Updates from: 07/15/2021 03:16:10
Category Microsoft Docs article Related commit history on GitHub Change details
business-video Anti Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/anti-malware.md
description: "Learn how to Turn on malware protection."
# Turn on malware protection for your business
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MJMJ?autoplay=false]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4OA7Z?autoplay=false]
## Try it!
compliance Add Your Organization Brand To Encrypted Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages.md
To remove a custom branding template:
## Create an Exchange mail flow rule that applies your custom branding to encrypted emails
+> [!IMPORTANT]
+> Third-party applications that scan and modify mail can prevent OME branding from being applied correctly.
+ After you've either modified the default template or created new branding templates, you can create Exchange mail flow rules to apply your custom branding based on certain conditions. Such a rule will apply custom branding in the following scenarios: - If the email was manually encrypted by the end user using Outlook or Outlook on the web, formerly Outlook Web App
The available background color names and their corresponding hex code values are
|`white`|#ffffff| |`whitesmoke`|#f5f5f5| |`yellow`|#ffff00|
-|`yellowgreen`|#9acd32|
+|`yellowgreen`|#9acd32|
compliance App Governance App Policies Create https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-create.md
Along with a built-in set of capabilities to detect anomalous app behavior and g
You can create app policies from provided templates that can be customized, or you can create your own custom app policy.
-To create a new app policy, go to **Microsoft 365 Compliance Center > App protection & governance > Overview page > Policies**:
+To create a new app policy, go to **Microsoft 365 Compliance Center > App governance > Overview page > Policies**:
- To create a new app policy with templates designed for app usage, select **Create policy** under **Create an app usage policy**. - To create a new app policy with templates designed for app permissions, select **Create policy** under **Create a permissions policy**.
compliance App Governance App Policies Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-overview.md
Microsoft app governance detects anomalous app behavior in your Microsoft 365 te
These policies for app and user patterns and behaviors can protect your users from using non-compliant or malicious apps and limit the access of risky apps to your tenant data.
-Here's a quick review of required administrator roles for app policy management.
-
-| Role | Read policies | Create, update, or delete policies |
-|:-|:--|:-|
-| Compliance Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
-| Compliance Reader | ![Check mark](..\media\checkmark.png) | |
-| Global Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
-| Global Reader | ![Check mark](..\media\checkmark.png) | |
-| Security Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
-| Security Reader | ![Check mark](..\media\checkmark.png) | |
-| Security Operator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
-||||
+See [Administrator roles](app-governance-get-started.md#administrator-roles) for information on which roles can modify policies.
<!-- How app policies are the method by which MAPG detects app anomolies resulting in detection (alerts) and remediation (manual or automatic)
compliance App Governance Detect Remediate Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-detect-remediate-get-started.md
description: "Get started with app threat detection and remediation."
Microsoft app governance collects threat alerts that are generated by built-in app governance detection methods based on malicious app activities and policy-based alerts generated by active app policies that you create.
-The first place to view app alerts is the app governance dashboard at [https://compliance.microsoft.com/appgovernance](https://compliance.microsoft.com/appgovernance).
+The first place to view app alerts is the app governance dashboard at [https://aka.ms/appgovernance](https://aka.ms/appgovernance).
![The app governance overview page in the Microsoft 365 Compliance Center with the Detection and policy alerts section highlighted](..\media\manage-app-protection-governance\mapg-cc-overview-alerts.png)
compliance App Governance Detect Remediate Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-detect-remediate-overview.md
See the [administrator roles](app-governance-get-started.md#administrator-roles)
App governance, Azure Active Directory (Azure AD), and Microsoft Cloud App Security collect and provide different data sets: -- Azure AD provides foundational app metadata and detailed information on sign-ins to apps. - App governance provides detailed information about an appΓÇÖs activity at the API level.
+- Azure AD provides foundational app metadata and detailed information on sign-ins to apps.
