000 <br/> |

+ |Maximum number of sites in a single case hold. This limit includes the combined total of OneDrive for Business sites, SharePoint sites, and the sites associated with Microsoft 365 Groups, Microsoft Teams, and Viva Engage Groups. <br/> |100 <br/> |

+ - **Include associated conversation items**: This option applies the same tag to all items that are in the same Teams or Viva Engage conversation as the items that are tagged. *Conversation items* are items that share the same **ConversationId** metadata property value. All messages, posts, and corresponding transcript file of a conversation share the same **ConversationId**. If this option is selected, then all items in the same conversation (and transcript file) are tagged, even though some of those conversation items might not be included in the list of review set items. For more information about conversation items, see the "Grouping" section in [eDiscovery (Premium) workflow for content in Microsoft Teams](teams-workflow-in-advanced-ediscovery.md#grouping).

+ - **Include conversation groups**: This option applies the same tag to all items that are in the same email, Teams, or Viva Engage conversation as the items that are tagged. *Conversation group* items are items that share the same **ThreadId** metadata property value. All messages, posts, and corresponding transcript files of a conversation share the same **ThreadId**. If this option is selected, then all items in the same conversation (and transcript file) are tagged. All items are grouped together in the list of review set items.

+- Select **Group Teams or Viva Engage conversations** to view Teams content grouped by conversation. Each conversation is displayed on a line in the list of review set items. Transcript files and attachments are nested under the top-level conversation.

+- **Group by conversations**: All email messages, Teams conversations, and Viva Engage conversations are grouped using the same Thread ID and appear as nested items. Additionally, all associated content for these messages and conversations is also grouped together. For example, if you have an email conversation that includes several email messages, some of which include attachments and some that include embedded images, all of the email messages, attachments, and images are grouped together in the review set list view under an applicable item.

+- **Group Teams or Viva Engage conversations**: View Teams and Viva Engage content grouped by conversation. Each conversation is displayed on a line in the list of review set items. Transcript files and attachments are nested under the top-level conversation.

+|Viva Engage|Conversations and comments within a Viva Engage community are associated with the Microsoft 365 group mailbox, as well as the user mailbox of the author and any named recipients (@ mentioned or Cc'ed users). Private messages sent outside of a Viva Engage community are stored in the mailbox of the users who participate in the private message.|

+Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. You can use eDiscovery tools in Microsoft Purview to search for content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Viva Engage teams. You can search mailboxes and sites in the same eDiscovery search, and then export the search results. You can use Microsoft Purview eDiscovery (Standard) cases to identify, hold, and export content found in mailboxes and sites. If your organization has an Office 365 E5 or Microsoft 365 E5 subscription (or related E5 add-on subscriptions), you can further manage custodians and analyze content by using the feature-rich Microsoft Purview eDiscovery (Premium) solution in Microsoft 365.

+- **Search for content**. Search for content that's stored in Exchange mailboxes, OneDrive for Business accounts, SharePoint sites, Microsoft Teams, Microsoft 365 Groups, and Viva Engage Teams. This includes content generated by other Microsoft 365 apps that store data in mailboxes and sites.

+- **Conversation threading**. When chat messages from Teams and Viva Engage conversations are added to a review set, you can collect the entire conversation thread. This means that the entire chat conversation that contains items that match the collection criteria is added to the review set. This lets you review chat items in the context of the back-and-forth conversation.

+|Efficiently retain or delete data for Microsoft 365

+ - Viva Engage community messages

+ - Viva Engage user messages

+|[Retention policies for Microsoft 365 workloads, with retention labels for exceptions](retention.md) | Lets you retain or delete content with policy management for email, documents, Teams and Viva Engage messages. |

+| TLS between Microsoft 365 and clients | Exchange Online, SharePoint Online, OneDrive for Business, Skype for Business, Teams, and Viva Engage | Microsoft, Customer | Man-in-the-middle or other attack to tap the data flow between Microsoft 365 and client computers over Internet. | This implementation provides value to both Microsoft and customers and assures data integrity as it flows between Microsoft 365 and the client. |

+- A single policy can include locations for both Microsoft Teams and Viva Engage, whereas when you donΓÇÖt use an adaptive scope, each location requires its own policy.

+|**Users** - applies to: <br/> - Exchange mailboxes <br/> - OneDrive accounts <br/> - Teams chats <br/> - Teams private channel messages <br/> - Viva Engage user messages| First Name <br/> Last name <br/>Display name <br/> Job title <br/> Department <br/> Office <br/>Street address <br/> City <br/>State or province <br/>Postal code <br/> Country or region <br/> Email addresses <br/> Alias <br/> Exchange custom attributes: CustomAttribute1 - CustomAttribute15|

+|**Microsoft 365 Groups** - applies to: <br/> - Microsoft 365 Group mailboxes & sites <br/> - Teams channel messages (standard and shared) <br/> - Viva Engage community messages <br> |Name <br/> Display name <br/> Description <br/> Email addresses <br/> Alias <br/> Exchange custom attributes: CustomAttribute1 - CustomAttribute15 |

+[Microsoft Purview Data Lifecycle Management](/microsoft-365/compliance/manage-data-governance#microsoft-purview-data-lifecycle-management) (formerly Microsoft Information Governance) provides you with tools and capabilities to retain and delete content across Exchange, SharePoint, OneDrive, Microsoft 365 Groups, Teams, and Viva Engage. Retaining and deleting emails, documents, and messages are often needed for compliance and regulatory requirements. However, deleting content that no longer has business value also reduces your attack surface.

+Electronic discovery, or eDiscovery, is the process of identifying, collecting, and auditing electronic information for legal, regulatory, or business reasons. You can use [Microsoft Purview eDiscovery solutions](/microsoft-365/compliance/ediscovery) to search for data and content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Viva Engage teams. You can search mailboxes and sites in the same eDiscovery search, and then export the search results for analysis and review.

+| [Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2223416) | [Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2224465) | eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. The **Microsoft Purview eDiscovery solutions setup guide** helps you use the eDiscovery tools in Microsoft Purview that allow you to search for content in: <br> - Exchange <br> - OneDrive <br> - SharePoint <br> - Microsoft Teams <br> - Microsoft 365 Groups <br> - Viva Engage communities. |

+Don't use these cmdlets when the locations are for Teams private channel messages, Viva Engage user messages, or Viva Engage community messages. These locations have alternative cmdlets that are identified in the [next section](#retention-cmdlets-specific-to-teams-private-channels-and-Viva Engage).

+## Retention cmdlets specific to Teams private channels and Viva Engage

+Use the following cmdlets when the locations are for **Teams private channel messages**, **Viva Engage user messages**, or **Viva Engage community messages**.

+|[Get-AppRetentionCompliancePolicy](/powershell/module/exchange/get-appretentioncompliancepolicy) <br /><br> [New-AppRetentionCompliancePolicy](/powershell/module/exchange/new-appretentioncompliancepolicy) <br /><br> [Remove-AppRetentionCompliancePolicy](/powershell/module/exchange/remove-appretentioncompliancepolicy) <br /><br> [Set-AppRetentionCompliancePolicy](/powershell/module/exchange/set-appretentioncompliancepolicy) | View, create, delete, configure retention policies |Teams private channel messages <br /><br /> Viva Engage user messages <br /><br /> Viva Engage community messages|

+|[Get-AppRetentionComplianceRule](/powershell/module/exchange/get-appretentioncompliancerule) <br /><br /> [New-AppRetentionComplianceRule](/powershell/module/exchange/new-appretentioncompliancerule) <br /><br /> [Remove-AppRetentionComplianceRule](/powershell/module/exchange/remove-appretentioncompliancerule) <br /><br /> [Set-AppRetentionComplianceRule](/powershell/module/exchange/set-appretentioncompliancerule) | View, create, configure, delete settings (rules) for retention policies |Teams private channel messages <br /><br /> Viva Engage user messages <br /><br /> Viva Engage community messages|

+Although retention policies for Microsoft Teams and Viva Engage use mailboxes to store data for retention purposes, the maximum number of policies for Exchange Online exclude retention policies for Teams and Viva Engage.

+- Viva Engage community messages: 1,000

+- Viva Engage user messages: 1,000

+- [Learn about retention for Viva Engage](retention-policies-viva-engage.md)

+- [Learn about retention for Viva Engage](retention-policies-viva-engage.md)

+Cloud attachments are embedded links to files that users share, and these can be retained and deleted when your users share them in Outlook emails and Teams or Viva Engage messages. When you [automatically apply a retention label to cloud attachments](apply-retention-labels-automatically.md#auto-apply-labels-to-cloud-attachments), the retention label is applied to a copy of the shared file, which is stored in the Preservation Hold library.

+- [Learn about retention for Viva Engage](retention-policies-viva-engage.md)

+ Title: "Learn about retention for Viva Engage"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: high

+- purview-compliance

+- tier1

+- SPO_Content

+search.appverid:

+- MOE150

+- MET150

+description: "Learn about Microsoft 365 retention policies that apply to Viva Engage so you can manage automatic retention or deletion of Viva Engage messages for your organization."

+# Learn about retention for Viva Engage

+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*

+The information in this article supplements [Learn about retention](retention.md) because it has information that's specific to Viva Engage.

+For other workloads, see:

+- [Learn about retention for SharePoint and OneDrive](retention-policies-sharepoint.md)

+- [Learn about retention for Microsoft Teams](retention-policies-teams.md)

+- [Learn about retention for Exchange](retention-policies-exchange.md)

+## What's included for retention and deletion

+Viva Engage user messages and community messages can be deleted by using retention policies for Viva Engage, and in addition to the text in these messages, the following items can be retained for compliance reasons: Hypertext links and links to other Viva Engage messages.

+> [!NOTE]

+> As explained in the following section, user messages include private messages for an individual user, and any community messages associated with that user.

+>

+> User messages also include [storyline posts](https://support.microsoft.com/office/overview-of-storyline-for-viva-engage-and-viva-engage-530e4e66-9f1c-4be1-b371-08ea40dc4b69), which are supported by retention policies.

+User messages include all the names of the people in the conversation, and community messages include the community name and the message title (if supplied).

+Reactions from others in the form of emoticons aren't retained when you use retention policies for Viva Engage.

+Files that you use with Viva Engage aren't included in retention policies for Viva Engage. These items have their own retention policies.

+## How retention works with Viva Engage

+Use this section to understand how your compliance requirements are met by backend storage and processes, and should be verified by eDiscovery tools rather than by messages that are currently visible in the Viva Engage app.

+You can use a retention policy to retain data from community messages and user messages in Viva Engage, and delete these messages. Behind the scenes, Exchange mailboxes are used to store data copied from these messages. Data from Viva Engage user messages is stored in a hidden folder in the mailbox of each user included in the user message, and a similar hidden folder in a group mailbox is used for community messages.

+Copies of community messages can also be stored in the hidden folder of user mailboxes when they @ mention users or notify the user of a reply. Although these messages originate as a community message, a retention policy for Viva Engage user messages will often include copies of community messages. As a result, user messages aren't restricted to private messages.

+These hidden folders aren't designed to be directly accessible to users or administrators, but instead, store data that compliance administrators can search with eDiscovery tools.

+Even though they are stored in Exchange, Viva Engage messages are only included in a retention policy that's configured for the **Viva Engage community messages** or **Viva Engage user messages** locations.

+> [!NOTE]

+> If a user is included in an active retention policy that retains Viva Engage data and you a delete a mailbox of a user who is included in this policy, to retain the Viva Engage data, the mailbox is converted into an [inactive mailbox](inactive-mailboxes-in-office-365.md). If you don't need to retain this Viva Engage data for the user, exclude the user account from the retention policy before you delete their mailbox.

+After a retention policy is configured for Viva Engage messages, a timer job from the Exchange service periodically evaluates items in the hidden folder where these Viva Engage messages are stored. The timer job takes up to seven days to run. When these items have expired their retention period, they're moved to the SubstrateHolds folderΓÇöa hidden folder that's in every user or group mailbox to store "soft-deleted" items before they're permanently deleted.

+> [!IMPORTANT]

+> Because of the [first principle of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) and since Viva Engage messages are stored in Exchange Online mailboxes, permanent deletion from the SubstrateHolds folder is always suspended if the mailbox is affected by another Viva Engage retention policy for the same location, Litigation Hold, delay hold, or if an eDiscovery hold is applied to the mailbox for legal or investigative reasons.

+>

+> While the mailbox is included in an applicable hold, Viva Engage messages that have been deleted will no longer be visible in Viva Engage but will continue to be discoverable with eDiscovery.

+After a retention policy is configured for Viva Engage messages, the paths the content takes depend on whether the retention policy is to retain and then delete, to retain only, or delete only.

+When the retention policy is to retain and then delete:

+

+For the two paths in the diagram:

+1. **If a Viva Engage message is edited or deleted** by the user during the retention period, the original message is immediately copied (if edited) or moved (if deleted) to the SubstrateHolds folder. The message is stored there until the retention period expires and then the message is immediately permanently deleted.

+2. **If a Viva Engage message is not deleted** and for current messages after editing, the message is moved to the SubstrateHolds folder after the retention period expires. This action takes up to seven days from the expiry date. When the message is in the SubstrateHolds folder, it's then immediately permanently deleted.

+> [!NOTE]

+> Messages in the SubstrateHolds folder are searchable by eDiscovery tools. Until messages are permanently deleted from the SubstrateHolds folder, they remain searchable by eDiscovery tools.

+When the retention period expires and moves a message to the SubstrateHolds folder, a delete operation is communicated to the Viva Engage service, that then relays the same operation to the Viva Engage client app. Delays in this communication or caching can explain why, for a short period of time, users continue to see these messages in their Viva Engage app.

+In this scenario where the Viva Engage service receives a delete command because of a retention policy, the corresponding message in the Viva Engage app is deleted for all users in the conversation. Some of these users might be from another organization, have a retention policy with a longer retention period, or no retention policy assigned to them. For these users, copies of the messages are still stored in their mailboxes and remain searchable for eDiscovery until the messages are permanently deleted by another retention policy.

+> [!IMPORTANT]

+> Messages visible in the Viva Engage app are not an accurate reflection of whether they are retained or permanently deleted for compliance requirements.

+When the retention policy is retain-only, or delete-only, the content's paths are variations of retain and delete.

+### Content paths for retain-only retention policy

+1. **If a Viva Engage message is edited or deleted**: A copy of the original message is immediately created in the SubstrateHolds folder and retained there until the retention period expires. Then the message is immediately permanently deleted from the SubstrateHolds folder.

+2. **If the Viva Engage message is not modified or deleted** and for current messages after editing during the retention period: Nothing happens before and after the retention period; the message remains in its original location.

+### Content paths for delete-only retention policy

+1. **If the Viva Engage message is not deleted** during the retention period: At the end of the retention period, the message is moved to the SubstrateHolds folder. This action takes up to seven days from the expiry date. Then the message is immediately permanently deleted from the SubstrateHolds folder.

+2. **If the Viva Engage message is deleted by the user** during the period, the item is immediately moved to the SubstrateHolds folder where it's immediately permanently deleted.

+#### Example flows and timings for retention policies

+Use the following examples to see how the processes and timings explained in the previous sections apply to retention policies that have the following configurations:

+- [Example 1: Retain-only for 7 years](#example-1-retain-only-for-7-years)

+- [Example 2: Retain for 30 days and then delete](#example-2-retain-for-30-days-and-then-delete)

+- [Example 3: Delete-only after 1 day](#example-3-delete-only-after-1-day)

+For all examples that refer to permanent deletion, because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), this action is suspended if the message is subject to another retention policy to retain the item or it's subject to an eDiscovery hold.

+##### Example 1: Retain-only for 7 years

+On day 1, a user posts a new Viva Engage message.

+On day 5, the user edits that message.

+On day 30, the user deletes the current message.

+Retention outcomes:

+- For the original message:

+ - On day 5, the message is copied to the SubstrateHolds folder where it can still be searched with eDiscovery tools for a minimum of 7 years from day 1 (the retention period).

+- For the current (edited) message:

+ - On day 30, the message moves to the SubstrateHolds folder where it can still be searched with eDiscovery tools for a minimum of 7 years from day 1 (the retention period).

+If the user had deleted the current message after the specified retention period, instead of within the retention period, the message would still be moved to the SubstrateHolds folder. However, now the retention period has expired, the message would be permanently deleted after the minimum of 1 day and then typically within 1-7 days.

+##### Example 2: Retain for 30 days and then delete

+On day 1, a user posts a new Viva Engage message.

+On day 10, the user edits that message.

+The user doesn't make further edits and doesn't delete the message.

+Retention outcomes:

+- For the original message:

+ - On day 10, the message is copied to the SubstrateHolds folder, where it can still be searched with eDiscovery tools.

+ - At the end of the retention period (30 days from day 1), the message is permanently deleted typically within 1-7 days after the minimum of 1 day, and then won't be returned with eDiscovery searches.

+- For the current (edited) message:

+ - At the end of the retention period (30 days from day 1), the message moves to the SubstrateHolds folder typically within 1-7 days, where it can still be searched with eDiscovery tools.

+ - The message is then permanently deleted typically within 1-7 days after the minimum of 1 day, and then won't be returned with eDiscovery searches.

+##### Example 3: Delete-only after 1 day

+> [!NOTE]

+> Because of the short one-day duration of this configuration and retention processes that operate within a time period of 1-7 days, this section shows example timings that are within the typical time ranges.

+On day 1, a user posts a new Viva Engage message.

+Example retention outcome if the user doesn't edit or delete the message:

+- Day 5 (typically 1-7 days after the start of the retention period on day 2):

+ - The message moves to the SubstrateHolds folder and remains there for at least 1 day where it can still be searched with eDiscovery tools.

+- Day 9 (typically 1-7 days after a minimum of 1 day in the SubstrateHolds folder):

+ - The message is permanently deleted and then won't be returned with eDiscovery searches.

+As this example shows, although you can configure a retention policy to delete messages after just one day, the service undergoes multiple processes to ensure a compliant deletion. As a result, a delete action after 1 day could take 16 days before the message is permanently deleted so that it's no longer returned in eDiscovery searches.

+## Messages and external users

+By default, a retention policy for Viva Engage user messages applies to all users in your organization, but not external users. You can apply a retention policy to external users if you use the **Edit** option for users included, and specify their account.

+At this time, Azure B2B guest users are not supported.

+## When a user leaves the organization

+If a user leaves your organization and their Microsoft 365 account is deleted, their Viva Engage user messages that are subject to retention are stored in an inactive mailbox. These messages remain subject to any retention policy that was placed on the user before their mailbox was made inactive, and the contents are available to an eDiscovery search. For more information, see [Learn about inactive mailboxes](inactive-mailboxes-in-office-365.md).

+If the user stored any files in Viva Engage, see the [equivalent section](retention-policies-sharepoint.md#when-a-user-leaves-the-organization) for SharePoint and OneDrive.

+## Limitations

+Be aware of the following limitation when you use retention for Viva Engage community messages and user messages:

+- When you select **Edit** for the **Viva Engage user messages** location, you might see guests and non-mailbox users. Retention policies aren't designed for these users, so don't select them.

+## Configuration guidance

+If you're new to configuring retention in Microsoft 365, see [Get started with data lifecycle management](get-started-with-data-lifecycle-management.md).

+If you're ready to configure a retention policy for Viva Engage, see [Create and configure retention policies](create-retention-policies.md).

+**Cohasset Assessment - Microsoft 365 - SEC Rule 17a-4(f) - Immutable Storage for SharePoint, OneDrive, Exchange, Teams, and Viva Engage** - [Download assessment](https://servicetrust.microsoft.com/DocumentPage/f028b699-8e39-451e-8af4-e8a66426068b)

+Applicable workloads: SharePoint, OneDrive, Teams, Exchange, and Viva Engage

+- For Exchange, Teams, and Viva Engage, where retained messages are stored in mailboxes, see [Exchange Online limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits) and enable [auto-expanding archiving](autoexpanding-archiving.md).

+- For Teams and Viva Engage messages: The copy is retained in a hidden folder named **SubstrateHolds** as a subfolder in the Exchange **Recoverable Items** folder.

+- [Learn about retention for Viva Engage](retention-policies-viva-engage.md)

+- Viva Engage community messages

+- Viva Engage user messages

+Exchange public folders, Skype, Teams and Viva Engage messages don't support retention labels. To retain and delete content from these locations, use retention policies instead.

+|Workloads supported: <br />- Exchange <br />- SharePoint <br />- OneDrive <br />- Microsoft 365 groups <br />- Skype for Business <br />- Teams<br />- Viva Engage|<br /> Yes <br /> Yes <br /> Yes <br /> Yes <br /> Yes <br /> Yes <br /> Yes | <br /> Yes, except public folders <br /> Yes <br /> Yes <br /> Yes <br /> No <br /> No <br /> No |

+ - [How retention works with Viva Engage](retention-policies-viva-engage.md#how-retention-works-with-viva-engage)

+SharePoint and OneDrive support the following PDF scenarios:

+- When you've [enabled SharePoint and OneDrive for sensitivity labels](sensitivity-labels-sharepoint-onedrive-files.md) and [added PDF support](sensitivity-labels-sharepoint-onedrive-files.md#adding-support-for-pdf). Then, PDFs are supported when you upload a labeled PDF document with or without encryption applied, these services can process the file such that search, eDiscovery, and data loss prevention can inspect the contents, and the sensitivity label name is displayed for users.

+- [Auto-labeling policies](apply-sensitivity-label-automatically.md#how-to-configure-auto-labeling-policies-for-sharepoint-onedrive-and-exchange) can apply a sensitivity label and encryption (if configured) to PDF documents when [PDF support is added](sensitivity-labels-sharepoint-onedrive-files.md#adding-support-for-pdf).

+Outlook doesn't currently support PDF attachments inheriting encryption from a labeled message. However, Outlook now does support warning or blocking users from printing to PDF, as described next.

+For more information about exporting to PDF, see the announcement [Apply sensitivity labels to PDFs created with Office apps](https://insider.office.com/blog/apply-sensitivity-labels-to-pdfs-created-with-office-apps).

+For end user documentation, see [Create protected PDFs from Office files](https://support.microsoft.com/topic/aba7e367-e482-49e7-b746-a385e48d01e4) and [Which PDF readers are supported for protected PDFs?](/azure/information-protection/rms-client/protected-pdf-readers).

+- To support sensitivity labels for PDFs, you've [added support for PDFs in SharePoint](sensitivity-labels-sharepoint-onedrive-files.md#adding-support-for-pdf). To check this status, you can run `(Get-SPOTenant).EnableSensitivityLabelforPDF` from the [SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online) to confirm the value is set to **True**.

+Enabling this feature also results in SharePoint and OneDrive being able to process the contents of Office files and optionally, [PDF documents](sensitivity-labels-office-apps.md#pdf-support) that have been encrypted by using a sensitivity label. The label can be applied in Office for the web, or in Office desktop apps and uploaded or saved in SharePoint and OneDrive. Until you enable this feature, these services can't process encrypted files, which means that coauthoring, eDiscovery, data loss prevention, search, and other collaborative features won't work for these files.

+After you enable sensitivity labels for these files in SharePoint and OneDrive, for new and changed files that have a sensitivity label that applies encryption with a cloud-based key (and doesn't use [Double Key Encryption](double-key-encryption.md):

+- For Word, Excel, and PowerPoint files, and uploaded [PDF files](sensitivity-labels-office-apps.md#pdf-support), SharePoint and OneDrive recognize the label and can now process the contents of the encrypted file.

+### Adding support for PDF

+> [!NOTE]

+> This feature is in preview and subject to change.

+Not supported by default, and now rolling out in preview, you can enable support for PDFs for the following scenarios:

+- Applying a sensitivity label in Office on the web

+- Uploading a labeled document, and then extracting and displaying that sensitivity label

+- Search, eDiscovery, and data loss prevention

+- [Auto-labeling policies](apply-sensitivity-label-automatically.md#how-to-configure-auto-labeling-policies-for-sharepoint-onedrive-and-exchange) and [default sensitivity labels for SharePoint document libraries](sensitivity-labels-sharepoint-default-label.md)

+> [!IMPORTANT]

+> Be aware that enabling PDF support can increase the number of files that get automatically labeled with existing auto-labeling policies, which support a maximum of 25,000 files a day.

+To enable this PDF support, you have two options:

+- Turn on support from the Microsoft Purview compliance portal

+- Use the following PowerShell command

+To turn on support from the Microsoft Purview compliance portal, go to **Information protection** > **Auto-labeling**. If you see a message to turn on PDF support, select the **Turn on now** button. If you don't immediately see this message, try again in a few days, or use the PowerShell option.

+To enable PDF support by using PowerShell, use the [Set-SPOTenant](/powershell/module/sharepoint-online/set-spotenant) cmdlet with the *EnableSensitivityLabelforPDF* parameter:

+```PowerShell

+Set-SPOTenant -EnableSensitivityLabelforPDF $true

+```

+You might need to download the latest version of the SharePoint Online Management Shell for the PDF parameter. If you need more information about how to run the cmdlets, see the [section on this page to enable support for sensitivity labels](sensitivity-labels-sharepoint-onedrive-files.md#use-powershell-to-enable-support-for-sensitivity-labels).

+For Microsoft 365 Multi-Geo: Similarly to the instructions to run the PowerShell command to enable support for sensitivity labels, you must connect to each of your geo-locations, and then run the command to enable support for PDFs.

+ - Viva Engage

+|Viva Engage <br/> | `ipm.externaldata.yammer*` <br/> |

+- **In preview**: Now rolling out in preview, PDF support for auto-labeling policies, default sensitivity labels for SharePoint document libraries, and labeling activities in Office on the web that include manual labeling and displaying labeled documents, and encrypted PDFs that are now supported for DLP, eDiscovery, and search. You must [opt-in for this PDF support](sensitivity-labels-sharepoint-onedrive-files.md#adding-support-for-pdf).

+- **General availability (GA)**: Auto-labeling retention policies for [cloud attachments](apply-retention-labels-automatically.md#auto-apply-labels-to-cloud-attachments) that are shared via Exchange or Teams are now generally available. Cloud attachments shared via Viva Engage remain in preview.

+- **In preview**: Auto-labeling retention policies for [cloud attachments](apply-retention-labels-automatically.md#auto-apply-labels-to-cloud-attachments) that were already in preview now include attachments and links shared in Viva Engage.

+- **In preview**: Support for Azure Active Directory administrative unitsΓÇöfor both [data lifecycle managment](get-started-with-data-lifecycle-management.md#support-for-administrative-units) and [records management](get-started-with-records-management.md#support-for-administrative-units)ΓÇöis starting to roll out.

+- Clarification for audit log activities for [messages with reactions](/microsoft-365/compliance/audit-log-activities#viva-engage-activities) in Viva Engage.

+## Viva Engage

+Viva Engage is not a Multi-Geo workload. Viva Engage threads stored in Viva Engage will be placed in the _Tenant's_ central location. Viva Engage is rolling out a file storage change which will store Viva Engage files within SharePoint. Viva Engage files stored in SharePoint will be placed the SharePoint site associated with the Viva Engage group. SharePoint group sites are based on PDL logic as outlined in [SharePoint Sites and Groups](multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365.md#sharepoint-sites-and-groups).

+ - [Viva Engage](https://support.office.com/article/e1464355-1f97-49ac-b2aa-dd320b179dbe)

+ - [Viva Engage](https://support.office.com/article/e1464355-1f97-49ac-b2aa-dd320b179dbe)

+|**Enterprise Social** <br> (Viva Engage) | - [Use Viva Engage with Microsoft 365](https://support.office.com/article/Plan-for-yammer-integration-with-Office-365-4086681f-6de1-4d39-aa72-752b2af1cbd7) <br> - Use the [Viva Engage Enterprise setup guide](https://aka.ms/yammerdeploy) to get customized setup guidance |

+ Learn how Contoso quickly configured an offensive language policy for Microsoft Teams, Exchange, and Viva Engage communications.