- Microsoft Cloud App Security provides app risk information. By sharing information across app governance, Azure AD, and Microsoft Cloud App Security, you can display aggregate information in one portal and easily link to another portal for more information. Here are some examples:
compliance App Governance Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-get-started.md
description: "Get started with app governance capabilities to govern your apps."
# Get started with app governance (in preview)
-To begin using the app governance feature for Microsoft Cloud App Security:
+To begin using the app governance add-on to Microsoft Cloud App Security:
1. Verify your account has the appropriate level of licensing. App governance is an add-on feature for Microsoft Cloud App Security (MCAS), and thus MCAS must be present in your account as either a standalone product or as part of the various license packages listed below. 1. You must have one of the administrator roles listed below to access the app governance pages in the portal. ## Licensing for app governance
-Before you get started with the app governance, you should confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans) and any add-ons. To access and use app governance, your organization must have one of the following subscriptions or add-ons:
+Before you get started with app governance, you should confirm your [Microsoft 365 admin center - subscriptions](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans) and any add-ons. To access and use app governance, your organization must have one of the following subscriptions or add-ons:
- Microsoft Cloud App Security - Microsoft 365 E5
Before you get started with the app governance, you should confirm your [Microso
## Administrator roles
-One of the following administrator roles are required to see app governance pages or manage policies and settings:
+One of the following administrator roles is required to see app governance pages or manage policies and settings:
- Application Administrator - Cloud Application Administrator
One of the following administrator roles are required to see app governance page
- Security Operator - Security Reader (read-only)
+> [!NOTE]
+> Only a Global Admin can activate the app governance free trial.
+ Here are the capabilities for each role. | Role | Read the dashboard | Read all apps |Read policies | Create, update, or delete policies | Read alerts | Update alerts | Read settings | Update settings | Read Remediation | Update Remediation |
compliance App Governance Manage App Protection Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-manage-app-protection-governance.md
Microsoft allows developers to build cloud applications using Azure Active Direc
## A first glimpse at app governance
-To see the app governance dashboard, go to [https://compliance.microsoft.com/appgovernance](https://compliance.microsoft.com/appgovernance). Note that your sign-in account must have one of the [administrator roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
+To see the app governance dashboard, go to [https://aka.ms/appgovernance](https://aka.ms/appgovernance). Note that your sign-in account must have one of the [administrator roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
## App governance integration with Azure AD and Microsoft Cloud App Security
compliance App Governance Visibility Insights Compliance Posture https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-compliance-posture.md
description: "Determine your app compliance posture."
>*[Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD).*
-Microsoft app governance allows you to quickly assess the compliance posture of the third-party apps and their access to data in your Microsoft 365 tenant from the app governance Overview page in the [Microsoft 365 Compliance Center](https://compliance.microsoft.com/appgovernance).
+Microsoft app governance allows you to quickly assess the compliance posture of the third-party apps and their access to data in your Microsoft 365 tenant from the app governance Overview page in the [Microsoft 365 Compliance Center](https://aka.ms/appgovernance).
![The app governance overview page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-overview.png)
From this page, you can see:
- For data and resources access:
- - The application API data access in the last 90 days
- - The usage of the top resources in the last 90 days
+ - Total data accessed by apps in the tenant through Graph API over the current and previous three calendar months. (Currently only includes Mail and File upload and download usage)
+ - Data usage over the current and previous three calendar months, broken down by resource type. (Currently only includes Mail and File upload and download usage)
From this information, you can determine if there are anomalous spikes in access to the data in your Microsoft 365 tenant.
compliance App Governance Visibility Insights Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-get-started.md
description: "Get started with visibility and insights."