+| `YAMMER_ENTERPRISE` <br/> |Viva Engage <br/> |

+**Example 4a:** For a _Tenant_ with the sign-up country as "Sweden" that has a new subscription that includes Microsoft Viva Engage, then the customer data for Viva Engage will be provisioned into the _Macro Region Geography 1 - EMEA_. Why? Because Viva Engage is deployed in _Macro Region Geography 1 - EMEA_ and Swedish _Tenants_ are best served out of that _Geography_.

+**Example 4b:** For a _Tenant_ with the sign-up country as "Sweden" that has a subscription that includes Microsoft Viva Engage from before Viva Engage was deployed to _Macro Regional Geography 1 - EMEA_, then the customer data for Viva Engage will be located in _Macro Region Geography 3 - Americas_. Why? Because, at that time, Viva Engage only had a single deployment for all customers in _Macro Region Geography 3 - Americas_.

+### Viva Engage

+Please refer to [Data Residency - Viva Engage | Microsoft Learn](/viva/engage/manage-security-and-compliance/data-residency).

+## Viva Engage collaboration options

+|Viva Engage - Collaboration through an enterprise social medium | Unless the ability to create external groups is disabled by a Viva Engage admin, users can create external groups to collaborate in Viva Engage through conversations, the ability to like and follow posts, share files, and chat online. | [Create and manage external groups in Viva Engage](https://support.office.com/article/9ccd15ce-0efc-4dc1-81bc-4a424ab6f92a)|

+Microsoft 365 Live Events traffic (this includes attendees to Teams-produced live events and those produced with an external encoder via Teams, Stream, or Viva Engage) and on-demand Stream traffic is currently categorized as **Default** versus **Optimize** in the [URL/IP list for the service](urls-and-ip-address-ranges.md). These endpoints are categorized as **Default** because they're hosted on CDNs that may also be used by other services. Customers generally prefer to proxy this type of traffic and apply any security elements normally done on endpoints such as these.

+Use the following steps to enable direct connectivity for the Stream/Live Events service from clients using a forced tunnel VPN. This solution is intended to provide customers with an option to avoid routing Live Events traffic over VPN while there's high network traffic due to work-from-home scenarios. If possible, it's advised to access the service through an inspecting proxy.

+FQDNs aren't required in the VPN configuration, they're purely for use in PAC files in combination with the IPs to send the relevant traffic direct.

+For organizations that utilize a PAC file to route traffic through a proxy while on VPN, this is normally achieved using FQDNs. However, with Stream/Live Events, the host names provided contain wildcards such as **\*.azureedge.net**, which also encompasses other elements for which it isn't possible to provide full IP listings. Thus, if the request is sent direct based on DNS wildcard match alone, traffic to these endpoints will be blocked as there's no route via the direct path for it in [Step 3](#3-configure-routing-on-the-vpn-to-enable-direct-egress) later in this article.

+For Azure CDN from Microsoft, you can download the list from [Download Azure IP Ranges and Service Tags ΓÇô Public Cloud from Official Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56519) - you'll need to look specifically for the service tag *AzureFrontdoor.Frontend* in the JSON; *addressPrefixes* will show the IPv4/IPv6 subnets. Over time the IPs can change, but the service tag list is always updated before they're put in use.

+For Azure CDN from Verizon (Edgecast) you can find an exhaustive list using [Edge Nodes - List](/rest/api/cdn/edge-nodes/list) (select **Try It** ) - you'll need to look specifically for the **Premium\_Verizon** section. Note that this API shows all Edgecast IPs (origin and Anycast). Currently there isn't a mechanism for the API to distinguish between origin and Anycast.

+No, this will send the latency-sensitive streaming traffic for a Live Event or Stream video direct, any other traffic will continue to use the VPN tunnel if they don't resolve to the IPs published.

+It doesn't, the advice above is purely for those consuming the service. Presenting from within Teams will see the presenter's traffic flowing to the Optimize marked UDP endpoints listed in URL/IP service row 11 with detailed VPN offload advice outlined in the [Implement VPN split tunneling](microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) section of [Implementing VPN split tunneling for Microsoft 365](microsoft-365-vpn-implement-split-tunnel.md).

+Yes, due to shared FQDNs used for some elements of the service, this is unavoidable. This traffic is normally sent via a corporate proxy which can apply inspection. In a VPN split tunnel scenario, using both the FQDNs and IPs will scope this risk down to a minimum, but it will still exist. Customers can remove the **\*.azureedge.net** domain from the offload configuration and reduce this risk to a bare minimum but this will remove the offload of Stream-supported Live Events (Teams-scheduled, external encoder events, Viva Engage events produced in Teams, Viva Engage-scheduled external encoder events, and Stream scheduled events or on-demand viewing from Stream). Events scheduled and produced in Teams are unaffected.

+- Viva Engage [Data Location](m365-dr-workload-other.md#viva-engage)

+|Viva Engage with Microsoft 365 Sign-In <br/> |Lifetime of the browser. If users close the browser and access Viva Engage in a new browser, Viva Engage will re-authenticate them with Microsoft 365. If users use third-party browsers that cache cookies, they may not need to re-authenticate when they reopen the browser. <br/> > [!NOTE]> This is valid only for networks using Microsoft 365 Sign-In for Viva Engage. |

+|[Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2223416)|[Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2224465)|eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. The **Microsoft Purview eDiscovery solutions setup guide** assists in the use of eDiscovery tools in Microsoft Purview that allow you to search for content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Viva Engage communities.|

+|[Viva Engage deployment advisor](https://go.microsoft.com/fwlink/?linkid=2223165)|[Viva Engage deployment advisor](https://go.microsoft.com/fwlink/?linkid=2224694)|Connect and engage across your organization with Viva Engage. The **Viva Engage deployment advisor** prepares your Viva Engage network by adding domains, defining admins, and combining Viva Engage networks. You'll get guidance to deploy Viva Engage and then customize the look, configure security and compliance, and refine the settings.|

+> For recommendations on Viva Engage IP addresses and URLs, see [Using hard-coded IP addresses for Viva Engage is not recommended](https://techcommunity.microsoft.com/t5/yammer-Blog/Using-hard-coded-IP-addresses-for-yammer-is-not-recommended/ba-p/276592) on the Viva Engage blog.

+| `YAMMER_ENTERPRISE` <br/> |Viva Engage <br/> |

+You can view the health of your Microsoft services, including Office on the web, Viva Engage, Microsoft Dynamics CRM, and mobile device management cloud services, on the **Service health** page in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339). If you are experiencing problems with a cloud service, you can check the service health to determine whether this is a known issue with a resolution in progress before you call support or spend time troubleshooting.

+>[!IMPORTANT]

+>The ability to edit your frontline team settings is coming soon.

+Engage with communities in Viva Engage, which brings the power of Viva Engage into Teams. Communities in Viva Engage serve the needs of knowledge-sharing, employee experience, company-wide communications, and leadership engagement by providing a central place for your conversations, files, events, and updates. Associates can raise issues, provide feedback, and ask and answer questions in Viva Engage Communities. Hold live events and town halls to keep everyone in your organization in the loop.

+You can help your frontline team overcome these challenges and feel supported in your organization by using [Viva Connections](#connect-frontline-workers-to-your-broader-organization-with-viva-connections), [Viva Engage](#create-communities-with-viva-engage), [Praise](#boost-morale-with-praise), [SharePoint, and Microsoft Stream](#support-engagement-with-sharepoint-and-microsoft-stream).

+|Feed |The Feed aggregates content from Viva Engage, SharePoint news, and Stream to display a personalized news stream. |Content in the Feed gets automatically aggregated based on sites and Viva Engage communities that the user follows. Content can be prioritized to display more prominently in the Feed. Use audience targeting to display content to specific audiences. |

+There are several ways to use Viva Connections to communicate with your workforce. Viva Connections features a [Feed where news, content from Viva Engage, and videos are aggregated and displayed](/viva/connections/viva-connections-overview#viva-connections-feed) in a personalized view based on the sites and communities that the viewer follows. The [Dashboard](/viva/connections/create-dashboard) can also be used to highlight certain cards that link to important news sources.

+- **On the Dashboard**: Use a [web link card](/viva/connections/create-dashboard#add-a-web-link-card) to make it easy to link to feedback channels such as [Microsoft Forms](https://support.microsoft.com/office/create-a-form-with-microsoft-forms-4ffb64cc-7d5d-402f-b82e-b1d49418fd9d) and [Viva Engage communities](https://support.microsoft.com/office/join-and-create-a-community-in-yammer-56aaf591-1fbc-4160-ba26-0c4723c23fd6). You can also [integrate third-party solutions into the Dashboard](https://cloudpartners.transform.microsoft.com/resources/viva-app-integration).

+## Create communities with Viva Engage

+Viva Engage is an internal social network that gives members of your organization opportunities to connect with each other. You can create communities where members of your organization can post messages and communicate. Having a variety of communities that span both frontline and non-frontline teams helps your on-the-ground workforce connect to each other and the broader organization. Communities can be based on:

+Members of your leadership or management team can host live events on Viva Engage where employees can engage and ask questions in real time over chat. Your communications and management teams can use live events to share announcements, host morale events, and more.

+> Only users with an E3 or E5 license can host live events, but users with F licenses can join them. [Learn more about who can host and join live events in Viva Engage](/viva/engage/manage-viva-engage-groups/viva-engage-live-events).

+[Learn more about Viva Engage](https://support.microsoft.com/office/what-is-yammer-1b0f3b3e-89ee-4b66-aac5-30def12f287c).

+|Office apps| <ul><li>Identify files that are stored on users' local computers and help users move them to their OneDrive.</li><li>Keep in mind that Office desktop apps will go into reduced functionality mode after changing to an F plan. Be prepared to uninstall Office desktop apps after the switch.</li></ul>| Users:</br> <ul><li>Sign in to [office.com](https://www.office.com) to access Office for the web.</li><li>[Install and use Office mobile apps](https://support.microsoft.com/office/set-up-office-apps-and-email-on-a-mobile-device-7dabb6cb-0046-40b6-81fe-767e0b1f014f) (if not already).</li><li>Users can also directly collaborate on documents from SharePoint document libraries, OneDrive, Teams, and Viva Engage.</li></ul>Admins:<ul><li>Uninstall Office desktop apps from users' computers.</li></ul> |

+|<ul><li>Email</li><li>Department or store managers</li><li>Champions</li><li>Teams and channels</li><li>Viva Engage communities</li></ul> |<ul><li>Microsoft online help, training, and video resources</li><li>In-house training</li></ul>|<ul><li>In-house helpdesk</li><li>Self-serve intranet site</li><li>Microsoft online help, training, and video resources</li><li>Floor walkers and champions</li></ul> |

+Here are some links to set up, help, and learning resources that you can share with your frontline workers for training and support.

+|Viva Engage|Γ£ö|Γ£ö|Planned|Planned|N/A|

+|Viva Engage|Planned|Planned|Planned|Planned|N/A|

+|Viva Engage|Γ£ö|Γ£ö|Γ£ö|Γ£ö|N/A|

+|Viva Engage|Γ£ö|Γ£ö|N/A|Planned|N/A|

+<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.-->

+## Exchange Online

+## SharePoint Online and OneDrive for Business

+## Skype for Business Online and Microsoft Teams

+## Microsoft 365 Common and Office Online

+117 | Default<BR>Optional<BR>**Notes:** Viva Engage | No | `*.yammer.com, *.yammerusercontent.com` | **TCP:** 443

+118 | Default<BR>Optional<BR>**Notes:** Viva Engage CDN | No | `*.assets-yammer.com` | **TCP:** 443

+>

+> To see which new features are currently available in your partner tenant, go to the **Home** page of Microsoft 365 Lighthouse, and then either select the **What's new** link in the upper-right corner of the page or select **What's new** on the **What's new & learning resources** card.

+## June 2023

+### Deployment task for managing Windows updates

+You can now deploy Windows update deployment policies to ensure customer tenant devices have the latest security patches, bug fixes, and performance improvements. You'll also gain insight into which tenants are missing the Windows update deployment policies, which tenants are in the process of implementing the policies, and which ones have successfully implemented the policies.

+To learn more, see [Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations](m365-lighthouse-deploy-standard-tenant-configurations-overview.md).

+### Access to admin centers from Lighthouse

+We've added admin center links to Microsoft 365 Lighthouse so you can more efficiently manage your customers. The admin center links let you to go directly from Lighthouse to the applicable admin center for the selected customer tenant.

+You can access the admin center links from the **Tenants** page or by using the **Tenants** filter that's available throughout Lighthouse. On the **Tenants** page, select the three dots (more actions) next to the customer tenant whose services you want to manage, and then select **Manage services** to open the list of admin center links. To use the **Tenants** filter, open the filter, search for the customer tenant whose services you want to manage, and then select the **>** symbol next to the tenant name to open the list of admin center links.

+To learn more, see [Overview of the Tenants page in Microsoft 365 Lighthouse](m365-lighthouse-tenants-page-overview.md).

+### "What's new" is now customized for your tenant

+Since new features are rolled out gradually across Microsoft 365 Lighthouse partners, we've changed our "What's new" notifications to let you know when new features are available in your partner tenant.

+To see which new features are available in your partner tenant, go to the **Home** page of Lighthouse, and then either select the **What's new** link in the upper-right corner of the page or select **What's new** on the **What's new & learning resources** card.

+For a complete list of the latest features in Lighthouse, which may or may not yet be available in your partner tenant, refer to the list in this article.