>*[Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD).*
-The first place to get started is the app governance dashboard at [https://compliance.microsoft.com/appgovernance](https://compliance.microsoft.com/appgovernance). Note that your sign-in account must have one of [these app governance administrator roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
+The first place to get started is the app governance dashboard at [https://aka.ms/appgovernance](https://aka.ms/appgovernance). Note that your sign-in account must have one of [these app governance administrator roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
![The app governance overview page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-overview.png)
compliance Configure Search And Analytics Settings In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/configure-search-and-analytics-settings-in-advanced-ediscovery.md
There are situations where certain text will diminish the quality of analytics,
When this setting is turned on, OCR processing will be run on image files. OCR processing is run in the following situations: -- When custodians and [non-custodial data sources](non-custodial-data-sources.md) are added to a case. OCR processing is performed during the Advanced indexing process. This means that text in image files that matches the search criteria will be returned in a collection search.
+- When custodians and [non-custodial data sources](non-custodial-data-sources.md) are added to a case. OCR processing is performed during the [Advanced indexing](indexing-custodian-data.md) process. OCR is only run on items that are processed during Advanced indexing. For example, if a large PDF file that is partially indexed or had other indexing errors is processed during Advanced indexing, the file will also have OCR applied. In other words, OCR processing only occurs on files that are re-indexed during the Advanced indexing process. This means are will situations that when custodians are added to a case, some email attachments won't be processed for OCR because those files are not processed during Advanced indexing. When OCR is applied image files, the text in those image files will be searchable during a collection.
- When content from other data sources (that aren't associated with a custodian and added to the case in a non-custodial data source) is added to a review set.
compliance Define Mail Flow Rules To Encrypt Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email.md
You can define mail flow rules for triggering remove message encryption with the
### Use the EAC to create a rule to remove encryption from email messages with the new OME capabilities
-You can remove encryption that is accessible by your organization. This means any mail with encryption that is applied by the organization or any mail that is protected with encrypt-only restrictions.
+You can remove encryption that is applied by your organization.
1. In a web browser, using a work or school account that has been granted global administrator permissions, [sign in to Office 365](https://support.office.com/article/b9582171-fd1f-4284-9846-bdd72bb28426#ID0EAABAAA=Web_browser).
compliance File Plan Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/file-plan-manager.md
Although you can create and manage retention labels from **Information governanc
File plan can be used for all retention labels, even if they don't mark content as a record.
-![File plan page](../media/compliance-file-plan.png)
- For information about what retention labels are and how to use them, see [Learn about retention policies and retention labels](retention.md). ## Accessing file plan
Example of file plan descriptors when you create or edit a retention label:
![File plan descriptors when you create or edit a retention label](../media/file-plan-descriptors.png)
-Example view of the file plan descriptors columns:
+When you select **Choose** for each of these optional descriptors, you can select one of the out-of-box values, or create your own and then select it. For example:
-![File plan descriptors columns](../media/file-plan-descriptors-on-labels-tab.png)
+![Create new file plan descriptor for provision/citation](../media/file-plan-descriptors-create.png)
## Export all retention labels to analyze or enable offline reviews
A *.csv file that contains all existing retention labels opens. For example:
## Import retention labels into your file plan
-In file plan, you can bulk-import new retention labels by using a .csv file with a specific format. After the labels are imported, you can make edits in the .csv file and import the file again for easier bulk-editing of existing retention labels.
-
-To import new retention labels and modify existing retention labels:
+In file plan, you can bulk-import new retention labels by using a .csv file with a specific format:
1. On the **File plan** page, click **Import** to use the **Fill out and import your file plan** page:
To import new retention labels and modify existing retention labels:
- If validation passes: You can select **Go Live** to make the retention labels available in your tenant. Or, select the Close icon for the page, and **Yes** to confirm you want to close the wizard without making the retention labels available in your tenant at this time.
-When the imported labels are added to your tenant, you can now add them to a new retention label policy, or auto-apply them. You can do this right from the **File plan** page by selecting the dropdown from **+ Create a label** and then **Policy to publish labels**, or **Policy to auto-apply a label**.
+When the imported labels are added to your tenant, you can now make them available to users by publishing them, or auto-apply them. You can do both from the **Label policies** tab, and then select **Publish labels**, or **Auto-apply a label**.
## Next steps
compliance Indexing Custodian Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/indexing-custodian-data.md
description: "When a custodian is added to an Advanced eDiscovery case, any cont
# Advanced indexing of custodian data
-When a custodian is added to an Advanced eDiscovery case, any content that was deemed as partially indexed is reprocessed to make it fully searchable. This process is called *Advanced indexing*. Content can be partially indexed for a number of reasons including the existence of images, unsupported file types or when indexing file size limits are encountered.
+When a custodian is added to an Advanced eDiscovery case, any content that was deemed as partially indexed or had indexing errors with is reindexed to make it fully searchable. This reindexing process is called *Advanced indexing*. There are a number of reasons that content is partially indexed or has indexing errors. This includes image files or the presence of images in a file, unsupported file types, or file sized indexing limits. For SharePoint files, Advanced indexing only runs on items are marked as partially indexed or that have indexing errors. In Exchange, email messages that have image attachments are not marked as partially indexed or with indexing errors. This means that those files will not be reindexed by the Advanced indexing process.
To learn more about processing support and partially indexed items, see:
This view also includes the number of items that require remediation and anothe
When a custodian is added to an Advanced eDiscovery case, all partially indexed items are reprocessed. However, as time passes, more partially indexed items may be added to a user's mailbox or OneDrive account. If necessary, you can update the index for specific custodian. For more information, see [Manage custodians in an Advanced eDiscovery case](manage-new-custodians.md#re-index-custodian-data). You can also update the index for all custodians in a case by clicking the **Update index** on the **Processing** tab. > [!NOTE]
-> Updating custodian indexes is a long running process. It's recommended that you don't update indexes more than once a day in a case.
+> Updating custodian indexes is a long running process. It's recommended that you don't update indexes more than once a day in a case.
compliance Insider Risk Management Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-plan.md
Before getting started with [insider risk management](insider-risk-management.md) in your organization, there are important planning activities and considerations that should be reviewed by your information technology and compliance management teams. Thoroughly understanding and planning for deployment in the following areas will help ensure that your implementation and use of insider risk management features goes smoothly and is aligned with the best practices for the solution.
+Watch the video below to learn how the insider risk management workflow can help your organization prevent, detect, and contain risks while prioritizing your organization values, culture, and user experience:
+<br>
+<br>
+
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4OUXB]
+ ## Work with stakeholders in your organization Identify the appropriate stakeholders in your organization to collaborate for taking actions on insider risk management alerts and cases. Some recommended stakeholders to consider including in initial planning and the end-to-end [insider risk management workflow](insider-risk-management.md#workflow) are people from the following areas of your organization:
compliance Insider Risk Management Solution Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-solution-overview.md
Increasingly, employees have more access to create, manage, and share data acros
Insider risk management in Microsoft 365 uses the full breadth of service and 3rd-party indicators to help you quickly identify, triage, and act on risky user activity. By using logs from Microsoft 365 and Microsoft Graph, insider risk management allows you to define specific policies to identify risk indicators and to take action to mitigate these risks.
+Watch the videos below to learn how insider risk management can help your organization prevent, detect, and contain risks while prioritizing your organization values, culture, and user experience:
+<br>
+<br>
+
+**Insider risk management solution & development**:
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4j9CN]
+<br>
+
+**Insider risk management workflow**:
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4OUXB]
+ ## Configure insider risk management for Microsoft 365 Use the following steps to configure insider risk management for your organization:
compliance Insider Risk Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management.md
Insider risk management is a compliance solution in Microsoft 365 that helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider risk policies allow you to define the types of risks to identify and detect in your organization, including acting on cases and escalating cases to Microsoft Advanced eDiscovery if needed. Risk analysts in your organization can quickly take appropriate actions to make sure users are compliant with your organization's compliance standards.