+### Risky users for all tenants

+The **Risky users** page has been updated to show risky user information for all your onboarded customer tenants, even if the customer tenants don't have Azure Active Directory Premium P1 or above. For example, if a tenant only has a license for Microsoft Defender for Business or Windows 365 Business, you'll still be able to view the user accounts that have been flagged for risky behavior in that tenant.

+To see this updated functionality, in the left navigation pane in Microsoft 365 Lighthouse, select **Users** > **Risky users**.

+[Go to the Risky users page now](https://lighthouse.microsoft.com/#view/Microsoft_Intune_MTM/RiskyUsers.ReactView)

+To learn more, see [View and manage risky users in Microsoft 365 Lighthouse](m365-lighthouse-view-manage-risky-users.md).

+### Detailed user metrics

+You can now view detailed metrics of all your managed user accounts by going to **Users** > **Account management** > **User metrics**. You can see how many users, licensed users, guest users, Global Administrators, inactive users, and unblocked shared mailboxes you have across your customer tenants. This data can help you more efficiently and more effectively manage user accounts to maintain the health of your customer tenants.

+From the **User metrics** page, you can also quickly access the Microsoft 365 admin center, where you can view comprehensive user information and take additional actions.

+To learn more, see [Overview of the Users page in Microsoft 365 Lighthouse](m365-lighthouse-users-page-overview.md).

+

+Following is synchronized between Microsoft Feed and Viva Engage. Following features in Microsoft Feed are only available to users who have a Viva Engage license. If users donΓÇÖt have a Viva Engage license, the My network page is not available, and the users canΓÇÖt follow others from Microsoft Feed.

+| Android | 1. On the device, go to the Google Play store.<br/><br/>2. If you haven't already done so, download and install the Microsoft Authenticator app. Sign in, and register your device in the Microsoft Authenticator app. <br/><br/>3. In the Google Play store, search for the Microsoft Defender app. <br/><br/>4. On the app page, scroll down and select **Join the beta** > **Join**.<br/><br/>5. Wait for the process to complete. It might take a few hours for the process of joining the beta program to complete. You'll see text that says, "Joining the beta..."<br/><br/>6. After you've enrolled into the beta, verify that the beta version of the app looks like `1.0.xxxx.0201`, and then install the app.<br/><br/>7. Open the app, sign in, and complete the onboarding process. |

+| [Practical guide to security using Microsoft 365 Business (Basic, Standard, and Premium)](https://aka.ms/smbsecurityguide) | This Word document summarizes Microsoft's recommendations for enabling employees at small and medium-sized businesses to securely work from anywhere- whether from home, in the office or on the go, using the features included in Microsoft 365 Business Premium. |

+3. Go to the Battery Optimization section, tap on the "Turn Off" button, and then click on "Allow" to turn Battery Optimization off for the Company Portal.

+4. Again, go to the Battery Optimization section and tap on the "Turn On" button. The battery saver section opens.

+6. Select "No Restriction". Go back to the Defender app in work profile and tap on "Allow" button.

+> You can use the Microsoft Defender for Endpoint app along with the Approved Client app and Compliant Device (Require device to be marked as compliant) controls in Azure AD Conditional Access policies. There's no exclusion required for the Microsoft Defender for Endpoint app while setting up Conditional Access. Although Microsoft Defender for Endpoint on Android & iOS (App ID - dd47d17a-3194-4d86-bfd5-c6ae6f5651e3) isn't an approved app, it is able to report device security posture in both these grant permissions. However, internally Defender requests **MSGraph/User.read** scope and **Intune Tunnel** scope (in case of Defender+Tunnel scenarios). So these scopes must be excluded*. To exclude MSGraph/User.read scope, any one cloud app can be excluded. To exclude Tunnel scope, you need to exclude 'Microsoft Tunnel Gateway'.These permission and exclusions enables the flow for compliance information to Conditional Access.

+*Please note that applying a Conditional Access policy to All Cloud Apps could inadvertently block user access in some cases, so it's not recommended. Read more about [Conditional Access policies on Cloud Apps](/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#all-cloud-apps)

+This article describes exclusions for Windows Server 2016 and later. Because Microsoft Defender Antivirus is built into Windows Server 2016 and later, exclusions for operating system files and server roles happen automatically. If necessary, you can define custom exclusions or opt out of automatic exclusions.

+For a more detailed overview of exclusions, see [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md).

+## A few important points about exclusions on Windows Server

+On Windows Server 2016 or later, you shouldn't need to define the following exclusions for Microsoft Defender Antivirus:

+Because Microsoft Defender Antivirus is built into Windows Server 2016 and later, it doesn't require exclusions for operating system files. In addition, when you install a role on Windows Server 2016 or later, Microsoft Defender Antivirus includes automatic exclusions for the server role and any files that are added while installing the role.

+| [Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md) <br/>[Defender for Endpoint Plan 1 or Plan 2](defender-endpoint-plan-1-2.md) | - [Automatic exclusions](#automatic-exclusions) (for Windows Server 2016 and later)<br/>- [Custom exclusions](#custom-exclusions), such as process-based exclusions, folder location-based exclusions, file extension exclusions, or contextual file and folder exclusions<br/>- [Custom remediation actions](#custom-remediation-actions) based on threat severity or for specific threats<br/><br/>*The standalone versions of Defender for Endpoint Plan 1 and Plan 2 don't include server licenses. To onboard servers, you'll need another license, such as Microsoft Defender for Endpoint for Servers or [Microsoft Defender for Servers Plan 1 or 2](/azure/defender-for-cloud/defender-for-servers-introduction). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).*<br/><br/>*If you're a small or medium-sized business using [Microsoft Defender for Business](../defender-business/mdb-overview.md), you can get [Microsoft Defender for Business servers](../defender-business/get-defender-business.md#how-to-get-microsoft-defender-for-business-servers).* |

+> - **Mixed-mode settings apply to client endpoints only**. Tagging server devices won't change their subscription state. All server devices running Windows Server or Linux should have appropriate licenses, such as [Defender for Servers](/azure/defender-for-cloud/plan-defender-for-servers-select-plan). See [Options for onboarding servers](defender-endpoint-plan-1-2.md#options-for-onboarding-servers).

+2. Go to **Settings** > **Endpoints** > **Licenses**. Your usage report opens and displays information about your organization's Defender for Endpoint licenses.

+You've already completed steps to set up your Microsoft Defender for Endpoint deployment and assigned roles and permissions for Defender for Endpoint. Next, plan for onboarding your devices by identifying your architecture and choosing your deployment method.

+- Sense (MsSense.exe): **10.8210.** \*+

+Property|Data type|Description

+|recommendedValue|Array [String]|Array of the recommended value for each source returned in the 'source' property array (values returned in the same order as the source property array).

+As threat actors continuously scan the web to detect exposed devices they can exploit to gain a foothold in internal corporate networks, mapping your organization's external attack surface is a key part of your security posture management. Devices that can be connected to or are approachable from the outside pose a threat to your organization.

+| extend InternetFacingInfo = AdditionalFields

+This query returns the following fields for each internet-facing device with their aggregated evidence in the "AdditionalFields" column.

+// DeviceId - the device ID that you want to investigate.

+InboundExternalNetworkEvents("<DeviceId>")

+The file page offers an overview of the file's details and attributes, the incidents and alerts where the file is seen, file names used, the number of devices where the file was seen in the last 30 days, including the dates when the file was first and last seen in the organization, Virus Total detection ratio, Microsoft Defender Antivirus detection, the number of cloud apps connected to the file, and the file's prevalence in devices outside of the organization.

+This section shows all the cloud applications where the file is observed. It also includes information like the file's names, the users associated with the app, the number of matches to a specific cloud app policy, associated apps' names, when the file was last modified, and the file's path.

+The File content tab lists information about portable executable (PE) files, including process writes, process creation, network activities, file writes, file deletes, registry reads, registry writes, strings, imports, and exports. This tab also lists all the file's capabilities.

+The file capabilities view lists a file's activities as mapped to the MITRE ATT&CKΓäó techniques.

+ - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** \> **App configuration policies** \> **Add** \> **Managed devices**.

+ - Give the policy a name, **Platform \> iOS/iPadOS**.

+ - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** \> **App configuration policies** \> **Add** \> **Managed apps**.

+1. In the Microsoft Intune admin center, navigate to **Apps** \> **App configuration policies** \> **Add** \> **Managed devices**.

+1. In the Microsoft Intune admin center, navigate to **Apps** \> **App configuration policies** \> **Add** \> **Managed apps** \> **Create a new App configuration policy**.

+ - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** \> **App configuration policies** \> **Add** \> **Managed devices**.

+ - Give the policy a name, **Platform \> iOS/iPadOS**, select the profile type.

+ - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** \> **App configuration policies** \> **Add** \> **Managed apps**.

+ - However, for Unsupervised devices, the control will be displayed under the **Settings \> Privacy**.

+ - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** \> **App configuration policies** \> **Add** \> **Managed devices**.

+ - Give the policy a name, select **Platform \> iOS/iPadOS**.

+1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** \> **Compliance policies** \> **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.

+1. To enable the feature in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** \> **Microsoft Defender for Endpoint** \> **Enable App sync for iOS/iPadOS devices**.

+1. To enable the feature in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** \> **Microsoft Defender for Endpoint** \> **Enable App sync for iOS/iPadOS devices**.

+ - Go to **Apps** \> **App configuration policies** \> **Add** \> **Managed devices**.

+ - Give the policy a name, **Platform** \> **iOS/iPadOS**.

+> If you're using SSL inspection solution within your iOS device, please allow list these domain names **securitycenter.windows.com** (in commercial environment) and **securitycenter.windows.us** (in GCC environment) for TVM feature to work.

+1. In the Microsoft Intune admin center, navigate to Apps \> App configuration policies \> Add \> Managed devices.

+1. Give the policy a name, select Platform \> iOS/iPadOS

+1. Select Microsoft Defender for Endpoint as the target app.

+1. In Settings page, select Use configuration designer and add **DisableSignOut** as the key and value type as **String**.

+1. In the Microsoft Intune admin center, navigate to Apps \> App configuration policies \> Add \> Managed apps.

+1. Under the Select Public Apps, choose Microsoft Defender for Endpoint as the target app.

+1. In Settings page, add **DisableSignOut** as the key and value as **true**, under the General Configuration Settings.

+1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** \> **App configuration policies** \> **Add** \> **Managed devices**.

+1. Give the policy a name, and select **Platform \> iOS/iPadOS** as the profile type.

+ - For users with key set as `true`, there will be an option to send Feedback data to Microsoft within the app (**Menu** \> **Help & Feedback** \> **Send Feedback to Microsoft**).

+|**Comments**|Configured filesystem will be unmonitored only if it is present in Microsoft's list of permitted unmonitored filesystems.|

+Before you get started with Removable Storage Access Control, you must confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=3). To access and use Removable Storage Access Control, you must have Microsoft 365 E3.

+Now, you have 'groups' and 'rules' and 'settings', replace the mobileconfig file with those values and put it under the Device Control node, here is the demo file: [mdatp-devicecontrol/demo.mobileconfig at main - microsoft/mdatp-devicecontrol (github.com)](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/macOS/mobileconfig/demo.mobileconfig). Make sure validate your policy with the JSON schema to make sure your policy format is correct: [mdatp-devicecontrol/device_control_policy_schema.json at main - microsoft/mdatp-devicecontrol (github.com)](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/macOS/policy/device_control_policy_schema.json).

+- select 'Create profile'

+- select 'Templates' and 'Custom'

+Before you get started with Removable Storage Access Control, you must confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=3). To access and use Removable Storage Access Control, you must have Microsoft 365 E3.

+Now, you have 'groups' and 'rules' and 'settings', combine 'settings' and 'groups' and rules into one JSON, here is the demo file: [mdatp-devicecontrol/deny_removable_media_except_kingston.json at main - microsoft/mdatp-devicecontrol (github.com)](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/macOS/policy/examples/deny_removable_media_except_kingston.json). Make sure to validate your policy with the JSON schema so your policy format is correct: [mdatp-devicecontrol/device_control_policy_schema.json at main - microsoft/mdatp-devicecontrol (github.com)](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/macOS/policy/device_control_policy_schema.json).

+The [MDE Preferences schema](https://github.com/microsoft/mdatp-xplat/blob/master/macos/schemE Preferences configuration profile should be updated to use the new schema file's content.

+A new 'Device Control' property will now be available to add to the UX.

+- Global setting called 'settings' allows you to define the global environment.

+- Group called 'groups' allows you to create media groups. For example, authorized USB group or encrypted USB group.

+- Access policy rule called 'rules' allows you to create policy to restrict each group. For example, only allow authorized user to Write access-authorized USB group.

+> We recommend you use the examples on the GitHub to understand the properties: [mdatp-devicecontrol/Removable Storage Access Control Samples/macOS/policy at main - microsoft/mdatp-devicecontrol (github.com)](https://github.com/microsoft/mdatp-devicecontrol/tree/main/Removable%20Storage%20Access%20Control%20Samples/macOS/policy). You can also use the scripts at [mdatp-devicecontrol/Removable Storage Access Control Samples/macOS/policy/scripts at main - microsoft/mdatp-devicecontrol (github.com)](https://github.com/microsoft/mdatp-devicecontrol/tree/main/Removable%20Storage%20Access%20Control%20Samples/macOS/policy/scripts) to translate Windows Device Control policy to macOS Device Control policy or translate macOS Device Control V1 policy to this V2 policy.

+| `$type` | The kind of group | "device" |

+| `vendorId` | 4 digit hexadecimal string | Matches a device's vendor ID |

+| `productId` | 4 digit hexadecimal string | Matches a device's product ID |

+| `serialNumber` | string | Matches a device's serial number. Doesn't match if the device doesn't have a serial number. |

+The following table lists the properties you can use in your entry:

+The following table lists the properties you can use in entry:

+|entry $type | 'access' values [string] | Generic Access | Description |

+-1. Combine those groups into one 'groups'

+Create access policy rule and put into 'rules':

+In this case, only have one access rule policy, but if you have multiple, make sure to add all into 'rules'.

+health_issues: ["missing license"]\

+**Windows version** </br> | Filter by the Windows versions you're interested in investigating. If 'future version' appears in the Windows version field, it can mean:</br></br> - This is a pre-release build for a future Windows release</br> - The build has no version name</br> - The build version name is not yet supported </br></br> In all these scenarios, where available, the full OS version can be seen in the device details page.</br></br> (_Computers and mobile only_)

+> To enable the **Allow installation of devices using drivers that match these device setup classes**, **Allow installation of devices that match any of these device IDs**, and **Allow installation of devices that match any of these device instance IDs** policy settings to supersede this policy setting for applicable devices, enable the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting. Also, the allow policy won't take precedence if the **Block Removable Storage** option is selected in Device Control.

+ The "High-impact threats" table lists the threats that have had the highest impact to the organization. This section ranks threats by the number of devices that have active alerts. See [Track and respond to emerging threats through threat analytics](threat-analytics.md#view-the-threat-analytics-dashboard).

+

+

+

+It's important to note that performance mode can run only on Dev Drive. Additionally, Real-time protection ("On") is required for performance mode to function. Enabling this feature on a Dev Drive doesn't change standard Real-time protection running on volumes having operating systems or other volumes formatted FAT32 or NTFS.

+By default, to give the best possible performance, creating a Dev Drive automatically grants trust in the new volume. A _trusted_ Dev Drive volume causes real-time protection to run in a special _asynchronous_ "performance mode" for that volume. Running performance mode provides a balance between threat protection and performance. The balance is achieved by deferring security scans until after the _open file_ operation has completed, instead of performing the security scan synchronously while the file operation is being processed. This mode of performing security scans inherently provides faster performance, but with less protection. However, enabling performance mode provides significantly better protection than other _performance tuning_ methods such as using folder exclusions, which block security scans altogether.

+#### IP stack

+IPv4 (Internet Protocol Version 4) stack must be enabled on devices for communication to the Defender for Endpoint cloud service to work as expected.

+Alternatively, if you must use an IPv6-only configuration, consider adding dynamic IPv6/IPv4 transitional mechanisms, such as DNS64/NAT64 to ensure end-to-end IPv6 connectivity to Microsoft 365 without any other network reconfiguration.

+- Platform: **4.18.2303.8**

+- Increased file hash support

+- Added support to protect registry keys against parent keys abuse

+- Improved tamper protection of registry keys against parent keys abuse

+- Improved log handling for DLP and Device Control

+- Improved performance on developer drives

+- Fixed threat DefaultAction outputs in Get-MpPreference

+- Improved Defender performance during file copy operations for .NET applications

+- Fixed [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management) app block warn feature

+- Added opt-in feature to allow users seeing exclusions

+- Fixed [ASR](overview-attack-surface-reduction.md) warn policy

+- Increased maximum size for quarantine archive file to 4 GB

+- Improvements to threat remediation logic

+- Improved [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) hardening for temporary exclusions

+- Fixed time zone calculation in [Defender PowerShell](/powershell/module/defender) module

+- Fixed merging logic for exclusions in Defender PowerShell module

+- None

+- None

+- Security intelligence update version: **1.381.144.0**

+- Platform: **4.18.2211.5**

+- None

+- Improved hang detection in antivirus engine

+- Improved [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) capability

+- Changed threat & vulnerability management (TVM)-warn and TVM-block action to block to resolve Intune's report

+- Removed Clean Action from Intune policy for `ThreadSeverityDefaultAction`

+- Added randomize scheduled task times configuration to Intune policy

+- Added manageability for `DisableSMTPParsing` network protection

+- Added improvement for behavior monitoring

+- Normalized date format for event 1151 for Windows Defender

+- Fixed a deadlock related to updating `\device\cdrom*` exclusions upon mounting a cdrom drive under certain conditions

+- Improved PID information for threat detection

+- None

+- Improved certificate handling of OSX

+- Some customers might have received platform updates 4.18.2209.2 from preview. It can cause the service to get stuck at the start state after the update.

+- Performance improvement for [hybrid sleep](/windows-hardware/customize/power-settings/sleep-settings-hybrid-sleep) delay when Microsoft Defender Antivirus is active

+- Fixed client detection behavior related to custom [certificate blocking indicators of compromise](indicator-certificates.md)

+- Performance improvement for [AntiMalware Scan Interface (AMSI)](/windows/win32/amsi/antimalware-scan-interface-portal) caching

+- Improved detection and remediation for [Microsoft Visual Basic for Applications](/office/vba/language/concepts/getting-started/64-bit-visual-basic-for-applications-overview) (VBA) related macros

+- Improved processing of AMSI exclusions

+- Fixed deadlock detection in Host Intrusion Prevention System (HIPS) rule processing. (For more information about HIPS and Defender for Endpoint, see [Migrating from a third-party HIPS to ASR rules](migrating-asr-rules.md).)

+- Fixed memory leak where `MsMpEng.exe` was consuming private bytes. (If high CPU usage is also an issue, see [High CPU usage due to Microsoft Defender Antivirus](troubleshooting-mode-scenarios.md))

+- Fixed deadlock with [behavior monitoring](configure-real-time-protection-microsoft-defender-antivirus.md)

+- Improved trust validation

+- Fixed engine crash issue on legacy operating platforms

+- Performance Analyzer v3 updates: Added top path support, scan skip information, and OnDemand scan support. See [Performance analyzer for Microsoft Defender Antivirus](tune-performance-defender-antivirus.md).

+- Added improvements for [troubleshooting mode](enable-troubleshooting-mode.md)

+- Added fix for [Defender WMI management](use-wmi-microsoft-defender-antivirus.md) bug during startup/updates

+- Added fix for duplicated 2010/2011 in the [Windows Event Viewer Operational events](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus/)

+- Added support for [Defender for Endpoint](microsoft-defender-endpoint.md) stack processes token hardening

+- Added fix for ETW channel configuration for updates

+- Added support for contextual exclusions allowing more specific exclusion targeting

+- Added fix for an [attack surface reduction rule](attack-surface-reduction.md) that blocked an Outlook add-in

+- Added fix for [behavior monitoring](configure-protection-features-microsoft-defender-antivirus.md) performance issue related to short live processes

+- Added fix for [AMSI](/windows/win32/amsi/antimalware-scan-interface-portal) exclusion

+- Improved [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) capabilities

+- Improved traffic output when SmartScreen service is unreachable

+- Fixed VDI device update bug for network FileShares

+- Added supportability and bug fixes to performance analyzer for Microsoft Defender Antivirus tool. For more information, see [Performance analyzer for Microsoft Defender Antivirus](tune-performance-defender-antivirus.md).

+|[Attack Surface Reduction](attack-surface-reduction.md)|||||

+Tampering is the general term used to describe attackers attempts to impair the effectiveness of Microsoft Defender for Endpoint. The ultimate goal of attackers isn't to affect just one device, but rather to achieve their objective such as launching a ransomware attack. As such, the anti-tampering capabilities of Microsoft Defender for Endpoint extend beyond preventing tampering of a single device to detecting attacks and minimizing their impact.

+The foundation for defending against tampering is following a [Zero Trust](/windows/security/zero-trust-windows-device-health) model.

+- [Onboard devices to Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-configure).

+- Make sure [security intelligence and antivirus updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates) are installed.

+> On Windows devices, Microsoft Defender Antivirus can be managed by using Group Policy, Windows Management Instrumentation (WMI), and PowerShell cmdlets. However, those methods are more susceptible to tampering than by using Microsoft Intune, Configuration Manager, or Microsoft Defender for Endpoint Security Configuration Management.

+You can view health status for [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health) health and [sensors](/microsoft-365/security/defender-endpoint/device-health-sensor-health-os) in the [device health reports in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/device-health-reports).

+The blocklist is updated with each new major release of Windows, typically 1-2 times per year. Microsoft will occasionally publish future updates through regular Windows servicing. With Windows 11 2022 update, the vulnerable driver blocklist is enabled by default for all devices, but requires either memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode to be active.

+For devices that don't meet those requirements, this list of drivers can be blocked by using Windows Defender Application Control policy.

+- The device is managed by Intune; and

+## Detecting potential tampering activity in the Microsoft 365 Defender portal

+- Tampering with Microsoft Defender for Endpoint sensor settings

+Devices included in exceptions won't be assessed for the specified configurations in the baseline profiles. This means it won't affect an organization's metrics and score, and it can help provide organizations with a clearer view of their compliance.

+To realize the benefits of Microsoft Defender Experts for XDR, you and your security operations center (SOC) team must take note of the following considerations to ensure timely incident remediation, improve your organization's security posture, and protect your organization from threats.

+- Viva Engage

+If a query requires arguments, provide them using the following syntax: *function_name(parameter 1, parameter 2, ...)*

+> Functions can't be used inside another function.

+> Once a function is in use in a saved query or a detection rule, you can't edit the function to expand its scope. For example, if you saved a function that queries identity tables, and this function is used in a detection rule, you can't edit the function to include a device table after the fact. To do that, you can save a new function. Product scoping can be narrowed for the same function but not extended.

+|`SensorHealthState` | `string` | Indicates health of the device's EDR sensor, if onboarded to Microsoft Defender For Endpoint |

+- You've identified the alerts associated with password spray attempts as malicious (TP) or false positive (FP) activities.

+ - **Inspect the impacted account's activities that occur within a short time span on multiple platforms and apps.** Audit events to check the timeline of activities, like contrasting the user's time spent reading or sending email followed by allocating resources to the user's account or other accounts.

+| where ActivityObject.Role == "Target object"

+5. Configure blocking based on the sender's IP address and domains if the artifacts are related to email.

+[Audit (Standard)](/microsoft-365/compliance/audit-solutions-overview) is turned on by default for all Microsoft Defender Experts for XDR customers when paid licenses are assigned to the tenant. If you have a trial license, work with your service delivery manager to turn on Audit if it isn't yet.

+Defender Experts for XDR is a managed extended detection and response service that proactively hunts for threats across endpoints, email, identity, and cloud apps. To carry out hunting on your behalf, Microsoft experts need access to your Microsoft 365 Defender advanced hunting data. Purchasing this service means you're granting permission to Microsoft experts to access the said data.

+The following sections enumerate additional information about the service's data usage, compliance, and availability. For more information about Microsoft's commitment in valuing and protecting your data, visit the [Trust Center](https://www.microsoft.com/en-us/trust-center/product-overview) then scroll down to **Additional products and services** > **Managed Security Services** > **[Microsoft Defender Experts](https://aka.ms/trustcenter-defenderexperts)**.

+You can also manage custom detections that apply to data from specific Microsoft 365 Defender solutions if you have permissions for them. If you only have manage permissions for Microsoft Defender for Office 365, for instance, you can create custom detections using `Email` tables but not `Identity` tables.

+> [!NOTE]

+> To manage custom detections, **security operators** will need the **manage security settings** permission in Microsoft Defender for Endpoint if RBAC is turned on.

+> A user also needs to have the appropriate permissions for the devices in the [device scope](#5-set-the-rule-scope) of a custom detection rule that they are creating or editing before they can proceed. A user can't edit a custom detection rule that is scoped to run on all devices, if the same user does not permissions for all devices.

+Only data from devices in the scope will be queried. Also, actions will be taken only on those devices.

+> [!NOTE]

+> Users are able to create or edit a custom detection rule only if they have the corresponding permissions for the devices included in the scope of the rule. For instance, admins can only create or edit rules that are scoped to all device groups if they have permissions for all device groups.

+> Custom detections should be regularly reviewed for efficiency and effectiveness. To make sure you are creating detections that trigger true alerts, take time to review your existing custom detections by following the steps in [Manage existing custom detect ion rules](#manage-existing-custom-detection-rules).

+- **Azure AD cross-tenant access policies**: To enforce restrictions on our experts' access to your tenant, we need to establish a cross-tenant trust between our experts and your tenant. To enable this trust, we configure a cross-tenant access policy in your tenant as part of onboarding. These cross-tenant access policies are created with read-only permissions to avoid any disruption.

+- **Conditional access for external users**: We restrict our experts' access to your tenants from our secure environment by using compliant devices with strong multifactor authentication (MFA). To enforce the trust settings configured in cross-tenant access policy and block access otherwise, we configure these conditional access policies in your tenant.

+- **Just-in-time (JIT) access**: Even after you have permitted our experts access to your environment, we limit their access based on JIT permissions for case investigation, with limited duration for each role. Our experts must first request access and get approval in our internal system to gain the appropriate role in your tenant. Our experts' access to your tenant is audited as part of Azure AD sign-in logs for you to review

+Once you select the permissions you'd like to grant to our experts, we create the following policies in your tenant using the Security Administrator or Global Administrator context:

+| **Does Defender Experts for XDR require Microsoft Sentinel?** | No. Defender Experts can use Microsoft 365 Defender data in customers' original locations for each Microsoft 365 Defender product deployed. |

+| **What types of incidents can your experts investigate?** | Defender Experts for XDR covers incidents categorized as High or Medium severity in Windows, Linux, and macOS devices. Incidents categorized as Compliance, Data Loss Prevention (DLP), or Custom Detections and those affecting internet of things (IoT), iOS, or Android devices are outside the service's scope. |

+Once the Defender Experts for XDR team is ready to onboard your organization, you'll receive a welcome email to continue the setup and get you started.

+You also need to grant our experts temporary, scoped access only as needed, depending on the type of work you'd like them to handle on your behalf:

+- **Respond directly to active threats** (recommended) ΓÇô This option lets our experts contain and remediate active threats immediately while investigating, thus reducing the threat's impact, and improving your overall response efficiency. (Access level: Security Operator)

+> If you turn off **Access security data from all devices**, our experts won't be able to investigate incidents involving devices that belong to Microsoft Defender for Endpoint device groups. [Learn more about device groups](../defender-endpoint/machine-groups.md).