-Watch the video below to learn how insider risk management can help your organization prevent, detect, and contain risks while prioritizing your organization values, culture, and user experience:
+Watch the videos below to learn how insider risk management can help your organization prevent, detect, and contain risks while prioritizing your organization values, culture, and user experience:
<br> <br>+
+**Insider risk management solution & development**:
>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4j9CN]
+<br>
+
+**Insider risk management workflow**:
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4OUXB]
## Modern risk pain points
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
Examples:
> The [Azure Information Protection unified labeling client](/azure/information-protection/rms-client/install-unifiedlabelingclient-app) supports this configuration that's also known as mandatory labeling. For labeling built in to Office apps, see the tables in the [capabilities](#support-for-sensitivity-label-capabilities-in-apps) section on this page for minimum versions. > > To use mandatory labeling for documents but not emails, see the instructions in the next section that explains how to configure Outlook-specific options.
+>
+> To use mandatory labeling for Power BI, see [Mandatory label policy for Power BI](/power-bi/admin/service-security-sensitivity-label-mandatory-label-policy).
When the policy setting **Require users to apply a label to their email and documents** is selected, users assigned the policy must select and apply a sensitivity label under the following scenarios:
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
When you configure a label policy, you can:
![Prompt where users enter a justification](../media/Sensitivity-label-justification-required.png) -- **Require users to apply a label** for documents and emails, just documents, and for containers. Also known as mandatory labeling, these options ensure a label must be applied before users can save documents and send emails, and create new groups or sites.
+- **Require users to apply a label** for documents and emails, just documents, for containers, and Power BI content. Also known as mandatory labeling, these options ensure a label must be applied before users can save documents and send emails, create new groups or sites, and when they use unlabeled content for Power BI.
For documents and emails, a label can be assigned manually by the user, automatically as a result of a condition that you configure, or be assigned by default (the default label option previously described). An example prompt shown in Outlook when a user is required to assign a label:
When you configure a label policy, you can:
For containers, a label must be assigned at the time the group or site is created.
+ For more information about mandatory labeling for Power BI, see [Mandatory label policy for Power BI](/power-bi/admin/service-security-sensitivity-label-mandatory-label-policy).
+
Consider using this option to help increase your labeling coverage. However, without user training, these settings can result in inaccurate labeling. In addition, unless you also set a corresponding default label, mandatory labeling can frustrate your users with the frequent prompts. - **Provide help link to a custom help page.** If your users aren't sure what your sensitivity labels mean or how they should be used, you can provide a Learn More URL that appears at the bottom of the **Sensitivity label** menu in the Office apps:
enterprise Portallaunchscheduler https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/PortalLaunchScheduler.md
Formerly, portal launches could only be scheduled through SharePoint PowerShell.
> [!NOTE] > Up to 50 distinct users or security groups max can be used for the entire launch. Each launch is independent of each other, so if you schedule a launch on another portal, then you could use up to 50 users/security groups for that launch. Additionally, you can use up to 20 distinct users or security groups per wave. -
->The portal launch scheduler supports security groups and mail enabled security groups.
-
+ >
+ > The portal launch scheduler supports security groups and mail enabled security groups.
8. Confirm portal launch details and select **Schedule**. Once the launch has been scheduled, any changes to the SharePoint portal home page will need to receive a healthy diagnostic result before the portal launch will resume.
Launches scheduled using the Portal launch scheduler tool can be canceled, or de
2. Then, select **Delete** and then when you see the message below select **Delete** again.
- ![Image of the Portal launch scheduler tool](../media/portal-launch-delete-2.png)
+ ![Image of the prompt that asks if you want to delete or keep a scheduled launch](../media/portal-launch-delete-2.png)
## Use the PowerShell Portal launch scheduler
enterprise Ms Cloud Germany Transition Add Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-add-devices.md
It's critical to your success that you only unregister and re-register your devi
To check whether your devices are registered in the public cloud, you should export and download the list of devices from the Azure AD portal to an Excel spreadsheet. Then, filter the devices that are registered (by using the _registeredTime_ column) after the date when your organization has passed [phase 9 of the migration process](ms-cloud-germany-transition-phases.md#phase-9--10-azure-ad-finalization).