+- **Timeline filters:** In order to improve your investigation experience, you can use the timeline filters: Type (Alerts and/or user's related activities), Alert severity, Activity type, App, Location, Protocol. Each filter depends on the others, and the options in each filter (drop-down) only contains the data that is relevant for the specific user.

+3. On the rule's **Notification settings** page, make sure to configure the following:

+Once our experts begin to perform comprehensive response work on your behalf, you'll start receiving notifications about incidents that require remediation steps and targeted recommendations on critical incidents. You can also chat with our experts or your service delivery managers (SDMs) regarding important queries and regular business and security posture reviews and view real-time reports on the number of incidents we've investigated and resolved on your behalf.

+When our experts conclude their investigation on an incident, the incident's **Classification** field is updated to one of the following, depending on the experts' findings:

+If an incident is classified as _False Positive_ or _Informational_, _Expected Activity_, then the incident's **Status** field gets updated to _Resolved_. Our experts then conclude their work on this incident and the **Assigned to** field gets updated to _Unassigned_. Our experts may share updates from their investigation and their conclusion when resolving an incident. These updates are posted in the incident's **Comments and history** flyout panel.

+> Incident comments are one-way posts. Defender Experts can't respond to any comments or questions you add in the **Comments and history** panel. If you wish to correspond with our experts, reply to the email Defender Experts sent you instead.

+- If you have granted Defender Experts for XDR the recommended Security Operator access permissions, our experts could perform the recommended response actions on the incident on your behalf. These actions, along with an **Investigation summary**, show up in the incident's [Guided response](#how-to-use-guided-response-in-microsoft-365-defender) flyout panel in your Microsoft 365 Defender portal for you or your SOC team to review. Once our experts conclude their work on the incident, its **Status** field is then updated to _Resolved_ and the **Assigned to** field is updated to _Unassigned_.

+- If you have granted Defender Experts for XDR the default Security Reader access, then the recommended response actions, along with an **Investigation summary**, show up in the incident's **Guided response** flyout panel in your Microsoft 365 Defender portal for you or your SOC team to perform. To identify this handover, the incident's **Assigned to** field is updated to _Customer_.

+Select **View guided response** on the task card or on the top of the portal page (**Guided response** tab) to open a flyout panel where you can read our experts' investigation summary, complete pending actions identified by our experts, or engage with them through chat.

+1. For cards with one-click response actions, select the recommended action. The **Action status** in the card changes to **In progress**, then to **Failed** or **Completed**, depending on the action's outcome.

+3. For cards with recommended actions that you need to perform manually, select **Mark as complete** once you've performed them.

+1. If you don't want to complete a recommended action right away, select the ellipsis icon on the top of the card and choose any of the following other options:

+1. Once our experts have concluded their investigation and closed an incident as _False Positive_ or _Informational_, _Expected Activity_, the incident's **Status** is updated to _Resolved_ and a **Reason for closing** is provided.

+After configuring a connector, the updates by Defender Experts to an incident's **Status**, **Assigned to**, **Classification**, and **Determination** fields in Microsoft 365 Defender can be synchronized with the third-party SIEM or ITSM applications, depending on how the field mapping has been implemented. To illustrate, you can take a look at the [connector available from Sentinel to ServiceNow](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Servicenow/StoreApp).

+If you've set Defender Experts for XDR to have **Security Reader** access, the **Average incident resolution time** section also displays the estimated **Potential time savings** you could realize if you let our experts take managed remediation actions on your behalf by [providing them the permissions](get-started-xdr.md#grant-permissions-to-our-experts) to do so. The potential time savings are derived by calculating the total time it took you to complete recommended guided response actions after our experts issued them to you during your selected date range. Otherwise, if the service has **Security Operator** access, this report section displays the estimated time you already saved by granting us permission to take managed remediation actions on your behalf. To change access levels, select **Edit permissions**.

+**Influence operations:** information campaigns communicated online or offline in a manipulative fashion to shift perceptions, behaviors, or decisions by target audiences to further a group or a nation's interests and objectives.

+<New-SafeAttachmentPolicy -Name "<Unique name>" | Set-SafeAttachmentPolicy -Identity "<Policy name>"> -Enable $true -Action <Block | DynamicDelivery> [-QuarantineTag <QuarantineTagName>]

+- The _Action_ parameter values Block or DynamicDelivery can result in quarantined messages (the value Allow doesn't quarantine messages). The value of the _Action_ parameter in meaningful only when the value of the _Enable_ parameter is `$true`.

+|**Redirect attachment with detected attachments** : **Enable redirect** (_Redirect_ and _RedirectAddress_)|Not selected and no email address specified. (`-Redirect $false` and _RedirectAddress_ is blank)|Not selected and no email address specified. (`-Redirect $false` and _RedirectAddress_ is blank)|Not selected and no email address specified. (`-Redirect $false` and _RedirectAddress_ is blank)|Not selected and no email address specified. (`-Redirect $false` and _RedirectAddress_ is blank)|Redirection of messages is available only when the **Safe Attachments unknown malware response** value is **Monitor** (`-Enable $true` and `-Action Allow`).|

+- **Redirect messages with detected attachments**: **Enable redirect** and **Send messages that contain blocked, monitored, or replaced attachments to the specified email address**: For the **Monitor** action only, send messages that contain malware attachments to the specified internal or external email address for analysis and investigation.

+New-SafeAttachmentPolicy -Name "<PolicyName>" -Enable $true [-AdminDisplayName "<Comments>"] [-Action <Allow | Block | DynamicDelivery>] [-Redirect <$true | $false>] [-RedirectAddress <SMTPEmailAddress>] [-QuarantineTag <QuarantinePolicyName>]

+New-SafeAttachmentPolicy -Name "Contoso All" -Enable $true

+|File detonation|Safe Attachments detected a malicious attachment during detonation within a sandbox||

+|File detonation reputation|File attachments previously detected by Safe Attachments during detonation||

+|Impersonation domain|Impersonation of sender domains that you own or specified for protection in anti-phishing policies|[Impersonation insight overview](../anti-phishing-mdo-impersonation-insight.md)|

+|Impersonation user|Impersonation of protected senders that you specified in anti-phishing policies|[Impersonation insight overview](../anti-phishing-mdo-impersonation-insight.md)|

+|Spoof DMARC|The message failed DMARC authentication|[How Microsoft 365 handles inbound email that fails DMARC](../email-authentication-dmarc-configure.md)|

+|URL detonation|Safe Links detected a malicious URL in the message during detonation within a sandbox||

+|URL detonation reputation|URLs previously detected by Safe Links during detonation||

+|ActionOnError|True^\*|

+^\* This parameter has been deprecated and is no longer used.

+> - Microsoft Viva Engage

+| **Social, intranet, and storage** | Includes SharePoint, Viva Engage, and Viva Connections |

+description: "Learn governance best practices for Microsoft 365 collaboration tools, including Microsoft 365 Groups, Teams, SharePoint, and Viva Engage."

+Services such as Microsoft 365 groups, Teams, and Viva Engage empower users and reduces the risk of shadow IT by providing the tools needed to collaborate. Microsoft 365 has a rich set of tools to implement any governance capabilities your organization might require.

+Microsoft 365 groups lets you choose a set of people with whom you wish to collaborate, and easily set up a collection of resources for those people to share. Adding members to the group automatically grants the needed permissions to all assets provided by the group. Both Teams and Viva Engage use Microsoft 365 groups to manage their membership.

+Microsoft 365 groups include a suite of linked resources that users can use for communication and collaboration. Groups always include a SharePoint site, Planner, a Power BI workspace, a mailbox and calendar, and Stream. Depending on how you create the group, you can optionally add other services such as Teams, Viva Engage, and Project.

+|[Viva Engage group](https://support.office.com/article/Learn-about-Office-365-groups-b565caa1-5c40-40ef-9915-60fdb2d97fa2)|A common place to have conversations and share information|

+- Viva Engage: enterprise social experience for collaboration

+

+- Viva Engage: connect across the org (enterprise social) ΓÇô outer loop

+> When a new Office 365 Group is created via Viva Engage or Teams, the group isn't visible in Outlook or the address book because the primary communication between those users happens in their respective clients. Viva Engage groups cannot be connected to Teams.

+6. Plan for organization and lifecycle governance - choose [the policies you want to use for group and team creation, naming, expiration, and archiving](plan-organization-lifecycle-governance.md). Also, understand the [end of lifecycle options for groups, teams, and Viva Engage](end-life-cycle-groups-teams-sites-viva-engage.md)

+See a behind-the-scenes example of how Microsoft 365 Groups, SharePoint, Teams, and Viva Engage work together to provide a global collaboration platform.

+- [Finding your collaboration sweet spot with Microsoft 365 Groups, SharePoint, Teams, and Viva Engage](https://www.youtube.com/watch?v=Rx9eVwqXeQk)

+- [Configure an offensive language policy for Microsoft Teams, Exchange, and Viva Engage communications](../compliance/communication-compliance-case-study.md)

+- The use of devices and how endpoint management policies can be used to block access for noncompliant or unmanaged devices.

+- The use of allowed apps and how endpoint management application policies can be used to block the use of some apps.

+Create a forum for your workers to ask questions or get issues addressed, such as a team or a Viva Engage group.

+Your hybrid workers are trained and there's a responsive and open forum for them to provide feedback and post issues with security, compliance, remote access, and productivity apps.

+|Microsoft Teams, Exchange Online, SharePoint Online and OneDrive, Microsoft 365 Apps, Microsoft Power Platform, and Viva Engage|Create, communicate, and collaborate.|Microsoft 365 E3 or E5|

+ Title: "End of lifecycle options for groups, teams, and Viva Engage"

+audience: Admin

+ms.localizationpriority: medium

+- highpri

+- M365-collaboration

+- m365solution-collabgovernance

+- M365solutions

+f1.keywords: NOCSH

+recommendations: false

+description: "End of lifecycle options for groups, teams, and Viva Engage."

+# End of lifecycle options for groups, teams, and Viva Engage

+Microsoft 365 Groups and Microsoft Teams work with multiple connected services. When a group or team is deleted, most of the information in the connected services is also deleted. This article describes options for retaining information by moving it out of the group or team before deletion.

+A common practice for groups or teams that are no longer required is to move the files out of the team and archive them in another location such as a SharePoint document library. This practice is based on a legacy style of working where information is stored in files and folders, and communications are conducted via email.

+The following table outlines the services associated with groups and teams and key types of content found in each of them:

+|Service|Types of content|

+|:|:|

+|Teams|Channel conversations, files in channels|

+|Forms|Survey structure and results|

+|OneNote|Notebook|

+|Outlook|Mail and calendar|

+|Planner|Project status and task information|

+|Power Automate|Workflows|

+|Power BI|Data, reports, and dashboards|

+|Project on the web|Project plans|

+|Roadmap|Roadmaps|

+|SharePoint|Files, lists, Teams channel wiki data|

+|Stream|Videos|

+|Viva Engage|Conversations|

+When deleting a group or team, most of the associated resources are also deleted. Exceptions include:

+- Videos in Stream remain and are owned by the person who uploaded/recorded them

+- Flows in Power Automate remain and are owned by the person who created them.

+- Project and roadmap data in Project on the web remains in the CDS and can be restored separately.

+Groups and teams remain in a soft-delete state for 30 days and can be restored at any time. However, after the 30 days they, and any associated resources such as services and content, are purged from the Microsoft 365 environment. Any content protected by a retention policy remains available through eDiscovery searches.

+## End of life cycle considerations for group-connected services

+There are three key areas that team and group owners and IT administrators need to consider when deleting a group or team.

+**Content**

+Does the content need to be retained after the team is no longer there? Is it sufficient to rely on retention capabilities of Microsoft 365, or is some of the content in apps and services that don't offer retention? Does the content need to be retained for record management, archival, or future use and reference purposes?

+To avoid any potential data loss, these questions must be asked before any team is archived or deleted.

+**Services**

+Does content need to stay in its current working form? For example, does the Power BI report need to continue to be accessible? Do the Form results need to be available in the visual summary view? Are the lists in SharePoint linked to or embedded anywhere?

+These questions must be asked before the underlying group is deleted because exporting the content may not be sufficient.

+**Guests**

+When guests are invited to a team, a guest account is created in the host organizationΓÇÖs Azure Active Directory before adding them to the team. When a team is deleted, guests aren't removed from Azure Active Directory. While guests can't access groups, sites, teams, or content which hasn't been shared with them, they can still potentially use features within Microsoft Teams such as starting chats, voice and video calls, and using apps.

+A team or group owner can invite someone from outside the organization to become a guest in Azure Active Directory by adding them to a team. A team owner can't, however, remove the guest from Azure Active Directory. Deleting accounts can only be performed by a global admin or user admin.

+It's important to perform guest reviews and to understand whether guests need to be removed from Azure Active Directory upon team deletion. There may be a valid case for guests to remain in the directory, such as being a member of other teams or using other Microsoft 365 or Azure services.

+## Teams

+Teams-specific content is primarily in the form of conversations.

+Conversations in channels can't be copied or moved using native Microsoft Teams functionality. They can however be exported using the Graph API.

+Additionally, if a retention policy is applied to Teams, the conversations are retained and available through eDiscovery searches. Using eDiscovery (Premium) you can [reconstruct a Teams chat conversation](/microsoft-365/compliance/conversation-review-sets).

+### Archiving a team

+The benefit of [archiving a team](/microsoftteams/archive-or-delete-a-team) is that it provides full access to the team as it was. Users can still browse channel conversations and open files even if they aren't active. Additionally, teams can be unarchived if there's a need to continue working on them (for example, if a project is extended).

+When a team is archived by an owner, it's set to read-only for members both for content within the team and if selected, the associated SharePoint site. The objective of this action is to ensure that conversations in channels are preserved in their existing state, along with SharePoint-based content such as files and wikis.

+In the SharePoint site there are no visible changes. However, no changes can be made to any files or lists because the SharePoint permissions for the Microsoft 365 group are set to **Site visitors**. This includes the OneNote notebook for the team, which is stored in the Site Assets library within the SharePoint site.

+When a team is archived, the underlying Microsoft 365 group is still subject to the expiration policy (if set), and as such the owner must continue to renew the team.

+While the teamΓÇÖs channel conversations and SharePoint site contents are set to read-only, the same isn't applied to other associated

+- Planner buckets and tasks can still be created, modified, and deleted.

+- Forms can still receive submissions.

+- The Outlook mailbox can still receive emails.

+- Power BI dashboards, reports and data can still be modified.

+- Projects and roadmaps can still be edited in Project on the web.

+- Videos can still be uploaded, modified, and deleted in Stream.

+- Flows in Power Automate can still be created, modified, deleted, and will continue to run. (They will fail however, if required to post a message to a channel of the archived team.)

+## Forms

+While a form can be moved from an individual account to a group, it can't be moved or copied from one group to another. There are three options available for a form when a team is deleted.

+**Duplicate the form**

+Forms can be [shared as templates](https://support.microsoft.com/office/82ea9d8a-260a-47a0-afdb-497f3d746e3f), allowing other users to copy it to their own account or a group. This doesn't retain the data from result submissions; only form structure such as questions and settings.

+**Export results to a spreadsheet**

+If the data of the form responses needs to be retained, this can be achieved by [exporting the results to an Excel spreadsheet](https://support.office.com/article/02859424-341d-406f-b32a-9a0fbaf357af). This will only export the questions and their responses as data ΓÇô it doesn't include graphs created by Forms.

+**Delete the Form**

+While deletion of the group will also result in the deletion of any associated forms, group members can [directly delete them](https://support.microsoft.com/office/2207e468-ce1b-4c4a-a256-caf631d87af0) without being an owner of the group. However, this is a manual step that doesn't provide any additional benefit.

+## OneNote

+The OneNote notebook included in a group is stored in the Site Assets library within the associated SharePoint site. While notebook files can sometimes be spread across multiple individual files, they can't be copied and opened independently. Instead, the contents of the OneNote notebook must be moved or exported using the OneNote desktop client.

+**Move pages and sections to another notebook**

+[Individually moving pages or sections to another notebook](https://support.office.com/article/c3c8b098-7f9c-4c2a-a0dc-ebb83bc76364) provides owners with an opportunity to clean up their data and take only what needs to be retained.

+**Export the entire notebook as a package**

+If the entire notebook needs to be retained with its existing structure, it can be [exported as a OneNote package](https://support.office.com/article/a4b60da5-8f33-464e-b1ba-b95ce540f309) file and then imported to a new location. Instead, this can be used as a method to retain the contents in a single file instead of the existing multi-file structure.

+**Print to PDF**

+In scenarios where some of the contents of the notebook need only to be retained for reference or as records, individual pages can be [printed to PDF and stored elsewhere](https://support.office.com/article/13d173b5-7f4c-45a8-94eb-9354d63af5cd).

+## Mailbox and calendar

+It's not uncommon for the group-associated mailbox to be used, even though many conversations may have been conducted within team channels. The mailbox only stores emails that were emailed directly to it and doesn't include emails that were sent directly to channels.

+In some cases, the emails stored within the mailbox may be notifications of meetings, Planner task updates, and other app or system-generated messages. it's important that the contents of the mailbox be reviewed to determine whether the content should be retained or deleted.

+If a retention policy is applied in Exchange, the emails and calendar items are retained and available through eDiscovery searches.

+**Export mail and calendar**

+Team or group members can [export the contents of the mailbox and calendar to an Outlook Data / Personal Storage (PST) file](https://support.office.com/article/14252b52-3075-4e9b-be4e-ff9ef1068f91). This file can then be stored elsewhere, or the contents can be imported into a different mailbox. The former isn't recommended as the contents of the PST file aren't searchable without opening it in Outlook, and the file itself can become corrupted over time.

+**IT-performed content migration**

+Administrators can use third-party tools to migrate email and calendar contents between mailboxes without any user intervention. One potential storage location could be a shared mailbox created purely to serve as an ΓÇ£archiveΓÇ¥ of the group mailbox contents.

+## Planner

+Each group or team can have multiple plans. It's important during the off-boarding process to ensure that retention requirements are addressed for each plan. Like the other services, there are several approaches to off-board content in Planner.

+**Export the plan to a spreadsheet**

+If it's only required to keep a copy of the plan for record-keeping purposes, the simplest approach is to [export the plan to an Excel spreadsheet](https://support.microsoft.com/office/4d850c6e-e548-4aab-83b4-b62b68662d2a). This is a one-way action - there's no option to import plans from a spreadsheet.

+> [!IMPORTANT]

+> Exporting a plan to Excel will take most information within the plan, but won't include comments, links, or files.

+**Copy and move tasks to another Plan**

+While copying or moving tasks to another plan seems like a solution, individual tasks can only be [copied or moved between plans](https://support.microsoft.com/office/ad43a5d8-c1ad-42fd-b3da-fe97d72c8a1b) within the same group. This won't back up the data if the group associated with the plan is being deleted.

+**Copy entire plan**

+It's also possible to [copy the entire plan](https://support.microsoft.com/office/50401e13-a25f-40df-93c6-b608cc28c3d4). Copying can't be done to an existing group. Copying the plan will create a new group. Additionally, copying the entire plan won't include comments, assignments, links, attachments, or dates.

+## Power Automate

+Flows created in Power Automate and associated with a group or team don't belong to the group. They are owned by the creator and merely shared with other users and groups. As such they aren't affected if a group or team is deleted.

+**Change ownership of the flow**

+If the flow needs to continue operating, any owners can add other users or Microsoft 365 groups as owners.

+**Export the flow**

+If the flow doesn't need to continue operating but it needs to be preserved for potential future use, it can be [exported as a file](https://flow.microsoft.com/blog/import-export-bap-packages/) and imported again later.

+## Power BI

+Power BI data and workspaces can operate independently from groups and teams and like other workloads offer different ways of being off-boarded.

+Classic workspaces in Power BI are associated with a Microsoft 365 Group, whereas modern workspaces are not - and can merely share their content with the group (similar to a flow).

+**Copy reports to another workspace**

+If you need the report once the group or team is deleted, it can be [copied from the existing workspace to another workspace within Power BI](/power-bi/connect-data/service-datasets-copy-reports).

+**Export data from a dashboard or report**

+Instead, if the report no longer needs to be active but the data needs to be retained, it can be [exported to Excel](/power-bi/visuals/power-bi-visualization-export-data).

+## Project

+Projects and Roadmaps created in Project for the web are associated with Microsoft 365 groups and have approaches to off-boarding similar to Power BI.

+**Assign the project to another group**

+If the project needs to be preserved in its functional state beyond the life of the group or team, it can be [assigned to a different Microsoft 365 group](/project-for-the-web/access-a-project-after-group-is-deleted#reassign-the-project). This can be done using the Dynamics 365 Administration Center.

+**Export data from the project or roadmap**

+Using the Dynamics 365 Administration Center, it's possible to [export user data from the project](/project-for-the-web/export-user-data-from-project-for-the-web) to a spreadsheet. The data can also be exported to Project file (.MPP) and XML file formats by using PowerShell.

+## SharePoint

+All files in team channels are stored in the SharePoint site of the associated group. In some cases, content other than documents may exist in SharePoint, such as lists or pages.

+Files are generally stored in three primary locations within a SharePoint site:

+- Pages - Site Pages library

+- Images used in pages ΓÇô Site Assets library

+- Files in channels ΓÇô Documents library

+- Wiki pages ΓÇô Teams Wiki Data library

+If the site has one or more subsites, the off-boarding process will need to be repeated for each subsite. If the team contains private or shared channels, there's a separate SharePoint site for each channel.

+It's important when removing files from a group or team to consider that they may be shared with users who aren't members of the group or team. You may want to communicate the impending change to them.

+**Download files**

+Files stored in SharePoint in one of the libraries mentioned above can be [downloaded to a local computer](https://support.office.com/article/5c7397b7-19c7-4893-84fe-d02e8fa5df05).

+**Move files**

+Additionally, files can be [moved to another location within SharePoint such as a library in a different site](https://support.office.com/article/00e2f483-4df3-46be-a861-1f5f0c1a87bc).

+**Export list**

+Data stored within SharePoint lists can be [exported to an Excel spreadsheet](https://support.office.com/article/bfb2ea48-6118-4fa9-abb6-cced9424e5d9), and imported again to a list in another site.

+Alternatively, Power Automate or a third-party tool can be used to migrate the list between sites in order to retain function, list views, formatting, and other attributes.

+**ΓÇ£ExportΓÇ¥ wiki files**

+Wiki contents within team channels are stored in an HTML formatted file in a dedicated library of the associated SharePoint site. They can't be readily exported and imported to another channel wiki but can be converted to an HTML file and opened as a web page.

+## Microsoft Stream

+Like Power Automate, videos in Stream associated with a group or team aren't actually owned by the group and aren't deleted when the group is deleted. Videos in Stream are owned by the person who uploaded or created the video, even if they add users or groups as owners. Meetings recorded in a Teams channel are owned by the person who started the recording.

+**Adding other owners**

+Because the video is retained in Stream when the group is deleted, the original owner can [share the video with other users and groups, even adding them as owners](/stream/portal-edit-video).

+**Download the video**

+In scenarios where the video doesn't need to be retained in Stream or needs to be stored in an alternate location such as a records management system, an owner can [download it locally](/stream/portal-download-video).

+## Viva Engage

+Unlike conversations in Microsoft Teams, Viva Engage offers both users and administrators options to move or export conversations.

+**Move conversations to another group or community**

+Conversations can be moved to another Viva Engage group by any user, not just owners or administrators. This is possible in both the [classic Viva Engage](https://support.office.com/article/149c6399-4ac1-4ced-84d7-e0660960a872) and the [new Viva Engage](https://support.office.com/article/d63debf1-1c90-4ec5-b5ae-8a00939a1680) interfaces.

+**Export network data**

+Viva Engage network administrators [export network data](/viva/engage/manage-security-and-compliance/export-viva-engage-enterprise-data). However, doing so will export all conversations for the entire network. The resulting export lists the Group ID. It's possible to filter conversations based on this ID.

+## Related topics

+[Remove a former employee and secure data](/microsoft-365/admin/add-users/remove-former-employee)

+[Microsoft Purview Communication Compliance](/microsoft-365/compliance/communication-compliance) is a compliance solution that helps minimize communication risks by helping you detect, investigate, and act on inappropriate messages in your organization. Pre-defined and custom policies allow you to scan internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate scanned email, Microsoft Teams, Viva Engage, or third-party communications in your organization and take appropriate actions to make sure they're compliant with your organization's message standards.

+Additional details about how Microsoft 365 complies with SEC rule 17a-4 and other regulations is available with the [Office 365 - Cohasset Assessment - SEC Rule 17a-4(f) - Immutable Storage for SharePoint, OneDrive, Exchange, Teams, and Viva Engage (2022)](https://servicetrust.microsoft.com/DocumentPage/f028b699-8e39-451e-8af4-e8a66426068b) download document.

+[Microsoft Purview Communication Compliance](/microsoft-365/compliance/communication-compliance) is a compliance solution that helps minimize communication risks by helping you detect, investigate, and act on inappropriate messages in your organization. Pre-defined and custom policies allow you to scan internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate scanned email, Microsoft Teams, Viva Engage, or third-party communications in your organization and take appropriate actions to make sure they're compliant with your organization's message standards.

+The naming policy is applied to groups that are created across all groups workloads (like Outlook, Microsoft Teams, SharePoint, Planner, Viva Engage, etc.). It gets applied to both the group name and group alias. It also gets applied when a user creates a group and when the group name, alias, description, or avatar is edited for an existing group.

+- If you are using Viva Engage Office 365 connected groups, avoid using the following characters in your naming policy: @, \#, \[, \], \<, and \>. If these characters are in the naming policy, regular Viva Engage users will not be able to create groups.

+- A place for messaging and conversations to take place (Exchange mailbox, Microsoft Teams, Viva Engage)

+At the point of group creation, several other resources are also provisioned, however they aren't visible until accessed for the first time from the service:

+- Viva Engage for communities of interest

+Administrators can create and manage Microsoft 365 groups from several of the workload admin centers, command-line interfaces that support scripting, as well as custom-built apps interacting with the Graph API. The only exception to this is Viva Engage groups ΓÇô which must be created from within the Viva Engage web interface.

+SharePoint sites are created with Owner, Member, and Visitor security groups, with the first two matching up to their Microsoft 365 group counterparts. While membership for SharePoint Online sites is generally managed by the associated Microsoft 365 group, it isn't a bidirectional relationship. Any changes to membership at the Microsoft 365 group level are reflected in SharePoint, however if membership is changed in the SharePoint group, this isn't reflected in the Microsoft 365 group.

+- Viva Engage

+A common approach to control sprawl of teams is to limit which users can create them. This can only be done by limiting the creation of groups. Doing this impacts the ability to create groups from other services where that may be necessary for end user. Microsoft 365 Groups doesn't support the ability to restrict the creation of groups from some apps or services while allowing it from others.

+|SharePoint|Still able to create a team site that isn't connected to a group.|

+|Stream|**Group** option doesn't appear under the **Create menu**.|

+|Teams|User can't create a team with a new group but can still create a team that utilizes an existing group.<br><br>**Create a team** button is replaced with **Create team from a group**.|

+|Viva Engage|**Create a group** option is removed from main Groups/Communities navigation.|

+|Viva Engage|Group|Yes|Yes|Yes|

+Yes, creating a new team will create a new Microsoft 365 group. It's also possible to create a team for an existing group that doesn't currently have one.

+No, it isn't possible for a team to exist without a Group.

+Yes, it's possible to create a group from the Exchange Online admin center, as well as from Outlook. You can also convert Exchange distribution lists to Microsoft 365 groups.