+**Do I still need to add the DNS name as stated in this [Create DNS records for Microsoft using Windows-based DNS](https://docs.microsoft.com/en-us/microsoft-365/admin/dns/create-dns-records-using-windows-based-dns?view=o365-worldwide#add-two-cname-records-for-mobile-device-management-mdm-for-microsoft)
+
+This DNS entry is no longer needed for re-registering your device.
+ ## Additional considerations > [!IMPORTANT]
enterprise Multi Geo Capabilities In Teams In Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-geo-capabilities-in-teams-in-microsoft-365.md
Get-MultiGeoRegion -EntityType User -EntityId <UPN>
## Channel messages
-Each Microsoft 365 group has a Preferred Data Location (PDL) which denotes the geo location where related data is to be stored. Teams uses the PDL for the group associated with each team to determine where to store channel messaging data for that team. This includes chat that occurs within a channel meeting.
+Each Microsoft 365 group has a Preferred Data Location (PDL) which denotes the geo location where related data is to be stored. Teams uses the PDL for the group associated with each team to determine where to store channel messaging data for that team. This includes private channels as well as chat that occurs within a channel meeting.
When a user creates a new team, that user's PDL determines what PDL is assigned to the Microsoft 365 group. The group PDL determines where that team's data is stored. If that user's PDL later changes, the group's PDL is not changed.
lighthouse M365 Lighthouse Sign Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sign-up.md
description: "For Managed Service Providers (MSPs), learn how to sign up for Mic
To verify that Microsoft 365 Lighthouse was successfully added to your tenant, look for Microsoft 365 Lighthouse under **Billing > Your Products** in the Microsoft 365 admin center.
-1. If you aren't redirected to the Microsoft 365 Lighthouse portal, go to <a href="https://lighthouse.microsoft.com" target="_blank">https://lighthouse.microsoft.com</a>.
+1. If you aren't redirected to the Microsoft 365 Lighthouse portal, go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">https://lighthouse.microsoft.com</a>.
1. Select **Agree & Continue** to complete the partner agreement amendment.
lti Teams Classes With Canvas https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-with-canvas.md
description: "Integrate Microsoft Teams classes with Canvas"
# Use Microsoft Teams classes with Canvas
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
- Microsoft Teams classes is a Learning Tools Interoperability (LTI) app that helps educators and students easily navigate between their Learning Management System (LMS) and Teams. Users can access their class teams associated with their course directly from within their LMS.
+## Prerequisites Before Deployment
+
+> [!NOTE]
+> The current Class Teams LTI only supports syncing Canvas users with Microsoft Azure Active Directory (AAD) in a limited scope.
+> - Your tenant must have an exact match between a Canvas field (email, user ID, or SIS ID) and the UPN in Microsoft AAD. We are working to expand flexibility to the syncing functionality, but in the meantime, any users in Canvas not matched to a UPN in AAD will not be added to the Teams class synced with Canvas.
+> - Only a single Microsoft tenant can be used for mapping users between Canvas and Microsoft.
+> - You will have to turn off SDS before using the Class Teams LTI in order to avoid duplication of groups.
+ ## Microsoft Office 365 Admin Before managing the Microsoft Teams integration within Instructure Canvas, it is important to have CanvasΓÇÖs **Microsoft-Teams-Sync-for-Canvas** Azure app approved by your institutionΓÇÖs Microsoft Office 365 admin in your Microsoft Azure tenant before completing the Canvas admin setup.
As a Canvas Admin, you'll need to add the Microsoft Teams classes LTI app within
5. Select **Install**. The Microsoft Teams classes LTI app will be added to the list of external apps.
+
+## Enabling the LTI app for Canvas courses
+
+To use the LTI app within a course, an instructor of the Canvas course must enable integrations sync. Each course must be enabled by an instructor for a corresponding team to be created; there is no global mechanism for teams creation. This is designed as a precautionary measure to prevent unwanted teams from being created.