+No, the mailbox and calendar have a 1:1 relationship with the group. It's possible to share the mailbox with other users or groups, however this doesn't establish any form of service association.

+No, the mailbox and calendar can't be changed to a different group. However, the content can be moved from one mailbox to another within Outlook or by using a third-party tool.

+No, Forms can't create a group.

+No, once a form is associated with a group (either created directly within, or ownership transferred from an individual) it can't be moved to another group.

+No, it isn't possible to delete a group from the Forms interface, only individual forms.

+No, the OneNote application can't create a group.

+No, Power Apps can't create a Microsoft 365 group.

+No, Power Automate can't create a Microsoft 365 group in the context of being associated with one.

+It's possible however to create a flow that performs various operations such as creating an Azure AD security group or updating membership of a Microsoft 365 group.

+While creating a new workspace in Power BI doesn't create a Microsoft 365 group, creating a group by any other means creates a new (not classic) workspace in Power BI.

+No, it isn't possible to create a Microsoft 365 group from the new Power BI interface.

+Yes, it's possible to have reports and workspaces created in Power BI that are not associated with Microsoft 365 groups.

+Yes, it's possible to create a new Microsoft 365 group directly from Project for the web.

+## Viva Engage

+Viva Engage is an enterprise social platform designed to foster community engagement within and between organizations.

+Creating a community (formerly known as ΓÇ£groupΓÇ¥) in Viva Engage creates a mailbox, but at present this is not used.

+A Microsoft 365 group that is associated with Viva Engage cannot be used with a team in Microsoft Teams.

+A Viva Engage group cannot be used with a PowerBI Pro Workspace.

+**Can Viva Engage create a Microsoft 365 group?**

+Yes, creating a new group in Viva Engage will create a new Microsoft 365 group, if the platforms are connected and the user has the ability to create a group.

+A Viva Engage group with associated Microsoft 365 group cannot be created in any interface or service other than Viva Engage itself.

+**Does a Viva Engage group exist without a Microsoft 365 group?**

+Yes, it is possible to create a Viva Engage group without a Microsoft 365 group.

+If the Viva Engage platform is not connected to Microsoft 365 groups, or users do not have the ability to create a Microsoft 365 group, Viva Engage groups are created without a Microsoft 365 group association.

+**Can there be multiple Viva Engage groups per Microsoft 365 group?**

+No, the relationship between a Viva Engage group and a Microsoft 365 group is 1:1.

+**Can a Viva Engage group be associated with multiple Microsoft 365 groups?**

+No, the Viva Engage group can only be associated with a single Microsoft 365 group. It is possible for posts to be shared with or moved to other Viva Engage groups.

+**Can a Viva Engage groupΓÇÖs association with a Microsoft 365 group change?**

+No, the Viva Engage group can only ever be associated with the Microsoft 365 group to which it was originally associated.

+**Does deleting the Viva Engage group delete the Microsoft 365 group?**

+Yes, deleting the group in Viva Engage will delete related Microsoft group and group-associated services and content.

+

+[Create and manage an external network in Viva Engage](/viva/engage/work-with-external-users/create-and-manage-an-external-network)

+Communication compliance allows you to examine communications for offensive language, sensitive information, and information related to internal and regulatory standards. Chat communications, mailboxes, and Viva Engage messages can all be monitored, generating alerts. With administration tools, you can quickly identify and take action on messages with policy matches.

+[Manage Viva Engage data compliance](/viva/engage/manage-security-and-compliance/manage-data-compliance)

+- **Viva Engage** - (/viva/engage/manage-viva-engage-users/manage-viva-engage-admins)

+- Viva Engage

+When a group expires, [almost all of its associated services (the mailbox, Planner, SharePoint site, team, etc.) are also deleted](/microsoft-365/solutions/end-life-cycle-groups-teams-sites-viva-engage).

+Administrators can specify an expiration period and any inactive group that reaches the end of that period, and isn't renewed, will be deleted. (This includes archived teams.) The expiration period begins when the group is created, or on the date it was last renewed. Group owners will automatically be sent a notification before the expiration that allows them to renew the group for another expiration interval. Expiration notices for groups used in Teams appear in the Teams Owners feed.

+Groups that are actively in use are renewed automatically around 35 days before the group expires. In this case, the owner doesn't get any renewal notifications. Any of the following actions will automatically renew a group:

+- SharePoint - View, edit, download, move, share, or upload files. (Viewing a SharePoint page doesn't count as an action for automatic renewal.)

+- Viva Engage - View a post within a Viva Engage community or an interactive email in Outlook.

+If the group doesn't have an owner, the expiration emails will go to the specified email.

+You can set the policy for all of your groups, only selected groups (up to 500), or turn it off completely by selecting **None**. When You select **None** all groups which are active and pending for verification will have no expiration date. However, the groups that are already expired aren't impacted.

+If you have set up a retention policy for groups in the Microsoft Purview compliance portal, the expiration policy works seamlessly with retention policy. When a group expires, the group's mailbox conversations and files in the group site are retained in the retention container for the specific number of days defined in the retention policy. Users won't see the group, or its content, after expiration however.

+30 days before the group expires, the group owners (or the email addresses that you specified for groups that don't have an owner) will receive an email allowing them to easily renew the group. If they don't renew it, they'll receive another renewal email 15 days before expiration. If they still haven't renewed it, they'll receive one more email notification the day before expiration.

+If you have a group that you no longer plan to use, but you want to retain its content, see [Archive groups, teams, and Viva Engage](end-life-cycle-groups-teams-sites-viva-engage.md) for information about how to export information from the different groups services.

+If you want to delete a group but preserve the content from one or more of the group-connected services, see [Archive groups, teams, and Viva Engage](end-life-cycle-groups-teams-sites-viva-engage.md) for information.

+Microsoft 365 for frontline workers can help you connect and engage your workforce, enhance workforce management, and increase operational efficiency. You can use the capabilities included with Microsoft 365 for frontline workers, from Microsoft Teams, to SharePoint, Viva Connections, Viva Engage, and the Power Platform, or add in solutions from our partners in the digital ecosystem to connect with existing systems or create custom solutions for your business.

+ Title: Overview of optical character recognition in Microsoft Syntex

+audience: admin

+search.appverid:

+ - enabler-strategic

+ - m365initiative-syntex

+ms.localizationpriority: medium

+description: Learn about optical character recognition in Microsoft Syntex.

+# Overview of optical character recognition in Microsoft Syntex

+The optical character recognition (OCR) service in Microsoft Syntex lets you extract printed or handwritten text from images, such as posters, drawings, and product labels, as well as from documents like articles, reports, forms, and invoices.

+The text is typically extracted as words, text lines, and paragraphs or text blocks, enabling access to digital version of the scanned text. The extracted information is indexed in search and can be made available for compliance features like [data loss prevention (DLP)](../compliance/dlp-learn-about-dlp.md).

+For example, you enable the OCR service and then add image files to your document library. Syntex automatically scans the image files, extracts the relevant text, and makes the text from the images available for search and indexing. This lets you quickly and accurately find the keywords and phrases you're looking for.

+## Requirements and limitations

+### Supported file types

+The OCR service is available for the following file types:

+- JPEG

+- JPG

+- PNG

+- BMP

+- TIFF

+- PDF (image only)

+### Supported languages

+The OCR service supports more than [150 languages](/azure/cognitive-services/language-support).

+### File limitations

+- Image file sizes must be less than 50 MB.

+- Images must be at least 50 x 50 pixels and not larger than 16,000 x 16,000 pixels.

+- Only images uploaded after OCR has been enabled are scanned.

+- Currently, images that are embedded in Office documents aren't supported.

+ Title: Set up and manage optical character recognition in Microsoft Syntex

+description: Learn how to set up and manage optical character recognition in Microsoft Syntex.

+# Set up and manage optical character recognition in Microsoft Syntex

+Before you can use the optical character recognition (OCR) service in Microsoft Syntex, it must be configured in the Microsoft 365 admin center.

+4. On the **Optical character recognition** page:

+ a. Choose which site or sites this service should be enabled for.

+ b. To restrict user access to this service, select **No sites** or **Selected sites** and follow the instructions to either select the sites or upload a CSV listing a maximum of 100 sites. You can then manage site access permissions for the sites you selected.

+ c. Select **Save**.

+### Microsoft Purview compliance portal

+The compliance admin for your organization [configures the OCR settings for your tenant](../compliance/ocr-learn-about.md?#phase-3-configure-your-ocr-settings) in the Microsoft Purview compliance portal.

+The compliance admin can specify which SharePoint sites to enable OCR to make that text available for [data loss prevention policies](../compliance/dlp-learn-about-dlp.md). If there are different sites specified in the two setup locations, the maximum number of sites will be enabled for OCR. You won't be charged twice for processing.

+For more information, see [Learn about optical character recognition in Microsoft Purview](../compliance/ocr-learn-about.md).

+ Title: Overview of prebuilt document processing in Microsoft Syntex

+# Overview of prebuilt document processing in Microsoft Syntex

+Prebuilt document processing uses [prebuilt models](#available-prebuilt-models) that are preconfigured to recognize documents and the structured information in the documents. Instead of having to create a new custom model from scratch, you can iterate on an existing pretrained model to add specific fields that fit the needs of your organization.

+ Title: Set up and manage prebuilt document processing in Microsoft Syntex

+audience: admin

+search.appverid:

+ - enabler-strategic

+ - m365initiative-syntex

+ms.localizationpriority: medium

+description: Learn how to set up and manage prebuilt document processing in Microsoft Syntex.

+# Set up and manage prebuilt document processing in Microsoft Syntex

+Before you can use prebuilt document processing in Microsoft Syntex, it must be set up in the Microsoft 365 admin center.

+## Prerequisites

+### Licensing

+Before you can use prebuilt document processing in Syntex, you must first link an Azure subscription in [Syntex pay-as-you-go](syntex-azure-billing.md). Prebuilt document processing in Syntex is billed based on the [type and number of transactions](syntex-pay-as-you-go-services.md).

+### Permissions

+You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up prebuilt document processing in Syntex.

+## Set up prebuilt document processing

+After an [Azure subscription is linked to Microsoft Syntex](syntex-azure-billing.md), prebuilt document processing will be automatically set up and enabled for all SharePoint sites.

+## Manage sites

+Manage which SharePoint sites users can use to create prebuilt models to process files.

+1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>, and then select **Use content AI with Microsoft Syntex**.

+2. On the **Use content AI with Microsoft Syntex** page, select **Manage Microsoft Syntex**.

+3. On the **Manage Microsoft Syntex** page, select **Prebuilt document processing**.

+4. On the **Prebuilt document processing** page:

+ a. Choose which site or sites this service should be enabled for.

+ > [!NOTE]

+ > Disabling a site after a model is made available to process files on that site will not disable the model. Models can still be used to process files and incur charges. A model can be made available to process files by being created on that site or in a content center.

+ b. To restrict user access to this service, select **No sites** or **Selected sites** and follow the instructions to either select the sites or upload a CSV listing a maximum of 100 sites. You can then manage site access permissions for the sites you selected.

+ c. Select **Save**.

+> [!NOTE]

+> As of July 1, 2023, per-user licenses are no longer available for purchase. You will need to [set up pay-as-you-go billing](syntex-azure-billing.md).<br><br>

+> Per-user licenses purchased before July 1 can still be assigned to new users. After existing per-user licenses expire, you will need to opt-in to Syntex [pay-as-you-go billing](syntex-azure-billing.md).

+## Set up Microsoft Syntex services

+2. In the **Files and content** section, select **Use content AI with Microsoft Syntex**.

+3. On the **Use content AI with Microsoft Syntex** page, select **Manage Microsoft Syntex**.

+4. Select the Microsoft Syntex service that you want to set up.

+5. Choose the options that you want to use, and then select **Save**.

+### Setup instructions by service

+The following table provides links to the specific setup instructions for each service.

+|Service |Instructions to set up service |

+|:-|:-|

+|Prebuilt document processing | [Set up prebuilt document processing](prebuilt-setup.md) |

+|Unstructured document processing | [Set up unstructured document processing](unstructured-setup.md) |

+|Optical character recognition | [Set up optical character recognition](ocr.md#set-up-optical-character-recognition) |

+ Title: Set up and manage unstructured document processing in Microsoft Syntex

+audience: admin

+search.appverid:

+ - enabler-strategic

+ - m365initiative-syntex

+ms.localizationpriority: medium

+description: Learn how to set up and manage unstructured document processing in Microsoft Syntex.

+# Set up and manage unstructured document processing in Microsoft Syntex

+Before you can use unstructured document processing in Microsoft Syntex, it must be set up in the Microsoft 365 admin center.

+## Prerequisites

+### Licensing

+Before you can use unstructured document processing in Syntex, you must first enter your Azure subscription in [Syntex pay-as-you-go](syntex-azure-billing.md). Unstructured document processing in Syntex is billed based on the [type and number of transactions](syntex-pay-as-you-go-services.md).

+### Permissions

+You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up unstructured document processing in Syntex.

+## Set up unstructured document processing

+After an Azure subscription is linked to Microsoft Syntex, unstructured document processing will be automatically set up and enabled for all SharePoint sites.

+## Manage sites

+Manage which SharePoint sites users can use to create custom models to process files.

+1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>, and then select **Use content AI with Microsoft Syntex**.

+2. On the **Use content AI with Microsoft Syntex** page, select **Manage Microsoft Syntex**.

+3. On the **Manage Microsoft Syntex** page, select **Unstructured document processing**.

+4. On the **Unstructured document processing** page:

+ a. Choose which site or sites this service should be enabled for.

+ > [!NOTE]

+ > Disabling a site after a model is made available to process files on that site will not disable the model. Models can still be used to process files and incur charges. A model can be made available to process files by being created either on that site or in a content center.

+ b. To restrict user access to this service, select **No sites** or **Selected sites** and follow the instructions to either select the sites or upload a CSV listing a maximum of 100 sites. You can then manage site access permissions for the sites you selected.

+ c. Select **Save**.