+
+Refer your instructors to the [educator documentation](https://support.microsoft.com/topic/use-microsoft-teams-classes-in-your-lms-preview-ac6a1e34-32f7-45e6-b83e-094185a1e78a#ID0EBD=Instructure_Canvas) for enabling the LTI app for each course and completing the integration setup.
managed-desktop Device Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/device-requirements.md
The device must have this software preinstalled:
- the 64-bit version of Microsoft 365 Apps for enterprise - All applicable device drivers -
+> [!NOTE]
+> Windows 11 will be an additional option for preinstalled software once it has reached general availability.
+>
### Physical features Devices must have these capabilities:
Devices must have these capabilities:
For more about these capabilities and the technologies related to them that the service uses, see [Microsoft Managed Desktop technologies](../intro/technologies.md). > [!NOTE]
-> ARM processors are not supported.
+>- ARM processors are not supported.
+>- Windows 11 has additional [hardware requirements](/windows/whats-new/windows-11-requirements).
Devices should meet or exceed following limits for storage and memory:
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
Microsoft Defender for Endpoint Device Control Removable Storage Access Control
|User-based Support | Yes | |Machine-based Support | Yes |
+## Licensing
+
+Before you get started with Removable Storage Access Control, you should [confirm your Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1). To access and use Removable Storage Access Control, you must have the following:
+
+- Microsoft 365 E3 for functionality/policy deployment.
+- Microsoft 365 E5 for reporting.
+ ## Prepare your endpoints Deploy Removable Storage Access Control on Windows 10 devices that have antimalware client version **4.18.2103.3 or later**.
For policy deployment in Intune, the account must have permissions to create, ed
./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyGroups/%7b9b28fae8-72f7-4267-a1a5-685f747a7146%7d/GroupData - Data Type: String (XML file)
-
- :::image type="content" source="images/xml-data-type-string.png" alt-text="The xml file for the STRING data type":::
2. For each policy, also create an OMA-URI:
For policy deployment in Intune, the account must have permissions to create, ed
- Data Type: String (XML file)
- :::image type="content" source="images/xml-data-type-string-2.png" lightbox="images/xml-data-type-string-2.png" alt-text="Display of XML file for the STRING data type":::
## Deploying and managing policy by using Intune user interface
security Get Discovered Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities.md
Here is an example of the response.
"exploitTypes": [], "exploitUris": [] }
+ ]
} ```
security Linux Install Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-install-manually.md
Download the onboarding package from Microsoft Defender Security Center:
mdatp health --field org_id ```
-2. Run MicrosoftDefenderATPOnboardingLinuxServer.py, and note that, in order to run this command, you must have `python` installed on the device:
+2. Run MicrosoftDefenderATPOnboardingLinuxServer.py.
+
+ >[!NOTE]
+ >To run this command, you must have `python` installed on the device. If you're running RHEL 8.x or Ubuntu 20.04 or higher, then you will need to use Python 3 instead of Python.
++ ```bash python MicrosoftDefenderATPOnboardingLinuxServer.py
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/preview.md
ms.technology: m365d
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)]
-> [!IMPORTANT]
-> The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
- **Applies to:** - Microsoft 365 Defender
Learn about new features in the Microsoft 365 Defender preview release and be am
For more information on new capabilities that are generally available, see [What's new in Microsoft 365 Defender](whats-new.md).
+ ## What you need to know
+
+When working with features in public preview, these features:
+
+- May have restricted or limited functionality. For example, the feature may only apply to one platform.
+- Typically go through feature changes before they're generally available (GA).
+- Are fully supported by Microsoft.
+- May only be available in selected geographic regions or cloud environments. For example, the feature may not exist in the government cloud.
+- Individual features in preview may have more usage and support restrictions. If so, this information is typically noted in the feature documentation.
+- The preview versions are provided with a standard support level, and can be used for production environments.
+++ ## Required permissions Accounts assigned the following Azure Active Directory (Azure AD) roles can turn on Microsoft 365 Defender Preview features: